~mdw
/
tripe
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
keys/tripe-keys.master: Include a nontrivial `sig-fresh' example.
[tripe]
/
keys
/
tripe-keys.master
diff --git
a/keys/tripe-keys.master
b/keys/tripe-keys.master
index
a4b98ae
..
4fe35f3
100644
(file)
--- a/
keys/tripe-keys.master
+++ b/
keys/tripe-keys.master
@@
-18,17
+18,18
@@
###--------------------------------------------------------------------------
### Crypto parameters.
###--------------------------------------------------------------------------
### Crypto parameters.
-## The key-exchange type. May be `dh'
or `ec
'.
+## The key-exchange type. May be `dh'
, `ec', `x25519', or `x448
'.
# kx = dh
## Key-generation parameters for key exchange group.
# kx-param = -LS -b3072 -B256
# kx = dh
## Key-generation parameters for key exchange group.
# kx-param = -LS -b3072 -B256
-# kx-param = -Pnist-p256
+# kx-param = -Cnist-p256
+# kx-param =
## Expiry time for peer key-exchange keys.
# kx-expire = now + 1 year
## Expiry time for peer key-exchange keys.
# kx-expire = now + 1 year
-## Bulk crypto transform to use. May be `v0',
or `iiv
'.
+## Bulk crypto transform to use. May be `v0',
`iiv', or `naclbox
'.
# bulk = iiv
## Symmetric encryption scheme to use.
# bulk = iiv
## Symmetric encryption scheme to use.
@@
-44,6
+45,7
@@
## How recently an archive must have been signed to be valid.
# sig-fresh = always
## How recently an archive must have been signed to be valid.
# sig-fresh = always
+# sig-fresh = 28 days ago
## When the master signing key expires.
# sig-expire = forever
## When the master signing key expires.
# sig-expire = forever