chiark
/
gitweb
/
~mdw
/
tripe
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
server/: New `implicit-IV' transform (`iiv').
[tripe]
/
server
/
tripe-admin.5.in
diff --git
a/server/tripe-admin.5.in
b/server/tripe-admin.5.in
index 6ffa6cd6458ff60a65b49bf1fc3dcbc978e74ce7..231aa7644f4dc54c1300401a8cface31a7707098 100644
(file)
--- a/
server/tripe-admin.5.in
+++ b/
server/tripe-admin.5.in
@@
-364,6
+364,19
@@
address and emit an
.B NEWADDR
notification.
.TP
.B NEWADDR
notification.
.TP
+.BI "\-priv " tag
+Use the private key
+.I tag
+to authenticate to the peer. The default is to use the key named in the
+.RB ` \-t '
+command-line option, or a key with type
+.B tripe
+or
+.BR tripe-dh :
+see
+.BR tripe (8)
+for the details.
+.TP
.BI "\-tunnel " tunnel
Use the named tunnel driver, rather than the default.
.\"-opts
.BI "\-tunnel " tunnel
Use the named tunnel driver, rather than the default.
.\"-opts
@@
-410,6
+423,12
@@
The mask-generating function in use, e.g.,
.B hashsz
The size of the hash function's output, in octets.
.TP
.B hashsz
The size of the hash function's output, in octets.
.TP
+.B bulk-transform
+The name of the bulk-crypto transform.
+.TP
+.B bulk-overhead
+The amount of overhead, in bytes, caused by the crypto transform.
+.TP
.B cipher
The name of the bulk data cipher in use, e.g.,
.BR blowfish-cbc .
.B cipher
The name of the bulk data cipher in use, e.g.,
.BR blowfish-cbc .
@@
-428,7
+447,7
@@
allow for a seamless changeover of keys.)
.TP
.B mac
The message authentication algorithm in use, e.g.,
.TP
.B mac
The message authentication algorithm in use, e.g.,
-.BR ripemd160-hmac .
.
+.BR ripemd160-hmac .
.TP
.B mac-keysz
The length of the key used by the message authentication algorithm, in
.TP
.B mac-keysz
The length of the key used by the message authentication algorithm, in
@@
-436,6
+455,16
@@
octets.
.TP
.B mac-tagsz
The length of the message authentication tag, in octets.
.TP
.B mac-tagsz
The length of the message authentication tag, in octets.
+.TP
+.B blkc
+The block cipher in use, e.g.,
+.BR blowfish .
+.TP
+.B blkc-keysz
+The length of key used by the block cipher, in octets.
+.TP
+.B blkc-blksz
+The block size of the block cipher.
.PP
The various sizes are useful, for example, when computing the MTU for a
tunnel interface. If
.PP
The various sizes are useful, for example, when computing the MTU for a
tunnel interface. If
@@
-443,13
+472,12
@@
tunnel interface. If
is the MTU of the path to the peer, then the tunnel MTU should be
.IP
.I MTU
is the MTU of the path to the peer, then the tunnel MTU should be
.IP
.I MTU
-\- 33 \-
-.I cipher-blksz
-\-
-.I mac-tagsz
+\- 29 \-
+.I bulk-overhead
.PP
allowing 20 bytes of IP header, 8 bytes of UDP header, a packet type
.PP
allowing 20 bytes of IP header, 8 bytes of UDP header, a packet type
-octet, a four-octet sequence number, an IV, and a MAC tag.
+octet, and the bulk-crypto transform overhead (which includes the
+sequence number).
.RE
.SP
.BI "BGCANCEL " tag
.RE
.SP
.BI "BGCANCEL " tag
@@
-557,7
+585,12
@@
may change during the life of the association.
.B private-key
The private key tag being used for the peer, as passed to the
.B ADD
.B private-key
The private key tag being used for the peer, as passed to the
.B ADD
-command.
+command, or the
+.RB ` \-t '
+command-line option. If neither of these was given explicitly, the
+private key tag is shown as
+.RB ` (default) ',
+since there is no fixed tag used under these circumstances.
.TP
.B current-private-key
The full key tag of the private key currently being used for this
.TP
.B current-private-key
The full key tag of the private key currently being used for this
@@
-1243,6
+1276,12
@@
exchange.
.BI "KEYMGMT " which "-keyring " file " io-error " ecode " " message
A system error occurred while opening or reading the keyring file.
.SP
.BI "KEYMGMT " which "-keyring " file " io-error " ecode " " message
A system error occurred while opening or reading the keyring file.
.SP
+.BI "KEYMGMT " which "-keyring " file " key " tag " unknown-bulk-transform " bulk
+The key specifies the use of an unknown bulk-crypto transform
+.IR bulk .
+Maybe the key was generated wrongly, or maybe the version of Catacomb
+installed is too old.
+.SP
.BI "KEYMGMT " which "-keyring " file " key " tag " unknown-cipher " cipher
The key specifies the use of an unknown symmetric encryption algorithm
.IR cipher .
.BI "KEYMGMT " which "-keyring " file " key " tag " unknown-cipher " cipher
The key specifies the use of an unknown symmetric encryption algorithm
.IR cipher .