-fix url to gana submodule

-fix warning
new AML APIs (libtalerexchange)
2023-01-19 21:07:42 +01:00 · 2023-01-18 14:26:25 +01:00 · 2023-01-18 14:26:15 +01:00 · 2023-01-17 17:53:16 +01:00 · 2023-01-17 17:52:39 +01:00 · 2023-01-17 15:33:36 +01:00
1023 changed files with 104025 additions and 71953 deletions
--- a/.gitignore
+++ b/.gitignore
@ -162,3 +162,9 @@ po/taler-exchange.pot
 po/remove-potcdate.sed
 src/include/taler_dbevents.h
 src/bank-lib/taler-exchange-wire-gateway-client
+src/exchange/taler-exchange-drain
+src/kyclogic/taler-exchange-kyc-tester
+src/auditor/exchange-httpd-drain.err
+src/templating/libmustach.a
+contrib/tos/conf.py
+contrib/pp/conf.py
--- a/.gitmodules
+++ b/.gitmodules
@ -7,4 +7,4 @@
 	branch = prebuilt
 [submodule "contrib/gana"]
 	path = contrib/gana
-	url = https://git.gnunet.org/git/gana.git
+	url = https://git.gnunet.org/gana.git
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Sat Nov  5 11:32:45 AM CET 2022
+    Added support for P2P payments.
+    Added support for explicit reserve lifetime control.
+    Added support for age restrictions.
+    Releasing GNU Taler Exchange 0.9.0. -CG
+
 Fri 03 Sep 2021 07:02:05 PM CEST
    Add experimental aggregator sharding logic. -CG

--- a/100
+++ b/100
@ -13,15 +13,14 @@ spend their digital coins.  Naturally, each Merchant is different, but
 Taler includes code examples to help Merchants integrate Taler as a
 payment system.

-Taler is currently developed by a worldwide group of independent free
-software developers and the DECENTRALISE team at Inria Rennes.  Taler
-is free software and a GNU package (https://www.gnu.org/).
+Taler is currently developed by a worldwide group of independent free software
+developers and Taler Systems SA.  Taler is free software and an official GNU
+package (https://www.gnu.org/).

-This is an alpha release with a few known bugs, lacking a few
-important features, documentation, testing, performance tuning and an
-external security audit.  However, you can run the code and it largely
-works fine.  that does not work yet.  This package also only includes
-the Taler exchange, not the other components of the system.
+This is an alpha release with a few known bugs, lacking a few important
+features, documentation, testing, performance tuning and an external security
+audit.  However, you can run the code and it largely works fine.  This package
+also only includes the Taler exchange, not the other components of the system.

 Documentation about Taler can be found at https://taler.net/.
 Our bug tracker is at https://bugs.taler.net/.
@ -63,7 +62,7 @@ src/pq/
  -- Postgres-specific utility functions

 src/exchangedb/
-  -- Exchange database backend (with DB-specific plugins)
+  -- Exchange database backend (with database-specific plugins)

 src/exchange/
  -- taler exchange server
@ -71,71 +70,50 @@ src/exchange/
 src/exchange-tools/
  -- taler exchange helper programs

-src/exchange-lib/
+src/lib/
  -- libtalerexchange: C API to issue HTTP requests to exchange

 src/auditor/
  -- tools to generate reports about financial performance and
     to validate that the exchange has been operating correctly

+src/auditordb/
+  -- database logic for the auditor component (with database-specific
+     plugins)
+
 src/benchmark/
  -- tool to run performance measurements

+src/templating/
+  -- logic to generate HTML pages from templates at runtime
+
+src/kyclogic/
+  -- core logic and plugins to trigger and manage KYC processes
+     as required by banking regulation
+
+src/bank-lib/
+  -- bank REST client logic and implementation of an in-memory
+     RTGS emulator ("fakebank") for testing.
+
+src/extensions/
+  -- extensions to the core logic of an exchange
+
+src/json/
+  -- helper functions for generating and parsing JSON
+
+src/mhd/
+  -- helper functions for interacting with GNU libmicrohttpd
+
+src/curl/
+  -- helper functions for interacting with libcurl


 Getting Started
 ===============

-The following steps illustrate how to set up a exchange HTTP server.
-They take as a stub for configuring the exchange the content of 'contrib/exchange-template/config/'.
+Please follow the exchange manual you can view after
+installing using

-1) Create a 'test/' directory and copy the stubs in it:
+$ info taler-exchange

-mkdir -p test/config/
-cp exchange/contrib/exchange-template/config/* test/config/
-cd test/
-
-2) Create the exchange's master with the tool 'gnunet-ecc':
-
-gnunet-ecc -g1 master.priv
-
-3) Edit config/exchange-common.conf by replacing the right value on the line with the
-MASTER_PUBLIC_KEY entry with the fresh generated (ASCII version of) master.priv.
-This ASCII version is obtained by issuing:
-
-gnunet-ecc -p master.priv
-
-4) Generate other exchange related keys ('denomination' and 'signing' keys), by issuing:
-
-taler-exchange-keyup -m master.priv -o auditor.in
-
-5) A exchange needs a database to operate, so the following instructions relate to
-how to set up PostgreSQL. On debian, the two packages needed are:
-
-* postgresql
-* postgresql-client
-
-For other operating systems, please refer to the relevant documentation.
-
-In this settlement, the exchange will use a database called 'talercheck' and will
-run under the username through which 'taler-exchange-httpd' is launched. Thus assuming
-that this user is 'demo', we need to create a 'demo' role for postgresql and make
-him the owner of 'talercheck' database.
-
-To perform these administrative tasks we have to impersonate the 'postgres' (by default,
-postgres installation assigns privileges to such a user) user, then connect to the running DBMS.
-Issue the following:
-
-su # give your root password
-su - postgres
-psql # this is the command-line client to the DMBS
-# the following lines are SQL
-CREATE USER demo;
-CREATE DATABASE talercheck OWNER demo;
-# quit with CTRL-D
-
-7) If any previous step has been successful, it is now possbile to start up the
-exchange web server (by default it will listen on port 4241); issue:
-
-
-taler-exchange-httpd -d `pwd` # assuming we did not move outside of the 'test' directory
+or by visiting https://docs.taler.net/.
--- a/7
+++ b/7
@ -1,4 +1,5 @@
 #!/bin/sh
+# This file is in the public domain.

 set -eu

@ -7,6 +8,12 @@ if ! git --version >/dev/null; then
  exit 1
 fi

+if ! htmlark --version >/dev/null; then
+  echo "htmlark not installed"
+  echo "Run 'pip install htmlark'"
+  exit 1
+fi
+

 echo "$0: Updating submodules"
 echo | git submodule update --init
--- a/configure.ac
+++ b/configure.ac
@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 #
 #  This file is part of TALER
-#  Copyright (C) 2014-2021 Taler Systems SA
+#  Copyright (C) 2014-2023 Taler Systems SA
 #
 #  TALER is free software; you can redistribute it and/or modify it under the
 #  terms of the GNU General Public License as published by the Free Software
@ -17,7 +17,7 @@
 #
 #
 AC_PREREQ([2.69])
-AC_INIT([taler-exchange], [0.8.5], [taler-bug@gnunet.org])
+AC_INIT([taler-exchange],[0.9.1],[taler-bug@gnunet.org])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_SRCDIR([src/util/util.c])
 AC_CONFIG_HEADERS([taler_config.h])
@ -33,8 +33,6 @@ AM_SILENT_RULES([yes])
 AC_CONFIG_MACRO_DIR([m4])
 AC_PROG_AWK
 AC_PROG_CC
-# FIXME: AC_PROG_CC_C99 is obsolete, remove for autoconf 2.70
-AC_PROG_CC_C99
 AC_PROG_OBJC
 AC_PROG_INSTALL
 AC_PROG_LN_S
@ -65,6 +63,13 @@ AS_IF([test "x$doc_only" != xyes],[
 # Force some CFLAGS
 CFLAGS="-Wall -Wno-address-of-packed-member $CFLAGS"

+TALER_LIB_LDFLAGS="-export-dynamic -no-undefined"
+TALER_PLUGIN_LDFLAGS="-export-dynamic -avoid-version -module -no-undefined"
+
+AC_SUBST(TALER_LIB_LDFLAGS)
+AC_SUBST(TALER_PLUGIN_LDFLAGS)
+
+
 # Checks for header files.
 AC_CHECK_HEADERS([stdint.h stdlib.h string.h unistd.h sys/socket.h sys/un.h netinet/in.h netinet/ip.h])

@ -78,6 +83,7 @@ AC_DEFINE_UNQUOTED([NEED_LIBGCRYPT_VERSION], ["$need_libgcrypt_version"],
 AM_PATH_LIBGCRYPT([$need_libgcrypt_version])


+
 # should expensive tests be run?
 AC_MSG_CHECKING(whether to run expensive tests)
 AC_ARG_ENABLE([expensivetests],
@ -135,20 +141,12 @@ AS_CASE([$with_gnunet],
        [no], [AC_MSG_ERROR([--with-gnunet is required])],
        [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
         CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
-AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_util_lib.h],
- [AC_CHECK_LIB([gnunetutil], [GNUNET_SCHEDULER_run], libgnunetutil=1)],
-  [], [#ifdef HAVE_GNUNET_PLATFORM_H
-        #include <gnunet/platform.h>
-       #endif
-        #include <gnunet/gnunet_common.h>
-       #if GNUNET_UTIL_VERSION < 0x00A0104
-        #fail libgnunetutil is too old
-       #endif])
+AC_CHECK_HEADERS([gnunet/gnunet_util_lib.h],
+ [AC_CHECK_LIB([gnunetutil], [GNUNET_SCHEDULER_run], libgnunetutil=1)])
 AS_IF([test $libgnunetutil != 1],
  [AC_MSG_ERROR([[
 ***
-*** You need libgnunetutil > 0.14.0 to build this program.
-*** (Yes, ">", libgnunetutil 0.14.0 is NOT enough.)
+*** You need libgnunetutil >= 0.19.0 to build this program.
 *** This library is part of GNUnet, available at
 ***   https://gnunet.org
 *** ]])])
@ -167,11 +165,8 @@ AS_CASE([$with_gnunet],
        [no], [AC_MSG_ERROR([--with-gnunet is required])],
        [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
         CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
-AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_json_lib.h],
- [AC_CHECK_LIB([gnunetjson], [GNUNET_JSON_parse], libgnunetjson=1)],
-  [], [#ifdef HAVE_GNUNET_PLATFORM_H
-        #include <gnunet/platform.h>
-       #endif])
+AC_CHECK_HEADERS([gnunet/gnunet_json_lib.h],
+ [AC_CHECK_LIB([gnunetjson], [GNUNET_JSON_parse], libgnunetjson=1)])
 AS_IF([test $libgnunetjson != 1],
  [AC_MSG_ERROR([[
 ***
@ -233,11 +228,8 @@ AS_CASE([$with_gnunet],
        [no], [AC_MSG_ERROR([--with-gnunet is required])],
        [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
         CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
-AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_curl_lib.h],
- [AC_CHECK_LIB([gnunetcurl], [GNUNET_CURL_get_select_info], libgnunetcurl=1)],
-  [], [#ifdef HAVE_GNUNET_PLATFORM_H
-        #include <gnunet/platform.h>
-       #endif])
+AC_CHECK_HEADERS([gnunet/gnunet_curl_lib.h],
+ [AC_CHECK_LIB([gnunetcurl], [GNUNET_CURL_get_select_info], libgnunetcurl=1)])
 AS_IF([test $libgnunetcurl != 1],
  [AC_MSG_ERROR([[
 ***
@ -252,6 +244,21 @@ CFLAGS=$CFLAGS_SAVE
 LDFLAGS=$LDFLAGS_SAVE
 LIBS=$LIBS_SAVE

