X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/946c3f725423fb5b822d809f1befb8c361ac2625..fe6657c961b01ec72e9f35f4c3d96b11b31cf09c:/catcrypt.1

diff --git a/catcrypt.1 b/catcrypt.1
index 6803067..61da7f9 100644
--- a/catcrypt.1
+++ b/catcrypt.1
@@ -184,6 +184,16 @@ Use the
 algorithm of the
 .BR key (1))
 command to generate the key.
+.TP
+.B symm
+This is a simple symmetric encapsulation scheme.  It works by hashing a
+binary key with a randomly-generated salt.  Use the
+.B binary
+algorithm of the
+.B key add
+command (see
+.BR key (1))
+to generate the key.
 .PP
 As well as the KEM itself, a number of supporting algorithms are used.
 These are taken from appropriately named attributes on the key or,
@@ -335,6 +345,21 @@ algorithm of the
 command (see
 .BR key (1))
 to generate the key.
+.TP
+.B mac
+This uses a symmetric message-authentication algorithm rather than a
+digital signature.  The precise message-authentication scheme used is
+determined by the
+.B mac
+attribute on the key, which defaults to
+.IB hash -hmac
+if unspecified.  Use the
+.B binary
+algorithm of the
+.B key add
+command (see
+.BR key (1))
+to generate the key.
 .PP
 As well as the signature algorithm itself, a hash function is used.
 This is taken from the
@@ -685,8 +710,9 @@ Use the first bits of the keystream to key a symmetric encryption
 scheme; use the next bits to key a message authentication code.
 .hP 4.
 If we're signing the message then extract 1024 bytes from the keystream,
-sign them, and emit a packet containing the signature.  The signature
-packet doesn't contain the signed message, just the signature.
+sign the header and public value, and the keystream bytes; emit a packet
+containing the signature.  The signature packet doesn't contain the
+signed message, just the signature.
 .hP 5.
 Split the message into blocks.  For each block, pick a random IV from
 the keystream, encrypt the block and emit a packet containing the