Example Configuration File

The following shows a sample MPC node configuration file. It contains explanations of each configuration, and may serve as a summary of many of the topics discussed earlier in the TSM User Manual.

# This is an example TSM node configuration file.
#
# Commented sections means that the feature is either disabled or used with default values.
# Commented variables are listed with their default values.
# Uncommented values are mandatory.

# Defines the operating mode of the TSM node.
#[Mode]
  # An embedded node does not listen on any ports and is used when integrating the TSM node directly in an application.
  # When Embedded is enabled the player index must be 0. Usually an embedded node will not use a configuration file,
  # so only set this to true if you know what you are doing.
  #Embedded = false
  # If multitenancy is enabled for a player greater than 0 it means that player index 0 can be many different players.
  # In this case player 0 does not specify a public key in the configuration and instead a public key must be registered
  # through the SDK before a session is started. This has no effect when enabled for player index 0.
  #Multitenancy = false

# General configuration for MPC operations.
[MPC]
  # This is the security threshold for the TSM. It means that the TSM is secure as long as at most threshold number of
  # players are corrupt. Must be greater than 0 and less than the total number of players. Some MPC protocols have
  # restrictions on what the threshold can be.
  Threshold = 1
  # Time to wait before all required connections between the MPC nodes have been established.
  # When they have been established the MPC session will begin and the SessionTimeout will be used (see below).
  #ConnectionTimeout = "10s"
  # Time to wait before an MPC session times out.
  #SessionTimeout = "3m"

# Configuration for the local player
[Player]
  # All players in a TSM are identified by a player index. This is the index of the player running this TSM node.
  # We refer to this player as the local player. Other players are called remote players.
  Index = 0
  # This is a base64 encoding of the private key used to authenticate the local player towards the remote players. This
  # must correspond to the public keys configured on the remote players for this player index. A private key can be
  # generated using the following OpenSSL commands:
  #
  # openssl ecparam -name P-256 -genkey -param_enc named_curve -outform DER -out private.key
  # openssl base64 -A -in private.key; echo
  #
  # Instead of P-256 one can use P-384 or P-521 depending on the desired security level (128, 192 or 256 bits).
  PrivateKey = "BA3E64=="
  # This is a list of base64 encodings of DER encoding of the ASN.1 SubjectPublicKeyInfo structure of RSA public keys.
  # This is a white list of public keys that are allowed to be used with export. It is possible to use a single string
  # of "*" to allow any public key to be used.
  ExportWhiteList = []

# The following is a list of remote players in the TSM.
#
# The logic is that lower numbered players open connections to higher numbered players, so URLs are not needed for players
# with a lower number than the local player.
#
# In a multitenancy setup player index 0 should not be specified here.
# If the local player is present it is simply ignored.
[Players.1]
  # The protocol and address of player with index 1. Supported prootocols are tcp, ws and wss. If no protocol is
  # specified then tcp is assumed.
  Address = "tcp://player1:9000"
  # This is a base64 encoding of the players public key. A public key can be generated from the private key using the
  # following OpenSSL commands:
  #
  # openssl ec -inform DER -in private.key -pubout -outform DER -out public.key
  # openssl base64 -A -in public.key; echo
  PublicKey = "BA3E64=="

#[Players.2]
  #Address = "..."
  #PublicKey = "..."

# User authentication settings.
#[Authentication]
  # Lifetime of the tokens
  #TokenLifetime = "5m"

# Setting related to authentication of users based on TLS client certificates.
#[TLSUserAuthentication]
  # Points to a file containing a list of CAs from which client certificates are accepted.
  #ClientCAFile = ""

# Setting related to authentication of users based on OIDC.
#[OIDCUserAuthentication]
  # Lifetime of the OIDC nonce.
  #NonceLifetime = "5m"
  # List of supported OIDC issuer URLs.
  #OIDCIssuers = []
  # List of supported Audiences (client ids)
  # Audiences = []

