~mdw
/
tripe
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
server/, keys/: Alternative serialization formats for hashing.
[tripe]
/
keys
/
tripe-keys.conf.5.in
diff --git
a/keys/tripe-keys.conf.5.in
b/keys/tripe-keys.conf.5.in
index
b6bc6eb
..
ee67e9a
100644
(file)
--- a/
keys/tripe-keys.conf.5.in
+++ b/
keys/tripe-keys.conf.5.in
@@
-214,7
+214,8
@@
Additional attributes to set on the parameters
as
.IB key = value
pairs separated by spaces.
as
.IB key = value
pairs separated by spaces.
-Default is empty.
+Default is
+.BR serialization=constlen .
.TP
.I kx-expire
Expiry time for generated keys. Default is
.TP
.I kx-expire
Expiry time for generated keys. Default is
@@
-224,6
+225,10
@@
Expiry time for generated keys. Default is
Hashing algorithm to use. Default is
.BR sha256 .
.TP
Hashing algorithm to use. Default is
.BR sha256 .
.TP
+.I bulk
+The bulk crypto transform to use.
+Default is
+.BR iiv .
.I mac
Message authentication algorithm to use. Default is
.IB hash -hmac/ halfhashlen \fR,
.I mac
Message authentication algorithm to use. Default is
.IB hash -hmac/ halfhashlen \fR,
@@
-237,27
+242,31
@@
output length.
Mask-generation algorithm to use. Default is
.IB hash -mgf \fR.
This is probably a good choice.
Mask-generation algorithm to use. Default is
.IB hash -mgf \fR.
This is probably a good choice.
+.ne 6
.TP
.I cipher
Symmetric encryption scheme to use. Default is
.BR rijndael-cbc .
.TP
.I cipher
Symmetric encryption scheme to use. Default is
.BR rijndael-cbc .
+.ne 6
.TP
.I sig
Signature scheme to use. Must be one of those recognized by
.BR catsign (1).
.TP
.I sig
Signature scheme to use. Must be one of those recognized by
.BR catsign (1).
-Default is
-.B dsa
-if
-.I kx
-is
-.BR dh ,
-or
-.B ecdsa
-if
+Default depends on
.I kx
.I kx
-is
-.BR ec .
-.ne 10
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx sig
+_
+dh dsa
+ec ecdsa
+_
+.TE
+.ne 12
.TP
.I sig-genalg
Key-generation algorithm for signing key. Default depends on
.TP
.I sig-genalg
Key-generation algorithm for signing key. Default depends on
@@
-276,9
+285,11
@@
rsapcs1 rsa
rsapss rsa
ecdsa ec
eckcdsa ec
rsapss rsa
ecdsa ec
eckcdsa ec
+ed25519 ed25519
+ed448 ed448
_
.TE
_
.TE
-.ne
8
+.ne
10
.TP
.I sig-param
Signature-key generation parameters. Default depends on
.TP
.I sig-param
Signature-key generation parameters. Default depends on
@@
-295,6
+306,8
@@
dh \-LS \-b3072 \-B256
dsa \-b3072 \-B256
rsa \-b3072
ec \-Cnist-p256
dsa \-b3072 \-B256
rsa \-b3072
ec \-Cnist-p256
+ed25519 \fInone
+ed448 \fInone
_
.TE
.TP
_
.TE
.TP