+# test for postgres
+AX_LIB_POSTGRESQL([13.0])
+AS_IF([test "x$found_postgresql" = "xyes"],
+  [SAVE_CPPFLAGS="$CPPFLAGS"
+   CPPFLAGS="$POSTGRES_CPPFLAGS $CPPFLAGS"
+   AC_CHECK_HEADERS([libpq-fe.h], [postgres=1], [postgres=0])])
+AS_IF([test "x$postgres" != "x1"],
+  [AC_MSG_ERROR([[
+***
+*** You need libpq(-dev) >= 13.0 to build this program.
+*** ]])])
+AM_CONDITIONAL([HAVE_POSTGRESQL], [test "x$postgres" = "x1"])
+AC_DEFINE_UNQUOTED([HAVE_POSTGRESQL], [$postgres],
+                   [Define to 1 if Postgres is available])
+
 # Check for GNUnet's libgnunetpq.
 libgnunetpq=0
 AC_MSG_CHECKING([for libgnunetpq])
@ -264,12 +271,10 @@ AS_CASE([$with_gnunet],
        [yes], [],
        [no], [AC_MSG_ERROR([--with-gnunet is required])],
        [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
-         CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
-AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_pq_lib.h],
- [AC_CHECK_LIB([gnunetpq], [GNUNET_PQ_result_spec_string], libgnunetpq=1)],
-  [], [#ifdef HAVE_GNUNET_PLATFORM_H
-        #include <gnunet/platform.h>
-       #endif])
+         CPPFLAGS="-I$with_gnunet/include ${CPPFLAGS}"])
+CPPFLAGS="${CPPFLAGS} ${POSTGRESQL_CPPFLAGS}"
+AC_CHECK_HEADERS([gnunet/gnunet_pq_lib.h],
+ [AC_CHECK_LIB([gnunetpq], [GNUNET_PQ_result_spec_string], libgnunetpq=1)])
 AS_IF([test $libgnunetpq != 1],
  [AC_MSG_ERROR([[
 ***
@ -279,15 +284,15 @@ AS_IF([test $libgnunetpq != 1],
 *** is recent!)
 *** ]])])

+CFLAGS_SAVE=$CFLAGS
+LDFLAGS_SAVE=$LDFLAGS
+LIBS_SAVE="$LIBS"

 # Check for GNUnet's libgnunetsq
 libgnunetsq=0
 AC_MSG_CHECKING([for libgnunetsq])
 AC_CHECK_HEADERS([gnunet/gnunet_sq_lib.h],
- [AC_CHECK_LIB([gnunetsq], [GNUNET_SQ_result_spec_string], libgnunetsq=1)],
-  [], [#ifdef HAVE_GNUNET_PLATFORM_H
-        #include <gnunet/platform.h>
-       #endif])
+ [AC_CHECK_LIB([gnunetsq], [GNUNET_SQ_result_spec_string], libgnunetsq=1)])


 # check for libmicrohttpd
@ -326,22 +331,6 @@ AS_IF([test $jansson = 0],
 *** ]])])


-# test for postgres
-AX_LIB_POSTGRESQL([13.0])
-AS_IF([test "x$found_postgresql" = "xyes"],[postgres=true])
-
-TALER_LIB_LDFLAGS="-export-dynamic -no-undefined"
-TALER_PLUGIN_LDFLAGS="-export-dynamic -avoid-version -module -no-undefined"
-
-AC_SUBST(TALER_LIB_LDFLAGS)
-AC_SUBST(TALER_PLUGIN_LDFLAGS)
-
-CFLAGS_SAVE=$CFLAGS
-LDFLAGS_SAVE=$LDFLAGS
-LIBS_SAVE="$LIBS"
-
-
-AM_CONDITIONAL(HAVE_POSTGRESQL, test x$postgres = xtrue)

 CFLAGS=$CFLAGS_SAVE
 LDFLAGS=$LDFLAGS_SAVE
@ -391,10 +380,7 @@ AS_CASE([$with_twister],
         CPPFLAGS="-I$with_twister/include $CPPFLAGS"])

 AC_CHECK_HEADERS([taler/taler_twister_service.h],
- [AC_CHECK_LIB([talertwister], [TALER_TWISTER_connect], talertwister=1)],
-   [], [#ifdef HAVE_GNUNET_PLATFORM_H
-        #include <gnunet/platform.h>
-       #endif])
+ [AC_CHECK_LIB([talertwister], [TALER_TWISTER_connect], talertwister=1)])
 AM_CONDITIONAL(HAVE_TWISTER, test x$talertwister = x1)

 # should developer logic be compiled (not-for-production code)?
@ -534,7 +520,9 @@ AC_CONFIG_FILES([Makefile
                 src/exchangedb/Makefile
                 src/exchange-tools/Makefile
                 src/extensions/Makefile
+                 src/extensions/age_restriction/Makefile
                 src/lib/Makefile
+                 src/kyclogic/Makefile
                 src/testing/Makefile
                 src/benchmark/Makefile
                 src/include/Makefile
@ -542,6 +530,7 @@ AC_CONFIG_FILES([Makefile
                 src/mhd/Makefile
                 src/pq/Makefile
                 src/sq/Makefile
+                 src/templating/Makefile
                 src/util/Makefile
                 ])
 AC_OUTPUT
--- a/contrib/Makefile.am
+++ b/contrib/Makefile.am
@ -1,5 +1,21 @@
 SUBDIRS = .

+tmplpkgdatadir = $(prefix)/share/taler/exchange/templates/
+
+dist_tmplpkgdata_DATA = \
+  persona-exchange-unauthorized.en.must \
+  persona-load-failure.en.must \
+  persona-exchange-unpaid.en.must \
+  persona-logic-failure.en.must \
+  persona-invalid-response.en.must \
+  persona-network-timeout.en.must \
+  persona-kyc-failed.en.must \
+  persona-provider-failure.en.must
+
+# %%.must: merchant-backoffice/%.html
+# WTF: cp $< $@
+
+
 # English (en)
 tosendir=$(datadir)/taler/exchange/tos/en

@ -9,18 +25,20 @@ ppendir=$(datadir)/taler/exchange/pp/en
 rdatadir=$(datadir)/taler/exchange

 tosen_DATA = \
-  tos/en/0.txt \
-  tos/en/0.pdf \
-  tos/en/0.epub \
-  tos/en/0.xml \
-  tos/en/0.html
+  tos/en/*.txt \
+  tos/en/*.md \
+  tos/en/*.pdf \
+  tos/en/*.epub \
+  tos/en/*.xml \
+  tos/en/*.html

 ppen_DATA = \
-  pp/en/0.txt \
-  pp/en/0.pdf \
-  pp/en/0.epub \
-  pp/en/0.xml \
-  pp/en/0.html
+  pp/en/*.txt \
+  pp/en/*.md \
+  pp/en/*.pdf \
+  pp/en/*.epub \
+  pp/en/*.xml \
+  pp/en/*.html

 rdata_DATA = \
  auditor-report.tex.j2
@ -40,13 +58,14 @@ EXTRA_DIST = \
  gana/gnu-taler-error-codes/Makefile \
  tos/Makefile \
  tos/README \
-  tos/tos.rst \
-  tos/conf.py \
+  tos/bfh-v0.rst \
+  tos/tos-v0.rst \
+  tos/conf.py.in \
  tos/locale/de/LC_MESSAGES/tos.po \
  pp/Makefile \
  pp/README \
-  pp/pp.rst \
-  pp/conf.py \
+  pp/pp-v0.rst \
+  pp/conf.py.in \
  pp/locale/de/LC_MESSAGES/pp.po \
  $(rdata_DATA) \
  coverage.sh \
@ -59,10 +78,10 @@ TOS_LANGUAGES="en de"
 PP_LANGUAGES="en de"

 # Change the terms-of-service version (Etag) to generate here!
-# This value should be incremented whenever there is a substantive
+# This value should be modified whenever there is a substantive
 # change in the original text (but not for the translations).
-TOS_VERSION=0
-PP_VERSION=0
+TOS_VERSION=tos-v0
+PP_VERSION=pp-v0

 update-tos:
 	VERSION=$(TOS_VERSION) ./update-tos.sh $(TOS_LANGUAGES)
--- a/contrib/auditor-report.tex.j2
+++ b/contrib/auditor-report.tex.j2
@ -139,6 +139,10 @@ In that time, the wire auditor processed the following table ranges:
 {% endif %}
 \end{center}

+The total credits to the exchange processed in
+this audit run was {\bf {{ wire.total_wire_in }}}.
+The total debits initiated by the exchange processed in
+this audit run was {\bf {{ wire.total_wire_out }}}.

 \section{Operations}

@ -146,6 +150,16 @@ The balance of the escrow account should
 be {\bf {{ coins.total_escrow_balance }}} (coins)
 plus {\bf {{ reserves.total_escrow_balance }}} (reserves).

+\noindent
+This should match the final balance computed from
+ingoing and outgoing wire transfers, which is
+{\bf {{ wire.final_balance}} }.
+
+\noindent
+A total of {\bf {{ wire.total_drained}} } in profits
+were transferred (over the lifetime of the exchange)
+to non-escrowed accounts.
+
 \noindent
 The active operational risk stands at
 {\bf {{ coins.total_active_risk }}}.
@ -155,9 +169,8 @@ Loss (actualized risk from recoups) is
 {\bf {{ coins.total_recoup_loss }}}.

 \noindent
-Recoups of non-revoked coins are at
-{\bf {{ coins.total_irregular_recoups }}} (coins)
-plus {\bf {{ reserves.total_irregular_recoups }}} (reserves).
+Losses from irregular reserve operations are at
+{\bf {{ reserves.total_irregular_loss }}} (reserves).

 \section{Income}

@ -304,8 +317,8 @@ confirmations to the auditor directly, so if the exchange is slow at
 synchronizing its database with the auditor, some deposit
 confirmations may be known at the auditor only directly. However, any
 delta not accounted for by database synchronization delays is an
-indicator of a malicious exchange (or online singing key compromise)
-and should be answered by revoking the exchange's online siging keys.
+indicator of a malicious exchange (or online signing key compromise)
+and should be answered by revoking the exchange's online signing keys.
 % TODO: maybe reference PhD thesis on this?

 The total amount the exchange currently lags behind is
@ -599,7 +612,7 @@ compromise resulting in proportional financial losses to the exchange.
 \endfoot
  \hline
  {\bf Total loss} &
-  {{ reserves.total_loss_balance_insufficient }} \\
+  {{ reserves.total_irregular_loss }} \\
  \caption{Reserves with withdrawals higher than reserve funding.}
  \label{table:reserve:balance_insufficient}
 \endlastfoot
@ -768,7 +781,7 @@ invalid and the amount involved should be considered lost.
 \endfoot
  \hline
  \multicolumn{2}{l}{ {\bf Total losses} } &
-  {\bf {{ coins.total_bad_sig_loss}} } \\
+  {\bf {{ coins.irregular_loss}} } \\
  \caption{Losses from operations performed on coins without proper signatures.}
  \label{table:bad_signature_losses}
 \endlastfoot
@ -887,7 +900,7 @@ actually received in some reserves.
 {% endif %}


-\subsection{Missattributed incoming wire transfers}
+\subsection{Misattributed incoming wire transfers}

 This section lists cases where the sender account record of an
 incoming wire transfer differs between the exchange and the bank.
@ -897,7 +910,7 @@ account.

 % Table generation tested by testcase #9 in test-auditor.sh

-{% if wire.missattribution_in_inconsistencies|length() == 0 %}
+{% if wire.misattribution_in_inconsistencies|length() == 0 %}
  {\bf All incoming wire transfer sender accounts matched up.}
 {% else %}
  \begin{longtable}{p{8.5cm}|r}
@ -912,11 +925,11 @@ account.
 \endfoot
  \hline
  {\bf Total amount}  &
-  {{ wire.total_missattribution_in}} \\
+  {{ wire.total_misattribution_in}} \\
  \caption{Incoming wire transfer sender accounts not matching up.}
  \label{table:wire_in:sender_account_inconsistencies}
 \endlastfoot
-{% for item in wire.missattribution_in_inconsistencies %}
+{% for item in wire.misattribution_in_inconsistencies %}
  {\tt \small \truncate{8.3cm}{ {{ item.reserve_pub }} } } &
  {{ item.amount }} \\ \hline
 {% endfor %}
@ -928,7 +941,7 @@ account.

 \subsection{Actual outgoing wire transfers} \label{sec:wire_check_out}

-This section highlights cases where the exchange missbehaved
+This section highlights cases where the exchange misbehaved
 with respect to outgoing wire transfers.

