X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/44e2927917faa9ab4ad4f3e4931d746192a241b0..ca3aaaeb369633cd65c8cc29dde88daff2c38e8c:/keys/tripe-keys.master diff --git a/keys/tripe-keys.master b/keys/tripe-keys.master index eef2a00c..01e094ba 100644 --- a/keys/tripe-keys.master +++ b/keys/tripe-keys.master @@ -1,48 +1,55 @@ -# tripe-keys configuration file -# -# see tripe-keys.conf(5) for full details +### -*-conf-*- +### +### tripe-keys configuration file +### +### see tripe-keys.conf(5) for full details -### File locations (required) +###-------------------------------------------------------------------------- +### File locations (required). -# The base URL for the repository files. Include the trailing slash if -# necessary. +## The base URL for the repository files. Include the trailing slash if +## necessary. # base-url = http://some.server.somewhere/blah/ -# The local directory name for the repository files. Again, include the -# trailing slash if necessary. +## The local directory name for the repository files. Again, include the +## trailing slash if necessary. # base-dir = /some/directory/blah/ -### Crypto parameters +###-------------------------------------------------------------------------- +### Crypto parameters. -# The key-exchange type. May be `dh' or `ec'. +## The key-exchange type. May be `dh' or `ec'. # kx = dh -# Key-generation parameters for key exchange group. -# kx-param = -LS -b2048 -B256 +## Key-generation parameters for key exchange group. +# kx-param = -LS -b3072 -B256 +# kx-param = -Pnist-p256 -# Expiry time for peer key-exchange keys. -# kx-expire = now + 1 day +## Expiry time for peer key-exchange keys. +# kx-expire = now + 1 year -# Symmetric encryption scheme to use. -# cipher = blowfish-cbc +## Symmetric encryption scheme to use. +# cipher = rijndael-cbc -# Hash function to use. (We derive the MGF and MAC from this.) +## Hash function to use. (We derive the MGF and MAC from this.) # hash = sha256 -# Signature scheme to use for signing/verifying repository archives. +## Signature scheme to use for signing/verifying repository archives. # sig = dsa +# sig = ecdsa -# How recently an archive must have been signed to be valid. +## How recently an archive must have been signed to be valid. # sig-fresh = always -# When the signing key expires. +## When the master signing key expires. # sig-expire = forever +###-------------------------------------------------------------------------- ### Master key integrity -# Since the master public key is contained within the repository, we must -# check its integrity: therefore we record its sequence number and -# fingerprint here. These are filled in automatically by -# `tripe-keys upload'. Leave them as they are. +## Since the master public key is contained within the repository, we must +## check its integrity: therefore we record its sequence number and +## fingerprint here. These are filled in automatically by `tripe-keys +## upload'. Leave them as they are. master-sequence = @MASTER-SEQUENCE@ hk-master = @HK-MASTER@