--- /dev/null
+# tripe-keys configuration file
+#
+# see tripe-keys.conf(5) for full details
+
+### File locations (required)
+
+# The base URL for the repository files. Include the trailing slash if
+# necessary.
+# base-url = http://some.server.somewhere/blah/
+
+# The local directory name for the repository files. Again, include the
+# trailing slash if necessary.
+# base-dir = /some/directory/blah/
+
+### Crypto parameters
+
+# The key-exchange type. May be `dh' or `ec'.
+# kx = dh
+
+# Key-generation parameters for key exchange group.
+# kx-param = -LS -b2048 -B256
+
+# Expiry time for peer key-exchange keys.
+# kx-expire = now + 1 day
+
+# Symmetric encryption scheme to use.
+# cipher = blowfish-cbc
+
+# Hash function to use. (We derive the MGF and MAC from this.)
+# hash = sha256
+
+# Signature scheme to use for signing/verifying repository archives.
+# sig = dsa
+
+# How recently an archive must have been signed to be valid.
+# sig-fresh = always
+
+# When the signing key expires. We're not good at rolling these over.
+# sig-expire = forever
+
+### Master key hash
+
+# Since the master public key is contained within the repository, we must
+# check its integrity: therefore we record its fingerprint here. This is
+# filled in automatically by `tripe-keys upload'. Leave it as it is.
+hk-master = @HK-MASTER@