 % Table generation tested by testcase #11 in test-auditor.sh
@ -974,10 +987,10 @@ with respect to outgoing wire transfers.
 \subsection{Denominations without auditor signature}

 This section highlights denomination keys that lack a proper
-signature from the {\t taler-auditor-offline} tool. This may be
+signature from the {\tt taler-auditor-offline} tool. This may be
 legitimate, say in case where the auditor's involvement in the
 exchange business is ending and a new auditor is responsible for
-future denomnations. So this must be read with a keen eye on the
+future denominations. So this must be read with a keen eye on the
 business situation.


@ -1093,7 +1106,7 @@ have a clear financial impact.
  {{ item.row }} &
  {{ item.diagnostic }} \\
 \nopagebreak
-  \multicolumn{3}{l}{ {\tiny {\tt \truncate{\textwidth}{ {{ item.wire_offset_hash }} } } } } \\ \hline
+  \multicolumn{3}{l}{ {\tiny {\tt \truncate{\textwidth}{ {{ item.id }} } } } } \\ \hline
 {% endfor %}
  \end{longtable}
 {% endif %}
--- a/contrib/gana
+++ b/contrib/gana
@ -1 +1 @@
-Subproject commit 75c838e74c41bf9a6c02cdfe8109a444056bf26d
+Subproject commit 832685b6a942a6ebbec8e1e5b8c33b6b85b0a727
--- a/contrib/gana-update.sh
+++ b/contrib/gana-update.sh
@ -1,4 +1,6 @@
 #!/bin/sh
+# This file is in the public domain.
+#
 # Helper script to recompute error codes based on submodule
 # Run from exchange/ main directory.
 set -eu
@ -17,13 +19,14 @@ ensure ()
    # $2 -- src dir under contrib/
    # $3 -- dst dir under ./
    fn="$1"
-    src="contrib/$2"
-    dst="./$3"
+    src="contrib/$2/$fn"
+    dst="./$3/$fn"

-    if ! diff $src/$fn $dst/$fn > /dev/null
+    if ! diff $src $dst > /dev/null
    then
-        cp $src/$fn $dst/$fn
-        chmod -w $dst/$fn
+        test ! -f $dst || chmod +w $dst
+        cp $src $dst
+        chmod -w $dst
    fi
 }

--- a/contrib/microhttpd.tag
+++ b/contrib/microhttpd.tag
@ -22,6 +22,12 @@
      <anchorfile>microhttpd.h</anchorfile>
      <arglist></arglist>
    </member>
+    <member kind="define">
+      <type>#define</type>
+      <name>MHD_HTTP_UNAVAILABLE_FOR_LEGAL_REASONS</name>
+      <anchorfile>microhttpd.h</anchorfile>
+      <arglist></arglist>
+    </member>
    <member kind="define">
      <type>#define</type>
      <name>MHD_HTTP_BAD_REQUEST</name>
@ -64,6 +70,12 @@
      <anchorfile>microhttpd.h</anchorfile>
      <arglist></arglist>
    </member>
+    <member kind="define">
+      <type>#define</type>
+      <name>MHD_HTTP_NETWORK_AUTHENTICATION_REQUIRED</name>
+      <anchorfile>microhttpd.h</anchorfile>
+      <arglist></arglist>
+    </member>
    <member kind="define">
      <type>#define</type>
      <name>MHD_HTTP_GONE</name>
--- a/contrib/persona-exchange-unauthorized.en.must
+++ b/contrib/persona-exchange-unauthorized.en.must
@ -0,0 +1,13 @@
+<html>
+<head>
+<title>KYC server refused access</title>
+</head>
+<body>
+The KYC backend refused the authorization code used by the exchange operator. Please inform the exchange operator about this failure.
+<pre>
+{{ kyc_http_status }}
+{{ kyc_logic }}
+{{ kyc_server_reply }}
+</pre>
+</body>
+</html>
--- a/contrib/persona-exchange-unpaid.en.must
+++ b/contrib/persona-exchange-unpaid.en.must
@ -0,0 +1,13 @@
+<html>
+<head>
+<title>KYC credit exhausted</title>
+</head>
+<body>
+The KYC backend refused the process as the exchange operator's credit balance at the KYC provider is insufficient. Please inform the exchange operator about this failure.
+<pre>
+{{ kyc_http_status }}
+{{ kyc_logic }}
+{{ kyc_server_reply }}
+</pre>
+</body>
+</html>
--- a/contrib/persona-invalid-response.en.must
+++ b/contrib/persona-invalid-response.en.must
@ -0,0 +1,13 @@
+<html>
+<head>
+<title>KYC provider returned unexpected response</title>
+</head>
+<body>
+The KYC backend returned an unexpected response.
+<pre>
+{{ kyc_http_status }}
+{{ kyc_logic }}
+{{ kyc_server_reply }}
+</pre>
+</body>
+</html>
--- a/contrib/persona-kyc-failed.en.must
+++ b/contrib/persona-kyc-failed.en.must
@ -0,0 +1,20 @@
+<html>
+<head>
+<title>KYC authentication failed</title>
+</head>
+<body>
+You failed the KYC check. See below for details.
+<!-- {{kyc_logic}} indicates the type of KYC provider
+     which generated the reply; for now, only
+     "kycaid" is possible. Switch on the
+     {{kyc_logic}} to render results in a provider-specific
+     way. (or introduce new templates per provider?) -->
+<!-- TODO: figure out exactly what the
+     format of 'verifications' is here
+     based on KYCAID documentation and parse
+     that here. -->
+<pre>
+{{ verifications }}
+</pre>
+</body>
+</html>
--- a/contrib/persona-load-failure.en.must
+++ b/contrib/persona-load-failure.en.must
@ -0,0 +1,13 @@
+<html>
+<head>
+<title>KYC provider rate limit reached</title>
+</head>
+<body>
+The KYC backend interaction ran into a rate limit.
+<pre>
+{{ kyc_http_status }}
+{{ kyc_logic }}
+{{ kyc_server_reply }}
+</pre>
+</body>
+</html>
--- a/contrib/persona-logic-failure.en.must
+++ b/contrib/persona-logic-failure.en.must
@ -0,0 +1,13 @@
+<html>
+<head>
+<title>KYC server interaction failed</title>
+</head>
+<body>
+The KYC backend returned a response indicating a problem with the exchange logic. Please inform the exchange operator about this failure.
+<pre>
+{{ kyc_http_status }}
+{{ kyc_logic }}
+{{ kyc_server_reply }}
+</pre>
+</body>
+</html>
--- a/contrib/persona-network-timeout.en.must
+++ b/contrib/persona-network-timeout.en.must
@ -0,0 +1,13 @@
+<html>
+<head>
+<title>KYC provider timeout</title>
+</head>
+<body>
+The KYC backend interaction ran into a timeout.
+<pre>
+{{ kyc_http_status }}
+{{ kyc_logic }}
+{{ kyc_server_reply }}
+</pre>
+</body>
+</html>
--- a/contrib/persona-provider-failure.en.must
+++ b/contrib/persona-provider-failure.en.must
@ -0,0 +1,13 @@
+<html>
+<head>
+<title>KYC provider had an internal error</title>
+</head>
+<body>
+The KYC backend had an internal error.
+<pre>
+{{ kyc_http_status }}
+{{ kyc_logic }}
+{{ kyc_server_reply }}
+</pre>
+</body>
+</html>
--- a/contrib/pp/conf.py.in
+++ b/contrib/pp/conf.py.in
@ -1,6 +1,6 @@
 """
  This file is part of GNU TALER.
-  Copyright (C) 2014-2020 Taler Systems SA
+  Copyright (C) 2014-2022 Taler Systems SA

  TALER is free software; you can redistribute it and/or modify it under the
  terms of the GNU Lesser General Public License as published by the Free Software
@ -68,20 +68,20 @@ source_suffix = {
 #source_encoding = 'utf-8-sig'

 # The master toctree document.
-master_doc = 'pp'
+master_doc = '%VERSION%'

 # General information about the project.
-project = u'pp'
-copyright = u'2014-2020 Taler Systems SA (GPLv3+ or GFDL 1.3+)'
+project = u'%VERSION%'
+copyright = u'2014-2022 Taler Systems SA (GPLv3+ or GFDL 1.3+)'

 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = '0'
+version = '%VERSION%'
 # The full version, including alpha/beta/rc tags.
-release = '0'
+release = '%VERSION%'

 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
@ -192,7 +192,7 @@ html_short_title = "Privacy Policy"
 #html_domain_indices = True

 # If false, no index is generated.
-#html_use_index = True
+html_use_index = True

 # If true, the index is split into individual pages for each letter.
 #html_split_index = False
@ -231,7 +231,7 @@ latex_elements = {
 # (source start file, target name, title,
 #  author, documentclass [howto, manual, or own class]).
 latex_documents = [
-    ('pp', 'pp.tex',
+    ('%VERSION%', '%VERSION%.tex',
     'Privacy Policy', 'GNU Taler team', 'manual'),
 ]

@ -277,6 +277,6 @@ latex_documents = [

 # -- Options for epub output  ----------------------------

-epub_basename = "pp"
+epub_basename = "%VERSION%"

