.\"
.\" This file is part of Trivial IP Encryption (TrIPE).
.\"
-.\" TrIPE is free software; you can redistribute it and/or modify
-.\" it under the terms of the GNU General Public License as published by
-.\" the Free Software Foundation; either version 2 of the License, or
-.\" (at your option) any later version.
+.\" TrIPE is free software: you can redistribute it and/or modify it under
+.\" the terms of the GNU General Public License as published by the Free
+.\" Software Foundation; either version 3 of the License, or (at your
+.\" option) any later version.
.\"
-.\" TrIPE is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-.\" GNU General Public License for more details.
+.\" TrIPE is distributed in the hope that it will be useful, but WITHOUT
+.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+.\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+.\" for more details.
.\"
.\" You should have received a copy of the GNU General Public License
-.\" along with TrIPE; if not, write to the Free Software Foundation,
-.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+.\" along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
.
.\"--------------------------------------------------------------------------
.so ../common/defs.man \" @@@PRE@@@
.BR @MASTER-SEQUENCE@ .
.SS "Master repository parameters"
.TP
-.I base-url
+.B base-url
The base URL of the key repository (usually with a trailing
.RB ` / ').
Typically, this will be something like
-.RB http://www.distorted.org.uk/vpn/ .
+.RB ` http://www.distorted.org.uk/vpn/ '.
No default.
.TP
-.I repos-base
+.B repos-base
The basename for the repository archive. Default is
-.BR tripe-keys.tar.gz .
+.RB ` tripe-keys.tar.gz '.
.TP
-.I sig-base
+.B sig-base
The basename template for repository signatures. Default is
-.BR tripe-keys.sig-<SEQ> .
+.RB ` tripe-keys.sig-<SEQ> '.
The
.RB ` <SEQ> '
portion, if any, is replaced by the sequence number of the key which
made the signature.
.TP
-.I repos-url
+.B repos-url
The URL for the key repository tarball. Default is the concatenation of
.I base-url
and
.IR repos-base .
.TP
-.I sig-url
+.B sig-url
The URL template for key repository signatures. Default is the
concatenation of
.I base-url
and
.IR sig-base .
.TP
-.I master-sequence
+.B master-sequence
The sequence number of the master authority's current signing key. No
default. Usually set up automatically.
.TP
-.I master-keygen-flags
+.B master-keygen-flags
Additional options for generating master keys. Default is
-.RB ` -l '.
+.RB ` \-l '.
+.TP
+.B master-attrs
+Additional attributes to set on the master key,
+as
+.IB key = value
+pairs separated by spaces.
+Default is empty.
.TP
-.I hk-master
+.B hk-master
The fingerprint of the current master signing key. No default. Usually
set up automatically.
.TP
-.I upload-hook
+.B upload-hook
A shell command to run by
.B tripe-keys upload
after it has successfully written the
and
.IR sig-file s.
Default is
-.B ": run upload hook"
+.RB ` ": run upload hook" '
which does nothing.
.SS "Crypto parameters"
.TP
-.I kx
+.B kx
Key-exchange algorithm to use. Either
.B dh
(integer Diffie-Hellman)
or
.B ec
(elliptic curves). The default is
-.BR dh .
-.ne 7
+.RB ` dh '.
+.ne 9
.TP
-.I kx-genalg
+.B kx-genalg
Key generation algorithm name to pass to
.B "key add"
when generating keys.
_
dh dh
ec ec
+x25519 x25519
+x448 x448
_
.TE
-.ne 7
+.ne 9
.TP
-.I kx-param-genalg
+.B kx-param-genalg
Key generation algorithm name to pass to
.B "key add"
when generating the parameters key.
_
dh dh-param
ec ec-param
+x25519 empty
+x448 empty
_
.TE
-.ne 7
+.ne 9
.TP
-.I kx-param
+.B kx-param
Options to pass to
.B "key add"
when generating the parameters key. Default depends on
_
dh \-LS \-b3072 \-B256
ec \-Cnist-p256
+x25519 \fInone
+x448 \fInone
+_
+.TE
+.ne 9
+.TP
+.B kx-attrs
+Additional attributes to set on the parameters
+(and therefore copied to peer keys),
+as
+.IB key = value
+pairs separated by spaces.
