summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2021-01-17 19:58:29 +0100
committerFlorian Dold <florian@dold.me>2021-01-17 19:58:37 +0100
commita7f964d3440a5f8cbb877b0081209befac4a6476 (patch)
treec9c10f0f44a367e82f1bd6c3df5211c311b394f7
parent7e16b5a2ac61a8263ff5edebe20e8d9302cfeae3 (diff)
downloaddocs-a7f964d3440a5f8cbb877b0081209befac4a6476.tar.gz
docs-a7f964d3440a5f8cbb877b0081209befac4a6476.tar.bz2
docs-a7f964d3440a5f8cbb877b0081209befac4a6476.zip
rename of helpers to secmod
-rw-r--r--manpages/taler.conf.5.rst4
-rw-r--r--taler-exchange-manual.rst22
2 files changed, 13 insertions, 13 deletions
diff --git a/manpages/taler.conf.5.rst b/manpages/taler.conf.5.rst
index 4c8b70b..6287557 100644
--- a/manpages/taler.conf.5.rst
+++ b/manpages/taler.conf.5.rst
@@ -206,7 +206,7 @@ KEY_DIR
UNIXPATH
On which path should the security module listen for signing requests?
-Note that the **taler-exchange-helper-rsa** also evaluates the ``[coin_*]``
+Note that the **taler-exchange-secmod-rsa** also evaluates the ``[coin_*]``
configuration sections described below.
@@ -315,7 +315,7 @@ EXCHANGE COIN OPTIONS
The following options must be in sections starting with ``"[coin_]"`` and are
largely used by **taler-exchange-httpd** to determine the meta data for the
denomination keys. Some of the options are used by the
-**taler-exchange-helper-rsa** to determine which RSA keys to create (and of
+**taler-exchange-secmod-rsa** to determine which RSA keys to create (and of
what key length). Note that the section names must match, so this part of the
configuration MUST be shared between the RSA helper and the exchange.
Configuration values MUST NOT be changed in a running setup. Instead, if
diff --git a/taler-exchange-manual.rst b/taler-exchange-manual.rst
index 419dd52..d9709e0 100644
--- a/taler-exchange-manual.rst
+++ b/taler-exchange-manual.rst
@@ -118,7 +118,7 @@ components:
binary is the ``taler-exchange-httpd``.
- Crypto-Helpers
- The ``taler-exchange-helper-rsa`` and ``taler-exchange-helper-eddsa``
+ The ``taler-exchange-secmod-rsa`` and ``taler-exchange-secmod-eddsa``
are two programs that are responsible for managing the exchange's
online signing keys. They must run on the same machine as the
``taler-exchange-httpd`` as the HTTP frontend communicates with the
@@ -222,8 +222,8 @@ Online signing key security
To provide an additional level of protection for the private *online* signing
keys used by the exchange, the actual cryptographic signing operations are
-performed by two helper processes, the ``taler-exchange-helper-rsa`` and the
-``taler-exchange-helper-eddsa``.
+performed by two helper processes, the ``taler-exchange-secmod-rsa`` and the
+``taler-exchange-secmod-eddsa``.
The current implementation does not yet support the use of a hardware security
module (HSM). If you have such a device with adequate functionality and are
@@ -495,11 +495,11 @@ See :doc:`manpages/taler.conf.5` for information on *duration* values
and ``OVERLAP_DURATION`` and ``DURATION`` below).
Additionally, there are two global configuration options of note:
-- ``[taler-helper-crypto-rsa/OVERLAP_DURATION]``: What is the overlap of the
+- ``[taler-exchange-secmod-rsa/OVERLAP_DURATION]``: What is the overlap of the
withdrawal timespan for denomination keys? The value given here must
be smaller than any of the ``DURATION_WITHDRAW`` values for any of the coins.
-- ``[taler-helper-crypto-rsa/LOOKAHEAD_SIGN]``: For how far into the future
+- ``[taler-exchange-secmod-rsa/LOOKAHEAD_SIGN]``: For how far into the future
should denomination keys be pre-generated? This allows the exchange and
auditor operators to download, offline-sign, and upload denomination key
signatures for denomination keys that will be used in the future by the
@@ -527,16 +527,16 @@ Sign keys
There are three global configuration options of note for sign keys:
-- ``[taler-helper-crypto-eddsa/DURATION]``: How long are sign keys
+- ``[taler-exchange-secmod-eddsa/DURATION]``: How long are sign keys
used to sign messages? After this time interval expires, a fresh
sign key will be used (key rotation). We recommend using
a ``DURATION`` of a few weeks to a few months for sign keys.
-- ``[taler-helper-crypto-eddsa/OVERLAP_DURATION]``: What is the overlap of the
+- ``[taler-exchange-secmod-eddsa/OVERLAP_DURATION]``: What is the overlap of the
timespan for sign keys? We recommend a few minutes or hours. Must
be smaller than ``DURATION``.
-- ``[taler-helper-crypto-eddsa/LOOKAHEAD_SIGN]``: For how far into the future
+- ``[taler-exchange-secmod-eddsa/LOOKAHEAD_SIGN]``: For how far into the future
should sign keys be pre-generated? This allows the exchange and
auditor operators to download, offline-sign, and upload sign key
signatures for sign keys that will be used in the future by the exchange.
@@ -741,9 +741,9 @@ Launching an exchange
A running exchange requires starting the following processes:
-- ``taler-exchange-helper-rsa`` (as special user, sharing group with the HTTPD)
-- ``taler-exchange-helper-eddsa`` (as special user, sharing group with the HTTPD)
-- ``taler-exchange-helper-httpd`` (needs database access)
+- ``taler-exchange-secmod-rsa`` (as special user, sharing group with the HTTPD)
+- ``taler-exchange-secmod-eddsa`` (as special user, sharing group with the HTTPD)
+- ``taler-exchange-httpd`` (needs database access)
- ``taler-exchange-aggregator`` (only needs database access)
- ``taler-exchange-closer`` (only needs database access)
- ``taler-exchange-wirewatch`` (needs bank account read credentials and database access)