summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2018-04-02 14:24:45 +0200
committerChristian Grothoff <christian@grothoff.org>2018-04-02 14:29:44 +0200
commitcb55c1a3af9f56a6da38e5589e72df0b70d355b1 (patch)
tree5f9a3af7d9073249f77ce56c690844a6cb27c3e7 /doc
parent7a20062bafed42f937c5388aed09042aad7014c0 (diff)
downloadexchange-cb55c1a3af9f56a6da38e5589e72df0b70d355b1.tar.gz
exchange-cb55c1a3af9f56a6da38e5589e72df0b70d355b1.tar.bz2
exchange-cb55c1a3af9f56a6da38e5589e72df0b70d355b1.zip
Changing configuration structure to enable multiple accounts.
This change enables using multiple wire plugins at the same time. Also, we now distinguish between the wire plugin (i.e. EBICS or taler_bank) and the wire method (i.e. SEPA or x-taler-bank) that the wire plugin is implementing. The "taler-bank" wire method was renamed from "test" to "x-taler-bank". This also changes the format of the /wire response of the exchange, as we now need to return multiple accounts. Note that wire fees are specified per wire method, not per wire account. taler-exchange-keyup now automatically signs all of the /wire responses in the location specified by the configuration. Account identification in wire plugins was changed to use payto://-URLs instead of method-specific JSON fields. Signing and validation of /wire responses was moved from each wire plugin to a generic validation method in libtalerutil (crypto) or libtalerjson (for JSON-formatted inputs). Convenience methods were added to generate JSON for wire accounts (salting, signing). Various section and option names were adjusted to streamline the configuration and make it more consistent overall. Documentation was updated as well.
Diffstat (limited to 'doc')
-rw-r--r--doc/taler-exchange-wire.112
-rw-r--r--doc/taler-exchange.texi220
-rw-r--r--doc/taler.conf.5191
3 files changed, 300 insertions, 123 deletions
diff --git a/doc/taler-exchange-wire.1 b/doc/taler-exchange-wire.1
index 546d8eb7..256daab7 100644
--- a/doc/taler-exchange-wire.1
+++ b/doc/taler-exchange-wire.1
@@ -1,4 +1,4 @@
-.TH TALER\-EXCHANGE\-WIRE 1 "Apr 2, 2016" "GNU Taler"
+.TH TALER\-EXCHANGE\-WIRE 1 "Mar 18, 2018" "GNU Taler"
.SH NAME
taler\-exchange\-wire \- Create the master-key signed responses to /wire.
@@ -13,18 +13,8 @@ taler\-exchange\-wire \- Create the master-key signed responses to /wire.
.SH OPTIONS
.B
-.IP "\-j JSON, \-\-json=JSON"
-Gives JSON with all of the relevant account details in a method-specific format.
-.B
-.IP "\-t METHOD, \-\-type=METHOD"
-Specifies the wire transfer method to use. Common are 'test' and 'sepa'.
-.B
.IP "\-m MASTERKEYFILE, \-\-master=MASTERKEYFILE"
Specifies the name of the file containing the exchange's master key.
-.B
-.IP "\-o FILENAME, \-\-output=FILENAME"
-Where to write the SEPA_RESPONSE_FILE.
-.B
.IP "\-h, \-\-help"
Print short help on options.
.B
diff --git a/doc/taler-exchange.texi b/doc/taler-exchange.texi
index 9f5fd103..72efe391 100644
--- a/doc/taler-exchange.texi
+++ b/doc/taler-exchange.texi
@@ -13,7 +13,7 @@ This manual is for the GNU Taler Exchange
(version @value{VERSION}, @value{UPDATED}),
a payment service provider for GNU Taler.
-Copyright @copyright{} 2014-2017 GNUnet e.V. and INRIA
+Copyright @copyright{} 2014-2018 Taler Systems SA
@quotation
Permission is granted to copy, distribute and/or modify this document
@@ -260,7 +260,7 @@ GNU libunistring @geq{} 0.9.3
libcurl @geq{} 7.26 (or libgnurl @geq{} 7.26)
@item
-GNU libmicrohttpd @geq{} 0.9.52
+GNU libmicrohttpd @geq{} 0.9.59
@item
GNU libgcrypt @geq{} 1.6
@@ -354,6 +354,8 @@ description of some of the options.
