summaryrefslogtreecommitdiff
path: root/taler-exchange-manual.rst
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2021-01-17 19:58:29 +0100
committerFlorian Dold <florian@dold.me>2021-01-17 19:58:37 +0100
commita7f964d3440a5f8cbb877b0081209befac4a6476 (patch)
treec9c10f0f44a367e82f1bd6c3df5211c311b394f7 /taler-exchange-manual.rst
parent7e16b5a2ac61a8263ff5edebe20e8d9302cfeae3 (diff)
downloaddocs-a7f964d3440a5f8cbb877b0081209befac4a6476.tar.gz
docs-a7f964d3440a5f8cbb877b0081209befac4a6476.tar.bz2
docs-a7f964d3440a5f8cbb877b0081209befac4a6476.zip
rename of helpers to secmod
Diffstat (limited to 'taler-exchange-manual.rst')
-rw-r--r--taler-exchange-manual.rst22
1 files changed, 11 insertions, 11 deletions
diff --git a/taler-exchange-manual.rst b/taler-exchange-manual.rst
index 419dd52..d9709e0 100644
--- a/taler-exchange-manual.rst
+++ b/taler-exchange-manual.rst
@@ -118,7 +118,7 @@ components:
binary is the ``taler-exchange-httpd``.
- Crypto-Helpers
- The ``taler-exchange-helper-rsa`` and ``taler-exchange-helper-eddsa``
+ The ``taler-exchange-secmod-rsa`` and ``taler-exchange-secmod-eddsa``
are two programs that are responsible for managing the exchange's
online signing keys. They must run on the same machine as the
``taler-exchange-httpd`` as the HTTP frontend communicates with the
@@ -222,8 +222,8 @@ Online signing key security
To provide an additional level of protection for the private *online* signing
keys used by the exchange, the actual cryptographic signing operations are
-performed by two helper processes, the ``taler-exchange-helper-rsa`` and the
-``taler-exchange-helper-eddsa``.
+performed by two helper processes, the ``taler-exchange-secmod-rsa`` and the
+``taler-exchange-secmod-eddsa``.
The current implementation does not yet support the use of a hardware security
module (HSM). If you have such a device with adequate functionality and are
@@ -495,11 +495,11 @@ See :doc:`manpages/taler.conf.5` for information on *duration* values
and ``OVERLAP_DURATION`` and ``DURATION`` below).
Additionally, there are two global configuration options of note:
-- ``[taler-helper-crypto-rsa/OVERLAP_DURATION]``: What is the overlap of the
+- ``[taler-exchange-secmod-rsa/OVERLAP_DURATION]``: What is the overlap of the
withdrawal timespan for denomination keys? The value given here must
be smaller than any of the ``DURATION_WITHDRAW`` values for any of the coins.
-- ``[taler-helper-crypto-rsa/LOOKAHEAD_SIGN]``: For how far into the future
+- ``[taler-exchange-secmod-rsa/LOOKAHEAD_SIGN]``: For how far into the future
should denomination keys be pre-generated? This allows the exchange and
auditor operators to download, offline-sign, and upload denomination key
signatures for denomination keys that will be used in the future by the
@@ -527,16 +527,16 @@ Sign keys
There are three global configuration options of note for sign keys:
-- ``[taler-helper-crypto-eddsa/DURATION]``: How long are sign keys
+- ``[taler-exchange-secmod-eddsa/DURATION]``: How long are sign keys
used to sign messages? After this time interval expires, a fresh
sign key will be used (key rotation). We recommend using
a ``DURATION`` of a few weeks to a few months for sign keys.
-- ``[taler-helper-crypto-eddsa/OVERLAP_DURATION]``: What is the overlap of the
+- ``[taler-exchange-secmod-eddsa/OVERLAP_DURATION]``: What is the overlap of the
timespan for sign keys? We recommend a few minutes or hours. Must
be smaller than ``DURATION``.
-- ``[taler-helper-crypto-eddsa/LOOKAHEAD_SIGN]``: For how far into the future
+- ``[taler-exchange-secmod-eddsa/LOOKAHEAD_SIGN]``: For how far into the future
should sign keys be pre-generated? This allows the exchange and
auditor operators to download, offline-sign, and upload sign key
signatures for sign keys that will be used in the future by the exchange.
@@ -741,9 +741,9 @@ Launching an exchange
A running exchange requires starting the following processes:
-- ``taler-exchange-helper-rsa`` (as special user, sharing group with the HTTPD)
-- ``taler-exchange-helper-eddsa`` (as special user, sharing group with the HTTPD)
-- ``taler-exchange-helper-httpd`` (needs database access)
+- ``taler-exchange-secmod-rsa`` (as special user, sharing group with the HTTPD)
+- ``taler-exchange-secmod-eddsa`` (as special user, sharing group with the HTTPD)
+- ``taler-exchange-httpd`` (needs database access)
- ``taler-exchange-aggregator`` (only needs database access)
- ``taler-exchange-closer`` (only needs database access)
- ``taler-exchange-wirewatch`` (needs bank account read credentials and database access)