keys/tripe-keys.in: Improve reporting of usage errors.

[tripe] / keys / tripe-keys.master

diff --git a/keys/tripe-keys.master b/keys/tripe-keys.master
index 2b59cf9fa27896c040a3cc549717853fdabeb477..01e094ba5467ec7b1e36fde6b35da45f4ac3b414 100644 (file)
--- a/keys/tripe-keys.master
+++ b/keys/tripe-keys.master
@@ -1,48 +1,55 @@
-# tripe-keys configuration file
-#
-# see tripe-keys.conf(5) for full details
+### -*-conf-*-
+###
+### tripe-keys configuration file
+###
+### see tripe-keys.conf(5) for full details
 
-### File locations (required)
+###--------------------------------------------------------------------------
+### File locations (required).
 
-# The base URL for the repository files.  Include the trailing slash if
-# necessary.
+## The base URL for the repository files.  Include the trailing slash if
+## necessary.
 # base-url = http://some.server.somewhere/blah/
 
-# The local directory name for the repository files.  Again, include the
-# trailing slash if necessary.
+## The local directory name for the repository files.  Again, include the
+## trailing slash if necessary.
 # base-dir = /some/directory/blah/
 
-### Crypto parameters
+###--------------------------------------------------------------------------
+### Crypto parameters.
 
-# The key-exchange type.  May be `dh' or `ec'.
+## The key-exchange type.  May be `dh' or `ec'.
 # kx = dh
 
-# Key-generation parameters for key exchange group.
-# kx-param = -LS -b2048 -B256
+## Key-generation parameters for key exchange group.
+# kx-param = -LS -b3072 -B256
+# kx-param = -Pnist-p256
 
-# Expiry time for peer key-exchange keys.
-# kx-expire = now + 1 day
+## Expiry time for peer key-exchange keys.
+# kx-expire = now + 1 year
 
-# Symmetric encryption scheme to use.
-# cipher = blowfish-cbc
+## Symmetric encryption scheme to use.
+# cipher = rijndael-cbc
 
-# Hash function to use.  (We derive the MGF and MAC from this.)
+## Hash function to use.  (We derive the MGF and MAC from this.)
 # hash = sha256
 
-# Signature scheme to use for signing/verifying repository archives.
+## Signature scheme to use for signing/verifying repository archives.
 # sig = dsa
+# sig = ecdsa
 
-# How recently an archive must have been signed to be valid.
+## How recently an archive must have been signed to be valid.
 # sig-fresh = always
 
-# When the signing key expires.
+## When the master signing key expires.
 # sig-expire = forever
 
+###--------------------------------------------------------------------------
 ### Master key integrity
 
-# Since the master public key is contained within the repository, we must
-# check its integrity: therefore we record its sequence number and 
-# fingerprint here.  These are filled in automatically by 
-# `tripe-keys upload'.  Leave them as they are.
+## Since the master public key is contained within the repository, we must
+## check its integrity: therefore we record its sequence number and
+## fingerprint here.  These are filled in automatically by `tripe-keys
+## upload'.  Leave them as they are.
 master-sequence = @MASTER-SEQUENCE@
 hk-master = @HK-MASTER@