The exchange works with three types of keys:
+@c FIXME: explain better!
+
@itemize
@item
@@ -366,34 +368,18 @@ The exchange works with three types of keys:
@cite{denomination keys} (see section @cite{Coins})
@end itemize
-@cite{master key}: in section @cite{[exchange]}, edit the two following values:
-
+@c FIXME: text here.
@itemize
-
@item
-@cite{master_priv_file}: Path to the exchange's master private file.
+@cite{MASTER_PRIV_FILE}: Path to the exchange's master private file.
@item
-@cite{master_public_key}: Must specify the exchange's master public key.
+@cite{MASTER_PUBLIC_KEY}: Must specify the exchange's master public key.
@end itemize
-@cite{sign keys}: the following two options under
-@cite{[exchange_keys]} section control @cite{sign keys}:
-
-@itemize
-
-@item
-@cite{signkey_duration}: How long should one signing key be used?
-@item
-@cite{lookahead_sign}: How much time we want to cover with our
-@cite{signkeys}? Note that if @cite{signkey_duration} is bigger than
-@cite{lookahead_sign}, @cite{taler-exchange-keyup} will generate a
-quantity of @cite{signkeys} which is sufficient to cover all the
-gap. See keys-duration.
-@end itemize
@node Serving
@@ -436,99 +422,148 @@ option @cite{currency} in section @cite{[taler]}.
@node Bank account
@section Bank account
-@menu
-* Wiremethod-test::
-* Wiremethod-sepa::
-@end menu
+To configure a bank account in Taler, we need to furnish four
+pieces of information:
+@itemize
+@item
+ The @code{payto://} URL of the bank account, which uniquely idenfies
+ the account. Examples for such URLs include
+ @code{payto://sepa/CH9300762011623852957} for a bank account
+ in the single European payment area (SEPA) or
+ @code{payto://x-taler-bank/localhost:8080/2} for the 2nd bank
+ account a the Taler bank demonstrator running at @code{localhost}
+ on port 8080. The first part of the URL following @code{payto://}
+ (``sepa'' or ``x-taler-bank'') is called the wire method.
+@item
+ A matching wire plugin that implements a protocol to interact
+ with the banking system. For example, the EBICS plugin can
+ be used for SEPA transfers, or the ``taler-bank'' plugin can
+ interact with the Taler bank demonstrator. A wire plugin
+ only supports one particular wire method. Thus, you must make
+ sure to pick a plugin that supports the wire method used in the
+ URL.
+@item
+ A file containing the signed JSON-encoded bank account details
+ for the /wire API. This is necessary as Taler supports offline
+ signing for bank accounts for additional security.
+@item
+ Finally, the plugin needs to be provided resources for
+ authentication to the respective banking service. The format
+ in which the authentication information must be provided
+ depends on the wire plugin.
+@end itemize
-@node Wiremethod-test
-@subsection Wiremethod-test
+You can configure multiple accounts for an exchange by creating
+sections starting with ``account-'' for the section name. You can
+ENABLE for each account whether it should be used, and for what
+(incoming or outgoing wire transfers):
-To enable the wire transfer method ``test'', you need to set
-``ENABLE=YES'' in section @cite{[exchange-wire-test]}.
+@setsyntax ini
+@example
+
+[account-1]
+URL = "payto://sepa/CH9300762011623852957"
+WIRE_RESPONSE = $@{TALER_CONFIG_HOME@}/account-1.json
+PLUGIN = ebics
-The bank account where the exchange gets money from customers is
-configured under the section @cite{[exchange-wire-test]}. It must
-contain the options ``EXCHANGE_ACCOUNT_NO'' and ``BANK_URL''.
-For basic authentication, it must additionally contain the
-``USERNAME'' and ``PASSWORD'' of the exchange's account at the bank.
