X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/373641eaacc86b56715a2ebf0b603fce25c16051..bd6d65e32b835551677456bf286d09ced6859882:/progs/catcrypt.1

diff --git a/progs/catcrypt.1 b/progs/catcrypt.1
index 698b2db9..d944bfab 100644
--- a/progs/catcrypt.1
+++ b/progs/catcrypt.1
@@ -248,9 +248,23 @@ Makes use of
 .B cipher
 and
 .B mac
-attributes.
+attributes.  Run
+.B catcrypt show cipher
+for a list of supported symmetric encryption algorithms; the default
+.I cipher
+is
+.BR blowfish-cbc .
 This is the default transform.
 .TP
+.B aead
+Use an `authenticated encryption with additional data' (AEAD) scheme.
+The specific scheme is named by the
+.B cipher
+attribute.  Run
+.B catcrypt show aead
+for a list of supported AEAD schemes; the default is
+.BR chacha20-poly1305 .
+.TP
 .B naclbox
 Use Salsa20 or ChaCha and Poly1305 to secure the bulk data.
 This is nearly the same as the NaCl
@@ -272,6 +286,11 @@ or
 .BR chacha8 ;
 the default is
 .BR salsa20 .
+Nowadays, this is equivalent to the
+.B aead
+transform, using
+.IB cipher -naclbox
+as the cipher.
 .PP
 As well as the KEM itself, a number of supporting algorithms are used.
 These are taken from appropriately named attributes on the key or,
@@ -286,11 +305,8 @@ attribute then the
 .I bulk
 in the
 .I kemalgspec
-is used; if that it absent, then the default of
-.B blowfish-cbc
-is used.  Run
-.B catcrypt show cipher
-for a list of supported symmetric encryption algorithms.
+is used; if that it absent, then the default depends on the bulk
+transform.
 .TP
 .B hash
 This is the hash function used to distil entropy from the shared secret
@@ -445,6 +461,24 @@ command
 .BR key (1))
 to generate the key.
 .TP
+.B ed448
+This is Bernstein, Duif, Lange, Schwabe, and Yang's EdDSA algorithm,
+using Hamburg's Ed448-Goldilocks elliptic curve,
+as specified in RFC8032.
+More specifically, this is HashEd448
+using the selected
+.B hash
+algorithm \(en by default
+.BR sha3-512 .
+Use the
+.B ed448
+algorithm of the
+.B key add
+command
+(see
+.BR key (1))
+to generate the key.
+.TP
 .B mac
 This uses a symmetric message-authentication algorithm rather than a
 digital signature.  The precise message-authentication scheme used is
@@ -484,6 +518,14 @@ and
 .BR eckcdsa ,
 the default hash function is
 .BR has160 .
+For
+.BR ed25519 ,
+the default hash function is
+.BR sha512 .
+For
+.BR ed448 ,
+the default hash function is
+.BR shake256 .
 .PP
 Run
 .B catcrypt show hash
@@ -533,24 +575,26 @@ key-encapsulation key's
 attribute.
 .TP
 .B cipher
-The symmetric encryption algorithms which can be used in a
+The symmetric encryption algorithms which can be named in a
 key-encapsulation key's
 .B cipher
-attribute.
+attribute when using the
+.B gencomp
+bulk transform.
 .TP
 .B mac
-The message authentication algorithms which can be used in a
+The message authentication algorithms which can be named in a
 key-encapsulation key's
 .B mac
 attribute.
 .TP
 .B sig
-The signature algorithms which can be used in a signing key's
+The signature algorithms which can be named in a signing key's
 .B sig
 attribute.
 .TP
 .B hash
-The hash functions which can be used in a key's
+The hash functions which can be named in a key's
 .B hash
 attribute.
 .TP