commit 557a030c62dcde7db5cb46e20322fb3b6cb377c9
parent 039d38a2da7690292e0c1881e6cfc029243f06bd
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 2 Feb 2026 09:45:21 +0100
spec clarifications for #10892
Diffstat:
3 files changed, 29 insertions(+), 7 deletions(-)
diff --git a/core/api-exchange.rst b/core/api-exchange.rst
@@ -597,7 +597,15 @@ possibly by using HTTPS.
stamp_start: Timestamp;
// When is it no longer possible to withdraw coins
- // of this denomination?
+ // of this denomination? Note that while this option
+ // is given per denomination, all concurrently active
+ // denominations (of the same cipher type)
+ // will have exactly the same withdraw
+ // expiration time. Thus, the wallet can be sure what
+ // is the smallest denomination being offered at any
+ // particular point in time, and not worry about the
+ // exchange having merely failed to sign the key of
+ // only the smallest denomination unit.
stamp_expire_withdraw: Timestamp;
// When is it no longer possible to deposit coins
diff --git a/manpages/taler-exchange-secmod-cs.1.rst b/manpages/taler-exchange-secmod-cs.1.rst
@@ -29,9 +29,16 @@ Description
**taler-exchange-secmod-cs** is a command-line tool to
handle private Clause-Schnorr key operations for a Taler exchange.
-FIXME: More details.
-
-Its options are as follows:
+The tool automatically generates new keys and deletes expired (private)
+keys. It also makes sure that all RSA denomination keys end at the same
+expiration time to ensure that the wallet has certainty about the set of
+configured denomination keys at any particular point in time. For this, if not
+all denomination key durations are identical, the module may stretch (!) the
+duration of some keys to ensure that they all end at identical intervals.
+Thus, it usually only makes sense to configure the same duration time for all
+RSA keys (at least for those active at the same time).
+
+The options of the program are as follows:
**-c** *FILENAME* \| **--config=**\ \ *FILENAME*
Use the configuration and other resources for the merchant to operate
diff --git a/manpages/taler-exchange-secmod-rsa.1.rst b/manpages/taler-exchange-secmod-rsa.1.rst
@@ -29,9 +29,16 @@ Description
**taler-exchange-secmod-rsa** is a command-line tool to
handle private RSA key operations for a Taler exchange.
-FIXME: More details.
-
-Its options are as follows:
+The tool automatically generates new keys and deletes expired (private)
+keys. It also makes sure that all RSA denomination keys end at the same
+expiration time to ensure that the wallet has certainty about the set of
+configured denomination keys at any particular point in time. For this, if not
+all denomination key durations are identical, the module may stretch (!) the
+duration of some keys to ensure that they all end at identical intervals.
+Thus, it usually only makes sense to configure the same duration time for all
+RSA keys (at least for those active at the same time).
+
+The options of the program are as follows:
**-c** *FILENAME* \| **--config=**\ \ *FILENAME*
Use the configuration and other resources for the merchant to operate
