chiark
/
gitweb
/
~mdw
/
tripe
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
keys/tripe-keys.in, keys/tripe-keys.conf.5.in: Allow setting attributes.
[tripe]
/
keys
/
tripe-keys.conf.5.in
diff --git
a/keys/tripe-keys.conf.5.in
b/keys/tripe-keys.conf.5.in
index 887faf67090936393b67012805e9141ff157890d..b6bc6eb6fde20449b317ad1a8e5c4f06fce9a63f 100644
(file)
--- a/
keys/tripe-keys.conf.5.in
+++ b/
keys/tripe-keys.conf.5.in
@@
-27,7
+27,7
@@
.so ../common/defs.man \" @@@PRE@@@
.
.\"--------------------------------------------------------------------------
.so ../common/defs.man \" @@@PRE@@@
.
.\"--------------------------------------------------------------------------
-.TH tripe-keys.conf 5 "14 September 2005" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
+.TH tripe-keys.conf 5
tripe
"14 September 2005" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
.
.\"--------------------------------------------------------------------------
.SH "NAME"
.
.\"--------------------------------------------------------------------------
.SH "NAME"
@@
-117,6
+117,13
@@
default. Usually set up automatically.
Additional options for generating master keys. Default is
.RB ` -l '.
.TP
Additional options for generating master keys. Default is
.RB ` -l '.
.TP
+.I master-attrs
+Additional attributes to set on the master key,
+as
+.IB key = value
+pairs separated by spaces.
+Default is empty.
+.TP
.I hk-master
The fingerprint of the current master signing key. No default. Usually
set up automatically.
.I hk-master
The fingerprint of the current master signing key. No default. Usually
set up automatically.
@@
-141,6
+148,47
@@
or
.B ec
(elliptic curves). The default is
.BR dh .
.B ec
(elliptic curves). The default is
.BR dh .
+.ne 7
+.TP
+.I kx-genalg
+Key generation algorithm name to pass to
+.B "key add"
+when generating keys.
+Default depends on
+.I kx
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx kx-genalg
+_
+dh dh
+ec ec
+_
+.TE
+.ne 7
+.TP
+.I kx-param-genalg
+Key generation algorithm name to pass to
+.B "key add"
+when generating the parameters key.
+Default depends on
+.I kx
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx kx-param-genalg
+_
+dh dh-param
+ec ec-param
+_
+.TE
+.ne 7
.TP
.I kx-param
Options to pass to
.TP
.I kx-param
Options to pass to
@@
-160,6
+208,14
@@
ec \-Cnist-p256
_
.TE
.TP
_
.TE
.TP
+.I kx-attrs
+Additional attributes to set on the parameters
+(and therefore copied to peer keys),
+as
+.IB key = value
+pairs separated by spaces.
+Default is empty.
+.TP
.I kx-expire
Expiry time for generated keys. Default is
.BR "now + 1 year" .
.I kx-expire
Expiry time for generated keys. Default is
.BR "now + 1 year" .
@@
-184,7
+240,7
@@
This is probably a good choice.
.TP
.I cipher
Symmetric encryption scheme to use. Default is
.TP
.I cipher
Symmetric encryption scheme to use. Default is
-.BR
blowfish
-cbc .
+.BR
rijndael
-cbc .
.TP
.I sig
Signature scheme to use. Must be one of those recognized by
.TP
.I sig
Signature scheme to use. Must be one of those recognized by
@@
-201,6
+257,7
@@
if
.I kx
is
.BR ec .
.I kx
is
.BR ec .
+.ne 10
.TP
.I sig-genalg
Key-generation algorithm for signing key. Default depends on
.TP
.I sig-genalg
Key-generation algorithm for signing key. Default depends on
@@
-221,6
+278,7
@@
ecdsa ec
eckcdsa ec
_
.TE
eckcdsa ec
_
.TE
+.ne 8
.TP
.I sig-param
Signature-key generation parameters. Default depends on
.TP
.I sig-param
Signature-key generation parameters. Default depends on
@@
-262,7
+320,9
@@
Hash function to use for key fingerprinting. Default is
Local base directory for the repository files. This probably ought to
end in a
.RB ` / '
Local base directory for the repository files. This probably ought to
end in a
.RB ` / '
-character. No default.
+character. Unexpected files in this directory will be removed by the
+.B tripe-keys upload
+command. No default.
.TP
.I repos-file
Filename for local repository tarball. Default is the concatenation of
.TP
.I repos-file
Filename for local repository tarball. Default is the concatenation of
@@
-279,6
+339,13
@@
and
.I conf-file
Filename for local repository configuration file. Default is
.IB basedir /tripe-keys.conf \fR.
.I conf-file
Filename for local repository configuration file. Default is
.IB basedir /tripe-keys.conf \fR.
+.TP
+.I kx-warn-days
+The
+.B "tripe-keys check"
+command will warn about keys which will in less than
+.I kx-warn-days
+days. Default is 28.
.
.\"--------------------------------------------------------------------------
.SH "SEE ALSO"
.
.\"--------------------------------------------------------------------------
.SH "SEE ALSO"