X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/de8edc7fdb0a26ca9cb736a49b020a64ee4a0d40..76e91db906e1e949955fee632b57a6e442046aef:/server/tripe.8.in?ds=sidebyside

diff --git a/server/tripe.8.in b/server/tripe.8.in
index c19ee57a..3997e1db 100644
--- a/server/tripe.8.in
+++ b/server/tripe.8.in
@@ -349,6 +349,69 @@ key add \-aec \-pparam \-talice \e
 	\-e"now + 1 year" tripe
 .VE
 .RE
+.sv -1
+.TP
+.B x25519
+.RS
+Use Bernstein's X25519 Diffie\(enHellman function.
+This is technically a variant on
+the general elliptic curve Diffie\(enHellman
+available through the
+.B ec
+setting,
+but carefully designed and heavily optimized.
+.PP
+To create
+.B x25519
+keys,
+say something like
+.VS
+key add \-aempty \-eforever \e
+	\-tparam tripe\-param kx-group=x25519
+.VE
+to construct a parameters key
+(see
+.BR key (1)
+for details);
+and create the private keys by
+.VS
+key add \-ax25519 \-pparam \-talice \e
+	\-e"now + 1 year" tripe
+.VE
+.RE
+.sv -1
+.TP
+.B x448
+.RS
+Use Hamburg's X448 Diffie\(enHellman function.
+Like
+.B x25519
+above,
+this is technically a variant on
+the general elliptic curve Diffie\(enHellman
+available through the
+.B ec
+setting,
+but carefully designed and heavily optimized.
+.PP
+To create
+.B x448
+keys,
+say something like
+.VS
+key add \-aempty \-eforever \e
+	\-tparam tripe\-param kx-group=x448
+.VE
+to construct a parameters key
+(see
+.BR key (1)
+for details);
+and create the private keys by
+.VS
+key add \-ax448 \-pparam \-talice \e
+	\-e"now + 1 year" tripe
+.VE
+.RE
 Note that the
 .BR tripe-keys (8)
 program provides a rather more convenient means for generating and
@@ -387,6 +450,18 @@ be followed by a
 and the desired tag length in bits.  The default is
 .IB hash \-hmac
 at half the underlying hash function's output length.
+If the MAC's name contains a
+.RB ` / '
+character,
+e.g.,
+.RB ` sha512/256 ',
+then an
+.I additional
+.RB ` / '
+and the tag size is required to disambiguate,
+so, e.g.,
+one might write
+.RB ` sha512/256/256 '.
 .TP
 .B mgf
 A `mask-generation function', used in the key-exchange.  The default is