+++ /dev/null
-.\" -*-nroff-*-
-.\".
-.de hP
-.IP
-\h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c
-..
-.de VS
-.sp 1
-.RS
-.nf
-.ft B
-..
-.de VE
-.ft R
-.fi
-.RE
-.sp 1
-..
-.ie t \{\
-. ds o \(bu
-. ds ss \s8\u
-. ds se \d\s0
-. if \n(.g \{\
-. fam P
-. \}
-.\}
-.el \{\
-. ds o o
-. ds ss ^
-. ds se
-.\}
-.TH tripe-keys.conf 5 "14 September 2005" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
-.SH "NAME"
-tripe-keys.conf \- configuration file format for tripe-keys
-.SH "DESCRIPTION"
-The
-.B tripe-keys.master
-or
-.B tripe-keys.conf
-file is a simple line-based configuration file read by
-.BR tripe-keys (1).
-Lines may be empty (consist only of whitespace), be comments (first
-non-whitespace character is
-.RB ` # ')
-or have the form
-.IP
-.I name
-.RB [ = ]
-.I value
-.PP
-A
-.I name
-consists of alphanumeric characters and hyphens. Values may contain
-substitutions, of the form
-.BI ${ name } \fR,
-which are replaced by the value assigned to
-.IR name .
-Many
-.IR name s
-have significance to the
-.B tripe-keys
-program: these are described below. Many have sensible defaults.
-.SS "The tripe-keys.master file"
-The client configuration file is built by applying substitutions to the
-.B tripe-keys.master
-file. The following tokens are substituted:
-.TP
-.B @MASTER-SEQUENCE@
-The sequence number of the most recently-added signing key.
-.TP
-.B @HK-MASTER@
-The fingerprint of the signing key identified by
-.BR @MASTER-SEQUENCE@ .
-.SS "Master repository parameters"
-.TP
-.I base-url
-The base URL of the key repository (usually with a trailing
-.RB ` / ').
-Typically, this will be something like
-.RB http://www.distorted.org.uk/vpn/ .
-No default.
-.TP
-.I repos-base
-The basename for the repository archive. Default is
-.BR tripe-keys.tar.gz .
-.TP
-.I sig-base
-The basename template for repository signatures. Default is
-.BR tripe-keys.sig-<SEQ> .
-The
-.RB ` <SEQ> '
-portion, if any, is replaced by the sequence number of the key which
-made the signature.
-.TP
-.I repos-url
-The URL for the key repository tarball. Default is the concatenation of
-.I base-url
-and
-.IR repos-base .
-.TP
-.I sig-url
-The URL template for key repository signatures. Default is the
-concatenation of
-.I base-url
-and
-.IR sig-base .
-.TP
-.I master-sequence
-The sequence number of the master authority's current signing key. No
-default. Usually set up automatically.
-.TP
-.I master-keygen-flags
-Additional options for generating master keys. Default is
-.RB ` -l '.
-.TP
-.I hk-master
-The fingerprint of the current master signing key. No default. Usually
-set up automatically.
-.TP
-.I upload-hook
-A shell command to run by
-.B tripe-keys upload
-after it has successfully written the
-.I repos-file
-and
-.IR sig-file s.
-Default is
-.B ": run upload hook"
-which does nothing.
-.SS "Crypto parameters"
-.TP
-.I kx
-Key-exchange algorithm to use. Either
-.B dh
-(integer Diffie-Hellman)
-or
-.B ec
-(elliptic curves). The default is
-.BR dh .
-.TP
-.I kx-param
-Options to pass to
-.B "key add"
-when generating the parameters key. Default depends on
-.I kx
-as follows.
-.TS
-center;
-| ci | ci |
-| lb | lb |.
-_
-kx kx-param
-_
-dh \-LS \-b2048 \-B256
-ec \-Cnist-p256
-_
-.TE
-.TP
-.I kx-expire
-Expiry time for generated keys. Default is
-.BR "now + 1 day" .
-.TP
-.I hash
-Hashing algorithm to use. Default is
-.BR sha256 .
-.TP
-.I mac
-Message authentication algorithm to use. Default is
-.IB hash -hmac/ halfhashlen \fR,
-where
-.I halfhashlen
-is half of
-.IR hash 's
-output length.
-.TP
-.I mgf
-Mask-generation algorithm to use. Default is
-.IB hash -mgf \fR.
-This is probably a good choice.
-.TP
-.I cipher
-Symmetric encryption scheme to use. Default is
-.BR blowfish-cbc .
-.TP
-.I sig
-Signature scheme to use. Must be one of those recognized by
-.BR catsign (1).
-Default is
-.B dsa
-if
-.I kx
-is
-.BR dh ,
-or
-.B ecdsa
-if
-.I kx
-is
-.BR ec .
-.TP
-.I sig-genalg
-Key-generation algorithm for signing key. Default depends on
-.I sig
-as follows.
-.TS
-center;
-| ci | ci |
-| lb | lb |.
-_
-sig sig-genalg
-_
-kcdsa dh
-dsa dsa
-rsapcs1 rsa
-rsapss rsa
-ecdsa ec
-eckcdsa ec
-_
-.TE
-.TP
-.I sig-param
-Signature-key generation parameters. Default depends on
-.I sig-genalg
-as follows.
-.TS
-center;
-| ci | ci |
-| lb | lb |.
-_
-sig-genalg sig-param
-_
-dh \-LS \-b2048 \-B256
-dsa \-b2048 \-B256
-rsa \-b2048
-ec \-Cnist-p256
-_
-.TE
-.TP
-.I sig-hash
-Hash function to use for making signatures. Default is
-.IR hash .
-.TP
-.I sig-fresh
-Oldest time we should consider a signed archive to be fresh. Default is
-.BR always ,
-meaning that all signatures are fresh.
-.TP
-.I sig-expire
-Expiry time for master signing key. Default is
-.BR forever .
-.TP
-.I fingerprint-hash
-Hash function to use for key fingerprinting. Default is
-.IR hash .
-.SS "Master maintenance parameters"
-.TP
-.I base-dir
-Local base directory for the repository files. This probably ought to
-end in a
-.RB ` / '
-character. No default.
-.TP
-.I repos-file
-Filename for local repository tarball. Default is the concatenation of
-.I base-dir
-and
-.IB repos-base .
-.TP
-.I sig-file
-Tempalte for repository signatures. Default is the concatenation of
-.I base-dir
-and
-.IR sig-base .
-.TP
-.I conf-file
-Filename for local repository configuration file. Default is
-.IB basedir /tripe-keys.conf \fR.
-.SH "SEE ALSO"
-.BR tripe (8),
-.BR tripe\-keys (8).
-.SH "AUTHOR"
-Mark Wooding, <mdw@distorted.org.uk>
~mdw / tripe / blobdiff