# Database connection configuration.
[Database]
  # The driver used for the database. The following database drivers are supported: sqlite3, mysql and postgres.
  DriverName = "sqlite3"
  # The name of the datasource. This example shows a SQLite file backed database. For MySQL an example of a datasource
  # name could be:
  #
  # USER:PASSWORD@HOST:3306/DATABASE_NAME?parseTime=true
  #
  # and for postgres:
  #
  # postgres://USER:PASSWORD@HOST:5432/DATABASE_NAME?sslmode=disable
  DataSourceName = "/tmp/tsmdb"
  # This specifies a master encryption key used to protect database records. Note that this key is not directly
  # used to encrypt data. Use any long random string here and make sure to keep a backup of it somewhere safe.
  EncryptorMasterPassword = "ENCRYPTION_KEY"
  # An alternative to specifying a password for encryption is to use a key file. Here the content of the key file
  # is hashed and used as the master password. This is useful if one does not want to store the master password
  # in the configuration file. After the TSM node has started up this file is no longer needed until next startup.
  #EncryptorKeyFile = ""
  # The maximum number of idle connections in the database connection pool.
  #MaxIdleConns = 500
  # The maximum number of open connections in the database connection pool.
  #MaxOpenConns = 500
  # The maximum time a database connection can be open before it is closed. A value of 0 disables closing of connections.
  #ConnMaxLifetime = "3m"
  # The maximum time a database connection can be idle before it is close. A value of 0 disables closing of idle connections.
  #ConnMaxIdleTime = 0

# MPC server accepting multiplexed TCP connections from other players.
# At least one MPC server must be specified if the player index is greater than 0.
[MPCTCPServer]
  # Port number that this server listens on.
  Port = 9000
  # Settings this to true disables multiplexing. This is usually only needed in some load balancing scenarios.
  #DisableMultiplexing = false

# MPC server accepting WebSocket connections from other players.
# At least one MPC server must be specified if the player index is greater than 0.
#[MPCWebSocketServer]
  # Port number that this server listens on.
  #Port = 9001
  # Points to a file containing a PEM encoded certificate which will be used for this connection. Setting this
  # enables the use of WSS instead of WS.
  #CertificateFile = ""
  # The private key corresponding to the certificate above.
  #CertificateKeyFile = ""

# Server accepting connections from the SDK. This must be specified unless the TSM node is running as a local node.
[SDKServer]
  # Port number that this server listens on.
  Port = 8080
  # Points to a file containing a PEM encoded certificate which will be used for this connection. Setting this
  # enables the use of HTTPS instead of HTTP.
  #CertificateFile = ""
  # The private key corresponding to the certificate above.
  #CertificateKeyFile = ""

# This setting enables multiple instances of the same player to be placed behind a load balancer. Each instance will
# either handle sessions itself or route the traffic to other instances.
#[MultiInstance]
  # IP address where this instance can be reached from other the instances. If not specified an auto detected address is
  # used and this might not be the address you want if there are multiple IP addresses associated with the system.
  #Address = ""
  # MPC port where this instance can be reached from other the instances. If not specified it defaults to the port used by the MPC TCP server.
  #MPCPort = MPC_TCP_SERVER_PORT
  # SDK port where this instance can be reached from other the instances. If not specified it defaults to the port used by the SDK server.
  #SDKPort = SDK_SERVER_PORT
  # How often should we run a cleanup job that purges old routing entries from the database.
  #CleanupInterval = "5m"
  # Every CleanupInteval the cleanup job will run with this probability. 0 means never and 100 means always.
  #CleanupProbability = 25

# Server used for counting number of operations performed by the TSM node. Usually only needed for benchmarks.
#[MetricsServer]
  #Port = 10000

# Server used for serving runtime profiling data in the format expected by the pprof visualization tool. This requires
# that the TSM node is compiled with profiling enabled. Only used for internal debugging.
#[ProfilingServer]
  #Port = 11000

# Configures system logging for the TSM node.
#[Logging]
  # Log level. If not specified it default to "info".
  #Level = ""

# If this section is present then certain operations on the TSM node are stored in an audit log. The
# audit log is periodically signed and uploaded to an audit receiver.
#[Audit]
  # URL of the audit receiver. Audit logs are sent to this URL using HTTP POST requests.
  #ReceiverURL = ""
  # Public key of the audit receiver. This corresponds to the public key in the TLS certiticate.
  #ReceiverPublicKey = "BA3E64=="
  # Private key used to establish a connection to the audit receiver using mTLS.
  #ClientPrivateKey = "BA3E64=="
  # Log entries are signed before they are uploaded to the audit receiver. This is the 32 byte seed used to generate
  # an Ed25519 signing key per RFC-8032.
  #LogEntrySigningKeySeed = "BA3E64=="
  # Maximum number of audit log entries that are sent in one request.
  #MaxBatchSize = 50
  # Minimum time to wait before checking for new audit log entries to upload.
  #MinWaitTime = "15s"
  # Maximum time to wait before checking for new audit log entries to upload.
  #MaxWaitTime = "2m"

# The configurations below are for the individual MPC protocols supported by the TSM. Comment a protocol to
# disable it. In the following n denotes the total number of players and t is the security threshold.

# Computes ECDSA signatures. This protocol requires n >= 2t+1. Cannot be enabled together with DKLS18 or DKLS19.
#[SEPH18S]
  # Shortest allowed BIP-32 chain path.
  #MinChainPathLength = 0
  # Cache size for L values used in Lagrange interpolation.
  #LagrangeCacheSize = 64
  # Cache size for intermediate public keys when using BIP-32 chain paths.
  #Bip32CacheSize = 1024
  # Whether or not to allow resharing.
  #EnableResharing = false
  # Whether or not to allow export of keys under a wrapping key. This is intended to export key shares to replicate the keys on a set of TSM nodes to another set of TSM nodes (same number of nodes). The public keys that can be used for this function must be white listed.
  #EnableExport = false
  # Whether or not to allow backup of shares. This will export clear backup of shares primiraly intended for backup of single nodes, e.g. on a phone.
  #EnableShareBackup = false
  # Maximum number of presignatures that can be generated in one request.
  #PresigGenRequestLimit = 1000
  # Maximum number of presignatures that can be generated concurrently for the entire TSM node.
  #PresigGenGlobalLimit = 50000

# Computes ECDSA signatures. This protocol only requires t < n. Cannot be enabled together with SEPH18S or DKLS18.
#[DKLS19]
  # Shortest allowed BIP-32 chain path.
  #MinChainPathLength = 0
  # Cache size for L values used in Lagrange interpolation.
  #LagrangeCacheSize = 64
  # Cache size for intermediate public keys when using BIP-32 chain paths.
  #Bip32CacheSize = 1024
  # Whether or not to allow resharing.
  #EnableResharing = false
  # Whether or not to allow Emergency Recovery Information to be exported. This is intended to extract the whole private key from the system.
  #EnableERSExport = false
  # Whether or not to allow export of keys under a wrapping key. This is intended to export key shares to replicate the keys on a set of TSM nodes to another set of TSM nodes (same number of nodes). The public keys that can be used for this function must be white listed.
  #EnableExport = false
  # Whether or not to allow backup of shares. This will export clear backup of shares primiraly intended for backup of single nodes, e.g. on a phone.
  #EnableShareBackup = false
  # Maximum number of presignatures that can be generated in one request.
  #PresigGenRequestLimit = 100
  # Maximum number of presignatures that can be generated concurrently for the entire TSM node.
  #PresigGenGlobalLimit = 5000

# Computes Ed25519 and Ed448 signatures. This protocol only requires t < n.
#[SEPD19S]
  # Shortest allowed chain path. A chain path is used to derive many keys from a single master key.
  #MinChainPathLength = 0
  # Cache size for L values used in Lagrange interpolation.
  #LagrangeCacheSize = 64
  # Maximum number of presignatures that can be generated in one request.
  #PresigGenRequestLimit = 1000
  # Maximum number of presignatures that can be generated concurrently for the entire TSM node.
  #PresigGenGlobalLimit = 100000

# Computes various RSA signing and encryption. Requires t = 1 and n = 3.
#[SEPH20RSA]

# Computes a pseudo random function based on AES-CTR.
#[SEPH15PRF]
  #KeySize = 16

# Computes the ECDH function. This protocol only requires t < n.
#[SEPD20ECDH]
  #LagrangeCacheSize = 0

# XOR sharing of byte arrays
#[XorShare]

# Broadcasts a message to all players
#[Broadcast]
  # Maximum size in bytes for a broadcast message. A negative value disables this check.
  #MaxMessageLength = 65536

# General MPC protocol for n = 3 and t = 1. Based on https://eprint.iacr.org/2015/931
#[MRZ15]
  #AES = true
  #HMAC = true
  #AN10922 = false
  #KeySize = 16