diff options
Diffstat (limited to 'taler-exchange-manual.rst')
-rw-r--r-- | taler-exchange-manual.rst | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/taler-exchange-manual.rst b/taler-exchange-manual.rst index 2d476711..879f9ad2 100644 --- a/taler-exchange-manual.rst +++ b/taler-exchange-manual.rst @@ -234,6 +234,9 @@ integration support. Functionality ^^^^^^^^^^^^^ +The UNIX domain sockets have mode 0620 (u+rw, g+w). The exchange process +MUST be in the same group as the the crypto helper processes. + The two helper processes will create the required private keys, and allow anyone with access to the UNIX domain socket to sign arbitrary messages with the keys or to inform them about a key being revoked. The helper processes @@ -438,6 +441,7 @@ permissions. Those permissions are only required for this step (which may have to be repeated when upgrading a deployment). Afterwards, during normal operation, permissions to ``CREATE`` or ``ALTER`` tables are not required by any of the Taler exchange processes and thus should not be granted. +For more information, see :doc:`manpages/taler-exchange-dbinit.1`. .. _Coins-denomination-keys: @@ -475,14 +479,16 @@ must then have the following options: - ``RSA_KEYSIZE``: How many bits should the RSA modulus (product of the two primes) have for this type of coin. - +See :doc:`manpages/taler.conf.5` for information on *duration* values +(i.e. ``DURATION_WITHDRAW`` and ``DURATION_SPEND`` above, +and ``OVERLAP_DURATION`` and ``DURATION`` below). Additionally, there are two global configuration options of note: - ``[taler-helper-crypto-rsa/OVERLAP_DURATION]``: What is the overlap of the withdrawal timespan for denomination keys? The value given here must be smaller than any of the ``DURATION_WITHDRAW`` values for any of the coins. -- ``[taler-helper-crypto-rsa/LOOKAHEAD_SIGN]``: For how far into the future +- ``[taler-helper-crypto-rsa/LOOKAHEAD_SIGN]``: For how far into the future should denomination keys be pre-generated? This allows the exchange and auditor operators to download, offline-sign, and upload denomination key signatures for denomination keys that will be used in the future by the @@ -649,9 +655,8 @@ follows to enable a wire account: $ taler-exchange-offline enable-account payto://iban/CH9300762011623852957 The resulting JSON output must be uploaded to the exchange using -``taler-exchange-offline upload``. For details, see the man -page on ``taler-exchange-offline``. -ttn: please turn this into a link! +``taler-exchange-offline upload``. +For details, see :doc:`manpages/taler-exchange-offline.1`. .. _Wire-fee-structure: @@ -817,7 +822,7 @@ to provision the signatures to the exchange. At this point, the exchange will be able to use those keys, but wallets and merchants may not yet trust them! Thus, the next step is for the auditor to affirm that they are auditing this exchange. Details about -this are described in the auditor manual (ttn: add link, please!). +this are described in :doc:`taler-auditor-manual`. The simplistic (without using offline keys for the auditor) way to do this would be: @@ -826,6 +831,8 @@ to do this would be: $ taler-auditor-offline download sign upload +For more information, see :doc:`manpages/taler-auditor-offline.1`. + Private key storage ------------------- |