server/, keys/: Alternative serialization formats for hashing.

[tripe] / keys / tripe-keys.conf.5.in

diff --git a/keys/tripe-keys.conf.5.in b/keys/tripe-keys.conf.5.in
index b6bc6eb..ee67e9a 100644 (file)
--- a/keys/tripe-keys.conf.5.in
+++ b/keys/tripe-keys.conf.5.in
@@ -214,7 +214,8 @@ Additional attributes to set on the parameters
 as
 .IB key = value
 pairs separated by spaces.
-Default is empty.
+Default is
+.BR serialization=constlen .
 .TP
 .I kx-expire
 Expiry time for generated keys.  Default is
@@ -224,6 +225,10 @@ Expiry time for generated keys.  Default is
 Hashing algorithm to use.  Default is
 .BR sha256 .
 .TP
+.I bulk
+The bulk crypto transform to use.
+Default is
+.BR iiv .
 .I mac
 Message authentication algorithm to use.  Default is
 .IB hash -hmac/ halfhashlen \fR,
@@ -237,27 +242,31 @@ output length.
 Mask-generation algorithm to use.  Default is
 .IB hash -mgf \fR.
 This is probably a good choice.
+.ne 6
 .TP
 .I cipher
 Symmetric encryption scheme to use.  Default is
 .BR rijndael-cbc .
+.ne 6
 .TP
 .I sig
 Signature scheme to use.  Must be one of those recognized by
 .BR catsign (1).
-Default is
-.B dsa
-if
-.I kx
-is
-.BR dh ,
-or
-.B ecdsa
-if
+Default depends on
 .I kx
-is
-.BR ec .
-.ne 10
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx     sig
+_
+dh     dsa
+ec     ecdsa
+_
+.TE
+.ne 12
 .TP
 .I sig-genalg
 Key-generation algorithm for signing key.  Default depends on
@@ -276,9 +285,11 @@ rsapcs1    rsa
 rsapss rsa
 ecdsa  ec
 eckcdsa        ec
+ed25519        ed25519
+ed448  ed448
 _
 .TE
-.ne 8
+.ne 10
 .TP
 .I sig-param
 Signature-key generation parameters.  Default depends on
@@ -295,6 +306,8 @@ dh  \-LS \-b3072 \-B256
 dsa    \-b3072 \-B256
 rsa    \-b3072
 ec     \-Cnist-p256
+ed25519        \fInone
+ed448  \fInone
 _
 .TE
 .TP