secnet - flexible VPN software
-* Copying
-
-secnet is
- Copyright 1995-2003 Stephen Early <steve@greenend.org.uk>
- Copyright 2002-2014 Ian Jackson <ijackson@chiark.greenend.org.uk>
- Copyright 1991 Massachusetts Institute of Technology
- Copyright 1998 Ross Anderson, Eli Biham, Lars Knudsen
- Copyright 1993 Colin Plumb
- Copyright 1998 James H. Brown, Steve Reid
- Copyright 2000 Vincent Rijmen, Antoon Bosselaers, Paulo Barreto
- Copyright 2001 Saul Kravitz
- Copyright 2004 Fabrice Bellard
- Copyright 2002 Guido Draheim
- Copyright 2005-2010 Free Software Foundation, Inc.
- Copyright 1995-2001 Jonathan Amery
- Copyright 1995-2003 Peter Benie
- Copyright 2011 Richard Kettlewell
- Copyright 2012 Matthew Vernon
- Copyright 2013-2019 Mark Wooding
- Copyright 1995-2013 Simon Tatham
-
-secnet is distributed under the terms of the GNU General Public
-License, version 3 or later. Some individual files have more
-permissive licences; where this is the case, it is documented in the
-header comment for the files in question.
-
-secnet is distributed in the hope that it will be useful, but WITHOUT
-ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-for more details.
-
-The file COPYING contains a copy of the GNU GPL v3.
+See LICENCE for legal information and CREDITS for a list of
+contributors.
* Introduction
them.
resolver (resolver closure)
random (randomsrc closure)
- local-key (rsaprivkey closure)
+ key-cache (privcache closure)
+ local-key (sigprivkey closure): Deprecated; use key-cache instead.
address (string list): optional, DNS name(s) used to find our peer;
address literals are supported too if enclosed in `[' `]'.
port (integer): mandatory if 'address' is specified: the port used
to contact our peer
- key (rsapubkey closure): our peer's public key
+ peer-keys (string): path (prefix) for peer public key set file(s);
+ see README.make-secnet-sites re `pub' etc. and NOTES.peer-keys.
+ key (sigpubkey closure): our peer's public key (obsolete)
transform (transform closure): how to mangle packets sent between sites
dh (dh closure)
- hash (hash closure)
key-lifetime (integer): max lifetime of a session key, in ms
[one hour; mobile: 2 days]
setup-retries (integer): max number of times to transmit a key negotiation
privkey-max (integer): optional, maximum size of private key
file in bytes. [4095]
+** pubkeys
+
+Defines:
+ make-public (closure => sigpubkey closure)
+
+make-public: (
+ arg1: sigscheme name
+ arg2: base91s encoded public key data, according to algorithm
+
** rsa
Defines:
sigscheme algorithm 00 "rsa1"
- rsa-private (closure => rsaprivkey closure)
- rsa-public (closure => rsapubkey closure)
+ rsa-private (closure => sigprivkey closure)
+ rsa-public (closure => sigpubkey closure)
rsa1 sigscheme algorithm:
private key: SSH private key file, version 1, no password
arg1: encryption key (decimal)
arg2: modulus (decimal)
+The sigscheme is hardcoded to use sha1. Both rsa-private and
+rsa-public look for the following config key in their context:
+ hash (hash closure): hash function [sha1]
+
+
** dh
Defines:
map:
applies the closure specified as arg1 to each of the elements in the list.
Returns a list made up of the outputs of the closure.
+
+
+* Legal
+
+This file is part of secnet.
+See LICENCE and CREDITS for full list of copyright holders.
+SPDX-License-Identifier: GPL-3.0-or-later
+There is NO WARRANTY.