-# tripe-keys configuration file
-#
-# see tripe-keys.conf(5) for full details
+### -*-conf-*-
+###
+### tripe-keys configuration file
+###
+### see tripe-keys.conf(5) for full details
-### File locations (required)
+###--------------------------------------------------------------------------
+### File locations (required).
-# The base URL for the repository files. Include the trailing slash if
-# necessary.
+## The base URL for the repository files. Include the trailing slash if
+## necessary.
# base-url = http://some.server.somewhere/blah/
-# The local directory name for the repository files. Again, include the
-# trailing slash if necessary.
+## The local directory name for the repository files. Again, include the
+## trailing slash if necessary.
# base-dir = /some/directory/blah/
-### Crypto parameters
+###--------------------------------------------------------------------------
+### Crypto parameters.
-# The key-exchange type. May be `dh' or `ec'.
+## The key-exchange type. May be `dh' or `ec'.
# kx = dh
-# Key-generation parameters for key exchange group.
-# kx-param = -LS -b2048 -B256
+## Key-generation parameters for key exchange group.
+# kx-param = -LS -b3072 -B256
+# kx-param = -Pnist-p256
-# Expiry time for peer key-exchange keys.
-# kx-expire = now + 1 day
+## Expiry time for peer key-exchange keys.
+# kx-expire = now + 1 year
-# Symmetric encryption scheme to use.
-# cipher = blowfish-cbc
+## Symmetric encryption scheme to use.
+# cipher = rijndael-cbc
-# Hash function to use. (We derive the MGF and MAC from this.)
+## Hash function to use. (We derive the MGF and MAC from this.)
# hash = sha256
-# Signature scheme to use for signing/verifying repository archives.
+## Signature scheme to use for signing/verifying repository archives.
# sig = dsa
+# sig = ecdsa
-# How recently an archive must have been signed to be valid.
+## How recently an archive must have been signed to be valid.
# sig-fresh = always
-# When the signing key expires.
+## When the master signing key expires.
# sig-expire = forever
+###--------------------------------------------------------------------------
### Master key integrity
-# Since the master public key is contained within the repository, we must
-# check its integrity: therefore we record its sequence number and
-# fingerprint here. These are filled in automatically by
-# `tripe-keys upload'. Leave them as they are.
+## Since the master public key is contained within the repository, we must
+## check its integrity: therefore we record its sequence number and
+## fingerprint here. These are filled in automatically by `tripe-keys
+## upload'. Leave them as they are.
master-sequence = @MASTER-SEQUENCE@
hk-master = @HK-MASTER@