diff options
| -rw-r--r-- | core/api-exchange.rst | 1 | ||||
| -rw-r--r-- | design-documents/010-exchange-helpers.rst | 6 | ||||
| -rw-r--r-- | exchange-db.png | bin | 341622 -> 352589 bytes | |||
| -rw-r--r-- | manpages/taler-auditor.1.rst | 23 | ||||
| -rw-r--r-- | taler-exchange-manual.rst | 19 |
5 files changed, 43 insertions, 6 deletions
diff --git a/core/api-exchange.rst b/core/api-exchange.rst index 7d295cc8..670789f4 100644 --- a/core/api-exchange.rst +++ b/core/api-exchange.rst @@ -1603,6 +1603,7 @@ the API during normal operation. // Signature made by the old coin over the refresh request. // Signs over a `TALER_CoinLinkSignaturePS` link_sig: EddsaSignature; + } diff --git a/design-documents/010-exchange-helpers.rst b/design-documents/010-exchange-helpers.rst index a2999487..a304d8ec 100644 --- a/design-documents/010-exchange-helpers.rst +++ b/design-documents/010-exchange-helpers.rst @@ -42,6 +42,12 @@ running under a different user ID (UID), creating in effect a software security module. The exchange's HTTP process will be required to interact with those helpers via a UNIX domain socket. +Socket permission details: + +* The socket will be chmod 0620 (u+rw, g+w) regardless of umask. +* That the group is the same group of the crypto helpers must + still be ensured by the operator. + General design details: * The helpers will process requests from the exchange to sign and revoke keys. diff --git a/exchange-db.png b/exchange-db.png Binary files differindex d0d786ae..f99e2664 100644 --- a/exchange-db.png +++ b/exchange-db.png diff --git a/manpages/taler-auditor.1.rst b/manpages/taler-auditor.1.rst index c4b82376..622643fc 100644 --- a/manpages/taler-auditor.1.rst +++ b/manpages/taler-auditor.1.rst @@ -12,9 +12,14 @@ Synopsis ======== **taler-auditor** +[**-c** *FILENAME* | **––config=**\ \ *FILENAME*] [**-h** | **––help**] [**-i**_|_**––internal**] +[**-L** *LOGLEVEL* | **––loglevel=**\ \ *LOGLEVEL*] +[**-l** *FILENAME* | **––logfile=**\ \ *FILENAME*] [**-m** *MASTER_KEY* | **––exchange-key=**\ \ *MASTER_KEY*] +[**-T** *USEC* | **––timetravel**\ \ *USEC*] +[**-v** | **––version**] Description @@ -30,6 +35,10 @@ found in the database. It does NOT check with the bank to see that the incoming and outgoing wire transfers that the bank claims to have matches the exchange’s database. Its options are as follows. +**-c** *FILENAME* \| **––config=**\ \ *FILENAME* + Use the configuration and other resources for the merchant to operate + from *FILENAME*. + **-h** \| **––help** Print short help on options. @@ -37,12 +46,26 @@ matches the exchange’s database. Its options are as follows. Run additional checks that can only performed on the exchange-internal database and not the "safe" replicated database at the auditor. +**-L** *LOGLEVEL* \| **––loglevel=**\ \ *LOGLEVEL* + Specifies the log level to use. Accepted values are: ``DEBUG``, ``INFO``, + ``WARNING``, ``ERROR``. + +**-l** *FILENAME* \| **––logfile=**\ \ *FILENAME* + Send logging output to *FILENAME*. + **-m** *KEY* \| **––exchange-key=**\ \ *KEY* Public master key of the exchange in Crockford base32 encoding, for example as generated by gnunet-ecc -p. If this option is missing, taler-auditor will use the MASTER_PUBLIC_KEY value from the “exchange” section of the configuration. +**-T** *USEC* \| **––timetravel=**\ \ *USEC* + Modify the system time by *USEC* microseconds. + *USEC* may be prefixed with ``+`` or ``-`` (e.g. ``-T +300``). + This option is intended for debugging/testing only. + +**-v** \| **––version** + Print version information. See Also diff --git a/taler-exchange-manual.rst b/taler-exchange-manual.rst index 2d476711..879f9ad2 100644 --- a/taler-exchange-manual.rst +++ b/taler-exchange-manual.rst @@ -234,6 +234,9 @@ integration support. Functionality ^^^^^^^^^^^^^ +The UNIX domain sockets have mode 0620 (u+rw, g+w). The exchange process +MUST be in the same group as the the crypto helper processes. + The two helper processes will create the required private keys, and allow anyone with access to the UNIX domain socket to sign arbitrary messages with the keys or to inform them about a key being revoked. The helper processes @@ -438,6 +441,7 @@ permissions. Those permissions are only required for this step (which may have to be repeated when upgrading a deployment). Afterwards, during normal operation, permissions to ``CREATE`` or ``ALTER`` tables are not required by any of the Taler exchange processes and thus should not be granted. +For more information, see :doc:`manpages/taler-exchange-dbinit.1`. .. _Coins-denomination-keys: @@ -475,14 +479,16 @@ must then have the following options: - ``RSA_KEYSIZE``: How many bits should the RSA modulus (product of the two primes) have for this type of coin. - +See :doc:`manpages/taler.conf.5` for information on *duration* values +(i.e. ``DURATION_WITHDRAW`` and ``DURATION_SPEND`` above, +and ``OVERLAP_DURATION`` and ``DURATION`` below). Additionally, there are two global configuration options of note: - ``[taler-helper-crypto-rsa/OVERLAP_DURATION]``: What is the overlap of the withdrawal timespan for denomination keys? The value given here must be smaller than any of the ``DURATION_WITHDRAW`` values for any of the coins. -- ``[taler-helper-crypto-rsa/LOOKAHEAD_SIGN]``: For how far into the future +- ``[taler-helper-crypto-rsa/LOOKAHEAD_SIGN]``: For how far into the future should denomination keys be pre-generated? This allows the exchange and auditor operators to download, offline-sign, and upload denomination key signatures for denomination keys that will be used in the future by the @@ -649,9 +655,8 @@ follows to enable a wire account: $ taler-exchange-offline enable-account payto://iban/CH9300762011623852957 The resulting JSON output must be uploaded to the exchange using -``taler-exchange-offline upload``. For details, see the man -page on ``taler-exchange-offline``. -ttn: please turn this into a link! +``taler-exchange-offline upload``. +For details, see :doc:`manpages/taler-exchange-offline.1`. .. _Wire-fee-structure: @@ -817,7 +822,7 @@ to provision the signatures to the exchange. At this point, the exchange will be able to use those keys, but wallets and merchants may not yet trust them! Thus, the next step is for the auditor to affirm that they are auditing this exchange. Details about -this are described in the auditor manual (ttn: add link, please!). +this are described in :doc:`taler-auditor-manual`. The simplistic (without using offline keys for the auditor) way to do this would be: @@ -826,6 +831,8 @@ to do this would be: $ taler-auditor-offline download sign upload +For more information, see :doc:`manpages/taler-auditor-offline.1`. + Private key storage ------------------- |
