('kx-expire', 'now + 1 year'),
('cipher', 'blowfish-cbc'),
('hash', 'sha256'),
+ ('master-keygen-flags', '-l'),
('mgf', '${hash}-mgf'),
('mac', lambda: '%s-hmac/%d' %
(conf['hash'],
seq = max_master_sequence() + 1
run('''key -kmaster add
-a${sig-genalg} !${sig-param}
- -e${sig-expire} -l -tmaster-%d tripe-keys-master
+ -e${sig-expire} !${master-keygen-flags} -tmaster-%d tripe-keys-master
sig=${sig} hash=${sig-hash}''' % seq)
run('key -kmaster extract -f-secret repos/master.pub')