commit 7ca42dbe1228aa29fb1ad49fad8bf921e091b4a9
parent 32b087689c7205875e3edf2e806b1eb6e6ccd8da
Author: Antoine A <>
Date: Tue, 20 Feb 2024 19:23:10 +0100
Improve regional currency manual
Diffstat:
2 files changed, 24 insertions(+), 8 deletions(-)
diff --git a/frags/nexus-ebics-setup.rst b/frags/nexus-ebics-setup.rst
@@ -37,8 +37,19 @@ The following snippet shows the mandatory configuration values:
.. warning::
This combination of HOST_ID, USER_ID and PARTNER_ID must never be used by another instance of libeufin-nexus or by other EBICS clients, otherwise data will be lost.
-.. note::
- If you want to use existing client keys, copy the JSON file to the configured path ``CLIENT_PRIVATE_KEYS_FILE`` (``/var/lib/libeufin-nexus/client-ebics-keys.json`` with the default config) before running the following commands.
+Reuse existing client keys
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If you have client keys from a previous EBICS setup you can copy the JSON file to the configured path ``CLIENT_PRIVATE_KEYS_FILE`` (``/var/lib/libeufin-nexus/client-ebics-keys.json`` with the default config).
+
+Make sure this file is acessible to the user running ``libeufin-nexus``, for the default services you should run:
+
+.. code-block:: console
+
+ $ chown libeufin-nexus:libeufin-nexus /var/lib/libeufin-nexus/client-ebics-keys.json
+
+Create new client keys
+^^^^^^^^^^^^^^^^^^^^^^
Assuming that the configuration file exists at ``$CONFIG_FILE``, the following
command should start the EBICS setup process:
@@ -55,8 +66,13 @@ To that end, the previous run should have left a PDF document that you can
print, sign and send to the bank. Look for the message that looks like ``PDF
file with keys created at '/tmp/libeufin-nexus-keys-$TIMESTAMP.pdf'``.
-Once the bank has received and processed this document, run the same
-command again to download and verify the bank's keys:
+Once the bank has received and processed this document you can continue.
+
+Get bank keys
+^^^^^^^^^^^^^
+
+Assuming that the configuration file exists at ``$CONFIG_FILE``, the following
+command will finish the EBICS setup process:
.. code-block:: console
diff --git a/libeufin/regional-automated-manual.rst b/libeufin/regional-automated-manual.rst
@@ -87,8 +87,7 @@ Navigate into the *regional-currency/* directory and run *main.sh* as **root**:
$ cd deployment/regional-currency/
# ./main.sh
-The script will start by asking you fundamental questions about the
-desired setup, in particular:
+The script will start by installing required packages and then asking you fundamental questions about the desired setup, in particular :
* The name of the regional currency. It must have 3 to 11 letters.
* The ISO code of the fiat currency. Use 'CHF' or 'EUR'.
@@ -102,12 +101,13 @@ desired setup, in particular:
IP address of the server on which you are running the
installation (before you execute the installer).
* Whether to use TLS or not. You should answer ``y`` in most cases.
-* Whether to run taler-exchange-offline. Unless you need a high-security
+* Whether to store Taler Exchange keys on this server or externally on another server. Unless you need a high-security
setup and expect to run an offline key management process, say ``y``.
If you say ``n``, you will need to run ``taler-exchange-offline setup``
on your offline system and provide the master public key. Furthermore,
you should then study the exchange manual on offline key management to
finish the exchange setup process later.
+* Whether to setup sms two-factor authentication using Telesign. You should answer ``y`` in most cases.
* The admin password for the bank. Be absolutely sure to enter a very,
very long and high-entropy password, preferably use the autogenerated one.
@@ -148,7 +148,7 @@ with you preferred text editor, you can also do this in one single command.
Multi-factor authentication
+++++++++++++++++++++++++++
-By default, multi-factor authentication via SMS and email is enabled. You have to manually configure both channels as described in :ref:`multi-factor authentication <libeufin-mfa>`.
+The script allows you to configure multi-factor authentication via SMS using Telesign as a provider. You can also configure multi-factor authentication via email or use providers other than Telesign for SMS. You will need to configure these channels manually as described in :ref:`multi-factor authentication <libeufin-mfa>`.
Web-based Configuration
+++++++++++++++++++++++
