X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/b2177d0418407afaf5fbabe7d5d9b19ce6fb9105..97e1aa23bec8e780de7f7afa962fd66f143736d8:/server/tripe.8.in

diff --git a/server/tripe.8.in b/server/tripe.8.in
index 4ec21bee..f65bb3f0 100644
--- a/server/tripe.8.in
+++ b/server/tripe.8.in
@@ -286,7 +286,11 @@ is a terrible idea.
 .TP
 .BI "\-T, \-\-trace=" trace-opts
 Allows the enabling or disabling of various internal diagnostics.  See
-below for the list of options.
+the
+.B TRACE
+command in
+.BR trace-admin (5)
+for the list of options.
 .SS "Key exchange group types"
 The
 .B tripe
@@ -500,6 +504,36 @@ doesn't need the (possibly slow) random number generator, and (b) it
 closes a kleptographic channel, over which a compromised implementation
 could leak secret information to a third party.
 .TP
+.B aead
+A transform based on an all-in-one `authenticated encryption with
+additional data' scheme.  The scheme is named in the
+.B cipher
+attribute; the default is
+.BR rijndael-ocb3 .
+If the
+.B mac
+attribute is given, it must be either
+.B aead
+or
+.BR aead/ \c
+.IR tagsz ,
+where
+.I tagsz
+is the desired tag length in bits; alternatively, the tag length can be
+set in the
+.B tagsz
+attribute.  The chosen AEAD scheme must accept at least a 64-bit nonce
+(this rules out OCB3 and CCM with 64-bit blockciphers); it mustn't
+require an absurdly large nonce size (none of the schemes implemented in
+Catacomb present a problem here, but it bears mentioning); it must
+actually support additional header data (which rules out the
+.B naclbox
+schemes, but see the
+.B naclbox
+transform below); and it must produce an empty ciphertext when
+encrypting an empty message (again, all of Catacomb's schemes meet this
+requirement).
+.TP
 .B naclbox
 A transform based on the NaCl
 .B crypto_secretbox