Commit | Line | Data |
---|---|---|
ca3aaaeb MW |
1 | ### -*-conf-*- |
2 | ### | |
3 | ### tripe-keys configuration file | |
4 | ### | |
5 | ### see tripe-keys.conf(5) for full details | |
060ca767 | 6 | |
ca3aaaeb MW |
7 | ###-------------------------------------------------------------------------- |
8 | ### File locations (required). | |
060ca767 | 9 | |
ca3aaaeb MW |
10 | ## The base URL for the repository files. Include the trailing slash if |
11 | ## necessary. | |
060ca767 | 12 | # base-url = http://some.server.somewhere/blah/ |
13 | ||
ca3aaaeb MW |
14 | ## The local directory name for the repository files. Again, include the |
15 | ## trailing slash if necessary. | |
060ca767 | 16 | # base-dir = /some/directory/blah/ |
17 | ||
ca3aaaeb MW |
18 | ###-------------------------------------------------------------------------- |
19 | ### Crypto parameters. | |
060ca767 | 20 | |
ca3aaaeb | 21 | ## The key-exchange type. May be `dh' or `ec'. |
060ca767 | 22 | # kx = dh |
23 | ||
ca3aaaeb MW |
24 | ## Key-generation parameters for key exchange group. |
25 | # kx-param = -LS -b3072 -B256 | |
26 | # kx-param = -Pnist-p256 | |
060ca767 | 27 | |
ca3aaaeb MW |
28 | ## Expiry time for peer key-exchange keys. |
29 | # kx-expire = now + 1 year | |
060ca767 | 30 | |
ca3aaaeb MW |
31 | ## Symmetric encryption scheme to use. |
32 | # cipher = rijndael-cbc | |
060ca767 | 33 | |
ca3aaaeb | 34 | ## Hash function to use. (We derive the MGF and MAC from this.) |
060ca767 | 35 | # hash = sha256 |
36 | ||
ca3aaaeb | 37 | ## Signature scheme to use for signing/verifying repository archives. |
060ca767 | 38 | # sig = dsa |
ca3aaaeb | 39 | # sig = ecdsa |
060ca767 | 40 | |
ca3aaaeb | 41 | ## How recently an archive must have been signed to be valid. |
060ca767 | 42 | # sig-fresh = always |
43 | ||
ca3aaaeb | 44 | ## When the master signing key expires. |
060ca767 | 45 | # sig-expire = forever |
46 | ||
ca3aaaeb | 47 | ###-------------------------------------------------------------------------- |
575e728f | 48 | ### Master key integrity |
060ca767 | 49 | |
ca3aaaeb MW |
50 | ## Since the master public key is contained within the repository, we must |
51 | ## check its integrity: therefore we record its sequence number and | |
52 | ## fingerprint here. These are filled in automatically by `tripe-keys | |
53 | ## upload'. Leave them as they are. | |
575e728f | 54 | master-sequence = @MASTER-SEQUENCE@ |
060ca767 | 55 | hk-master = @HK-MASTER@ |