commit a050504fd0a26fd40abf653450ee3deae807266b
parent ee35dab4b592b720138976d1fef65ca8de6d7c36
Author: Stefan Kügel <skuegel@web.de>
Date: Mon, 11 Jan 2021 22:16:21 +0100
Merge branch 'master' of ssh://git.taler.net/docs
Diffstat:
5 files changed, 43 insertions(+), 6 deletions(-)
diff --git a/core/api-exchange.rst b/core/api-exchange.rst
@@ -1603,6 +1603,7 @@ the API during normal operation.
// Signature made by the old coin over the refresh request.
// Signs over a `TALER_CoinLinkSignaturePS`
link_sig: EddsaSignature;
+
}
diff --git a/design-documents/010-exchange-helpers.rst b/design-documents/010-exchange-helpers.rst
@@ -42,6 +42,12 @@ running under a different user ID (UID), creating in effect a software
security module. The exchange's HTTP process will be required to interact
with those helpers via a UNIX domain socket.
+Socket permission details:
+
+* The socket will be chmod 0620 (u+rw, g+w) regardless of umask.
+* That the group is the same group of the crypto helpers must
+ still be ensured by the operator.
+
General design details:
* The helpers will process requests from the exchange to sign and revoke keys.
diff --git a/exchange-db.png b/exchange-db.png
Binary files differ.
diff --git a/manpages/taler-auditor.1.rst b/manpages/taler-auditor.1.rst
@@ -12,9 +12,14 @@ Synopsis
========
**taler-auditor**
+[**-c** *FILENAME* | **––config=**\ \ *FILENAME*]
[**-h** | **––help**]
[**-i**_|_**––internal**]
+[**-L** *LOGLEVEL* | **––loglevel=**\ \ *LOGLEVEL*]
+[**-l** *FILENAME* | **––logfile=**\ \ *FILENAME*]
[**-m** *MASTER_KEY* | **––exchange-key=**\ \ *MASTER_KEY*]
+[**-T** *USEC* | **––timetravel**\ \ *USEC*]
+[**-v** | **––version**]
Description
@@ -30,6 +35,10 @@ found in the database. It does NOT check with the bank to see that the
incoming and outgoing wire transfers that the bank claims to have
matches the exchange’s database. Its options are as follows.
+**-c** *FILENAME* \| **––config=**\ \ *FILENAME*
+ Use the configuration and other resources for the merchant to operate
+ from *FILENAME*.
+
**-h** \| **––help**
Print short help on options.
@@ -37,12 +46,26 @@ matches the exchange’s database. Its options are as follows.
Run additional checks that can only performed on the exchange-internal
database and not the "safe" replicated database at the auditor.
+**-L** *LOGLEVEL* \| **––loglevel=**\ \ *LOGLEVEL*
+ Specifies the log level to use. Accepted values are: ``DEBUG``, ``INFO``,
+ ``WARNING``, ``ERROR``.
+
+**-l** *FILENAME* \| **––logfile=**\ \ *FILENAME*
+ Send logging output to *FILENAME*.
+
**-m** *KEY* \| **––exchange-key=**\ \ *KEY*
Public master key of the exchange in Crockford base32 encoding, for
example as generated by gnunet-ecc -p. If this option is missing,
taler-auditor will use the MASTER_PUBLIC_KEY value from the
“exchange” section of the configuration.
+**-T** *USEC* \| **––timetravel=**\ \ *USEC*
+ Modify the system time by *USEC* microseconds.
+ *USEC* may be prefixed with ``+`` or ``-`` (e.g. ``-T +300``).
+ This option is intended for debugging/testing only.
+
+**-v** \| **––version**
+ Print version information.
See Also
diff --git a/taler-exchange-manual.rst b/taler-exchange-manual.rst
@@ -234,6 +234,9 @@ integration support.
Functionality
^^^^^^^^^^^^^
+The UNIX domain sockets have mode 0620 (u+rw, g+w). The exchange process
+MUST be in the same group as the the crypto helper processes.
+
The two helper processes will create the required private keys, and allow
anyone with access to the UNIX domain socket to sign arbitrary messages with
the keys or to inform them about a key being revoked. The helper processes
@@ -438,6 +441,7 @@ permissions. Those permissions are only required for this step (which may
have to be repeated when upgrading a deployment). Afterwards, during normal
operation, permissions to ``CREATE`` or ``ALTER`` tables are not required by
any of the Taler exchange processes and thus should not be granted.
+For more information, see :doc:`manpages/taler-exchange-dbinit.1`.
.. _Coins-denomination-keys:
@@ -475,14 +479,16 @@ must then have the following options:
- ``RSA_KEYSIZE``: How many bits should the RSA modulus (product of the two
primes) have for this type of coin.
-
+See :doc:`manpages/taler.conf.5` for information on *duration* values
+(i.e. ``DURATION_WITHDRAW`` and ``DURATION_SPEND`` above,
+and ``OVERLAP_DURATION`` and ``DURATION`` below).
Additionally, there are two global configuration options of note:
- ``[taler-helper-crypto-rsa/OVERLAP_DURATION]``: What is the overlap of the
withdrawal timespan for denomination keys? The value given here must
be smaller than any of the ``DURATION_WITHDRAW`` values for any of the coins.
-- ``[taler-helper-crypto-rsa/LOOKAHEAD_SIGN]``: For how far into the future
+- ``[taler-helper-crypto-rsa/LOOKAHEAD_SIGN]``: For how far into the future
should denomination keys be pre-generated? This allows the exchange and
auditor operators to download, offline-sign, and upload denomination key
signatures for denomination keys that will be used in the future by the
@@ -649,9 +655,8 @@ follows to enable a wire account:
$ taler-exchange-offline enable-account payto://iban/CH9300762011623852957
The resulting JSON output must be uploaded to the exchange using
-``taler-exchange-offline upload``. For details, see the man
-page on ``taler-exchange-offline``.
-ttn: please turn this into a link!
+``taler-exchange-offline upload``.
+For details, see :doc:`manpages/taler-exchange-offline.1`.
.. _Wire-fee-structure:
@@ -817,7 +822,7 @@ to provision the signatures to the exchange. At this point, the
exchange will be able to use those keys, but wallets and merchants
may not yet trust them! Thus, the next step is for the auditor
to affirm that they are auditing this exchange. Details about
-this are described in the auditor manual (ttn: add link, please!).
+this are described in :doc:`taler-auditor-manual`.
The simplistic (without using offline keys for the auditor) way
to do this would be:
@@ -826,6 +831,8 @@ to do this would be:
$ taler-auditor-offline download sign upload
+For more information, see :doc:`manpages/taler-auditor-offline.1`.
+
Private key storage
-------------------