+# Use for exchange-aggregator (outgoing transfers)
+ENABLE_DEBIT = YES
+# Use for exchange-wirewatch (and listed in /wire)
+ENABLE_CREDIT = YES
-For incoming transfers, the section must additional contain the
-option: @cite{test_response_file}, which takes
-the path to a text file containing the exchange's bank account details
-in JSON format.
+# ... add authentication options here
+@end example
-The command line tool @cite{taler-exchange-wire} is used to create such a file.
-For example, the utility may be invoked as follows:
+The command line tool @cite{taler-exchange-wire} is used to create
+the @code{account-1.json} file.
+For example, the utility may be invoked as follows to create
+all of the WIRE_RESPONSE files (in the locations specified by the configuration):
@example
-$ taler-exchange-wire -j '@{"name": "The Exchange", "account_number":
-10, "bank_url": "https://bank.demo.taler.net", "type": "test"@}' -t
-test -o exchange.json
+$ taler-exchange-wire
@end example
-Note that the value given to option @cite{-t} must match the value in
-the JSON's field @code{"type"}.
-
The generated file will be echoed by the exchange when serving
/wire@footnote{https://api.taler.net/api-exchange.html#wire-req}
requests.
-@node Wiremethod-sepa
-@subsection Wiremethod-sepa
+@menu
+* Wire plugin ``taler_bank''::
+* Wire plugin ``ebics''::
+* Wire fee structure::
+@end menu
-To enable the wire transfer method ``sepa'', you need to set
-``ENABLE=YES'' in section @cite{[exchange-wire-sepa]}.
+@node Wire plugin ``taler_bank''
+@subsection Wire plugin ``taler_bank''
+@cindex x-taler-bank
+@cindex taler_bank plugin
+The @code{taler_bank} plugin implements the wire method ``x-taler-bank''.
-This section contains only one option: @cite{sepa_response_file},
-which takes the path to a text file containing the exchange's bank
-account details in JSON format.
+The format of the @code{payto://} URL is @code{payto://x-taler-bank/HOSTNAME:PORT},
+possibly followed by other parameters like the amount and wire transfer subject
+as per the @code{payto://} standard.
-The command line tool @cite{taler-exchange-wire} is used to create such a file.
-For example, the utility may be invoked as follows:
+For basic authentication, the @code{taler_bank} plugin only supports
+simple password-based authentication. For this, the configuration
+must contain the ``USERNAME'' and ``PASSWORD'' of the respective
+account at the bank.
+@setsyntax ini
@example
-$ taler-exchange-wire -j '@{"name": "The Exchange", "account_number":
-10, "bank_url": "https://bank.demo.taler.net", "type": "sepa"@}' -t
-sepa -o exchange.json
+[account-2]
+URL = "payto://test/localhost:8080"
+USERNAME = exchange
+PASSWORD = super-secure
@end example
-Note that the value given to option @cite{-t} must match the value in the JSON's field @code{"type"}.
-
-The generated file will be echoed by the exchange when serving
-/wire@footnote{https://api.taler.net/api-exchange.html#wire-req}
-requests.
-
-This exchange's outgoing bank account is used to give money to merchants, after
-successful
-deposits@footnote{https://api.taler.net/api-exchange.html#deposit-par}
-operations. The outgoing bank account is configured by the following
-options under @cite{[exchange-wire-outgoing-sepa]}: (NOT YET SUPPORTED).
-@quotation
-
-
-@itemize
+@node Wire plugin ``ebics''
+@subsection Wire plugin ``ebics''
-@item
-@cite{exchange_account_numer}: which bank account number has the exchange
+The ``ebics'' wire plugin is not fully implemented and today
+does not support actual wire transfers.
-@item
-@cite{bank_url}: base URL of the bank hosting the exchange bank account
-@end itemize
-@end quotation
@cartouche
@quotation Note
-The rationale behind having two bank accounts is that the exchange operator, as a security
+The rationale behind having multiple bank accounts is that the exchange operator, as a security
measure, may want to instruct the bank that the incoming bank account is only supposed to
@emph{receive} money.
