Additional options for generating master keys. Default is
.RB ` -l '.
.TP
+.I master-attrs
+Additional attributes to set on the master key,
+as
+.IB key = value
+pairs separated by spaces.
+Default is empty.
+.TP
.I hk-master
The fingerprint of the current master signing key. No default. Usually
set up automatically.
.B ec
(elliptic curves). The default is
.BR dh .
+.ne 7
+.TP
+.I kx-genalg
+Key generation algorithm name to pass to
+.B "key add"
+when generating keys.
+Default depends on
+.I kx
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx kx-genalg
+_
+dh dh
+ec ec
+_
+.TE
+.ne 7
+.TP
+.I kx-param-genalg
+Key generation algorithm name to pass to
+.B "key add"
+when generating the parameters key.
+Default depends on
+.I kx
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx kx-param-genalg
+_
+dh dh-param
+ec ec-param
+_
+.TE
+.ne 7
.TP
.I kx-param
Options to pass to
_
.TE
.TP
+.I kx-attrs
+Additional attributes to set on the parameters
+(and therefore copied to peer keys),
+as
+.IB key = value
+pairs separated by spaces.
+Default is empty.
+.TP
.I kx-expire
Expiry time for generated keys. Default is
.BR "now + 1 year" .
Mask-generation algorithm to use. Default is
.IB hash -mgf \fR.
This is probably a good choice.
+.ne 6
.TP
.I cipher
Symmetric encryption scheme to use. Default is
-.BR blowfish-cbc .
+.BR rijndael-cbc .
+.ne 6
.TP
.I sig
Signature scheme to use. Must be one of those recognized by
.BR catsign (1).
-Default is
-.B dsa
-if
-.I kx
-is
-.BR dh ,
-or
-.B ecdsa
-if
+Default depends on
.I kx
-is
-.BR ec .
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx sig
+_
+dh dsa
+ec ecdsa
+_
+.TE
+.ne 10
.TP
.I sig-genalg
Key-generation algorithm for signing key. Default depends on
eckcdsa ec
_
.TE
+.ne 8
.TP
.I sig-param
Signature-key generation parameters. Default depends on