 epub_title = "Privacy Policy"
--- a/contrib/pp/en/0.epub
+++ b/contrib/pp/en/0.epub
--- a/contrib/pp/en/0.html
+++ b/contrib/pp/en/0.html
@ -1,211 +0,0 @@
-
-
-<html lang="en">
-  <head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Privacy Policy &#8212; Taler Privacy Policy</title>
-    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
-    <link rel="stylesheet" href="_static/epub.css" type="text/css" />
-    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
-    <script src="_static/jquery.js"></script>
-    <script src="_static/underscore.js"></script>
-    <script src="_static/doctools.js"></script> 
-  </head><body>
-
-    <div class="document">
-      <div class="documentwrapper">
-        <div class="bodywrapper">
-          <div class="body" role="main">
-            
-  <div class="section" id="privacy-policy">
-<h1>Privacy Policy<a class="headerlink" href="#privacy-policy" title="Permalink to this headline">¶</a></h1>
-<p>Last Updated: 11.12.2019</p>
-<p>This Privacy Policy describes the policies and procedures of Taler Systems SA
-(“we,” “our,” or “us”) pertaining to the collection, use, and disclosure of
-your information on our sites and related mobile applications and products we
-offer (the “Services” or “Taler Wallet”). This Privacy Statement applies to
-your personal data when you use our Services, and does not apply to online
-websites or services that we do not own or control.</p>
-<div class="section" id="overview">
-<h2>Overview<a class="headerlink" href="#overview" title="Permalink to this headline">¶</a></h2>
-<p>Your privacy is important to us. We follow a few fundamental principles: We
-don’t ask you for personally identifiable information (defined below). That
-being said, your contact information, such as your phone number, social media
-handle, or email address (depending on how you contact us), may be collected
-when you communicate with us, for example to report a bug or other error
-related to the Taler Wallet. We don’t share your information with third
-parties except when strictly required to deliver you our Services and
-products, or to comply with the law. If you have any questions or concerns
-about this policy, please reach out to us at <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;net">privacy<span>&#64;</span>taler-systems<span>&#46;</span>net</a>.</p>
-</div>
-<div class="section" id="how-you-accept-this-policy">
-<h2>How you accept this policy<a class="headerlink" href="#how-you-accept-this-policy" title="Permalink to this headline">¶</a></h2>
-<p>By using our Services or visiting our sites, you agree to the use, disclosure,
-and procedures outlined in this Privacy Policy.</p>
-</div>
-<div class="section" id="what-personal-information-do-we-collect-from-our-users">
-<h2>What personal information do we collect from our users?<a class="headerlink" href="#what-personal-information-do-we-collect-from-our-users" title="Permalink to this headline">¶</a></h2>
-<p>The information we collect from you falls into two categories: (i) personally
-identifiable information (i.e., data that could potentially identify you as an
-individual) (“Personal Information”), and (ii) non-personally identifiable
-information (i.e., information that cannot be used to identify who you are)
-(“Non-Personal Information”). This Privacy Policy covers both categories and
-will tell you how we might collect and use each type.</p>
-<p>We do our best to not collect any Personal Information from Taler Wallet
-users. We believe that the Taler Wallet never transmits personal information
-to our services without at least clear implied consent, and we only process
-and retain information with a strict business need. That being said, when
-using our Services, we inherently have to collect the following information:</p>
-<blockquote>
-<div><ul class="simple">
-<li><p>Bank account details necessary when receiving funds from you to top-up your wallet or to transfer funds to you when you are being paid via Taler. At the current experimental stage, only the pseudonym and password you entered in the bank demonstrator is stored.</p></li>
-<li><p>The amounts being withdrawn or deposited, with associated unique transaction identifiers and cryptographic signatures authorizing the transaction. Note that for purchases, we cannot identify the buyer from the collected data, so when you spend money, we only receive non-personal information.</p></li>
-<li><p>When you contact us. We may collect certain information if you choose to contact us, for example to report a bug or other error with the Taler Wallet. This may include contact information such as your name, email address or phone number depending on the method you choose to contact us.</p></li>
-</ul>
-</div></blockquote>
-</div>
-<div class="section" id="how-we-collect-and-process-information">
-<h2>How we collect and process information<a class="headerlink" href="#how-we-collect-and-process-information" title="Permalink to this headline">¶</a></h2>
-<p>We may process your information for the following reasons:</p>
-<blockquote>
-<div><ul class="simple">
-<li><p>to transfer money as specified by our users (Taler transactions);</p></li>
-<li><p>to assist government entities in linking income to the underlying contract as required by law and local regulations</p></li>
-<li><p>to support you using the Taler Wallet or to improve our Services</p></li>
-</ul>
-</div></blockquote>
-</div>
-<div class="section" id="how-we-share-and-use-the-information-we-gather">
-<h2>How we share and use the information we gather<a class="headerlink" href="#how-we-share-and-use-the-information-we-gather" title="Permalink to this headline">¶</a></h2>
-<p>We may share your Personal Data or other information about you only if you are
-a merchant receiving income, with your bank, to the degree necessary to
-execute the payment.</p>
-<p>We retain Personal Data to transfer funds to the accounts designated by our
-users. We may retain Personal Data only for as long as mandated by law and
-required for the wire transfers.</p>
-<p>We primarily use the limited information we receive directly from you to
-enhance the Taler Wallet. Some ways we may use your Personal Information are
-to: Contact you when necessary to respond to your comments, answer your
-questions, or obtain additional information on issues related to bugs or
-errors with the Taler Wallet that you reported.</p>
-</div>
-<div class="section" id="agents-or-third-party-partners">
-<h2>Agents or third party partners<a class="headerlink" href="#agents-or-third-party-partners" title="Permalink to this headline">¶</a></h2>
-<p>We may provide your Personal Information to our employees, contractors,
-agents, service providers, and designees (“Agents”) to enable them to perform
-certain services for us exclusively, including: improvement and maintenance of
-our software and Services.</p>
-</div>
-<div class="section" id="protection-of-us-and-others">
-<h2>Protection of us and others<a class="headerlink" href="#protection-of-us-and-others" title="Permalink to this headline">¶</a></h2>
-<p>We reserve the right to access, read, preserve, and disclose any information
-that we reasonably believe is necessary to comply with the law or a court
-order.</p>
-</div>
-<div class="section" id="what-personal-information-can-i-access-or-change">
-<h2>What personal information can I access or change?<a class="headerlink" href="#what-personal-information-can-i-access-or-change" title="Permalink to this headline">¶</a></h2>
-<p>You can request access to the information we have collected from you. You can
-do this by contacting us at <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;net">privacy<span>&#64;</span>taler-systems<span>&#46;</span>net</a>. We will make sure to
-provide you with a copy of the data we process about you. To comply with your
-request, we may ask you to verify your identity. We will fulfill your request
-by sending your copy electronically. For any subsequent access request, we may
-charge you with an administrative fee. If you believe that the information we
-have collected is incorrect, you are welcome to contact us so we can update it
-and keep your data accurate. Any data that is no longer needed for purposes
-specified in the “How We Use the Information We Gather” section will be
-deleted after ninety (90) days.</p>
-</div>
-<div class="section" id="what-are-your-data-protection-rights">
-<h2>What are your data protection rights?<a class="headerlink" href="#what-are-your-data-protection-rights" title="Permalink to this headline">¶</a></h2>
-<p>Anastasis would like to make sure you are fully aware of all of your
-data protection rights. Every user is entitled to the following:</p>
-<dl class="simple">
-<dt><strong>The right to access</strong>: You have the right to request Anastasis for</dt><dd><p>copies of your personal data. We may charge you a small fee for this
-service.</p>
-</dd>
-</dl>
-<p><strong>The right to rectification</strong>: You have the right to request that
-Anastasis correct any information you believe is inaccurate. You also
-have the right to request Anastasis to complete information you
-believe is incomplete.  The right to erasure - You have the right to
-request that Anastasis erase your personal data, under certain
-conditions.</p>
-<dl class="simple">
-<dt><strong>The right to restrict processing</strong>: You have the right to request</dt><dd><p>that Anastasis restrict the processing of your personal data, under
-certain conditions.</p>
-</dd>
-<dt><strong>The right to object to processing</strong>: You have the right to object to</dt><dd><p>Anastasis’s processing of your personal data, under certain
-conditions.</p>
-</dd>
-<dt><strong>The right to data portability</strong>: You have the right to request that</dt><dd><p>Anastasis transfer the data that we have collected to another
-organization, or directly to you, under certain conditions.</p>
-</dd>
-</dl>
-<p>If you make a request, we have one month to respond to you. If you
-would like to exercise any of these rights, please contact us at our
-email: <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;com">privacy<span>&#64;</span>taler-systems<span>&#46;</span>com</a></p>
-<p>You can always contact your local data protection authority to enforce
-your rights.</p>
-</div>
-<div class="section" id="data-retention">
-<h2>Data retention<a class="headerlink" href="#data-retention" title="Permalink to this headline">¶</a></h2>
-<p>If you uninstall the Taler Wallet mobile applications from your device, or
-request that your information be deleted, we still may retain some information
-that you have provided to us to maintain the Taler Wallet or to comply with
-relevant laws.</p>
-</div>
-<div class="section" id="data-security">
-<h2>Data security<a class="headerlink" href="#data-security" title="Permalink to this headline">¶</a></h2>
-<p>We are committed to making sure your information is protected. We employ
-several physical and electronic safeguards to keep your information safe,
-including encrypted user passwords, two factor verification and authentication
-on passwords where possible, and securing connections with industry standard
-transport layer security. You are also welcome to contact us using GnuPG
-encrypted e-mail. Even with all these precautions, we cannot fully guarantee
-against the access, disclosure, alteration, or deletion of data through
-events, including but not limited to hardware or software failure or
-unauthorized use. Any information that you provide to us is done so entirely
-at your own risk.</p>
-</div>
-<div class="section" id="changes-and-updates-to-privacy-policy">
-<h2>Changes and updates to privacy policy<a class="headerlink" href="#changes-and-updates-to-privacy-policy" title="Permalink to this headline">¶</a></h2>
-<p>We reserve the right to update and revise this privacy policy at any time. We
-occasionally review this Privacy Policy to make sure it complies with
-applicable laws and conforms to changes in our business. We may need to update
-this Privacy Policy, and we reserve the right to do so at any time. If we do
-revise this Privacy Policy, we will update the “Effective Date” at the bottom
-of this page so that you can tell if it has changed since your last visit. As
-we generally do not collect contact information and also do not track your
-visits, we will not be able to notify you directly. However, the Taler Wallet
-may inform you about a change in the privacy policy once it detects that the
-policy has changed. Please review this Privacy Policy regularly to ensure that
-you are aware of its terms. Any use of our Services after an amendment to our
-Privacy Policy constitutes your acceptance to the revised or amended
-agreement.</p>
-</div>
-<div class="section" id="international-users-and-visitors">
-<h2>International users and visitors<a class="headerlink" href="#international-users-and-visitors" title="Permalink to this headline">¶</a></h2>
-<p>Our Services are hosted in Switzerland. If you are a user accessing the
-Services from the European Union, Asia, US, or any other region with laws or
-regulations governing personal data collection, use, and disclosure that
-differ from Swiss laws, please be advised that through your continued use of
-the Services, which is governed by Swiss law, you are transferring your
-Personal Information to Switzerland and you consent to that transfer.</p>
-</div>
-<div class="section" id="questions">
-<h2>Questions<a class="headerlink" href="#questions" title="Permalink to this headline">¶</a></h2>
-<p>Please contact us at <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;net">privacy<span>&#64;</span>taler-systems<span>&#46;</span>net</a> if you have questions about our
-privacy practices that are not addressed in this Privacy Statement.</p>
-</div>
-</div>
-
-
-            <div class="clearer"></div>
-          </div>
-        </div>
-      </div>
-      <div class="clearer"></div>
-    </div>
-  </body>
-</html>
--- a/contrib/pp/en/pp-v0.epub
+++ b/contrib/pp/en/pp-v0.epub
--- a/contrib/pp/en/pp-v0.html
+++ b/contrib/pp/en/pp-v0.html
--- a/contrib/pp/en/pp-v0.md
+++ b/contrib/pp/en/pp-v0.md
--- a/contrib/pp/en/pp-v0.pdf
+++ b/contrib/pp/en/pp-v0.pdf
--- a/contrib/pp/en/pp-v0.txt
+++ b/contrib/pp/en/pp-v0.txt
@ -0,0 +1,237 @@
+Privacy Policy
+**************
+
+Last Updated: 11.12.2019
+
+This Privacy Policy describes the policies and procedures of Taler
+Systems SA (“we,” “our,” or “us”) pertaining to the collection, use,
+and disclosure of your information on our sites and related mobile
+applications and products we offer (the “Services” or “Taler Wallet”).
+This Privacy Statement applies to your personal data when you use our
+Services, and does not apply to online websites or services that we do
+not own or control.
+
+
+Overview
+========
+
+Your privacy is important to us. We follow a few fundamental
+principles: We don’t ask you for personally identifiable information
+(defined below). That being said, your contact information, such as
+your phone number, social media handle, or email address (depending on
+how you contact us), may be collected when you communicate with us,
+for example to report a bug or other error related to the Taler
+Wallet. We don’t share your information with third parties except when
+strictly required to deliver you our Services and products, or to
+comply with the law. If you have any questions or concerns about this
+policy, please reach out to us at privacy@taler-systems.net.
+
+
+How you accept this policy
+==========================
+
+By using our Services or visiting our sites, you agree to the use,
+disclosure, and procedures outlined in this Privacy Policy.
+
+
+What personal information do we collect from our users?
+=======================================================
+
+The information we collect from you falls into two categories: (i)
+personally identifiable information (i.e., data that could potentially
+identify you as an individual) (“Personal Information”), and (ii) non-
+personally identifiable information (i.e., information that cannot be
+used to identify who you are) (“Non-Personal Information”). This
+Privacy Policy covers both categories and will tell you how we might
+collect and use each type.
+
+We do our best to not collect any Personal Information from Taler
+Wallet users. We believe that the Taler Wallet never transmits
+personal information to our services without at least clear implied
+consent, and we only process and retain information with a strict
+business need. That being said, when using our Services, we inherently
+have to collect the following information:
+
+   * Bank account details necessary when receiving funds from you to
+     top-up your wallet or to transfer funds to you when you are being
+     paid via Taler. At the current experimental stage, only the
+     pseudonym and password you entered in the bank demonstrator is
+     stored.
+
+   * The amounts being withdrawn or deposited, with associated unique
+     transaction identifiers and cryptographic signatures authorizing
+     the transaction. Note that for purchases, we cannot identify the
+     buyer from the collected data, so when you spend money, we only
+     receive non-personal information.
+
+   * When you contact us. We may collect certain information if you
+     choose to contact us, for example to report a bug or other error
+     with the Taler Wallet. This may include contact information such
+     as your name, email address or phone number depending on the
+     method you choose to contact us.
+
+
+How we collect and process information
+======================================
+
+We may process your information for the following reasons:
+
+   * to transfer money as specified by our users (Taler transactions);
+
+   * to assist government entities in linking income to the underlying
+     contract as required by law and local regulations
+
+   * to support you using the Taler Wallet or to improve our Services
+
+
+How we share and use the information we gather
+==============================================
+
+We may share your Personal Data or other information about you only if
+you are a merchant receiving income, with your bank, to the degree
+necessary to execute the payment.
+
+We retain Personal Data to transfer funds to the accounts designated
+by our users. We may retain Personal Data only for as long as mandated
+by law and required for the wire transfers.
+
+We primarily use the limited information we receive directly from you
+to enhance the Taler Wallet. Some ways we may use your Personal
+Information are to: Contact you when necessary to respond to your
+comments, answer your questions, or obtain additional information on
+issues related to bugs or errors with the Taler Wallet that you
+reported.
+
+
+Agents or third party partners
+==============================
+
+We may provide your Personal Information to our employees,
+contractors, agents, service providers, and designees (“Agents”) to
+enable them to perform certain services for us exclusively, including:
+improvement and maintenance of our software and Services.
+
+
+Protection of us and others
+===========================
+
+We reserve the right to access, read, preserve, and disclose any
+information that we reasonably believe is necessary to comply with the
+law or a court order.
+
+
+What personal information can I access or change?
+=================================================
+
+You can request access to the information we have collected from you.
+You can do this by contacting us at privacy@taler-systems.net. We will
+make sure to provide you with a copy of the data we process about you.
+To comply with your request, we may ask you to verify your identity.
+We will fulfill your request by sending your copy electronically. For
+any subsequent access request, we may charge you with an
+administrative fee. If you believe that the information we have
+collected is incorrect, you are welcome to contact us so we can update
+it and keep your data accurate. Any data that is no longer needed for
+purposes specified in the “How We Use the Information We Gather”
+section will be deleted after ninety (90) days.
+
+
+What are your data protection rights?
+=====================================
+
+Anastasis would like to make sure you are fully aware of all of your
+data protection rights. Every user is entitled to the following:
+
+**The right to access**: You have the right to request Anastasis for
+   copies of your personal data. We may charge you a small fee for
+   this service.
+
+**The right to rectification**: You have the right to request that
+Anastasis correct any information you believe is inaccurate. You also
+have the right to request Anastasis to complete information you
+believe is incomplete.  The right to erasure - You have the right to
+request that Anastasis erase your personal data, under certain
+conditions.
+
+**The right to restrict processing**: You have the right to request
+   that Anastasis restrict the processing of your personal data, under
+   certain conditions.
+
+**The right to object to processing**: You have the right to object to
+   Anastasis's processing of your personal data, under certain
+   conditions.
+
+**The right to data portability**: You have the right to request that
+   Anastasis transfer the data that we have collected to another
+   organization, or directly to you, under certain conditions.
+
+If you make a request, we have one month to respond to you. If you
+would like to exercise any of these rights, please contact us at our
+email: privacy@taler-systems.com
+
+You can always contact your local data protection authority to enforce
+your rights.
+
+
+Data retention
+==============
+
+If you uninstall the Taler Wallet mobile applications from your
+device, or request that your information be deleted, we still may
+retain some information that you have provided to us to maintain the
+Taler Wallet or to comply with relevant laws.
+
+
+Data security
+=============
+
+We are committed to making sure your information is protected. We
+employ several physical and electronic safeguards to keep your
+information safe, including encrypted user passwords, two factor
+verification and authentication on passwords where possible, and
+securing connections with industry standard transport layer security.
+You are also welcome to contact us using GnuPG encrypted e-mail. Even
+with all these precautions, we cannot fully guarantee against the
+access, disclosure, alteration, or deletion of data through events,
+including but not limited to hardware or software failure or
+unauthorized use. Any information that you provide to us is done so
+entirely at your own risk.
+
+
+Changes and updates to privacy policy
+=====================================
+
+We reserve the right to update and revise this privacy policy at any
+time. We occasionally review this Privacy Policy to make sure it
+complies with applicable laws and conforms to changes in our business.
+We may need to update this Privacy Policy, and we reserve the right to
+do so at any time. If we do revise this Privacy Policy, we will update
+the “Effective Date” at the bottom of this page so that you can tell
+if it has changed since your last visit. As we generally do not
+collect contact information and also do not track your visits, we will
+not be able to notify you directly. However, the Taler Wallet may
+inform you about a change in the privacy policy once it detects that
+the policy has changed. Please review this Privacy Policy regularly to
+ensure that you are aware of its terms. Any use of our Services after
+an amendment to our Privacy Policy constitutes your acceptance to the
+revised or amended agreement.
+
+
+International users and visitors
+================================
+
+Our Services are hosted in Switzerland. If you are a user accessing
+the Services from the European Union, Asia, US, or any other region
+with laws or regulations governing personal data collection, use, and
+disclosure that differ from Swiss laws, please be advised that through
+your continued use of the Services, which is governed by Swiss law,
+you are transferring your Personal Information to Switzerland and you
+consent to that transfer.
+
+
+Questions
+=========
+
+Please contact us at privacy@taler-systems.net if you have questions
+about our privacy practices that are not addressed in this Privacy
+Statement.
--- a/contrib/pp/en/pp-v0.xml
+++ b/contrib/pp/en/pp-v0.xml
@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
 <!-- Generated by Docutils 0.16 -->
-<document source="/research/taler/exchange/contrib/pp/pp.rst">
+<document source="/research/taler/exchange/contrib/pp/pp-v0.rst">
    <section ids="privacy-policy" names="privacy\ policy">
        <title>Privacy Policy</title>
        <paragraph>Last Updated: 11.12.2019</paragraph>
--- a/contrib/pp/pp-v0.rst
+++ b/contrib/pp/pp-v0.rst
--- a/contrib/samples/wire-auditor.json
+++ b/contrib/samples/wire-auditor.json
@ -38,8 +38,8 @@
    "value": 5,
    "fraction": 1000000
  },
-  "missattribution_in_inconsistencies": [],
-  "total_missattribution_in": {
+  "misattribution_in_inconsistencies": [],
+  "total_misattribution_in": {
    "currency": "KUDOS",
    "value": 0,
    "fraction": 0
@ -233,4 +233,4 @@
    "fraction": 1000000
  },
  "lag_details": []
-}
+}
--- a/contrib/sigp/h.header
+++ b/contrib/sigp/h.header
@ -27,6 +27,5 @@
 #ifndef TALER_SIGNATURES_H
 #define TALER_SIGNATURES_H