@end quotation
@end cartouche
+@node Wire fee structure
+@subsection Wire fee structure
+@cindex wire fee
+@cindex fee
+
+For each wire method (``sepa'' or ``x-taler-wire'', but not per plugin!) the
+exchange configuration must specify applicable wire fees. This is done
+in configuration sections of the format @code{fee-METHOD}. There are two
+types of fees, simple wire fees and closing fees. Wire fees apply whenever
+the aggregator transfers funds to a merchant. Closing fees apply whenever
+the exchange closes a reserve (sending back funds to the customer). The
+fees must be constant for a full year, which is specified as part of the name
+of the option.
+
+@setsyntax ini
+@example
+[fee-iban]
+WIRE-FEE-2018 = EUR:0.01
+WIRE-FEE-2019 = EUR:0.01
+CLOSING-FEE-2018 = EUR:0.01
+CLOSING-FEE-2019 = EUR:0.01
+
+[fee-x-taler-bank]
+WIRE-FEE-2018 = KUDOS:0.01
+WIRE-FEE-2019 = KUDOS:0.01
+CLOSING-FEE-2018 = KUDOS:0.01
+CLOSING-FEE-2019 = KUDOS:0.01
+@end example
+
@node Database
@section Database
@@ -546,18 +581,18 @@ possible in two ways:
via an environment variable: @cite{TALER_EXCHANGEDB_POSTGRES_CONFIG}.
@item
-via configuration option @cite{db_conn_str}, under section @cite{[exchangedb-BACKEND]}. For example, the demo exchange is configured as follows:
+via configuration option @cite{CONFIG}, under section @cite{[exchangedb-BACKEND]}. For example, the demo exchange is configured as follows:
@end itemize
@setsyntax ini
@example
[exchange]
...
-db = postgres
+DB = postgres
...
[exchangedb-postgres]
-db_conn_str = postgres:///talerdemo
+CONFIG = postgres:///talerdemo
@end example
@node Coins denomination keys
@@ -639,6 +674,25 @@ key will get a starting time of @cite{t}, and the @cite{j}-th key will
get a starting time of @cite{x + duration_withdraw}, where @cite{x} is
the starting time of the @cite{(j-1)}-th key.
+To change these settings, edit the following
+values in section @cite{[exchange]}:
+
+@itemize
+@item
+@cite{SIGNKEY_DURATION}: How long should one signing key be used?
+
+@item
+@cite{LOOKAHEAD_SIGN}: How much time we want to cover with our
+signing keys? Note that if @cite{SIGNKEY_DURATION} is bigger than
+@cite{LOOKAHEAD_SIGN}, @code{taler-exchange-keyup} will generate a
+quantity of signing keys which is sufficient to cover all the
+gap.
+@end itemize
+
+@c FIXME: LEGAL_DURATION not covered!
+@c FIXME: LOOKAHEAD_PROVIDE not covered!
+
+
@node Deployment
@chapter Deployment
diff --git a/doc/taler.conf.5 b/doc/taler.conf.5
index 40a9506e..07d13f19 100644
--- a/doc/taler.conf.5
+++ b/doc/taler.conf.5
@@ -1,4 +1,4 @@
-.TH TALER.CONF 5 "Apr 11, 2016" "GNU Taler"
+.TH TALER.CONF 5 "Mar 20, 2018" "GNU Taler"
.SH NAME
taler.conf \- Taler configuration file.
@@ -10,46 +10,174 @@ taler.conf \- Taler configuration file.
The basic structure of the configuration file is the following. The file is split into sections. Every section begins with "[SECTIONNAME]" and contains a number of options of the form "OPTION=VALUE". Empty lines and lines beginning with a "#" are treated as comments. Files containing default values for many of the options described below are installed under $TALER\_PREFIX/share/taler/config.d/. The configuration file given with \-c to Taler binaries overrides these defaults.
-.SH EXCHANGE OPTIONS
+.SH GLOBAL OPTIONS
-The following options are from the "[exchange]" section and used by most exchange tools:
+The following options are from the "[taler]" section and used by virtually all Taler components.
