X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=README;h=200da3742ba9ef91d7b4c81273c22184e02883ca;hb=564022994befb8f71b89ae015751b22c34ae3ee8;hp=ce3a4d70b44d4946462bf9f0c62718fd3a41463f;hpb=24eb6b672f1095d5b362b6615f22c17f1136274a;p=secnet.git diff --git a/README b/README index ce3a4d7..200da37 100644 --- a/README +++ b/README @@ -193,6 +193,17 @@ Usage: secnet [OPTION]... --help display this help and exit --version output version information and exit +* base91s + +secnet defines a variant of the base91 encoding `basE91', from + http://base91.sourceforge.net/ + +base91s is the same as baseE91 except that: + - in the encoded charset, `"' is replaced with `-' + - spaces, newlines etc. and other characters outside the charset + are not permitted (although in some places they may be ignored, + this is not guaranteed). + * secnet builtin modules ** resolver @@ -315,7 +326,8 @@ Defines: syslog (closure => log closure) logfile: dict argument - filename (string): where to log to + filename (string): where to log to; default is stderr + prefix (string): added to messages [""] class (string list): what type of messages to log { "debug-config", M_DEBUG_CONFIG }, { "debug-phase", M_DEBUG_PHASE }, @@ -380,15 +392,17 @@ site: dict argument them. resolver (resolver closure) random (randomsrc closure) - local-key (rsaprivkey closure) + key-cache (privcache closure) + local-key (sigprivkey closure): Deprecated; use key-cache instead. address (string list): optional, DNS name(s) used to find our peer; address literals are supported too if enclosed in `[' `]'. port (integer): mandatory if 'address' is specified: the port used to contact our peer - key (rsapubkey closure): our peer's public key + peer-keys (string): path (prefix) for peer public key set file(s); + see README.make-secnet-sites re `pub' etc. and NOTES.peer-keys. + key (sigpubkey closure): our peer's public key (obsolete) transform (transform closure): how to mangle packets sent between sites dh (dh closure) - hash (hash closure) key-lifetime (integer): max lifetime of a session key, in ms [one hour; mobile: 2 days] setup-retries (integer): max number of times to transmit a key negotiation @@ -545,11 +559,42 @@ tun: dict argument I recommend you don't specify the 'interface' option unless you're doing something that requires the interface name to be constant. +** privcache + +Cache of dynamically loaded private keys. + +Defines: + priv-cache (closure => privcache closure) + +priv-cache: dict argument + privkeys (string): path prefix for private keys. Each key is + looked for at this path prefix followed by the 10-character + hex key id. + privcache-size (integer): optional, maximum number of private + keys to retain at once. [5] + privkey-max (integer): optional, maximum size of private key + file in bytes. [4095] + +** pubkeys + +Defines: + make-public (closure => sigpubkey closure) + +make-public: ( + arg1: sigscheme name + arg2: base91s encoded public key data, according to algorithm + ** rsa Defines: - rsa-private (closure => rsaprivkey closure) - rsa-public (closure => rsapubkey closure) + sigscheme algorithm 00 "rsa1" + rsa-private (closure => sigprivkey closure) + rsa-public (closure => sigpubkey closure) + +rsa1 sigscheme algorithm: + private key: SSH private key file, version 1, no password + public key: SSH public key file, version 1 + (length, restrictions, email, etc., ignored) rsa-private: string[,bool] arg1: filename of SSH private key file (version 1, no password) @@ -559,6 +604,11 @@ rsa-public: string,string arg1: encryption key (decimal) arg2: modulus (decimal) +The sigscheme is hardcoded to use sha1. Both rsa-private and +rsa-public look for the following config key in their context: + hash (hash closure): hash function [sha1] + + ** dh Defines: