~mdw
/
tripe
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
server/, keys/: Support Bernstein's X25519 and Hamburg's X448 algorithms.
[tripe]
/
keys
/
tripe-keys.conf.5.in
diff --git
a/keys/tripe-keys.conf.5.in
b/keys/tripe-keys.conf.5.in
index
ab4c9e1
..
4fc0485
100644
(file)
--- a/
keys/tripe-keys.conf.5.in
+++ b/
keys/tripe-keys.conf.5.in
@@
-148,7
+148,7
@@
or
.B ec
(elliptic curves). The default is
.BR dh .
.B ec
(elliptic curves). The default is
.BR dh .
-.ne
7
+.ne
9
.TP
.I kx-genalg
Key generation algorithm name to pass to
.TP
.I kx-genalg
Key generation algorithm name to pass to
@@
-166,9
+166,11
@@
kx kx-genalg
_
dh dh
ec ec
_
dh dh
ec ec
+x25519 x25519
+x448 x448
_
.TE
_
.TE
-.ne
7
+.ne
9
.TP
.I kx-param-genalg
Key generation algorithm name to pass to
.TP
.I kx-param-genalg
Key generation algorithm name to pass to
@@
-186,9
+188,11
@@
kx kx-param-genalg
_
dh dh-param
ec ec-param
_
dh dh-param
ec ec-param
+x25519 empty
+x448 empty
_
.TE
_
.TE
-.ne
7
+.ne
9
.TP
.I kx-param
Options to pass to
.TP
.I kx-param
Options to pass to
@@
-205,8
+209,11
@@
kx kx-param
_
dh \-LS \-b3072 \-B256
ec \-Cnist-p256
_
dh \-LS \-b3072 \-B256
ec \-Cnist-p256
+x25519 \fInone
+x448 \fInone
_
.TE
_
.TE
+.ne 9
.TP
.I kx-attrs
Additional attributes to set on the parameters
.TP
.I kx-attrs
Additional attributes to set on the parameters
@@
-214,8
+221,22
@@
Additional attributes to set on the parameters
as
.IB key = value
pairs separated by spaces.
as
.IB key = value
pairs separated by spaces.
-Default is
-.BR serialization=constlen .
+Default depends on
+.I kx
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx kx-attrs
+_
+dh serialization=constlen
+ec serialization=constlen
+x25519 \fIempty
+x448 \fIempty
+_
+.TE
.TP
.I kx-expire
Expiry time for generated keys. Default is
.TP
.I kx-expire
Expiry time for generated keys. Default is
@@
-278,7
+299,7
@@
iiv rijndael-cbc
naclbox chacha20
_
.TE
naclbox chacha20
_
.TE
-.ne
7
+.ne
8
.TP
.I sig
Signature scheme to use. Must be one of those recognized by
.TP
.I sig
Signature scheme to use. Must be one of those recognized by
@@
-295,6
+316,8
@@
kx sig
_
dh dsa
ec ecdsa
_
dh dsa
ec ecdsa
+x25519 ed25519
+x448 ed448
_
.TE
.ne 12
_
.TE
.ne 12