.IP CURRENCY
Name of the currency, i.e. "EUR" for Euro.
+
+The "[PATHS]" section is special in that it contains paths that can be referenced using "$" in other configuration values that specify filenames. For Taler, it commonly contains the following paths:
+
+.IP TALER_HOME
+ Home directory of the user, usually "${HOME}". Can be overwritten by testcases by setting ${TALER_TEST_HOME}.
+.IP TALER_DATA_HOME
+ Where should Taler store its long-term data. Usually "${TALER_HOME}/.local/share/taler/"
+.IP TALER_CONFIG_HOME
+ Where is the Taler configuration kept. Usually "${TALER_HOME}/.config/taler/"
+.IP TALER_CACHE_HOME
+ Where should Taler store cached data. Usually "${TALER_HOME}/.cache/taler/"
+.IP TALER_RUNTIME_DIR
+ Where should Taler store system runtime data (like UNIX domain sockets). Usually "${TMP}/taler-system-runtime".
+
+.SH EXCHANGE OPTIONS
+
+The following options are from the "[exchange]" section and used by most exchange tools:
+
.IP DB
Plugin to use for the database, i.e. "postgres"
.IP PORT
Port on which the HTTP server listens, i.e. 8080.
.IP MASTER_PUBLIC_KEY
Crockford Base32-encoded master public key, public version of the exchange\'s long\-time offline signing key.
+.IP MASTER_PRIV_FILE
+ Location of the master private key on disk. Only used by tools that can be run offline (as the master key is for offline signing).
+.IP BASE_URL
+ Specifies the base URL under which the exchange can be reached. Added to wire transfers to enable tracking by merchants.
+.IP SIGNKEY_DURATION
+ For how long is a signing key valid?
+.IP LEGAL_DURATION
+ For how long are signatures with signing keys legally valid?
+.IP LOOKAHEAD_SIGN
+ How long do we generate denomination and signing keys ahead of time?
+.IP LOOKAHEAD_PROVIDE
+ How long into the future do we provide signing and denomination keys to clients?
+
-.SH WIRE transfer details
+.SH EXCHANGE POSTGRES BACKEND DATABASE OPTIONS
-To enable the "test" wire transfer method, you must set "ENABLE = YES" in "[exchange\-wire\-test]".
-Then, the following options must be in section "[exchange\-wire\-incoming\-test]" and "[exchange\-wire\-outgoing\-test]":
+The following options must be in section "[exchangedb\-postgres]" if the "postgres" plugin was selected for the database:
-.IP BANK_URI
- URL of the Taler bank.
+.IP CONFIG
+ How to access the database, i.e. "postgres:///taler" to use the "taler" database. Testcases use "talercheck".
-.IP BANK_ACCOUNT_NUMBER
- Number of the bank account of the exchange.
-To enable the "sepa" wire transfer method, you must set "ENABLE = YES" in "[exchange\-wire\-sepa]".
-Then, the following options must be in section "[exchange\-wire\-incoming\-sepa]" and "[exchange\-wire\-outgoing\-sepa]":
+.SH MERCHANT OPTIONS
-.IP SEPA_RESPONSE_FILE
- Filename with the JSON body for the /wire response, signed using the exchange\'s long-term offline master key. Use taler\-exchange\-sepa to create the SEPA_RESPONSE_FILE.
+The following options are from the "[merchant]" section and used by the merchant backend:
+.IP DB
+ Plugin to use for the database, i.e. "postgres"
+.IP PORT
+ Port on which the HTTP server listens, i.e. 8080.
+.IP WIRE_TRANSFER_DELAY
+ How quickly do we want the exchange to send us money? Note that wire transfer fees will be higher if we ask for money to be wired often. Given as a relative time, i.e. "5 s"
+.IP DEFAULT_MAX_WIRE_FEE
+ Maximum wire fee we are willing to accept from exchanges. Given as a Taler amount, i.e. "EUR:0.1"
+.IP DEFAULT_MAX_DEPOSIT_FEE
+ Maximum deposit fee we are willing to cover. Given as a Taler amount, i.e. "EUR:0.1"
-.SH Postgres database options
-The following options must be in section "[exchangedb\-postgres]":
+.SH MERCHANT POSTGRES BACKEND DATABASE OPTIONS
-.IP DB_CONN_STR
+The following options must be in section "[merchantdb\-postgres]" if the "postgres" plugin was selected for the database:
+
+.IP CONFIG
How to access the database, i.e. "postgres:///taler" to use the "taler" database. Testcases use "talercheck".
