From a7f964d3440a5f8cbb877b0081209befac4a6476 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Sun, 17 Jan 2021 19:58:29 +0100 Subject: rename of helpers to secmod --- taler-exchange-manual.rst | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'taler-exchange-manual.rst') diff --git a/taler-exchange-manual.rst b/taler-exchange-manual.rst index 419dd52b..d9709e0f 100644 --- a/taler-exchange-manual.rst +++ b/taler-exchange-manual.rst @@ -118,7 +118,7 @@ components: binary is the ``taler-exchange-httpd``. - Crypto-Helpers - The ``taler-exchange-helper-rsa`` and ``taler-exchange-helper-eddsa`` + The ``taler-exchange-secmod-rsa`` and ``taler-exchange-secmod-eddsa`` are two programs that are responsible for managing the exchange's online signing keys. They must run on the same machine as the ``taler-exchange-httpd`` as the HTTP frontend communicates with the @@ -222,8 +222,8 @@ Online signing key security To provide an additional level of protection for the private *online* signing keys used by the exchange, the actual cryptographic signing operations are -performed by two helper processes, the ``taler-exchange-helper-rsa`` and the -``taler-exchange-helper-eddsa``. +performed by two helper processes, the ``taler-exchange-secmod-rsa`` and the +``taler-exchange-secmod-eddsa``. The current implementation does not yet support the use of a hardware security module (HSM). If you have such a device with adequate functionality and are @@ -495,11 +495,11 @@ See :doc:`manpages/taler.conf.5` for information on *duration* values and ``OVERLAP_DURATION`` and ``DURATION`` below). Additionally, there are two global configuration options of note: -- ``[taler-helper-crypto-rsa/OVERLAP_DURATION]``: What is the overlap of the +- ``[taler-exchange-secmod-rsa/OVERLAP_DURATION]``: What is the overlap of the withdrawal timespan for denomination keys? The value given here must be smaller than any of the ``DURATION_WITHDRAW`` values for any of the coins. -- ``[taler-helper-crypto-rsa/LOOKAHEAD_SIGN]``: For how far into the future +- ``[taler-exchange-secmod-rsa/LOOKAHEAD_SIGN]``: For how far into the future should denomination keys be pre-generated? This allows the exchange and auditor operators to download, offline-sign, and upload denomination key signatures for denomination keys that will be used in the future by the @@ -527,16 +527,16 @@ Sign keys There are three global configuration options of note for sign keys: -- ``[taler-helper-crypto-eddsa/DURATION]``: How long are sign keys +- ``[taler-exchange-secmod-eddsa/DURATION]``: How long are sign keys used to sign messages? After this time interval expires, a fresh sign key will be used (key rotation). We recommend using a ``DURATION`` of a few weeks to a few months for sign keys. -- ``[taler-helper-crypto-eddsa/OVERLAP_DURATION]``: What is the overlap of the +- ``[taler-exchange-secmod-eddsa/OVERLAP_DURATION]``: What is the overlap of the timespan for sign keys? We recommend a few minutes or hours. Must be smaller than ``DURATION``. -- ``[taler-helper-crypto-eddsa/LOOKAHEAD_SIGN]``: For how far into the future +- ``[taler-exchange-secmod-eddsa/LOOKAHEAD_SIGN]``: For how far into the future should sign keys be pre-generated? This allows the exchange and auditor operators to download, offline-sign, and upload sign key signatures for sign keys that will be used in the future by the exchange. @@ -741,9 +741,9 @@ Launching an exchange A running exchange requires starting the following processes: -- ``taler-exchange-helper-rsa`` (as special user, sharing group with the HTTPD) -- ``taler-exchange-helper-eddsa`` (as special user, sharing group with the HTTPD) -- ``taler-exchange-helper-httpd`` (needs database access) +- ``taler-exchange-secmod-rsa`` (as special user, sharing group with the HTTPD) +- ``taler-exchange-secmod-eddsa`` (as special user, sharing group with the HTTPD) +- ``taler-exchange-httpd`` (needs database access) - ``taler-exchange-aggregator`` (only needs database access) - ``taler-exchange-closer`` (only needs database access) - ``taler-exchange-wirewatch`` (needs bank account read credentials and database access) -- cgit v1.2.3