as
.IB key = value
pairs separated by spaces.
-Default is empty.
+Default is
+.BR serialization=constlen .
.TP
.I kx-expire
Expiry time for generated keys. Default is
Hashing algorithm to use. Default is
.BR sha256 .
.TP
+.I bulk
+The bulk crypto transform to use.
+Default is
+.BR iiv .
+.ne 8
+.TP
.I mac
-Message authentication algorithm to use. Default is
-.IB hash -hmac/ halfhashlen \fR,
-where
+Message authentication algorithm to use.
+Default depends on
+.I bulk
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+bulk mac
+_
+v0 \fIhash\fB-hmac/\fIhalfhashlen
+iiv \fIhash\fB-hmac/\fIhalfhashlenrijndael-cbc
+naclbox poly1305/128
+_
+.TE
+.IP
+(In the above,
.I halfhashlen
is half of
.IR hash 's
-output length.
+output length.)
.TP
.I mgf
Mask-generation algorithm to use. Default is
.IB hash -mgf \fR.
This is probably a good choice.
-.ne 6
+.ne 7
.TP
.I cipher
-Symmetric encryption scheme to use. Default is
-.BR rijndael-cbc .
-.ne 6
+Symmetric encryption scheme to use.
+Default depends on
+.I bulk
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+bulk cipher
+_
+v0 rijndael-cbc
+iiv rijndael-cbc
+naclbox chacha20
+_
+.TE
+.ne 7
.TP
.I sig
Signature scheme to use. Must be one of those recognized by