-#include <gnunet/gnunet_util_lib.h>
-#include "taler_amount_lib.h"
-#include "taler_crypto_lib.h"
+
+
--- a/contrib/taler-bank-manage-testing
+++ b/contrib/taler-bank-manage-testing
@ -1,27 +1,187 @@
 #!/bin/sh
 # This file is in the public domain
-# Wrapper around 'taler-bank-manage' to first configure the required
+# Wrapper around libeufin to first configure the required
 # testing accounts before launching the bank properly.
 #
-# Takes 3 arguments:
-# $1: the configuration file name
+# Takes 4 arguments:
+# $1: the Nexus port (Sandbox port prepends 1 to it)
 # $2: the database name
-# $3: serve-http or serve-uwsgi
+# $3: exchange base URL (used to specify the default exchange)
+# $4: config file (needs patch to specify exchange's PAYTO_URI)

 set -eu

-if [ "$#" -ne 3 ];
+if [ "$1" = "--help" ];
 then
-    echo "illegal number of parameters"
+    echo "This is a tool to launch a libeufin based bank for testing."
+    echo "Call using: Nexus port number, SQLite file path, exchange base URL, config file path."
+    exit 0
+fi
+if [ "$#" -ne 4 ];
+then
+    echo "illegal number of parameters.  \
+Give: Nexus port number, SQLite file path, exchange base URL, config file path."
    exit 1
 fi

-# Ensure starting accounts exist
-taler-bank-manage -c $1 --with-db $2 django provide_accounts
-taler-bank-manage -c $1 --with-db $2 django add_bank_account 42
-taler-bank-manage -c $1 --with-db $2 django add_bank_account 43
+# Must not terminate jobs here, as they are needed
+# by the script _importing_ this one.  Those script
+# will then manage the termination.
+# trap cleanup EXIT

-taler-bank-manage -c $1 --with-db $2 django changepassword_unsafe Exchange x
+export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:$2"
+# Create the default demobank.
+libeufin-sandbox config --currency TESTKUDOS default
+export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=secret
+libeufin-sandbox serve --port "1$1" \
+  > libeufin-sandbox-stdout.log \
+  2> libeufin-sandbox-stderr.log &
+echo $! > libeufin-sandbox.pid
+export LIBEUFIN_SANDBOX_URL="http://localhost:1$1/"
+set +e
+echo -n "Waiting for Sandbox.."
+for n in `seq 1 50`; do
+  echo -n "."
+  sleep 1
+  if wget --timeout=1 \
+    --tries=3 --waitretry=0 \
+    -o /dev/null -O /dev/null \
+    $LIBEUFIN_SANDBOX_URL; then
+    break
+  fi
+done
+echo OK

-# Now run Django for good
-exec taler-bank-manage -c $1 --with-db $2 $3
+register_sandbox_account() {
+    export LIBEUFIN_SANDBOX_USERNAME=$1
+    export LIBEUFIN_SANDBOX_PASSWORD=$2
+    libeufin-cli sandbox \
+      demobank \
+      register --name "$3"
+    unset LIBEUFIN_SANDBOX_USERNAME
+    unset LIBEUFIN_SANDBOX_PASSWORD
+}
+set -e
+echo -n "Register the 'fortytwo' Sandbox user.."
+register_sandbox_account fortytwo x "Forty Two"
+echo OK
+echo -n "Register the 'fortythree' Sandbox user.."
+register_sandbox_account fortythree x "Forty Three"
+echo OK
+echo -n "Register 'exchange' Sandbox user.."
+register_sandbox_account exchange x "Exchange Company"
+echo OK
+echo -n "Register 'tor' Sandbox user.."
+register_sandbox_account tor x "Tor Project"
+echo OK
+echo -n "Register 'gnunet' Sandbox user.."
+register_sandbox_account gnunet x "GNUnet"
+echo OK
+echo -n "Register 'tutorial' Sandbox user.."
+register_sandbox_account tutorial x "Tutorial"
+echo OK
+echo -n "Register 'survey' Sandbox user.."
+register_sandbox_account survey x "Survey"
+echo OK
+echo -n "Specify exchange's PAYTO_URI in the config ..."
+export LIBEUFIN_SANDBOX_USERNAME=exchange
+export LIBEUFIN_SANDBOX_PASSWORD=x
+PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
+taler-config -c $4 -s exchange-account-1 -o PAYTO_URI -V $PAYTO
+echo " OK"
+echo -n "Setting this exchange as the bank's default ..."
+EXCHANGE_PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
+libeufin-sandbox default-exchange "$3" "$EXCHANGE_PAYTO"
+echo " OK"
+# Prepare EBICS: create Ebics host and Exchange subscriber.
+# Shortly becoming admin to setup Ebics.
+export LIBEUFIN_SANDBOX_USERNAME=admin
+export LIBEUFIN_SANDBOX_PASSWORD=secret
+echo -n "Create EBICS host at Sandbox.."
+libeufin-cli sandbox \
+  --sandbox-url http://localhost:1$1 \
+  ebicshost create --host-id talerebics
+echo OK
+echo -n "Create exchange EBICS subscriber at Sandbox.."
+libeufin-cli sandbox \
+  demobank new-ebicssubscriber --host-id talerebics \
+  --user-id exchangeebics --partner-id talerpartner \
+  --bank-account exchange # that's a username _and_ a bank account name
+echo OK
+unset LIBEUFIN_SANDBOX_USERNAME
+unset LIBEUFIN_SANDBOX_PASSWORD
+# Prepare Nexus, which is the side actually talking
+# to the exchange.
+export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:$2"
+# For convenience, username and password are
+# identical to those used at the Sandbox.
+echo -n Create exchange Nexus user..
+libeufin-nexus superuser exchange --password x
+echo OK
+libeufin-nexus serve --port $1 \
+  2> libeufin-nexus-stderr.log \
+  > libeufin-nexus-stdout.log &
+echo $! > libeufin-nexus.pid
+export LIBEUFIN_NEXUS_URL=http://localhost:$1
+echo -n Waiting for Nexus..
+set +e
+for n in `seq 1 50`; do
+  echo -n "."
+  sleep 1
+  if wget --timeout=1 \
+    --tries=3 --waitretry=0 \
+    -o /dev/null -O /dev/null \
+    $LIBEUFIN_NEXUS_URL; then
+    break
+  fi
+done
+set -e
+echo OK
+export LIBEUFIN_NEXUS_USERNAME=exchange
+export LIBEUFIN_NEXUS_PASSWORD=x
+echo -n Creating a EBICS connection at Nexus..
+libeufin-cli connections new-ebics-connection \
+  --ebics-url "http://localhost:1$1/ebicsweb" \
+  --host-id talerebics \
+  --partner-id talerpartner \
+  --ebics-user-id exchangeebics \
+  talerconn
+echo OK
+echo -n Setup EBICS keying..
+libeufin-cli connections connect talerconn > /dev/null
+echo OK
+echo -n Download bank account name from Sandbox..
+libeufin-cli connections download-bank-accounts talerconn
+echo OK
+echo -n Importing bank account info into Nexus..
+libeufin-cli connections import-bank-account \
+  --offered-account-id exchange \
+  --nexus-bank-account-id exchange-nexus \
+  talerconn
+echo OK
+echo -n Setup payments submission task..
+# Tries every second.
+libeufin-cli accounts task-schedule \
+  --task-type submit \
+  --task-name exchange-payments \
+  --task-cronspec "* * *" \
+  exchange-nexus
+echo OK
+# Tries every second.  Ask C52
+echo -n Setup history fetch task..
+libeufin-cli accounts task-schedule \
+  --task-type fetch \
+  --task-name exchange-history \
+  --task-cronspec "* * *" \
+  --task-param-level report \
+  --task-param-range-type latest \
+  exchange-nexus
+echo OK
+# TBD: create Taler facade.
+echo -n Create the Taler facade at Nexus..
+libeufin-cli facades \
+  new-taler-wire-gateway-facade \
+  --currency TESTKUDOS --facade-name test-facade \
+  talerconn exchange-nexus
+echo OK
+# Facade schema: http://localhost:$1/facades/test-facade/taler-wire-gateway/
--- a/contrib/taler-nexus-prepare
+++ b/contrib/taler-nexus-prepare
@ -1,128 +1,115 @@
-#!/usr/bin/env python3
-# This file is in the public domain.
+#!/bin/bash

