X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/0f00dc4c8eb47e67bc0f148c2dd109f73a451e0a..25f673625c9f2d3a323fed185f4b0c4b4a241976:/progs/catcrypt.1

diff --git a/progs/catcrypt.1 b/progs/catcrypt.1
index 6bace86f..a505376a 100644
--- a/progs/catcrypt.1
+++ b/progs/catcrypt.1
@@ -134,6 +134,14 @@ A
 has the syntax
 .IR kem \c
 .RB [ / \c
+.IR bulk \c
+.RB [ \- \c
+.IR cipher ] \c
+.RB [ / \c
+.IR hash ]]
+or
+.IR kem \c
+.RB [ / \c
 .IR cipher \c
 .RB [ / \c
 .IR hash ]].
@@ -196,17 +204,74 @@ algorithm of the
 command (see
 .BR key (1))
 to generate the key.
+.TP
+.B x25519
+This is Bernstein's Curve25519, a fast Diffie-Hellman using a specific
+elliptic curve.
+Use the
+.B x25519
+algorithm of the
+.B key add
+command
+(see
+.BR key (1))
+to generate the key.
+.PP
+The bulk crypto transform is chosen based on the
+.B bulk
+attribute on the key, or, failing that,
+from the
+.I bulk
+stated in the
+.IR kemalgspec .
+Run
+.B catcrypt show bulk
+for a list of supported bulk crypto transforms.
+.TP
+.B gencomp
+A generic composition of
+a cipher secure against chosen-plaintext attack,
+and a message authentication code.
+Makes use of
+.B cipher
+and
+.B mac
+attributes.
+This is the default transform.
+.TP
+.B naclbox
+Use Salsa20 or ChaCha and Poly1305 to secure the bulk data.
+This is nearly the same as the NaCl
+.B crypto_secretbox
+construction,
+except that
+.B catcrypt
+uses Salsa20 or ChaCha rather than XSalsa20,
+because it doesn't need the latter's extended nonce.
+The
+.B cipher
+attribute may be set to one of
+.BR salsa20 ,
+.BR salsa20/12 ,
+.BR salsa20/8 ,
+.BR chacha20 ,
+.BR chacha12 ,
+or
+.BR chacha8 ;
+the default is
+.BR salsa20 .
 .PP
 As well as the KEM itself, a number of supporting algorithms are used.
 These are taken from appropriately named attributes on the key or,
 failing that, derived from other attributes as described below.
 .TP
 .B cipher
-This is the symmetric encryption algorithm used for bulk data
-encryption.  If there is no
+This is the symmetric encryption algorithm
+used by the bulk data transform.
+If there is no
 .B cipher
 attribute then the
-.I cipher
+.I bulk
 in the
 .I kemalgspec
 is used; if that it absent, then the default of
@@ -230,9 +295,13 @@ is used.  Run
 for a list of supported symmetric encryption algorithms.
 .TP
 .B mac
-This is the message authentication algorithm used during bulk data
-encryption to ensure integrity of the encrypted message and defend
-against chosen-ciphertext attacks.  If there is no
+This is the message authentication algorithm
+used by the
+.B gencomp
+bulk data transform
+to ensure integrity of the encrypted message and
+defend against chosen-ciphertext attacks.
+If there is no
 .B mac
 attribute then
 .IB hash -hmac
@@ -584,7 +653,7 @@ All messages.
 .PP
 .B Warning!
 All output written has been checked for authenticity.  However, output
-can fail madway through for many reasons, and the resulting message may
+can fail midway through for many reasons, and the resulting message may
 therefore be truncated.  Don't rely on the output being complete until
 .B OK
 is printed or