diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-04-02 14:24:45 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-04-02 14:29:44 +0200 |
commit | cb55c1a3af9f56a6da38e5589e72df0b70d355b1 (patch) | |
tree | 5f9a3af7d9073249f77ce56c690844a6cb27c3e7 /doc/taler.conf.5 | |
parent | 7a20062bafed42f937c5388aed09042aad7014c0 (diff) |
Changing configuration structure to enable multiple accounts.
This change enables using multiple wire plugins at the same time.
Also, we now distinguish between the wire plugin (i.e. EBICS or
taler_bank) and the wire method (i.e. SEPA or x-taler-bank) that
the wire plugin is implementing. The "taler-bank" wire method
was renamed from "test" to "x-taler-bank".
This also changes the format of the /wire response of the exchange,
as we now need to return multiple accounts. Note that wire fees
are specified per wire method, not per wire account.
taler-exchange-keyup now automatically signs all of the /wire
responses in the location specified by the configuration.
Account identification in wire plugins was changed to use
payto://-URLs instead of method-specific JSON fields. Signing
and validation of /wire responses was moved from each wire
plugin to a generic validation method in libtalerutil (crypto)
or libtalerjson (for JSON-formatted inputs).
Convenience methods were added to generate JSON for wire accounts
(salting, signing).
Various section and option names were adjusted to streamline the
configuration and make it more consistent overall. Documentation
was updated as well.
Diffstat (limited to 'doc/taler.conf.5')
-rw-r--r-- | doc/taler.conf.5 | 191 |
1 files changed, 162 insertions, 29 deletions
diff --git a/doc/taler.conf.5 b/doc/taler.conf.5 index 40a9506e4..07d13f19d 100644 --- a/doc/taler.conf.5 +++ b/doc/taler.conf.5 @@ -1,4 +1,4 @@ -.TH TALER.CONF 5 "Apr 11, 2016" "GNU Taler" +.TH TALER.CONF 5 "Mar 20, 2018" "GNU Taler" .SH NAME taler.conf \- Taler configuration file. @@ -10,46 +10,174 @@ taler.conf \- Taler configuration file. The basic structure of the configuration file is the following. The file is split into sections. Every section begins with "[SECTIONNAME]" and contains a number of options of the form "OPTION=VALUE". Empty lines and lines beginning with a "#" are treated as comments. Files containing default values for many of the options described below are installed under $TALER\_PREFIX/share/taler/config.d/. The configuration file given with \-c to Taler binaries overrides these defaults. -.SH EXCHANGE OPTIONS +.SH GLOBAL OPTIONS -The following options are from the "[exchange]" section and used by most exchange tools: +The following options are from the "[taler]" section and used by virtually all Taler components. .IP CURRENCY Name of the currency, i.e. "EUR" for Euro. + +The "[PATHS]" section is special in that it contains paths that can be referenced using "$" in other configuration values that specify filenames. For Taler, it commonly contains the following paths: + +.IP TALER_HOME + Home directory of the user, usually "${HOME}". Can be overwritten by testcases by setting ${TALER_TEST_HOME}. +.IP TALER_DATA_HOME + Where should Taler store its long-term data. Usually "${TALER_HOME}/.local/share/taler/" +.IP TALER_CONFIG_HOME + Where is the Taler configuration kept. Usually "${TALER_HOME}/.config/taler/" +.IP TALER_CACHE_HOME + Where should Taler store cached data. Usually "${TALER_HOME}/.cache/taler/" +.IP TALER_RUNTIME_DIR + Where should Taler store system runtime data (like UNIX domain sockets). Usually "${TMP}/taler-system-runtime". + +.SH EXCHANGE OPTIONS + +The following options are from the "[exchange]" section and used by most exchange tools: + .IP DB Plugin to use for the database, i.e. "postgres" .IP PORT Port on which the HTTP server listens, i.e. 8080. .IP MASTER_PUBLIC_KEY Crockford Base32-encoded master public key, public version of the exchange\'s long\-time offline signing key. +.IP MASTER_PRIV_FILE + Location of the master private key on disk. Only used by tools that can be run offline (as the master key is for offline signing). +.IP BASE_URL + Specifies the base URL under which the exchange can be reached. Added to wire transfers to enable tracking by merchants. +.IP SIGNKEY_DURATION + For how long is a signing key valid? +.IP LEGAL_DURATION + For how long are signatures with signing keys legally valid? +.IP LOOKAHEAD_SIGN + How long do we generate denomination and signing keys ahead of time? +.IP LOOKAHEAD_PROVIDE + How long into the future do we provide signing and denomination keys to clients? + -.SH WIRE transfer details +.SH EXCHANGE POSTGRES BACKEND DATABASE OPTIONS -To enable the "test" wire transfer