-from requests import get, post
-from subprocess import call
-import base64
+set -eu

 # EBICS details
-EBICS_URL = "http://localhost:5000/ebicsweb"
-HOST_ID = "HOST01"
-PARTNER_ID = "PARTNER1"
-USER_ID = "USER1"
-EBICS_VERSION = "H004"
+EBICS_URL="http://localhost:5000/ebicsweb"
+HOST_ID="HOST01"
+PARTNER_ID="PARTNER1"
+USER_ID="USER1"

-SUBSCRIBER_IBAN = "ES9121000418450200051332"
-SUBSCRIBER_BIC = "BIC"
-SUBSCRIBER_NAME = "Exchange"
-
-BANK_ACCOUNT_LABEL = "my-bank-account"
-BANK_CONNECTION_LABEL = "my-bank-connection"
+# This is used _both_ at Sandbox and at Nexus.
+# Basically, Nexus imports the offered bank account
+# using the same name used by the Sandbox.
+BANK_ACCOUNT_LABEL="my-bank-account"
+BANK_CONNECTION_LABEL="my-bank-connection"
 FACADE_LABEL="my-facade"

-USERNAME="Exchange"
-USER_AUTHORIZATION_HEADER = "basic {}".format(
-    base64.b64encode(b"Exchange:x").decode("utf-8")
-)
+export LIBEUFIN_SANDBOX_USERNAME=exchange
+export LIBEUFIN_SANDBOX_PASSWORD=x
+export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
+libeufin-cli sandbox demobank register --name "Exchange Company"

-def assertResponse(response):
-    if response.status_code != 200:
-        print("Test failed on URL: {}".format(response.url))
-        # stdout/stderr from both services is A LOT of text.
-        # Confusing to dump all that to console.
-        print("Check nexus.log and sandbox.log, probably under /tmp")
-        exit(1)
-    # Allows for finer grained checks.
-    return response
+export LIBEUFIN_SANDBOX_USERNAME=fortytwo
+export LIBEUFIN_SANDBOX_PASSWORD=x
+export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
+libeufin-cli sandbox demobank register \
+  --name User42 --iban FR7630006000011234567890189

-# Create a nexus (super-) user
-check_call(["libeufin-nexus",
-      "superuser",
-      "--db-name", "/tmp/nexus-exchange-test.sqlite3",
-      "Exchange",
-      "--password", "x"]
-)
+export LIBEUFIN_SANDBOX_USERNAME=fortythree
+export LIBEUFIN_SANDBOX_PASSWORD=x
+export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
+libeufin-cli sandbox demobank register \
+  --name User43 --iban GB33BUKB20201555555555

-# Create a EBICS bank connection.
-assertResponse(
-    post(
-        "http://localhost:5001/bank-connections",
-        json=dict(
-            name=BANK_CONNECTION_LABEL,
-            source="new",
-            type="ebics",
-            data=dict(
-                ebicsURL=EBICS_URL, hostID=HOST_ID, partnerID=PARTNER_ID, userID=USER_ID
-            ),
-        ),
-        headers=dict(Authorization=USER_AUTHORIZATION_HEADER),
-    )
-)
+export LIBEUFIN_SANDBOX_USERNAME=admin
+export LIBEUFIN_SANDBOX_PASSWORD=secret
+export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
+echo -n "Create EBICS host at Sandbox..."
+libeufin-cli sandbox \
+  --sandbox-url "http://localhost:5000" \
+  ebicshost create --host-id $HOST_ID
+echo " OK"

-# Create a facade
-assertResponse(
-    post(
-        "http://localhost:5001/facades",
-        json=dict(
-            name=FACADE_LABEL,
-            type="taler-wire-gateway",
-            creator=USERNAME,
-            config=dict(
-                bankAccount=BANK_ACCOUNT_LABEL,
-                bankConnection=BANK_CONNECTION_LABEL,
-                reserveTransferLevel="UNUSED",
-                intervalIncremental="UNUSED"
-            )
-        ),
-        headers=dict(Authorization=USER_AUTHORIZATION_HEADER),
-    )
-)
+echo -n "Create exchange EBICS subscriber at Sandbox..."
+libeufin-cli sandbox \
+  demobank new-ebicssubscriber --host-id $HOST_ID \
+  --user-id $USER_ID --partner-id $PARTNER_ID \
+  --bank-account exchange # that's a username _and_ a bank account name
+echo " OK"
+unset LIBEUFIN_SANDBOX_USERNAME
+unset LIBEUFIN_SANDBOX_PASSWORD
+unset LIBEUFIN_SANDBOX_URL

-# Create the EBICS host at the Sandbox.
-assertResponse(
-    post(
-        "http://localhost:5000/admin/ebics/host",
-        json=dict(hostID=HOST_ID, ebicsVersion=EBICS_VERSION),
-    )
-)
+export LIBEUFIN_NEXUS_USERNAME=exchange
+export LIBEUFIN_NEXUS_PASSWORD=x
+export LIBEUFIN_NEXUS_URL=http://localhost:5001/

-# Create Exchange EBICS subscriber at the Sandbox.
-assertResponse(
-    post(
-        "http://localhost:5000/admin/ebics/subscribers",
-        json=dict(hostID=HOST_ID, partnerID=PARTNER_ID, userID=USER_ID),
-    )
-)
+echo -n "Create the exchange (super)user at Nexus..."
+libeufin-nexus superuser exchange --password x
+echo " DONE"

-# Create a bank account associated to the Exchange's EBICS subscriber,
-# again at the Sandbox.
-assertResponse(
-    post(
-        "http://localhost:5000/admin/ebics/bank-accounts",
-        json=dict(
-            subscriber=dict(hostID=HOST_ID, partnerID=PARTNER_ID, userID=USER_ID),
-            iban=SUBSCRIBER_IBAN,
-            bic=SUBSCRIBER_BIC,
-            name=SUBSCRIBER_NAME,
-            label=BANK_ACCOUNT_LABEL,
-        ),
-    )
-)
+echo -n "Creating a EBICS connection at Nexus..."
+libeufin-cli connections new-ebics-connection \
+  --ebics-url $EBICS_URL \
+  --host-id $HOST_ID \
+  --partner-id $PARTNER_ID \
+  --ebics-user-id $USER_ID \
+  $BANK_CONNECTION_LABEL
+echo " OK"

-# 'connect' to the bank: upload+download keys.
-assertResponse(
-    post(
-        "http://localhost:5001/bank-connections/{}/connect".format(BANK_CONNECTION_LABEL),
-        json=dict(),
-        headers=dict(Authorization=USER_AUTHORIZATION_HEADER),
-    )
-)
+echo -n "Setup EBICS keying..."
+libeufin-cli connections connect $BANK_CONNECTION_LABEL > /dev/null
+echo " OK"

-# Download bank accounts.
-assertResponse(
-    post(
-        "http://localhost:5001/bank-connections/{}/ebics/import-accounts".format(BANK_CONNECTION_LABEL),
-        json=dict(),
-        headers=dict(Authorization=USER_AUTHORIZATION_HEADER),
-    )
-)
+echo -n "Download bank account name from Sandbox..."
+libeufin-cli connections download-bank-accounts $BANK_CONNECTION_LABEL
+echo " OK"
+
+echo -n "Importing bank account info into Nexus..."
+libeufin-cli connections import-bank-account \
+  --offered-account-id exchange \
+  --nexus-bank-account-id $BANK_ACCOUNT_LABEL \
+  $BANK_CONNECTION_LABEL
+echo " OK"
+
+echo -n "Create the Taler facade at Nexus..."
+libeufin-cli facades \
+  new-taler-wire-gateway-facade \
+  --currency KUDOS --facade-name $FACADE_LABEL \
+  $BANK_CONNECTION_LABEL $BANK_ACCOUNT_LABEL
+echo " DONE"
+
+echo -n Setup payments submission task..
+# Tries every second.
+libeufin-cli accounts task-schedule \
+  --task-type submit \
+  --task-name exchange-payments \
+  --task-cronspec "* * *" \
+  $BANK_ACCOUNT_LABEL
+echo OK
+# Tries every second.  Ask C52
+echo -n Setup history fetch task..
+libeufin-cli accounts task-schedule \
+  --task-type fetch \
+  --task-name exchange-history \
+  --task-cronspec "* * *" \
+  --task-param-level report \
+  --task-param-range-type latest \
+  $BANK_ACCOUNT_LABEL
+echo OK
+
+# unset, in case the script gets 'source'd.
+unset LIBEUFIN_NEXUS_USERNAME
+unset LIBEUFIN_NEXUS_PASSWORD
+unset LIBEUFIN_NEXUS_URL
--- a/contrib/tos/bfh-v0.rst
+++ b/contrib/tos/bfh-v0.rst
--- a/contrib/tos/conf.py.in
+++ b/contrib/tos/conf.py.in
@ -17,6 +17,7 @@
  @author Benedikt Muller
  @author Sree Harsha Totakura
  @author Marcello Stanisci
+  @author Christian Grothoff
 """
 # -*- coding: utf-8 -*-
 #
@ -68,20 +69,20 @@ source_suffix = {
 #source_encoding = 'utf-8-sig'

 # The master toctree document.
-master_doc = 'tos'
+master_doc = '%VERSION%'

 # General information about the project.
-project = u'tos'
-copyright = u'2014-2020 Taler Systems SA (GPLv3+ or GFDL 1.3+)'
+project = u'%VERSION%'
+copyright = u'2014-2022 Taler Systems SA (GPLv3+ or GFDL 1.3+)'

 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = '0'
+version = '%VERSION%'
 # The full version, including alpha/beta/rc tags.
-release = '0'
+release = '%VERSION%'

 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
@ -149,7 +150,7 @@ html_theme_options = {

 # The name for this set of Sphinx documents.  If None, it defaults to
 # "<project> v<release> documentation".
-html_title = "Taler Terms of Service"
+html_title = "Taler Exchange Terms of Service"

 # A shorter title for the navigation bar.  Default is the same as html_title.
 html_short_title = "Terms of Service"
@ -192,7 +193,7 @@ html_short_title = "Terms of Service"
 #html_domain_indices = True

 # If false, no index is generated.
-#html_use_index = True
+html_use_index = True

 # If true, the index is split into individual pages for each letter.
 #html_split_index = False
@ -231,7 +232,7 @@ latex_elements = {
 # (source start file, target name, title,
 #  author, documentclass [howto, manual, or own class]).
 latex_documents = [
-    ('tos', 'tos.tex',
+    ('%VERSION%', '%VERSION%.tex',
     'Terms of Service', 'GNU Taler team', 'manual'),
 ]

