X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=README;h=5ce337c6d5c5e1d3217d641fdd7ddeb77279870b;hb=0d0c3b6af54a0c4d9440f48b31de97c1b066458f;hp=e83b66d905a6c9734b8db45d647a9af53c5a2f7d;hpb=f546af4512e558a8b1fcfd240819fcef12fe09a5;p=secnet.git diff --git a/README b/README index e83b66d..5ce337c 100644 --- a/README +++ b/README @@ -1,37 +1,7 @@ secnet - flexible VPN software -* Copying - -secnet is - Copyright 1995-2003 Stephen Early - Copyright 2002-2014 Ian Jackson - Copyright 1991 Massachusetts Institute of Technology - Copyright 1998 Ross Anderson, Eli Biham, Lars Knudsen - Copyright 1993 Colin Plumb - Copyright 1998 James H. Brown, Steve Reid - Copyright 2000 Vincent Rijmen, Antoon Bosselaers, Paulo Barreto - Copyright 2001 Saul Kravitz - Copyright 2004 Fabrice Bellard - Copyright 2002 Guido Draheim - Copyright 2005-2010 Free Software Foundation, Inc. - Copyright 1995-2001 Jonathan Amery - Copyright 1995-2003 Peter Benie - Copyright 2011 Richard Kettlewell - Copyright 2012 Matthew Vernon - Copyright 2013-2019 Mark Wooding - Copyright 1995-2013 Simon Tatham - -secnet is distributed under the terms of the GNU General Public -License, version 3 or later. Some individual files have more -permissive licences; where this is the case, it is documented in the -header comment for the files in question. - -secnet is distributed in the hope that it will be useful, but WITHOUT -ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -for more details. - -The file COPYING contains a copy of the GNU GPL v3. +See LICENCE for legal information and CREDITS for a list of +contributors. * Introduction @@ -393,18 +363,16 @@ site: dict argument resolver (resolver closure) random (randomsrc closure) key-cache (privcache closure) - local-key (rsaprivkey closure): Deprecated; use key-cache instead. + local-key (sigprivkey closure): Deprecated; use key-cache instead. address (string list): optional, DNS name(s) used to find our peer; address literals are supported too if enclosed in `[' `]'. port (integer): mandatory if 'address' is specified: the port used to contact our peer peer-keys (string): path (prefix) for peer public key set file(s); - see README.make-secnet-sites re `pub' etc. - key (rsapubkey closure): our peer's public key (obsolete) + see README.make-secnet-sites re `pub' etc. and NOTES.peer-keys. + key (sigpubkey closure): our peer's public key (obsolete) transform (transform closure): how to mangle packets sent between sites dh (dh closure) - hash (hash closure): used for keys whose algorithm (or public - or private key file) does not imply the hash function key-lifetime (integer): max lifetime of a session key, in ms [one hour; mobile: 2 days] setup-retries (integer): max number of times to transmit a key negotiation @@ -577,12 +545,21 @@ priv-cache: dict argument privkey-max (integer): optional, maximum size of private key file in bytes. [4095] +** pubkeys + +Defines: + make-public (closure => sigpubkey closure) + +make-public: ( + arg1: sigscheme name + arg2: base91s encoded public key data, according to algorithm + ** rsa Defines: sigscheme algorithm 00 "rsa1" - rsa-private (closure => rsaprivkey closure) - rsa-public (closure => rsapubkey closure) + rsa-private (closure => sigprivkey closure) + rsa-public (closure => sigpubkey closure) rsa1 sigscheme algorithm: private key: SSH private key file, version 1, no password @@ -597,6 +574,11 @@ rsa-public: string,string arg1: encryption key (decimal) arg2: modulus (decimal) +The sigscheme is hardcoded to use sha1. Both rsa-private and +rsa-public look for the following config key in their context: + hash (hash closure): hash function [sha1] + + ** dh Defines: @@ -634,3 +616,11 @@ readfile: string map: applies the closure specified as arg1 to each of the elements in the list. Returns a list made up of the outputs of the closure. + + +* Legal + +This file is part of secnet. +See LICENCE and CREDITS for full list of copyright holders. +SPDX-License-Identifier: GPL-3.0-or-later +There is NO WARRANTY.