method, you must set "ENABLE = YES" in "[exchange\-wire\-test]". -Then, the following options must be in section "[exchange\-wire\-incoming\-test]" and "[exchange\-wire\-outgoing\-test]": +The following options must be in section "[exchangedb\-postgres]" if the "postgres" plugin was selected for the database: -.IP BANK_URI - URL of the Taler bank. +.IP CONFIG + How to access the database, i.e. "postgres:///taler" to use the "taler" database. Testcases use "talercheck". -.IP BANK_ACCOUNT_NUMBER - Number of the bank account of the exchange. -To enable the "sepa" wire transfer method, you must set "ENABLE = YES" in "[exchange\-wire\-sepa]". -Then, the following options must be in section "[exchange\-wire\-incoming\-sepa]" and "[exchange\-wire\-outgoing\-sepa]": +.SH MERCHANT OPTIONS -.IP SEPA_RESPONSE_FILE - Filename with the JSON body for the /wire response, signed using the exchange\'s long-term offline master key. Use taler\-exchange\-sepa to create the SEPA_RESPONSE_FILE. +The following options are from the "[merchant]" section and used by the merchant backend: +.IP DB + Plugin to use for the database, i.e. "postgres" +.IP PORT + Port on which the HTTP server listens, i.e. 8080. +.IP WIRE_TRANSFER_DELAY + How quickly do we want the exchange to send us money? Note that wire transfer fees will be higher if we ask for money to be wired often. Given as a relative time, i.e. "5 s" +.IP DEFAULT_MAX_WIRE_FEE + Maximum wire fee we are willing to accept from exchanges. Given as a Taler amount, i.e. "EUR:0.1" +.IP DEFAULT_MAX_DEPOSIT_FEE + Maximum deposit fee we are willing to cover. Given as a Taler amount, i.e. "EUR:0.1" -.SH Postgres database options -The following options must be in section "[exchangedb\-postgres]": +.SH MERCHANT POSTGRES BACKEND DATABASE OPTIONS -.IP DB_CONN_STR +The following options must be in section "[merchantdb\-postgres]" if the "postgres" plugin was selected for the database: + +.IP CONFIG How to access the database, i.e. "postgres:///taler" to use the "taler" database. Testcases use "talercheck". -.SH COIN OPTIONS +.SH MERCHANT INSTANCES + +The merchant configuration must specify a set of instances, containing at least the "default" instance. The following options must be given in each "[instance-NAME]" section: + +.IP KEYFILE + Name of the file where the instance\'s private key is to be stored, i.e. "${TALER_CONFIG_HOME}/merchant/instance/name.priv" +.IP NAME + Human-readable name of the instance, i.e. "Kudos Inc." + +Additionally, for instances that support tipping, the following options are required: + +.IP TIP_EXCHANGE + Base-URL of the exchange that holds the reserve for tipping, i.e. "https://exchange.demo.taler.net/" +.IP TIP_EXCHANGE_PRIV_FILENAME + Filename with the private key granting access to the reserve, i.e. "${TALER_CONFIG_HOME}/merchant/reserve/tip.priv" + + +.SH KNOWN EXCHANGES (for merchants and wallets) + +The merchant configuration can include a list of known exchanges if the merchant wants to specify that certain exchanges are explicitly trusted. For each trusted exchange, a section [exchange-NAME] must exist, where NAME is a merchant-given name for the exchange. The following options must be given in each "[exchange-NAME]" section: + +.IP BASE_URL + Base URL of the exchange, i.e. "https://exchange.demo.taler.net/" +.IP MASTER_KEY + Crockford Base32 encoded master public key, public version of the exchange\'s long\-time offline signing key +.IP CURRENCY + Name of the currency for which this exchange is trusted, i.e. "KUDOS" + + +.SH KNOWN AUDITORS (for merchants and wallets) + +The merchant configuration can include a list of known exchanges if the merchant wants to specify that certain auditors are explicitly trusted. For each trusted exchange, a section [auditor-NAME] must exist, where NAME is a merchant-given name for the exchange. The following options must be given in each "[auditor-NAME]" section: + +.IP BASE_URL + Base URL of the auditor, i.e. "https://auditor.demo.taler.net/" +.IP AUDITOR_KEY + Crockford Base32 encoded auditor public key. +.IP CURRENCY + Name of the currency for which this auditor is trusted, i.e. "KUDOS" + + + +.SH ACCOUNT OPTIONS (for exchanges and merchants) + +An exchange (or merchant) can have multiple bank accounts. The following options are for sections named "[account-SOMETHING]". The SOMETHING is arbitrary and should be chosen to uniquely identify the bank account for the operator. Additional authentication options may need to be specified in the account section depending on the PLUGIN used. + +.IP URL + Specifies the payto://-URL of the account. The general format is payto://METHOD/DETAILS. This option