5 \h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c
32 .TH tripe-keys 8 "14 September 2005" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
34 tripe-keys \- simple centralized key management for tripe
38 .IP "Operations supported:"
39 .BI "help \fR[" command \fR]
57 script implements a very simple, centralized key management system for
59 It assumes that there is a central authority who knows all the public
60 keys for a private network.
66 of public keys. It provides a way for a master authority to publish the
67 repository and for clients to obtain authentic copies of it.
69 The repository is very simple: it consists of a directory
71 full of public-key files, each named
72 .BI peer- tag .pub \fR.
74 The repository setup process creates a master signing key, stored in the
76 keyring, and a key describing the parameters to be used for generating
77 key-exchange keys, stored in
80 The master authority has a configuration file
81 .BR tripe-keys.master ,
82 usually created by copying the template provided and editing it.
84 The published repository consists of a tarball of the
86 directory, containing the key-generation parameters and all the peers'
87 public keys, and a client configuration file
89 The tarball is signed by the master authority's signing key.
91 The client configuration file is essentially a copy of
93 with some extra bits filled in: in particular, it contains the
94 fingerprint of the master signing key, so that the client can be sure
95 it's checking the right key.
97 A peer starts by downloading a copy of
99 and then making sure it's authentic. (This is one of the tricky bits.
100 The other is getting public keys back to the master authority.) This is
101 enough for the peer to fetch a copy of the repository, verify the
102 signature, and assemble a public keyring for the other peers in the
107 that simple. The system allows new signing keys to replace old ones, so
108 in fact the publication process signs the repository archive using a
109 collection of keys. Each signing key is given a sequence number. The
110 client configuration file contains the sequence number of the master
111 signing key whose fingerprint it knows. During an update, the right
112 signature is fetched and checked; if there's a new master key, then the
114 in the new repository archive will have its sequence number and
115 fingerprint: the update process will replace its configuration file with
116 the new version, and the peer will use the new key from then on.
120 program accepts some standard command-line options:
123 Print general help about
125 to standard output and exit successfully.
127 .B "\-v, \-\-version"
128 Print the version number of
130 to standard output and exit successfully.
133 Print brief usage about
135 to standard output and exit successfully.
138 .BI "help \fR[" command \fR]
139 With no arguments, shows help, as for the
141 option. With an argument, shows help about that
145 Constructs a new repository and makes a signing key (as for
147 and key-exchange parameters. Fails if
152 Build a repository archive, sign it with the active signing keys, and
155 file. Copy the results to the places named by
160 respectively. (This command is currently misnamed. It only copies
161 stuff about the local filesystem. Some day it'll really upload stuff.)
164 Generate a peer key for the peer named
166 The private key ends up in
168 the public key is written to
175 Fetches a new copy of the repository archive and its signature. It
176 unpacks the archive in a temporary directory, and checks the enclosed
177 master public key against the fingerprint in the configuration file. It
178 then verifies the signature on the archive using this public key. If
179 all is well, it replaces the current
181 directory with the version in the new archive, and if necessary it
182 replaces the current configuration file with the new one in the
183 archive. It then does a
190 Generates a new master signing key. The old master key is not deleted.
193 Rebuilds the public keyring
195 from the public keys in the
200 Deletes everything which
202 might have written to a directory. In particular, it deletes
213 .BR tripe\-keys.conf (5),
216 Mark Wooding, <mdw@distorted.org.uk>