X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/fe2a5dcf9de1f124ed3cfa2c6327860bd5aca820..19bf6ea000a9283ea33736dfaa6e0bfac7866acb:/server/tripe-admin.5.in diff --git a/server/tripe-admin.5.in b/server/tripe-admin.5.in index 6ffa6cd6..e15a66ac 100644 --- a/server/tripe-admin.5.in +++ b/server/tripe-admin.5.in @@ -27,7 +27,7 @@ .so ../common/defs.man \" @@@PRE@@@ . .\"-------------------------------------------------------------------------- -.TH tripe-admin 5 "18 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption" +.TH tripe-admin 5tripe "18 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption" . .\"-------------------------------------------------------------------------- .SH "NAME" @@ -364,6 +364,19 @@ address and emit an .B NEWADDR notification. .TP +.BI "\-priv " tag +Use the private key +.I tag +to authenticate to the peer. The default is to use the key named in the +.RB ` \-t ' +command-line option, or a key with type +.B tripe +or +.BR tripe-dh : +see +.BR tripe (8) +for the details. +.TP .BI "\-tunnel " tunnel Use the named tunnel driver, rather than the default. .\"-opts @@ -410,6 +423,12 @@ The mask-generating function in use, e.g., .B hashsz The size of the hash function's output, in octets. .TP +.B bulk-transform +The name of the bulk-crypto transform. +.TP +.B bulk-overhead +The amount of overhead, in bytes, caused by the crypto transform. +.TP .B cipher The name of the bulk data cipher in use, e.g., .BR blowfish-cbc . @@ -428,7 +447,7 @@ allow for a seamless changeover of keys.) .TP .B mac The message authentication algorithm in use, e.g., -.BR ripemd160-hmac .. +.BR ripemd160-hmac . .TP .B mac-keysz The length of the key used by the message authentication algorithm, in @@ -436,6 +455,16 @@ octets. .TP .B mac-tagsz The length of the message authentication tag, in octets. +.TP +.B blkc +The block cipher in use, e.g., +.BR blowfish . +.TP +.B blkc-keysz +The length of key used by the block cipher, in octets. +.TP +.B blkc-blksz +The block size of the block cipher. .PP The various sizes are useful, for example, when computing the MTU for a tunnel interface. If @@ -443,13 +472,12 @@ tunnel interface. If is the MTU of the path to the peer, then the tunnel MTU should be .IP .I MTU -\- 33 \- -.I cipher-blksz -\- -.I mac-tagsz +\- 29 \- +.I bulk-overhead .PP allowing 20 bytes of IP header, 8 bytes of UDP header, a packet type -octet, a four-octet sequence number, an IV, and a MAC tag. +octet, and the bulk-crypto transform overhead (which includes the +sequence number). .RE .SP .BI "BGCANCEL " tag @@ -465,7 +493,7 @@ or in a greeting message. .SP .B "DAEMON" Causes the server to disassociate itself from its terminal and become a -background task. This only works once. A warning is issued. +background task. This only works once. A notification is issued. .SP .BI "EPING \fR[" options "\fR] " peer Sends an encrypted ping to the peer, and expects an encrypted response. @@ -557,7 +585,12 @@ may change during the life of the association. .B private-key The private key tag being used for the peer, as passed to the .B ADD -command. +command, or the +.RB ` \-t ' +command-line option. If neither of these was given explicitly, the +private key tag is shown as +.RB ` (default) ', +since there is no fixed tag used under these circumstances. .TP .B current-private-key The full key tag of the private key currently being used for this @@ -1220,6 +1253,9 @@ and the second token is the filename of the keyring. Frequently a key tag may be given next, preceded by the token .BR key . .SP +.BI "KEYMGMT private-keyring " file " key " tag " incorrect-public-key" +The private key doesn't record the correct corresponding public key. +.SP .BI "KEYMGMT public-keyring " file " key " tag " algorithm-mismatch" A peer's public key doesn't request the same algorithms as our private key. @@ -1243,6 +1279,12 @@ exchange. .BI "KEYMGMT " which "-keyring " file " io-error " ecode " " message A system error occurred while opening or reading the keyring file. .SP +.BI "KEYMGMT " which "-keyring " file " key " tag " unknown-bulk-transform " bulk +The key specifies the use of an unknown bulk-crypto transform +.IR bulk . +Maybe the key was generated wrongly, or maybe the version of Catacomb +installed is too old. +.SP .BI "KEYMGMT " which "-keyring " file " key " tag " unknown-cipher " cipher The key specifies the use of an unknown symmetric encryption algorithm .IR cipher . @@ -1274,6 +1316,12 @@ The key specifies the use of an unknown symmetric encryption function for mask generation. Maybe the key was generated wrongly, or maybe the version of Catacomb installed is too old. .SP +.BI "KEYMGMT " which "-keyring " file " key " tag " unknown-serialization-format " ser +The key specifies the use of an unknown serialization format +.I ser +for hashing group elements. Maybe the key was generated wrongly, or +maybe the version of Catacomb installed is too old. +.SP .BI "KEYMGMT " which "-keyring " file " key " tag " no-hmac-for-hash " hash No message authentication code was given explicitly, and there's no implementation of HMAC for the selected hash function