X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/bdbd93268bb289994126ec46cbf4b66461579b92..fc916a0942e6ef8f63aefb96119d0e4fd7c7efbb:/keys/tripe-keys.conf.5 diff --git a/keys/tripe-keys.conf.5 b/keys/tripe-keys.conf.5 deleted file mode 100644 index d4c5fd2d..00000000 --- a/keys/tripe-keys.conf.5 +++ /dev/null @@ -1,282 +0,0 @@ -.\" -*-nroff-*- -.\". -.de hP -.IP -\h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c -.. -.de VS -.sp 1 -.RS -.nf -.ft B -.. -.de VE -.ft R -.fi -.RE -.sp 1 -.. -.ie t \{\ -. ds o \(bu -. ds ss \s8\u -. ds se \d\s0 -. if \n(.g \{\ -. fam P -. \} -.\} -.el \{\ -. ds o o -. ds ss ^ -. ds se -.\} -.TH tripe-keys.conf 5 "14 September 2005" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption" -.SH "NAME" -tripe-keys.conf \- configuration file format for tripe-keys -.SH "DESCRIPTION" -The -.B tripe-keys.master -or -.B tripe-keys.conf -file is a simple line-based configuration file read by -.BR tripe-keys (1). -Lines may be empty (consist only of whitespace), be comments (first -non-whitespace character is -.RB ` # ') -or have the form -.IP -.I name -.RB [ = ] -.I value -.PP -A -.I name -consists of alphanumeric characters and hyphens. Values may contain -substitutions, of the form -.BI ${ name } \fR, -which are replaced by the value assigned to -.IR name . -Many -.IR name s -have significance to the -.B tripe-keys -program: these are described below. Many have sensible defaults. -.SS "The tripe-keys.master file" -The client configuration file is built by applying substitutions to the -.B tripe-keys.master -file. The following tokens are substituted: -.TP -.B @MASTER-SEQUENCE@ -The sequence number of the most recently-added signing key. -.TP -.B @HK-MASTER@ -The fingerprint of the signing key identified by -.BR @MASTER-SEQUENCE@ . -.SS "Master repository parameters" -.TP -.I base-url -The base URL of the key repository (usually with a trailing -.RB ` / '). -Typically, this will be something like -.RB http://www.distorted.org.uk/vpn/ . -No default. -.TP -.I repos-base -The basename for the repository archive. Default is -.BR tripe-keys.tar.gz . -.TP -.I sig-base -The basename template for repository signatures. Default is -.BR tripe-keys.sig- . -The -.RB ` ' -portion, if any, is replaced by the sequence number of the key which -made the signature. -.TP -.I repos-url -The URL for the key repository tarball. Default is the concatenation of -.I base-url -and -.IR repos-base . -.TP -.I sig-url -The URL template for key repository signatures. Default is the -concatenation of -.I base-url -and -.IR sig-base . -.TP -.I master-sequence -The sequence number of the master authority's current signing key. No -default. Usually set up automatically. -.TP -.I master-keygen-flags -Additional options for generating master keys. Default is -.RB ` -l '. -.TP -.I hk-master -The fingerprint of the current master signing key. No default. Usually -set up automatically. -.TP -.I upload-hook -A shell command to run by -.B tripe-keys upload -after it has successfully written the -.I repos-file -and -.IR sig-file s. -Default is -.B ": run upload hook" -which does nothing. -.SS "Crypto parameters" -.TP -.I kx -Key-exchange algorithm to use. Either -.B dh -(integer Diffie-Hellman) -or -.B ec -(elliptic curves). The default is -.BR dh . -.TP -.I kx-param -Options to pass to -.B "key add" -when generating the parameters key. Default depends on -.I kx -as follows. -.TS -center; -| ci | ci | -| lb | lb |. -_ -kx kx-param -_ -dh \-LS \-b2048 \-B256 -ec \-Cnist-p256 -_ -.TE -.TP -.I kx-expire -Expiry time for generated keys. Default is -.BR "now + 1 day" . -.TP -.I hash -Hashing algorithm to use. Default is -.BR sha256 . -.TP -.I mac -Message authentication algorithm to use. Default is -.IB hash -hmac/ halfhashlen \fR, -where -.I halfhashlen -is half of -.IR hash 's -output length. -.TP -.I mgf -Mask-generation algorithm to use. Default is -.IB hash -mgf \fR. -This is probably a good choice. -.TP -.I cipher -Symmetric encryption scheme to use. Default is -.BR blowfish-cbc . -.TP -.I sig -Signature scheme to use. Must be one of those recognized by -.BR catsign (1). -Default is -.B dsa -if -.I kx -is -.BR dh , -or -.B ecdsa -if -.I kx -is -.BR ec . -.TP -.I sig-genalg -Key-generation algorithm for signing key. Default depends on -.I sig -as follows. -.TS -center; -| ci | ci | -| lb | lb |. -_ -sig sig-genalg -_ -kcdsa dh -dsa dsa -rsapcs1 rsa -rsapss rsa -ecdsa ec -eckcdsa ec -_ -.TE -.TP -.I sig-param -Signature-key generation parameters. Default depends on -.I sig-genalg -as follows. -.TS -center; -| ci | ci | -| lb | lb |. -_ -sig-genalg sig-param -_ -dh \-LS \-b2048 \-B256 -dsa \-b2048 \-B256 -rsa \-b2048 -ec \-Cnist-p256 -_ -.TE -.TP -.I sig-hash -Hash function to use for making signatures. Default is -.IR hash . -.TP -.I sig-fresh -Oldest time we should consider a signed archive to be fresh. Default is -.BR always , -meaning that all signatures are fresh. -.TP -.I sig-expire -Expiry time for master signing key. Default is -.BR forever . -.TP -.I fingerprint-hash -Hash function to use for key fingerprinting. Default is -.IR hash . -.SS "Master maintenance parameters" -.TP -.I base-dir -Local base directory for the repository files. This probably ought to -end in a -.RB ` / ' -character. No default. -.TP -.I repos-file -Filename for local repository tarball. Default is the concatenation of -.I base-dir -and -.IB repos-base . -.TP -.I sig-file -Tempalte for repository signatures. Default is the concatenation of -.I base-dir -and -.IR sig-base . -.TP -.I conf-file -Filename for local repository configuration file. Default is -.IB basedir /tripe-keys.conf \fR. -.SH "SEE ALSO" -.BR tripe (8), -.BR tripe\-keys (8). -.SH "AUTHOR" -Mark Wooding,