Not sure why I decided to set these in italics when I started. It
doesn't make a great deal of sense.
.BR @MASTER-SEQUENCE@ .
.SS "Master repository parameters"
.TP
.BR @MASTER-SEQUENCE@ .
.SS "Master repository parameters"
.TP
The base URL of the key repository (usually with a trailing
.RB ` / ').
Typically, this will be something like
.RB http://www.distorted.org.uk/vpn/ .
No default.
.TP
The base URL of the key repository (usually with a trailing
.RB ` / ').
Typically, this will be something like
.RB http://www.distorted.org.uk/vpn/ .
No default.
.TP
The basename for the repository archive. Default is
.BR tripe-keys.tar.gz .
.TP
The basename for the repository archive. Default is
.BR tripe-keys.tar.gz .
.TP
The basename template for repository signatures. Default is
.BR tripe-keys.sig-<SEQ> .
The
The basename template for repository signatures. Default is
.BR tripe-keys.sig-<SEQ> .
The
portion, if any, is replaced by the sequence number of the key which
made the signature.
.TP
portion, if any, is replaced by the sequence number of the key which
made the signature.
.TP
The URL for the key repository tarball. Default is the concatenation of
.I base-url
and
.IR repos-base .
.TP
The URL for the key repository tarball. Default is the concatenation of
.I base-url
and
.IR repos-base .
.TP
The URL template for key repository signatures. Default is the
concatenation of
.I base-url
and
.IR sig-base .
.TP
The URL template for key repository signatures. Default is the
concatenation of
.I base-url
and
.IR sig-base .
.TP
The sequence number of the master authority's current signing key. No
default. Usually set up automatically.
.TP
The sequence number of the master authority's current signing key. No
default. Usually set up automatically.
.TP
Additional options for generating master keys. Default is
.RB ` -l '.
.TP
Additional options for generating master keys. Default is
.RB ` -l '.
.TP
Additional attributes to set on the master key,
as
.IB key = value
pairs separated by spaces.
Default is empty.
.TP
Additional attributes to set on the master key,
as
.IB key = value
pairs separated by spaces.
Default is empty.
.TP
The fingerprint of the current master signing key. No default. Usually
set up automatically.
.TP
The fingerprint of the current master signing key. No default. Usually
set up automatically.
.TP
A shell command to run by
.B tripe-keys upload
after it has successfully written the
A shell command to run by
.B tripe-keys upload
after it has successfully written the
which does nothing.
.SS "Crypto parameters"
.TP
which does nothing.
.SS "Crypto parameters"
.TP
Key-exchange algorithm to use. Either
.B dh
(integer Diffie-Hellman)
Key-exchange algorithm to use. Either
.B dh
(integer Diffie-Hellman)
Key generation algorithm name to pass to
.B "key add"
when generating keys.
Key generation algorithm name to pass to
.B "key add"
when generating keys.
Key generation algorithm name to pass to
.B "key add"
when generating the parameters key.
Key generation algorithm name to pass to
.B "key add"
when generating the parameters key.
Options to pass to
.B "key add"
when generating the parameters key. Default depends on
Options to pass to
.B "key add"
when generating the parameters key. Default depends on
Additional attributes to set on the parameters
(and therefore copied to peer keys),
as
Additional attributes to set on the parameters
(and therefore copied to peer keys),
as
Expiry time for generated keys. Default is
.BR "now + 1 year" .
.TP
Expiry time for generated keys. Default is
.BR "now + 1 year" .
.TP
Hashing algorithm to use. Default is
.BR sha256 .
.TP
Hashing algorithm to use. Default is
.BR sha256 .
.TP
The bulk crypto transform to use.
Default is
.BR iiv .
.ne 8
.TP
The bulk crypto transform to use.
Default is
.BR iiv .
.ne 8
.TP
Message authentication algorithm to use.
Default depends on
.I bulk
Message authentication algorithm to use.
Default depends on
.I bulk
.IR hash 's
output length.)
.TP
.IR hash 's
output length.)
.TP
Mask-generation algorithm to use. Default is
.IB hash -mgf \fR.
This is probably a good choice.
.ne 7
.TP
Mask-generation algorithm to use. Default is
.IB hash -mgf \fR.
This is probably a good choice.
.ne 7
.TP
Symmetric encryption scheme to use.
Default depends on
.I bulk
Symmetric encryption scheme to use.
Default depends on
.I bulk
Signature scheme to use. Must be one of those recognized by
.BR catsign (1).
Default depends on
Signature scheme to use. Must be one of those recognized by
.BR catsign (1).
Default depends on
Key-generation algorithm for signing key. Default depends on
.I sig
as follows.
Key-generation algorithm for signing key. Default depends on
.I sig
as follows.
Signature-key generation parameters. Default depends on
.I sig-genalg
as follows.
Signature-key generation parameters. Default depends on
.I sig-genalg
as follows.
Hash function to use for making signatures. Default is
.IR hash .
.TP
Hash function to use for making signatures. Default is
.IR hash .
.TP
Oldest time we should consider a signed archive to be fresh. Default is
.BR always ,
meaning that all signatures are fresh.
.TP
Oldest time we should consider a signed archive to be fresh. Default is
.BR always ,
meaning that all signatures are fresh.
.TP
Expiry time for master signing key. Default is
.BR forever .
.TP
Expiry time for master signing key. Default is
.BR forever .
.TP
Hash function to use for key fingerprinting. Default is
.IR hash .
.SS "Master maintenance parameters"
.TP
Hash function to use for key fingerprinting. Default is
.IR hash .
.SS "Master maintenance parameters"
.TP
Local base directory for the repository files. This probably ought to
end in a
.RB ` / '
Local base directory for the repository files. This probably ought to
end in a
.RB ` / '
.B tripe-keys upload
command. No default.
.TP
.B tripe-keys upload
command. No default.
.TP
Filename for local repository tarball. Default is the concatenation of
.I base-dir
and
.IB repos-base .
.TP
Filename for local repository tarball. Default is the concatenation of
.I base-dir
and
.IB repos-base .
.TP
Template for repository signatures. Default is the concatenation of
.I base-dir
and
.IR sig-base .
.TP
Template for repository signatures. Default is the concatenation of
.I base-dir
and
.IR sig-base .
.TP
Filename for local repository configuration file. Default is
.IB basedir /tripe-keys.conf \fR.
.TP
Filename for local repository configuration file. Default is
.IB basedir /tripe-keys.conf \fR.
.TP
The
.B "tripe-keys check"
command will warn about keys which will in less than
The
.B "tripe-keys check"
command will warn about keys which will in less than