X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/e04c2d50fd96f3f31bc96851c55c6efecc10469c..5d0443800290734ce4b6584014374b109e5a09b0:/keys/tripe-keys.master diff --git a/keys/tripe-keys.master b/keys/tripe-keys.master index eef2a00c..5e6c4eba 100644 --- a/keys/tripe-keys.master +++ b/keys/tripe-keys.master @@ -1,48 +1,60 @@ -# tripe-keys configuration file -# -# see tripe-keys.conf(5) for full details +### -*-conf-*- +### +### tripe-keys configuration file +### +### see tripe-keys.conf(5) for full details -### File locations (required) +###-------------------------------------------------------------------------- +### File locations (required). -# The base URL for the repository files. Include the trailing slash if -# necessary. +## The base URL for the repository files. Include the trailing slash if +## necessary. # base-url = http://some.server.somewhere/blah/ -# The local directory name for the repository files. Again, include the -# trailing slash if necessary. +## The local directory name for the repository files. Again, include the +## trailing slash if necessary. # base-dir = /some/directory/blah/ -### Crypto parameters +###-------------------------------------------------------------------------- +### Crypto parameters. -# The key-exchange type. May be `dh' or `ec'. +## The key-exchange type. May be `dh', `ec', `x25519', or `x448'. # kx = dh -# Key-generation parameters for key exchange group. -# kx-param = -LS -b2048 -B256 +## Key-generation parameters for key exchange group. +# kx-param = -LS -b3072 -B256 +# kx-param = -Cnist-p256 +# kx-param = -# Expiry time for peer key-exchange keys. -# kx-expire = now + 1 day +## Expiry time for peer key-exchange keys. +# kx-expire = now + 1 year -# Symmetric encryption scheme to use. -# cipher = blowfish-cbc +## Bulk crypto transform to use. May be `v0', `iiv', or `naclbox'. +# bulk = iiv -# Hash function to use. (We derive the MGF and MAC from this.) +## Symmetric encryption scheme to use. +# cipher = rijndael-cbc + +## Hash function to use. (We derive the MGF and MAC from this.) # hash = sha256 -# Signature scheme to use for signing/verifying repository archives. +## Signature scheme to use for signing/verifying repository archives. # sig = dsa +# sig = ecdsa +# sig = ed25519 -# How recently an archive must have been signed to be valid. +## How recently an archive must have been signed to be valid. # sig-fresh = always -# When the signing key expires. +## When the master signing key expires. # sig-expire = forever +###-------------------------------------------------------------------------- ### Master key integrity -# Since the master public key is contained within the repository, we must -# check its integrity: therefore we record its sequence number and -# fingerprint here. These are filled in automatically by -# `tripe-keys upload'. Leave them as they are. +## Since the master public key is contained within the repository, we must +## check its integrity: therefore we record its sequence number and +## fingerprint here. These are filled in automatically by `tripe-keys +## upload'. Leave them as they are. master-sequence = @MASTER-SEQUENCE@ hk-master = @HK-MASTER@