is used for exchanges and merchants. +.IP WIRE_RESPONSE + Specifies the name of the file in which the /wire response for this account should be located. Used by the Taler exchange service and the taler\-exchange\-wire tool and the taler\-merchant\-httpd (to generate the files). +.IP PLUGIN + Name of the plugin can be used to access the account (i.e. "taler-bank" or "ebics"). Used by the merchant backend for back office operations (i.e. to identify incoming wire transfers) and by the exchange. +.IP ENABLE_DEBIT + Must be set to YES for the accounts that the taler\-exchange\-aggregator should debit. Not used by merchants. +.IP ENABLE_CREDIT + Must be set to YES for the accounts that the taler\-exchange\-wirewatch should check for credits. (It is yet uncertain if the merchant implementation may check this flag as well.) +.IP HONOR_instance + Must be set to YES for the instances (where "instance" is the section name of the instance) of the merchant backend that should allow incoming wire transfers for this bank account. +.IP ACTIVE_instance + Must be set to YES for the instances (where "instance" is the section name of the instance) of the merchant backend that should use this bank account in new offers/contracts. Setting ACTIVE_instance to YES requires also setting ENABLE_instance to YES. + + +.SH TALER-BANK AUTHENTICATION OPTIONS (for accounts) + +The following authentication options are supported by the "taler-bank" wire plugin. They must be specified in the "[account-]" section that uses the "taler-bank" plugin. + +.IP TALER_BANK_AUTH_METHOD + Authentication method to use. "none" or "basic" are currently supported. +.IP USERNAME + Username to use for authentication. Used with the "basic" authentication method. +.IP PASSWORD + Password to use for authentication. Used with the "basic" authentication method. + +.SH EBICS AUTHENTICATION OPTIONS + +The following authentication options are supported by the "ebics" wire plugin. They must be specified in the "[account-]" section that uses the "ebics" plugin. + +.IP NONE + Currently the "ebics" implementation is incomplete and does not support authentication. + + +.SH EXCHANGE WIRE FEE OPTIONS + +For each supported wire method (i.e. "x-taler-bank" or "sepa"), sections named "[fees-METHOD]" state the (aggregate) wire transfer fee and the reserve closing fees charged by the exchange. Note that fees are specified using the name of the wire method, not by the plugin name. You need to replace "YEAR" in the option name by the calendar year for which the fee should apply. Usually, fees should be given for serveral years in advance. + +.IP WIRE-FEE-YEAR + Aggregate wire transfer fee merchants are charged in YEAR. Specified as a Taler amount using the usual amount syntax (CURRENCY:VALUE.FRACTION). +.IP CLOSING-FEE-YEAR + Reserve closing fee customers are charged in YEAR. Specified as a Taler amount using the usual amount syntax (CURRENCY:VALUE.FRACTION). + + +.SH EXCHANGE COIN OPTIONS The following options must be in sections starting with "[coin_]" and are used by taler\-exchange\-keyup to create denomination keys: @@ -72,22 +200,27 @@ The following options must be in sections starting with "[coin_]" and are used b .IP RSA_KEYSIZE What is the RSA keysize modulos (in bits)? -.SH KEY OPTIONS -The following options are from the "[exchange_keys]" section and used by most taler\-exchange\-keyup to create keys: +.SH AUDITOR OPTIONS -.IP SIGNKEY_DURATION - For how long is a signing key valid? -.IP LEGAL_DURATION - For how long are signatures with signing keys legally valid? -.IP LOOKAHEAD_SIGN - How long do we generate denomination and signing keys ahead of time? -.IP LOOKAHEAD_PROVIDE - How long into the future do we provide signing and denomination keys to clients? +The following options must be in section "[auditor]" for the Taler auditor: + +.IP DB + Plugin to use for the database, i.e. "postgres" +.IP AUDITOR_PRIV_FILE + Name of the file containing the auditor's private key + + +.SH AUDITOR POSTGRES BACKEND DATABASE OPTIONS + +The following options must be in section "[auditordb\-postgres]" if the "postgres" plugin was selected for the database: + +.IP CONFIG + How to access the database, i.e. "postgres:///taler" to use the "taler" database. Testcases use "talercheck". .SH BUGS Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org> .SH "SEE ALSO" -\fBtaler\-exchange\-httpd\fP(1), \fBtaler\-exchange\-keyup\fP(1), \fBtaler\-exchange\-reservemod\fP(1), \fBtaler\-exchange\-dbinit\fP(1), \fBtaler\-exchange\-sepa(1) +\fBtaler\-exchange\-httpd\fP(1), \fBtaler\-exchange\-keyup\fP(1), \fBtaler\-exchange\-dbinit\fP(1), \fBtaler\-exchange\-wire(1) |