@ -277,6 +278,6 @@ latex_documents = [

 # -- Options for epub output  ----------------------------

-epub_basename = "tos"
+epub_basename = "%VERSION%"

 epub_title = "Terms of Service"
--- a/contrib/tos/en/0.html
+++ b/contrib/tos/en/0.html
@ -1,316 +0,0 @@
-
-
-<html lang="en">
-  <head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Terms Of Service &#8212; Taler Terms of Service</title>
-    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
-    <link rel="stylesheet" href="_static/epub.css" type="text/css" />
-    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
-    <script src="_static/jquery.js"></script>
-    <script src="_static/underscore.js"></script>
-    <script src="_static/doctools.js"></script> 
-  </head><body>
-
-    <div class="document">
-      <div class="documentwrapper">
-        <div class="bodywrapper">
-          <div class="body" role="main">
-            
-  <div class="section" id="terms-of-service">
-<h1>Terms Of Service<a class="headerlink" href="#terms-of-service" title="Permalink to this headline">¶</a></h1>
-<p>Last Updated: 09.06.2022</p>
-<p>Welcome! The ICE research center of the Bern University of Applied Sciences
-in Switzerland (“we,” “our,” or “us”) provides an experimental payment service
-through our Internet presence (collectively the “Services”). Before using our
-Services, please read the Terms of Service (the “Terms” or the “Agreement”)
-carefully.</p>
-<div class="section" id="this-is-research">
-<h2>This is research<a class="headerlink" href="#this-is-research" title="Permalink to this headline">¶</a></h2>
-<p>This is a research experiment. Any funds wired to our Bitcoin address are
-considered a donation to our research group. We may use them to enable
-payments following the GNU Taler protocol, or simply keep them at our
-discretion.  The service is experimental and may also be discontinued at
-any time, in which case all remaining funds will definitively be kept by
-the research group.</p>
-</div>
-<div class="section" id="overview">
-<h2>Overview<a class="headerlink" href="#overview" title="Permalink to this headline">¶</a></h2>
-<p>This section provides a brief summary of the highlights of this
-Agreement. Please note that when you accept this Agreement, you are accepting
-all of the terms and conditions and not just this section. We and possibly
-other third parties provide Internet services which interact with the Taler
-Wallet’s self-hosted personal payment application. When using the Taler Wallet
-to interact with our Services, you are agreeing to our Terms, so please read
-carefully.</p>
-<div class="section" id="highlights">
-<h3>Highlights:<a class="headerlink" href="#highlights" title="Permalink to this headline">¶</a></h3>
-<blockquote>
-<div><ul class="simple">
-<li><p>You are responsible for keeping the data in your Taler Wallet at all times
-under your control. Any losses arising from you not being in control of
-your private information are your problem.</p></li>
-<li><p>We may transfer funds we receive from our users to any legal
-recipient to the best of our ability within the limitations of the law and
-our implementation. However, the Services offered today are highly
-experimental and the set of recipients of funds is severely restricted.
-Again, we stress this is a research experiment and technically all funds
-held by the exchange are owned by the research group of the university.</p></li>
-<li><p>For our Services, we may charge transaction fees. The specific fee structure
-is provided based on the Taler protocol and should be shown to you when you
-withdraw electronic coins using a Taler Wallet. You agree and understand
-that the Taler protocol allows for the fee structure to change.</p></li>
-<li><p>You agree to not intentionally overwhelm our systems with requests and
-follow responsible disclosure if you find security issues in our services.</p></li>
-<li><p>We cannot be held accountable for our Services not being available due to
-any circumstances. If we modify or terminate our services,
-we may give you the opportunity to recover your funds. However,
-given the experimental state of the Services today, this may not be
-possible. You are strongly advised to limit your use of the Service
-to small-scale experiments expecting total loss of all funds.</p></li>
-</ul>
-</div></blockquote>
-<p>These terms outline approved uses of our Services. The Services and these
-Terms are still at an experimental stage. If you have any questions or
-comments related to this Agreement, please send us a message to
-<a class="reference external" href="mailto:ice&#37;&#52;&#48;bfh&#46;ch">ice<span>&#64;</span>bfh<span>&#46;</span>ch</a>. If you do not agree to this Agreement, you must not
-use our Services.</p>
-</div>
-</div>
-<div class="section" id="how-you-accept-this-policy">
-<h2>How you accept this policy<a class="headerlink" href="#how-you-accept-this-policy" title="Permalink to this headline">¶</a></h2>
-<p>By sending funds to us (to top-up your Taler Wallet), you acknowledge that you
-have read, understood, and agreed to these Terms. We reserve the right to
-change these Terms at any time. If you disagree with the change, we may in the
-future offer you with an easy option to recover your unspent funds. However,
-in the current experimental period you acknowledge that this feature is not
-yet available, resulting in your funds being lost unless you accept the new
-Terms. If you continue to use our Services other than to recover your unspent
-funds, your continued use of our Services following any such change will
-signify your acceptance to be bound by the then current Terms. Please check
-the effective date above to determine if there have been any changes since you
-have last reviewed these Terms.</p>
-</div>
-<div class="section" id="services">
-<h2>Services<a class="headerlink" href="#services" title="Permalink to this headline">¶</a></h2>
-<p>We will try to transfer funds that we receive from users to any legal
-recipient to the best of our ability and within the limitations of the
-law. However, the Services offered today are highly experimental and the set
-of recipients of funds is severely restricted.  The Taler Wallet can be loaded
-by exchanging fiat or cryptocurrencies against electronic coins. We are
-providing this exchange service. Once your Taler Wallet is loaded with
-electronic coins they can be spent for purchases if the seller is accepting
-Taler as a means of payment. We are not guaranteeing that any seller is
-accepting Taler at all or a particular seller.  The seller or recipient of
-deposits of electronic coins must specify the target account, as per the
-design of the Taler protocol. They are responsible for following the protocol
-and specifying the correct bank account, and are solely liable for any losses
-that may arise from specifying the wrong account. We may allow the government
-to link wire transfers to the underlying contract hash. It is the
-responsibility of recipients to preserve the full contracts and to pay
-whatever taxes and charges may be applicable. Technical issues may lead to
-situations where we are unable to make transfers at all or lead to incorrect
-transfers that cannot be reversed. We may refuse to execute transfers if the
-transfers are prohibited by a competent legal authority and we are ordered to
-do so.</p>
-<p>When using our Services, you agree to not take any action that intentionally
-imposes an unreasonable load on our infrastructure. If you find security
-problems in our Services, you agree to first report them to
-<a class="reference external" href="mailto:security&#37;&#52;&#48;taler-systems&#46;com">security<span>&#64;</span>taler-systems<span>&#46;</span>com</a> and grant us the right to publish your report. We
-warrant that we will ourselves publicly disclose any issues reported within 3
-months, and that we will not prosecute anyone reporting security issues if
-they did not exploit the issue beyond a proof-of-concept, and followed the
-above responsible disclosure practice.</p>
-</div>
-<div class="section" id="fees">
-<h2>Fees<a class="headerlink" href="#fees" title="Permalink to this headline">¶</a></h2>
-<p>You agree to pay the fees for exchanges and withdrawals completed via the
-Taler Wallet (“Fees”) as defined by us, which we may change from time to
-time. With the exception of wire transfer fees, Taler transaction fees are set
-for any electronic coin at the time of withdrawal and fixed throughout the
-validity period of the respective electronic coin. Your wallet should obtain
-and display applicable fees when withdrawing funds. Fees for coins obtained as
-change may differ from the fees applicable to the original coin. Wire transfer
-fees that are independent from electronic coins may change annually.  You
-authorize us to charge or deduct applicable fees owed in connection with
-deposits, exchanges and withdrawals following the rules of the Taler protocol.
-We reserve the right to provide different types of rewards to users either in
-the form of discount for our Services or in any other form at our discretion
-and without prior notice to you.</p>
-</div>
-<div class="section" id="eligibility-and-financial-self-responsibility">
-<h2>Eligibility and Financial self-responsibility<a class="headerlink" href="#eligibility-and-financial-self-responsibility" title="Permalink to this headline">¶</a></h2>
-<p>To be eligible to use our Services, you must be able to form legally binding
-contracts or have the permission of your legal guardian. By using our
-Services, you represent and warrant that you meet all eligibility requirements
-that we outline in these Terms.</p>
-<p>You will be responsible for maintaining the availability, integrity and
-confidentiality of the data stored in your wallet. When you setup a Taler
-Wallet, you are strongly advised to follow the precautionary measures offered
-by the software to minimize the chances to losse access to or control over
-your Wallet data. We will not be liable for any loss or damage arising from
-your failure to comply with this paragraph.</p>
-</div>
-<div class="section" id="copyrights-and-trademarks">
-<h2>Copyrights and trademarks<a class="headerlink" href="#copyrights-and-trademarks" title="Permalink to this headline">¶</a></h2>
-<p>The Taler Wallet is released under the terms of the GNU General Public License
-(GNU GPL). You have the right to access, use, and share the Taler Wallet, in
-modified or unmodified form. However, the GPL is a strong copyleft license,
-which means that any derivative works must be distributed under the same
-license terms as the original software. If you have any questions, you should
-review the GNU GPL’s full terms and conditions at
-<a class="reference external" href="https://www.gnu.org/licenses/gpl-3.0.en.html">https://www.gnu.org/licenses/gpl-3.0.en.html</a>.  “Taler” itself is a trademark
-of Taler Systems SA. You are welcome to use the name in relation to processing
-payments using the Taler protocol, assuming your use is compatible with an
-official release from the GNU Project that is not older than two years.</p>
-</div>
-<div class="section" id="limitation-of-liability-disclaimer-of-warranties">
-<h2>Limitation of liability &amp; disclaimer of warranties<a class="headerlink" href="#limitation-of-liability-disclaimer-of-warranties" title="Permalink to this headline">¶</a></h2>
-<p>You understand and agree that we have no control over, and no duty to take any
-action regarding: Failures, disruptions, errors, or delays in processing that
-you may experience while using our Services; The risk of failure of hardware,
-software, and Internet connections; The risk of malicious software being
-introduced or found in the software underlying the Taler Wallet; The risk that
-third parties may obtain unauthorized access to information stored within your
-Taler Wallet, including, but not limited to your Taler Wallet coins or backup
-encryption keys.  You release us from all liability related to any losses,
-damages, or claims arising from:</p>
-<ol class="loweralpha simple">
-<li><p>user error such as forgotten passwords, incorrectly constructed
-transactions;</p></li>
-<li><p>server failure or data loss;</p></li>
-<li><p>unauthorized access to the Taler Wallet application;</p></li>
-<li><p>bugs or other errors in the Taler Wallet software; and</p></li>
-<li><p>any unauthorized third party activities, including, but not limited to,
-the use of viruses, phishing, brute forcing, or other means of attack
-against the Taler Wallet. We make no representations concerning any
-Third Party Content contained in or accessed through our Services.</p></li>
-</ol>
-<p>Any other terms, conditions, warranties, or representations associated with
-such content, are solely between you and such organizations and/or
-individuals.</p>
-<p>To the fullest extent permitted by applicable law, in no event will we or any
-of our officers, directors, representatives, agents, servants, counsel,
-employees, consultants, lawyers, and other personnel authorized to act,
-acting, or purporting to act on our behalf (collectively the “Taler Parties”)
-be liable to you under contract, tort, strict liability, negligence, or any
-other legal or equitable theory, for:</p>
-<ol class="loweralpha simple">
-<li><p>any lost profits, data loss, cost of procurement of substitute goods or
-services, or direct, indirect, incidental, special, punitive, compensatory,
-or consequential damages of any kind whatsoever resulting from:</p></li>
-</ol>
-<blockquote>
-<div><ol class="lowerroman simple">
-<li><p>your use of, or conduct in connection with, our services;</p></li>
-<li><p>any unauthorized use of your wallet and/or private key due to your
-failure to maintain the confidentiality of your wallet;</p></li>
-<li><p>any interruption or cessation of transmission to or from the services; or</p></li>
-<li><p>any bugs, viruses, trojan horses, or the like that are found in the Taler
-Wallet software or that may be transmitted to or through our services by
-any third party (regardless of the source of origination), or</p></li>
-</ol>
-</div></blockquote>
-<ol class="loweralpha simple" start="2">
-<li><p>any direct damages.</p></li>
-</ol>
-<p>These limitations apply regardless of legal theory, whether based on tort,