-.SH COIN OPTIONS
+.SH MERCHANT INSTANCES
+
+The merchant configuration must specify a set of instances, containing at least the "default" instance. The following options must be given in each "[instance-NAME]" section:
+
+.IP KEYFILE
+ Name of the file where the instance\'s private key is to be stored, i.e. "${TALER_CONFIG_HOME}/merchant/instance/name.priv"
+.IP NAME
+ Human-readable name of the instance, i.e. "Kudos Inc."
+
+Additionally, for instances that support tipping, the following options are required:
+
+.IP TIP_EXCHANGE
+ Base-URL of the exchange that holds the reserve for tipping, i.e. "https://exchange.demo.taler.net/"
+.IP TIP_EXCHANGE_PRIV_FILENAME
+ Filename with the private key granting access to the reserve, i.e. "${TALER_CONFIG_HOME}/merchant/reserve/tip.priv"
+
+
+.SH KNOWN EXCHANGES (for merchants and wallets)
+
+The merchant configuration can include a list of known exchanges if the merchant wants to specify that certain exchanges are explicitly trusted. For each trusted exchange, a section [exchange-NAME] must exist, where NAME is a merchant-given name for the exchange. The following options must be given in each "[exchange-NAME]" section:
+
+.IP BASE_URL
+ Base URL of the exchange, i.e. "https://exchange.demo.taler.net/"
+.IP MASTER_KEY
+ Crockford Base32 encoded master public key, public version of the exchange\'s long\-time offline signing key
+.IP CURRENCY
+ Name of the currency for which this exchange is trusted, i.e. "KUDOS"
+
+
+.SH KNOWN AUDITORS (for merchants and wallets)
+
+The merchant configuration can include a list of known exchanges if the merchant wants to specify that certain auditors are explicitly trusted. For each trusted exchange, a section [auditor-NAME] must exist, where NAME is a merchant-given name for the exchange. The following options must be given in each "[auditor-NAME]" section:
+
+.IP BASE_URL
+ Base URL of the auditor, i.e. "https://auditor.demo.taler.net/"
+.IP AUDITOR_KEY
+ Crockford Base32 encoded auditor public key.
+.IP CURRENCY
+ Name of the currency for which this auditor is trusted, i.e. "KUDOS"
+
+
+
+.SH ACCOUNT OPTIONS (for exchanges and merchants)
+
+An exchange (or merchant) can have multiple bank accounts. The following options are for sections named "[account-SOMETHING]". The SOMETHING is arbitrary and should be chosen to uniquely identify the bank account for the operator. Additional authentication options may need to be specified in the account section depending on the PLUGIN used.
+
+.IP URL
+ Specifies the payto://-URL of the account. The general format is payto://METHOD/DETAILS. This option is used for exchanges and merchants.
+.IP WIRE_RESPONSE
+ Specifies the name of the file in which the /wire response for this account should be located. Used by the Taler exchange service and the taler\-exchange\-wire tool and the taler\-merchant\-httpd (to generate the files).
+.IP PLUGIN
+ Name of the plugin can be used to access the account (i.e. "taler-bank" or "ebics"). Used by the merchant backend for back office operations (i.e. to identify incoming wire transfers) and by the exchange.
+.IP ENABLE_DEBIT
+ Must be set to YES for the accounts that the taler\-exchange\-aggregator should debit. Not used by merchants.
+.IP ENABLE_CREDIT
+ Must be set to YES for the accounts that the taler\-exchange\-wirewatch should check for credits. (It is yet uncertain if the merchant implementation may check this flag as well.)
