5 \h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c
32 .TH tripe-keys.conf 5 "14 September 2005" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
34 tripe-keys.conf \- configuration file format for tripe-keys
40 file is a simple line-based configuration file read by
42 Lines may be empty (consist only of whitespace), be comments (first
43 non-whitespace character is
53 consists of alphanumeric characters and hyphens. Values may contain
54 substitutions, of the form
56 which are replaced by the value assigned to
60 have significance to the
62 program: these are described below. Many have sensible defaults.
63 .SS "The tripe-keys.master file"
64 The client configuration file is built by applying substitutions to the
66 file. The following tokens are substituted:
69 The sequence number of the most recently-added signing key.
72 The fingerprint of the signing key identified by
73 .BR @MASTER-SEQUENCE@ .
74 .SS "Master repository parameters"
77 The base URL of the key repository (usually with a trailing
79 Typically, this will be something like
80 .RB http://www.distorted.org.uk/vpn/ .
84 The basename for the repository archive. Default is
85 .BR tripe-keys.tar.gz .
88 The basename template for repository signatures. Default is
89 .BR tripe-keys.sig-<SEQ> .
92 portion, if any, is replaced by the sequence number of the key which
96 The URL for the key repository tarball. Default is the concatenation of
102 The URL template for key repository signatures. Default is the
109 The sequence number of the master authority's current signing key. No
110 default. Usually set up automatically.
113 The fingerprint of the current master signing key. No default. Usually
114 set up automatically.
115 .SS "Crypto parameters"
118 Key-exchange algorithm to use. Either
120 (integer Diffie-Hellman)
123 (elliptic curves). The default is
129 when generating the parameters key. Default depends on
139 dh \-LS \-b2048 \-B256
145 Expiry time for generated keys. Default is
149 Hashing algorithm to use. Default is
153 Message authentication algorithm to use. Default is
154 .IB hash -hmac/ halfhashlen \fR,
162 Mask-generation algorithm to use. Default is
164 This is probably a good choice.
167 Symmetric encryption scheme to use. Default is
171 Signature scheme to use. Must be one of those recognized by
187 Key-generation algorithm for signing key. Default depends on
207 Signature-key generation parameters. Default depends on
217 dh \-LS \-b2048 \-B256
225 Hash function to use for making signatures. Default is
229 Oldest time we should consider a signed archive to be fresh. Default is
231 meaning that all signatures are fresh.
234 Expiry time for master signing key. Default is
238 Hash function to use for key fingerprinting. Default is
240 .SS "Master maintenance parameters"
243 Local base directory for the repository files. This probably ought to
246 character. No default.
249 Filename for local repository tarball. Default is the concatenation of
255 Tempalte for repository signatures. Default is the concatenation of
261 Filename for local repository configuration file. Default is
262 .IB basedir /tripe-keys.conf \fR.
267 Mark Wooding, <mdw@distorted.org.uk>