X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/06a174dfe42020da6138e22c82803cbba9c66b49..11ad66c29764521f87f0dd399a1e592147c7af36:/keys/tripe-keys.conf.5.in diff --git a/keys/tripe-keys.conf.5.in b/keys/tripe-keys.conf.5.in index e993ad26..c57d3f68 100644 --- a/keys/tripe-keys.conf.5.in +++ b/keys/tripe-keys.conf.5.in @@ -9,19 +9,18 @@ .\" .\" This file is part of Trivial IP Encryption (TrIPE). .\" -.\" TrIPE is free software; you can redistribute it and/or modify -.\" it under the terms of the GNU General Public License as published by -.\" the Free Software Foundation; either version 2 of the License, or -.\" (at your option) any later version. +.\" TrIPE is free software: you can redistribute it and/or modify it under +.\" the terms of the GNU General Public License as published by the Free +.\" Software Foundation; either version 3 of the License, or (at your +.\" option) any later version. .\" -.\" TrIPE is distributed in the hope that it will be useful, -.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -.\" GNU General Public License for more details. +.\" TrIPE is distributed in the hope that it will be useful, but WITHOUT +.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +.\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +.\" for more details. .\" .\" You should have received a copy of the GNU General Public License -.\" along with TrIPE; if not, write to the Free Software Foundation, -.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +.\" along with TrIPE. If not, see . . .\"-------------------------------------------------------------------------- .so ../common/defs.man \" @@@PRE@@@ @@ -148,7 +147,7 @@ or .B ec (elliptic curves). The default is .BR dh . -.ne 7 +.ne 9 .TP .I kx-genalg Key generation algorithm name to pass to @@ -166,9 +165,11 @@ kx kx-genalg _ dh dh ec ec +x25519 x25519 +x448 x448 _ .TE -.ne 7 +.ne 9 .TP .I kx-param-genalg Key generation algorithm name to pass to @@ -186,9 +187,11 @@ kx kx-param-genalg _ dh dh-param ec ec-param +x25519 empty +x448 empty _ .TE -.ne 7 +.ne 9 .TP .I kx-param Options to pass to @@ -205,8 +208,11 @@ kx kx-param _ dh \-LS \-b3072 \-B256 ec \-Cnist-p256 +x25519 \fInone +x448 \fInone _ .TE +.ne 9 .TP .I kx-attrs Additional attributes to set on the parameters @@ -214,7 +220,22 @@ Additional attributes to set on the parameters as .IB key = value pairs separated by spaces. -Default is empty. +Default depends on +.I kx +as follows. +.TS +center; +| ci | ci | +| lb | lb |. +_ +kx kx-attrs +_ +dh serialization=constlen +ec serialization=constlen +x25519 \fIempty +x448 \fIempty +_ +.TE .TP .I kx-expire Expiry time for generated keys. Default is @@ -224,25 +245,60 @@ Expiry time for generated keys. Default is Hashing algorithm to use. Default is .BR sha256 . .TP +.I bulk +The bulk crypto transform to use. +Default is +.BR iiv . +.ne 8 +.TP .I mac -Message authentication algorithm to use. Default is -.IB hash -hmac/ halfhashlen \fR, -where +Message authentication algorithm to use. +Default depends on +.I bulk +as follows. +.TS +center; +| ci | ci | +| lb | lb |. +_ +bulk mac +_ +v0 \fIhash\fB-hmac/\fIhalfhashlen +iiv \fIhash\fB-hmac/\fIhalfhashlenrijndael-cbc +naclbox poly1305/128 +_ +.TE +.IP +(In the above, .I halfhashlen is half of .IR hash 's -output length. +output length.) .TP .I mgf Mask-generation algorithm to use. Default is .IB hash -mgf \fR. This is probably a good choice. -.ne 6 +.ne 7 .TP .I cipher -Symmetric encryption scheme to use. Default is -.BR rijndael-cbc . -.ne 6 +Symmetric encryption scheme to use. +Default depends on +.I bulk +as follows. +.TS +center; +| ci | ci | +| lb | lb |. +_ +bulk cipher +_ +v0 rijndael-cbc +iiv rijndael-cbc +naclbox chacha20 +_ +.TE +.ne 8 .TP .I sig Signature scheme to use. Must be one of those recognized by @@ -259,6 +315,8 @@ kx sig _ dh dsa ec ecdsa +x25519 ed25519 +x448 ed448 _ .TE .ne 12