1sign.conf(8)                System Manager's Manual               sign.conf(8)
2
3
4

NAME

6       sign.conf - sign and signd configuration file
7
8

SYNOPSIS

10       /etc/sign.conf
11
12

DESCRIPTION

14       This  file  holds  the  configuration both for the sign program and the
15       signd daemon. Each  line  in  the  file  has  the  format  "key:  value
16       [value...]". Empty lines or lines starting with "#" are ignored.
17
18       The following keys are recognized:
19
20
21       server: hostname
22           Forward all unknown requests to the specified server.
23
24       port: port
25           Use  the  specified port number instead of the default port "5167".
26           Also sets the proxyport.
27
28       proxyport: port
29           Listen on the specified port number for incoming requests.
30
31       user: user
32           Set a default user to use for signing.
33
34       hash: hash
35           Set a default hash to use for signing. The default hash is SHA1.
36
37       allow: ip subnet hostname...
38           Allow only connections from the specified ip addresses, subnets ex‐
39           pressed  in  CIDR  notation, and/or hostnames.  Note that hostnames
40           are resolved using reverse DNS lookups, so there  must  be  reverse
41           entries  in  the  DNS  server, and it should be secured against DNS
42           poisoning attacks.  Must be present.
43
44       gpg: path_to_gpg
45           Select the gpg program to use instead of "/usr/bin/gpg".
46
47       phrases: phrases_directory
48           Set the directory containing gpg phrases for every user.  A  phrase
49           file is fed into gpg with the "--passphrase-fd=0" option.
50
51       map: [hash:]from_signuser to_signuser
52           Modify  the  signuser.  This can be used to map hashes and users to
53           unambiguous key ids.
54
55       allowuser: username|uid
56           Grant the user the right to sign. the sign binary must be installed
57           suid-root  for this to work. Multiple users can be specified by us‐
58           ing multiple allowuser lines in the configuration.
59
60       allow-unprivileged-ports: true|false
61           Allow signd to accept connections from source ports  >  1024.   De‐
62           faults to false.
63
64       logfile: filename
65           Log requests to the specified filename instead of stdout.
66
67       gnupghome: dirname
68           Configures  the  directory  for gpg to use by setting the GNUPGHOME
69           environment variable.
70
71       use_agent: true|false
72           Make signd directly talk to the gpg-agent for  signing  instead  of
73           calling  gpg.  This is the default if the --files-are-digest option
74           is not available in gpg.
75
76       keycache: dirname
77           Cache the result of finding the signing key for a username. This is
78           only  done if the gpg-agent is used for signing. The cache is auto‐
79           matically invalidated if there is a change in the gpg keyring.
80
81

FILES

83       /etc/sign.conf
84
85

SEE ALSO

87       sign(8), signd(8)
88
89
90
91                                   Apr 2007                       sign.conf(8)
Impressum