diff options
authorStefan Kügel <>2021-01-11 22:16:21 +0100
committerStefan Kügel <>2021-01-11 22:16:21 +0100
commita050504fd0a26fd40abf653450ee3deae807266b (patch)
parentee35dab4b592b720138976d1fef65ca8de6d7c36 (diff)
parent675294b4f107a2026fdc3858850323ff10e6f2bf (diff)
Merge branch 'master' of ssh://
-rw-r--r--exchange-db.pngbin341622 -> 352589 bytes
5 files changed, 43 insertions, 6 deletions
diff --git a/core/api-exchange.rst b/core/api-exchange.rst
index 7d295cc..670789f 100644
--- a/core/api-exchange.rst
+++ b/core/api-exchange.rst
@@ -1603,6 +1603,7 @@ the API during normal operation.
// Signature made by the old coin over the refresh request.
// Signs over a `TALER_CoinLinkSignaturePS`
link_sig: EddsaSignature;
diff --git a/design-documents/010-exchange-helpers.rst b/design-documents/010-exchange-helpers.rst
index a299948..a304d8e 100644
--- a/design-documents/010-exchange-helpers.rst
+++ b/design-documents/010-exchange-helpers.rst
@@ -42,6 +42,12 @@ running under a different user ID (UID), creating in effect a software
security module. The exchange's HTTP process will be required to interact
with those helpers via a UNIX domain socket.
+Socket permission details:
+* The socket will be chmod 0620 (u+rw, g+w) regardless of umask.
+* That the group is the same group of the crypto helpers must
+ still be ensured by the operator.
General design details:
* The helpers will process requests from the exchange to sign and revoke keys.
diff --git a/exchange-db.png b/exchange-db.png
index d0d786a..f99e266 100644
--- a/exchange-db.png
+++ b/exchange-db.png
Binary files differ
diff --git a/manpages/taler-auditor.1.rst b/manpages/taler-auditor.1.rst
index c4b8237..622643f 100644
--- a/manpages/taler-auditor.1.rst
+++ b/manpages/taler-auditor.1.rst
@@ -12,9 +12,14 @@ Synopsis
+[**-c** *FILENAME* | **––config=**\ ‌\ *FILENAME*]
[**-h** | **––help**]
+[**-L** *LOGLEVEL* | **––loglevel=**\ ‌\ *LOGLEVEL*]
+[**-l** *FILENAME* | **––logfile=**\ ‌\ *FILENAME*]
[**-m** *MASTER_KEY* | **––exchange-key=**\ ‌\ *MASTER_KEY*]
+[**-T** *USEC* | **––timetravel**\ \ *USEC*]
+[**-v** | **––version**]
@@ -30,6 +35,10 @@ found in the database. It does NOT check with the bank to see that the
incoming and outgoing wire transfers that the bank claims to have
matches the exchange’s database. Its options are as follows.
+**-c** *FILENAME* \| **––config=**\ ‌\ *FILENAME*
+ Use the configuration and other resources for the merchant to operate
+ from *FILENAME*.
**-h** \| **––help**
Print short help on options.
@@ -37,12 +46,26 @@ matches the exchange’s database. Its options are as follows.
Run additional checks that can only performed on the exchange-internal
database and not the "safe" replicated database at the auditor.
+**-L** *LOGLEVEL* \| **––loglevel=**\ ‌\ *LOGLEVEL*
+ Specifies the log level to use. Accepted values are: ``DEBUG``, ``INFO``,
+ ``WARNING``, ``ERROR``.
+**-l** *FILENAME* \| **––logfile=**\ ‌\ *FILENAME*
+ Send logging output to *FILENAME*.
**-m** *KEY* \| **––exchange-key=**\ ‌\ *KEY*
Public master key of the exchange in Crockford base32 encoding, for
example as generated by gnunet-ecc -p. If this option is missing,
taler-auditor will use the MASTER_PUBLIC_KEY value from the
“exchange” section of the configuration.
+**-T** *USEC* \| **––timetravel=**\ \ *USEC*
+ Modify the system time by *USEC* microseconds.
+ *USEC* may be prefixed with ``+`` or ``-`` (e.g. ``-T +300``).
+ This option is intended for debugging/testing only.
+**-v** \| **––version**
+ Print version information.
See Also
diff --git a/taler-exchange-manual.rst b/taler-exchange-manual.rst
index 2d47671..879f9ad 100644
--- a/taler-exchange-manual.rst
+++ b/taler-exchange-manual.rst
@@ -234,6 +234,9 @@ integration support.
+The UNIX domain sockets have mode 0620 (u+rw, g+w). The exchange process
+MUST be in the same group as the the crypto helper processes.
The two helper processes will create the required private keys, and allow
anyone with access to the UNIX domain socket to sign arbitrary messages with
the keys or to inform them about a key being revoked. The helper processes
@@ -438,6 +441,7 @@ permissions. Those permissions are only required for this step (which may
have to be repeated when upgrading a deployment). Afterwards, during normal
operation, permissions to ``CREATE`` or ``ALTER`` tables are not required by
any of the Taler exchange processes and thus should not be granted.
+For more information, see :doc:`manpages/taler-exchange-dbinit.1`.
.. _Coins-denomination-keys:
@@ -475,14 +479,16 @@ must then have the following options:
- ``RSA_KEYSIZE``: How many bits should the RSA modulus (product of the two
primes) have for this type of coin.
+See :doc:`manpages/taler.conf.5` for information on *duration* values
+(i.e. ``DURATION_WITHDRAW`` and ``DURATION_SPEND`` above,
+and ``OVERLAP_DURATION`` and ``DURATION`` below).
Additionally, there are two global configuration options of note:
- ``[taler-helper-crypto-rsa/OVERLAP_DURATION]``: What is the overlap of the
withdrawal timespan for denomination keys? The value given here must
be smaller than any of the ``DURATION_WITHDRAW`` values for any of the coins.
-- ``[taler-helper-crypto-rsa/LOOKAHEAD_SIGN]``: For how far into the future
+- ``[taler-helper-crypto-rsa/LOOKAHEAD_SIGN]``: For how far into the future
should denomination keys be pre-generated? This allows the exchange and
auditor operators to download, offline-sign, and upload denomination key
signatures for denomination keys that will be used in the future by the
@@ -649,9 +655,8 @@ follows to enable a wire account:
$ taler-exchange-offline enable-account payto://iban/CH9300762011623852957
The resulting JSON output must be uploaded to the exchange using
-``taler-exchange-offline upload``. For details, see the man
-page on ``taler-exchange-offline``.
-ttn: please turn this into a link!
+``taler-exchange-offline upload``.
+For details, see :doc:`manpages/taler-exchange-offline.1`.
.. _Wire-fee-structure:
@@ -817,7 +822,7 @@ to provision the signatures to the exchange. At this point, the
exchange will be able to use those keys, but wallets and merchants
may not yet trust them! Thus, the next step is for the auditor
to affirm that they are auditing this exchange. Details about
-this are described in the auditor manual (ttn: add link, please!).
+this are described in :doc:`taler-auditor-manual`.
The simplistic (without using offline keys for the auditor) way
to do this would be:
@@ -826,6 +831,8 @@ to do this would be:
$ taler-auditor-offline download sign upload
+For more information, see :doc:`manpages/taler-auditor-offline.1`.
Private key storage