From a7f964d3440a5f8cbb877b0081209befac4a6476 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Sun, 17 Jan 2021 19:58:29 +0100 Subject: rename of helpers to secmod --- manpages/taler.conf.5.rst | 4 ++-- taler-exchange-manual.rst | 22 +++++++++++----------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/manpages/taler.conf.5.rst b/manpages/taler.conf.5.rst index 4c8b70b9..62875575 100644 --- a/manpages/taler.conf.5.rst +++ b/manpages/taler.conf.5.rst @@ -206,7 +206,7 @@ KEY_DIR UNIXPATH On which path should the security module listen for signing requests? -Note that the **taler-exchange-helper-rsa** also evaluates the ``[coin_*]`` +Note that the **taler-exchange-secmod-rsa** also evaluates the ``[coin_*]`` configuration sections described below. @@ -315,7 +315,7 @@ EXCHANGE COIN OPTIONS The following options must be in sections starting with ``"[coin_]"`` and are largely used by **taler-exchange-httpd** to determine the meta data for the denomination keys. Some of the options are used by the -**taler-exchange-helper-rsa** to determine which RSA keys to create (and of +**taler-exchange-secmod-rsa** to determine which RSA keys to create (and of what key length). Note that the section names must match, so this part of the configuration MUST be shared between the RSA helper and the exchange. Configuration values MUST NOT be changed in a running setup. Instead, if diff --git a/taler-exchange-manual.rst b/taler-exchange-manual.rst index 419dd52b..d9709e0f 100644 --- a/taler-exchange-manual.rst +++ b/taler-exchange-manual.rst @@ -118,7 +118,7 @@ components: binary is the ``taler-exchange-httpd``. - Crypto-Helpers - The ``taler-exchange-helper-rsa`` and ``taler-exchange-helper-eddsa`` + The ``taler-exchange-secmod-rsa`` and ``taler-exchange-secmod-eddsa`` are two programs that are responsible for managing the exchange's online signing keys. They must run on the same machine as the ``taler-exchange-httpd`` as the HTTP frontend communicates with the @@ -222,8 +222,8 @@ Online signing key security To provide an additional level of protection for the private *online* signing keys used by the exchange, the actual cryptographic signing operations are -performed by two helper processes, the ``taler-exchange-helper-rsa`` and the -``taler-exchange-helper-eddsa``. +performed by two helper processes, the ``taler-exchange-secmod-rsa`` and the +``taler-exchange-secmod-eddsa``. The current implementation does not yet support the use of a hardware security module (HSM). If you have such a device with adequate functionality and are @@ -495,11 +495,11 @@ See :doc:`manpages/taler.conf.5` for information on *duration* values and ``OVERLAP_DURATION`` and ``DURATION`` below). Additionally, there are two global configuration options of note: -- ``[taler-helper-crypto-rsa/OVERLAP_DURATION]``: What is the overlap of the +- ``[taler-exchange-secmod-rsa/OVERLAP_DURATION]``: What is the overlap of the withdrawal timespan for denomination keys? The value given here must be smaller than any of the ``DURATION_WITHDRAW`` values for any of the coins. -- ``[taler-helper-crypto-rsa/LOOKAHEAD_SIGN]``: For how far into the future +- ``[taler-exchange-secmod-rsa/LOOKAHEAD_SIGN]``: For how far into the future should denomination keys be pre-generated? This allows the exchange and auditor operators to download, offline-sign, and upload denomination key signatures for denomination keys that will be used in the future by the @@ -527,16 +527,16 @@ Sign keys There are three global configuration options of note for sign keys: -- ``[taler-helper-crypto-eddsa/DURATION]``: How long are sign keys +- ``[taler-exchange-secmod-eddsa/DURATION]``: How long are sign keys used to sign messages? After this time interval expires, a fresh sign key will be used (key rotation). We recommend using a ``DURATION`` of a few weeks to a few months for sign keys. -- ``[taler-helper-crypto-eddsa/OVERLAP_DURATION]``: What is the overlap of the +- ``[taler-exchange-secmod-eddsa/OVERLAP_DURATION]``: What is the overlap of the timespan for sign keys? We recommend a few minutes or hours. Must be smaller than ``DURATION``. -- ``[taler-helper-crypto-eddsa/LOOKAHEAD_SIGN]``: For how far into the future +- ``[taler-exchange-secmod-eddsa/LOOKAHEAD_SIGN]``: For how far into the future should sign keys be pre-generated? This allows the exchange and auditor operators to download, offline-sign, and upload sign key signatures for sign keys that will be used in the future by the exchange. @@ -741,9 +741,9 @@ Launching an exchange A running exchange requires starting the following processes: -- ``taler-exchange-helper-rsa`` (as special user, sharing group with the HTTPD) -- ``taler-exchange-helper-eddsa`` (as special user, sharing group with the HTTPD) -- ``taler-exchange-helper-httpd`` (needs database access) +- ``taler-exchange-secmod-rsa`` (as special user, sharing group with the HTTPD) +- ``taler-exchange-secmod-eddsa`` (as special user, sharing group with the HTTPD) +- ``taler-exchange-httpd`` (needs database access) - ``taler-exchange-aggregator`` (only needs database access) - ``taler-exchange-closer`` (only needs database access) - ``taler-exchange-wirewatch`` (needs bank account read credentials and database access) -- cgit v1.2.3