+Default depends on
+.I kx
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx kx-attrs
+_
+dh serialization=constlen
+ec serialization=constlen
+x25519 \fIempty
+x448 \fIempty
_
.TE
.TP
-.I kx-expire
+.B kx-expire
Expiry time for generated keys. Default is
-.BR "now + 1 year" .
+.RB ` "now + 1 year" '.
.TP
-.I hash
+.B hash
Hashing algorithm to use. Default is
-.BR sha256 .
+.RB ` sha256 '.
.TP
-.I mac
-Message authentication algorithm to use. Default is
-.IB hash -hmac/ halfhashlen \fR,
-where
+.B bulk
+The bulk crypto transform to use.
+Default is
+.RB ` iiv '.
+.ne 8
+.TP
+.B mac
+Message authentication algorithm to use.
+Default depends on
+.I bulk
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+bulk mac
+_
+v0 \fIhash\fB-hmac/\fIhalfhashlen
+iiv \fIhash\fB-hmac/\fIhalfhashlen
+naclbox poly1305/128
+_
+.TE
+.IP
+(In the above,
.I halfhashlen
is half of
.IR hash 's
-output length.
+output length.)
.TP
-.I mgf
+.B mgf
Mask-generation algorithm to use. Default is
-.IB hash -mgf \fR.
+.BI \fR` hash -mgf \fR'.
This is probably a good choice.
+.ne 7
.TP
-.I cipher
-Symmetric encryption scheme to use. Default is
-.BR rijndael-cbc .
+.B cipher
+Symmetric encryption scheme to use.
+Default depends on
+.I bulk
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+bulk cipher
+_
+v0 rijndael-cbc
+iiv rijndael-cbc
+naclbox chacha20
+_
+.TE
+.ne 8
.TP
-.I sig
+.B sig
Signature scheme to use. Must be one of those recognized by
.BR catsign (1).
-Default is
-.B dsa
-if
-.I kx
-is
-.BR dh ,
-or
-.B ecdsa
-if
+Default depends on
.I kx
-is
-.BR ec .
-.ne 10
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx sig
+_
+dh dsa
+ec ecdsa
+x25519 ed25519
+x448 ed448
+_
+.TE
+.ne 12
.TP
-.I sig-genalg
+.B sig-genalg
Key-generation algorithm for signing key. Default depends on
.I sig
as follows.
_
kcdsa dh
dsa dsa
-rsapcs1 rsa
+rsapkcs1 rsa
rsapss rsa
ecdsa ec
eckcdsa ec
+ed25519 ed25519
+ed448 ed448
_
.TE
-.ne 8
+.ne 10
.TP
-.I sig-param
+.B sig-param
Signature-key generation parameters. Default depends on
.I sig-genalg
as follows.
dsa \-b3072 \-B256
rsa \-b3072
ec \-Cnist-p256
+ed25519 \fInone
+ed448 \fInone
_
.TE
.TP
-.I sig-hash
+.B sig-hash
Hash function to use for making signatures. Default is
.IR hash .
.TP
-.I sig-fresh
+.B sig-fresh
Oldest time we should consider a signed archive to be fresh. Default is
-.BR always ,
+.RB ` always ',
meaning that all signatures are fresh.
.TP
-.I sig-expire
+.B sig-expire
Expiry time for master signing key. Default is
-.BR forever .
+.RB ` forever '.
.TP
-.I fingerprint-hash
+.B fingerprint-hash
Hash function to use for key fingerprinting. Default is
.IR hash .
.SS "Master maintenance parameters"
.TP
-.I base-dir
+.B base-dir
Local base directory for the repository files. This probably ought to
end in a
.RB ` / '
character. Unexpected files in this directory will be removed by the
-.B tripe-keys upload
+.RB ` "tripe-keys upload" '
command. No default.
.TP
-.I repos-file
+.B repos-file
Filename for local repository tarball. Default is the concatenation of
.I base-dir
and
.IB repos-base .
.TP
-.I sig-file
+.B sig-file
Template for repository signatures. Default is the concatenation of
.I base-dir
and
.IR sig-base .
.TP
-.I conf-file
+.B conf-file
Filename for local repository configuration file. Default is
-.IB basedir /tripe-keys.conf \fR.
+.BI \fR` basedir /tripe-keys.conf \fR'.
.TP
-.I kx-warn-days
+.B kx-warn-days
The
.B "tripe-keys check"
command will warn about keys which will in less than
~mdw / tripe / blobdiff