server/bulkcrypto.c: Implement a bulk transform based on AEAD schemes.

[tripe] / server / tripe.8.in

diff --git a/server/tripe.8.in b/server/tripe.8.in
index 4ec21bee70041c7388d432769c5c51bc1c9d35d9..96d8896ba70797b27e2022dc9989478a2ba88d23 100644 (file)
--- a/server/tripe.8.in
+++ b/server/tripe.8.in
@@ -500,6 +500,36 @@ doesn't need the (possibly slow) random number generator, and (b) it
 closes a kleptographic channel, over which a compromised implementation
 could leak secret information to a third party.
 .TP
+.B aead
+A transform based on an all-in-one `authenticated encryption with
+additional data' scheme.  The scheme is named in the
+.B cipher
+attribute; the default is
+.BR rijndael-ocb3 .
+If the
+.B mac
+attribute is given, it must be either
+.B aead
+or
+.BR aead/ \c
+.IR tagsz ,
+where
+.I tagsz
+is the desired tag length in bits; alternatively, the tag length can be
+set in the
+.B tagsz
+attribute.  The chosen AEAD scheme must accept at least a 64-bit nonce
+(this rules out OCB3 and CCM with 64-bit blockciphers); it mustn't
+require an absurdly large nonce size (none of the schemes implemented in
+Catacomb present a problem here, but it bears mentioning); it must
+actually support additional header data (which rules out the
+.B naclbox
+schemes, but see the
+.B naclbox
+transform below); and it must produce an empty ciphertext when
+encrypting an empty message (again, all of Catacomb's schemes meet this
+requirement).
+.TP
 .B naclbox
 A transform based on the NaCl
 .B crypto_secretbox