+.IP HONOR_instance
+ Must be set to YES for the instances (where "instance" is the section name of the instance) of the merchant backend that should allow incoming wire transfers for this bank account.
+.IP ACTIVE_instance
+ Must be set to YES for the instances (where "instance" is the section name of the instance) of the merchant backend that should use this bank account in new offers/contracts. Setting ACTIVE_instance to YES requires also setting ENABLE_instance to YES.
+
+
+.SH TALER-BANK AUTHENTICATION OPTIONS (for accounts)
+
+The following authentication options are supported by the "taler-bank" wire plugin. They must be specified in the "[account-]" section that uses the "taler-bank" plugin.
+
+.IP TALER_BANK_AUTH_METHOD
+ Authentication method to use. "none" or "basic" are currently supported.
+.IP USERNAME
+ Username to use for authentication. Used with the "basic" authentication method.
+.IP PASSWORD
+ Password to use for authentication. Used with the "basic" authentication method.
+
+.SH EBICS AUTHENTICATION OPTIONS
+
+The following authentication options are supported by the "ebics" wire plugin. They must be specified in the "[account-]" section that uses the "ebics" plugin.
+
+.IP NONE
+ Currently the "ebics" implementation is incomplete and does not support authentication.
+
+
+.SH EXCHANGE WIRE FEE OPTIONS
+
+For each supported wire method (i.e. "x-taler-bank" or "sepa"), sections named "[fees-METHOD]" state the (aggregate) wire transfer fee and the reserve closing fees charged by the exchange. Note that fees are specified using the name of the wire method, not by the plugin name. You need to replace "YEAR" in the option name by the calendar year for which the fee should apply. Usually, fees should be given for serveral years in advance.
+
+.IP WIRE-FEE-YEAR
+ Aggregate wire transfer fee merchants are charged in YEAR. Specified as a Taler amount using the usual amount syntax (CURRENCY:VALUE.FRACTION).
+.IP CLOSING-FEE-YEAR
+ Reserve closing fee customers are charged in YEAR. Specified as a Taler amount using the usual amount syntax (CURRENCY:VALUE.FRACTION).
+
+
+.SH EXCHANGE COIN OPTIONS
The following options must be in sections starting with "[coin_]" and are used by taler\-exchange\-keyup to create denomination keys:
@@ -72,22 +200,27 @@ The following options must be in sections starting with "[coin_]" and are used b
.IP RSA_KEYSIZE
What is the RSA keysize modulos (in bits)?
-.SH KEY OPTIONS
-The following options are from the "[exchange_keys]" section and used by most taler\-exchange\-keyup to create keys:
+.SH AUDITOR OPTIONS
-.IP SIGNKEY_DURATION
- For how long is a signing key valid?
-.IP LEGAL_DURATION
- For how long are signatures with signing keys legally valid?
-.IP LOOKAHEAD_SIGN
- How long do we generate denomination and signing keys ahead of time?
-.IP LOOKAHEAD_PROVIDE
- How long into the future do we provide signing and denomination keys to clients?
+The following options must be in section "[auditor]" for the Taler auditor:
+
+.IP DB
+ Plugin to use for the database, i.e. "postgres"
+.IP AUDITOR_PRIV_FILE
+ Name of the file containing the auditor's private key
+
+
+.SH AUDITOR POSTGRES BACKEND DATABASE OPTIONS
+
+The following options must be in section "[auditordb\-postgres]" if the "postgres" plugin was selected for the database:
+
+.IP CONFIG
+ How to access the database, i.e. "postgres:///taler" to use the "taler" database. Testcases use "talercheck".
.SH BUGS
Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org>
.SH "SEE ALSO"
-\fBtaler\-exchange\-httpd\fP(1), \fBtaler\-exchange\-keyup\fP(1), \fBtaler\-exchange\-reservemod\fP(1), \fBtaler\-exchange\-dbinit\fP(1), \fBtaler\-exchange\-sepa(1)
+\fBtaler\-exchange\-httpd\fP(1), \fBtaler\-exchange\-keyup\fP(1), \fBtaler\-exchange\-dbinit\fP(1), \fBtaler\-exchange\-wire(1)