3 ;;; Default configuration for infrastructure keys
5 ;;; (c) 2012 Mark Wooding
8 ;;;----- Licensing notice ---------------------------------------------------
10 ;;; This file is part of the distorted.org.uk key management suite.
12 ;;; distorted-keys is free software; you can redistribute it and/or modify
13 ;;; it under the terms of the GNU General Public License as published by
14 ;;; the Free Software Foundation; either version 2 of the License, or
15 ;;; (at your option) any later version.
17 ;;; distorted-keys is distributed in the hope that it will be useful,
18 ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
19 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 ;;; GNU General Public License for more details.
22 ;;; You should have received a copy of the GNU General Public License
23 ;;; along with distorted-keys; if not, write to the Free Software Foundation,
24 ;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 ;;;--------------------------------------------------------------------------
27 ;;; Infrastructure keys conventions.
29 ;;; Infrastructure keys are unusual in that they don't usually have access
30 ;;; control lists. Instead, they're used either automatically or as a direct
31 ;;; result of action by a privileged user.
33 ;;; Some key types (e.g., `gnupg') try to associate meaningful names with
34 ;;; their keys. When infrastructure keys are generated, parameters are
35 ;;; provided containing fragments of information which might be useful when
36 ;;; constructing such names. These parameters are described in detail
37 ;;; below. The default profile for each type of infrastructure key defines
38 ;;; the following properties constructed from these fragments.
40 ;;; %description A short but readable description of the key,
41 ;;; including its purpose and label.
43 ;;; %tag A condensed tag, containing the label and other
44 ;;; identifying features, suitable for inclusion in the
45 ;;; local part of an email address.
47 ;;; Commands which generate infrastructure keys accept an option, usually
48 ;;; `-p', to specify a profile by name; the default, which is almost always
49 ;;; what you want, is to use the appropriate top-level profile defined here.
51 ;;; All profiles for infrastructure keys include one of these four sections:
53 ;;; %infra-asec `Asymmetric secrecy', i.e., public-key encryption and
56 ;;; %infra-aint `Asymmetric integrity', i.e., issuing and verifying
57 ;;; digital signatures.
59 ;;; %infra-ssec `Symmetric secrecy', i.e., standard symmetric
60 ;;; encryption and decryption.
62 ;;; %infra-sint `Symmetric integrity', i.e., generating and verifyng
63 ;;; message authentication code tags.
65 ;;; Each of these simply includes two further sections (though they're useful
66 ;;; if you want to select different key types for different purposes): one of
67 ;;; `%infra-asymm' or `%infra-symm' according to whether the key is
68 ;;; asymmetric or symmetric, and one of `%infra-sec' or `%infra-int'
69 ;;; according to whether it's for secrecy or integrity.
71 ;;; (Currently, there are no symmetric infrastructure keys.)
76 @include = %infra-common
79 @include = %infra-common
82 @include = %gnupg-infra %infra-common
85 @include = %infra-common
88 @include = %infra-asymm %infra-sec
91 @include = %infra-asymm %infra-int
94 @include = %infra-symm %infra-sec
97 @include = %infra-symm %infra-int
99 ;;;--------------------------------------------------------------------------
102 ;;; Name fragment parameters supplied:
104 ;;; keeper The label of the keeper set.
106 ;;; seq Sequence number of this key in the set (from 0, up
109 ;;; num The number of keys in the set.
112 @include = %infra-asec
113 %description = %{keeper} %{seq}/%{num}
114 %tag = %{keeper}-%{seq}
116 ;;;--------------------------------------------------------------------------
119 ;;; Name fragment parameters supplied.
121 ;;; recov The label of the recovery key.
124 @include = %infra-asec
125 %description = %{recov}
128 ;;;--------------------------------------------------------------------------
129 ;;; Archive integrity keys.
131 ;;; These are user keys (so that users can verify archives with them). The
132 ;;; properties here assume a parameter `label' is provided at generation
136 @include = %infra-aint %archive
137 %description = %{label}
141 @include = %asymmetric-integrity
142 acl-sign = $acl-%none
144 ;;;----- That's all, folks --------------------------------------------------