-strict liability, breach of contract, breach of warranty, or any other legal
-theory, and whether or not we were advised of the possibility of such
-damages. Some jurisdictions do not allow the exclusion or limitation of
-liability for consequential or incidental damages, so the above limitation may
-not apply to you.</p>
-<p>Our services are provided “as is” and without warranty of any kind. To the
-maximum extent permitted by law, we disclaim all representations and
-warranties, express or implied, relating to the services and underlying
-software or any content on the services, whether provided or owned by us or by
-any third party, including without limitation, warranties of merchantability,
-fitness for a particular purpose, title, non-infringement, freedom from
-computer virus, and any implied warranties arising from course of dealing,
-course of performance, or usage in trade, all of which are expressly
-disclaimed. In addition, we do not represent or warrant that the content
-accessible via the services is accurate, complete, available, current, free of
-viruses or other harmful components, or that the results of using the services
-will meet your requirements. Some states do not allow the disclaimer of
-implied warranties, so the foregoing disclaimers may not apply to you. This
-paragraph gives you specific legal rights and you may also have other legal
-rights that vary from state to state.</p>
-</div>
-<div class="section" id="indemnity-and-time-limitation-on-claims-and-termination">
-<h2>Indemnity and Time limitation on claims and Termination<a class="headerlink" href="#indemnity-and-time-limitation-on-claims-and-termination" title="Permalink to this headline">¶</a></h2>
-<p>To the extent permitted by applicable law, you agree to defend, indemnify, and
-hold harmless the Taler Parties from and against any and all claims, damages,
-obligations, losses, liabilities, costs or debt, and expenses (including, but
-not limited to, attorney’s fees) arising from: (a) your use of and access to
-the Services; (b) any feedback or submissions you provide to us concerning the
-Taler Wallet; (c) your violation of any term of this Agreement; or (d) your
-violation of any law, rule, or regulation, or the rights of any third party.</p>
-<p>You agree that any claim you may have arising out of or related to your
-relationship with us must be filed within one year after such claim arises,
-otherwise, your claim in permanently barred.</p>
-<p>In the event of termination concerning your use of our Services, your
-obligations under this Agreement will still continue.</p>
-</div>
-<div class="section" id="discontinuance-of-services-and-force-majeure">
-<h2>Discontinuance of services and Force majeure<a class="headerlink" href="#discontinuance-of-services-and-force-majeure" title="Permalink to this headline">¶</a></h2>
-<p>We may, in our sole discretion and without cost to you, with or without prior
-notice, and at any time, modify or discontinue, temporarily or permanently,
-any portion of our Services. We will use the Taler protocol’s provisions to
-notify Wallets if our Services are to be discontinued. It is your
-responsibility to ensure that the Taler Wallet is online at least once every
-three months to observe these notifications. We shall not be held responsible
-or liable for any loss of funds in the event that we discontinue or depreciate
-the Services and your Taler Wallet fails to transfer out the coins within a
-three months notification period.</p>
-<p>We shall not be held liable for any delays, failure in performance, or
-interruptions of service which result directly or indirectly from any cause or
-condition beyond our reasonable control, including but not limited to: any
-delay or failure due to any act of God, act of civil or military authorities,
-act of terrorism, civil disturbance, war, strike or other labor dispute, fire,
-interruption in telecommunications or Internet services or network provider
-services, failure of equipment and/or software, other catastrophe, or any
-other occurrence which is beyond our reasonable control and shall not affect
-the validity and enforceability of any remaining provisions.</p>
-</div>
-<div class="section" id="governing-law-waivers-severability-and-assignment">
-<h2>Governing law, Waivers, Severability and Assignment<a class="headerlink" href="#governing-law-waivers-severability-and-assignment" title="Permalink to this headline">¶</a></h2>
-<p>No matter where you’re located, the laws of Switzerland will govern these
-Terms. If any provisions of these Terms are inconsistent with any applicable
-law, those provisions will be superseded or modified only to the extent such
-provisions are inconsistent. The parties agree to submit to the ordinary
-courts in Bern, Switzerland for exclusive jurisdiction of any dispute
-arising out of or related to your use of the Services or your breach of these
-Terms.</p>
-<p>Our failure to exercise or delay in exercising any right, power, or privilege
-under this Agreement shall not operate as a waiver; nor shall any single or
-partial exercise of any right, power, or privilege preclude any other or
-further exercise thereof.</p>
-<p>You agree that we may assign any of our rights and/or transfer, sub-contract,
-or delegate any of our obligations under these Terms.</p>
-<p>If it turns out that any part of this Agreement is invalid, void, or for any
-reason unenforceable, that term will be deemed severable and limited or
-eliminated to the minimum extent necessary.</p>
-<p>This Agreement sets forth the entire understanding and agreement as to the
-subject matter hereof and supersedes any and all prior discussions,
-agreements, and understandings of any kind (including, without limitation, any
-prior versions of this Agreement) and every nature between us. Except as
-provided for above, any modification to this Agreement must be in writing and
-must be signed by both parties.</p>
-</div>
-<div class="section" id="questions-or-comments">
-<h2>Questions or comments<a class="headerlink" href="#questions-or-comments" title="Permalink to this headline">¶</a></h2>
-<p>We welcome comments, questions, concerns, or suggestions. Please send us a
-message on our contact page at <a class="reference external" href="mailto:legal&#37;&#52;&#48;taler-systems&#46;com">legal<span>&#64;</span>taler-systems<span>&#46;</span>com</a>.</p>
-</div>
-</div>
-
-
-            <div class="clearer"></div>
-          </div>
-        </div>
-      </div>
-      <div class="clearer"></div>
-    </div>
-  </body>
-</html>
--- a/contrib/tos/en/bfh-v0.epub
+++ b/contrib/tos/en/bfh-v0.epub
--- a/contrib/tos/en/bfh-v0.html
+++ b/contrib/tos/en/bfh-v0.html
--- a/contrib/tos/en/bfh-v0.pdf
+++ b/contrib/tos/en/bfh-v0.pdf
--- a/contrib/tos/en/bfh-v0.txt
+++ b/contrib/tos/en/bfh-v0.txt
--- a/contrib/tos/en/bfh-v0.xml
+++ b/contrib/tos/en/bfh-v0.xml
@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
 <!-- Generated by Docutils 0.16 -->
-<document source="/home/grothoff/research/taler/exchange/contrib/tos/tos.rst">
+<document source="/research/taler/exchange/contrib/tos/bfh-v0.rst">
    <section ids="terms-of-service" names="terms\ of\ service">
        <title>Terms Of Service</title>
        <paragraph>Last Updated: 09.06.2022</paragraph>
--- a/contrib/tos/en/tos-v0.epub
+++ b/contrib/tos/en/tos-v0.epub
--- a/contrib/tos/en/tos-v0.html
+++ b/contrib/tos/en/tos-v0.html
--- a/contrib/tos/en/tos-v0.md
+++ b/contrib/tos/en/tos-v0.md
@ -0,0 +1,337 @@
+Terms Of Service
+****************
+
+Last Updated: 12.4.2019
+
+Welcome! Taler Systems SA (“we,” “our,” or “us”) provides a payment
+service through our Internet presence (collectively the “Services”).
+Before using our Services, please read the Terms of Service (the
+“Terms” or the “Agreement”) carefully.
+
+
+Overview
+========
+
+This section provides a brief summary of the highlights of this
+Agreement. Please note that when you accept this Agreement, you are
+accepting all of the terms and conditions and not just this section.
+We and possibly other third parties provide Internet services which
+interact with the Taler Wallet’s self-hosted personal payment
+application. When using the Taler Wallet to interact with our
+Services, you are agreeing to our Terms, so please read carefully.
+
+
+Highlights:
+-----------
+
+   * You are responsible for keeping the data in your Taler Wallet at
+     all times under your control. Any losses arising from you not
+     being in control of your private information are your problem.
+
+   * We will try to transfer funds we hold in escrow for our users to
+     any legal recipient to the best of our ability within the
+     limitations of the law and our implementation. However, the
+     Services offered today are highly experimental and the set of
+     recipients of funds is severely restricted.
+
+   * For our Services, we may charge transaction fees. The specific
+     fee structure is provided based on the Taler protocol and should
+     be shown to you when you withdraw electronic coins using a Taler
+     Wallet. You agree and understand that the Taler protocol allows
+     for the fee structure to change.
+
+   * You agree to not intentionally overwhelm our systems with
+     requests and follow responsible disclosure if you find security
+     issues in our services.
+
+   * We cannot be held accountable for our Services not being
+     available due to circumstances beyond our control. If we modify
+     or terminate our services, we will try to give you the
+     opportunity to recover your funds. However, given the
+     experimental state of the Services today, this may not be
+     possible. You are strongly advised to limit your use of the
+     Service to small-scale experiments expecting total loss of all
+     funds.
+
+These terms outline approved uses of our Services. The Services and
+these Terms are still at an experimental stage. If you have any
+questions or comments related to this Agreement, please send us a
+message to legal@taler-systems.com. If you do not agree to this
+Agreement, you must not use our Services.
+
+
+How you accept this policy
+==========================
+
+By sending funds to us (to top-up your Taler Wallet), you acknowledge
+that you have read, understood, and agreed to these Terms. We reserve
+the right to change these Terms at any time. If you disagree with the
+change, we may in the future offer you with an easy option to recover
+your unspent funds. However, in the current experimental period you
+acknowledge that this feature is not yet available, resulting in your
+funds being lost unless you accept the new Terms. If you continue to
+use our Services other than to recover your unspent funds, your
+continued use of our Services following any such change will signify
+your acceptance to be bound by the then current Terms. Please check
+the effective date above to determine if there have been any changes
+since you have last reviewed these Terms.
+
+
+Services
+========
+
+We will try to transfer funds that we hold in escrow for our users to
+any legal recipient to the best of our ability and within the
+limitations of the law and our implementation. However, the Services
+offered today are highly experimental and the set of recipients of
+funds is severely restricted.  The Taler Wallet can be loaded by
+exchanging fiat currencies against electronic coins. We are providing
+this exchange service. Once your Taler Wallet is loaded with
+electronic coins they can be spent for purchases if the seller is
+accepting Taler as a means of payment. We are not guaranteeing that
+any seller is accepting Taler at all or a particular seller.  The
+seller or recipient of deposits of electronic coins must specify the
+target account, as per the design of the Taler protocol. They are
+responsible for following the protocol and specifying the correct bank
+account, and are solely liable for any losses that may arise from
+specifying the wrong account. We will allow the government to link
+wire transfers to the underlying contract hash. It is the
+responsibility of recipients to preserve the full contracts and to pay
+whatever taxes and charges may be applicable. Technical issues may
+lead to situations where we are unable to make transfers at all or
+lead to incorrect transfers that cannot be reversed. We will only
+refuse to execute transfers if the transfers are prohibited by a
+competent legal authority and we are ordered to do so.
+
+When using our Services, you agree to not take any action that
+intentionally imposes an unreasonable load on our infrastructure. If
+you find security problems in our Services, you agree to first report
+them to security@taler-systems.com and grant us the right to publish
+your report. We warrant that we will ourselves publicly disclose any
+issues reported within 3 months, and that we will not prosecute anyone
+reporting security issues if they did not exploit the issue beyond a
+proof-of-concept, and followed the above responsible disclosure
+practice.
+
+
+Fees
+====
+
+You agree to pay the fees for exchanges and withdrawals completed via
+the Taler Wallet ("Fees") as defined by us, which we may change from
+time to time. With the exception of wire transfer fees, Taler
+transaction fees are set for any electronic coin at the time of
+withdrawal and fixed throughout the validity period of the respective
+electronic coin. Your wallet should obtain and display applicable fees
+when withdrawing funds. Fees for coins obtained as change may differ
+from the fees applicable to the original coin. Wire transfer fees that
+are independent from electronic coins may change annually.  You
+authorize us to charge or deduct applicable fees owed in connection
+with deposits, exchanges and withdrawals following the rules of the
+Taler protocol. We reserve the right to provide different types of
+rewards to users either in the form of discount for our Services or in
+any other form at our discretion and without prior notice to you.
+
+
+Eligibility and Financial self-responsibility
+=============================================
+
+To be eligible to use our Services, you must be able to form legally
+binding contracts or have the permission of your legal guardian. By
+using our Services, you represent and warrant that you meet all
+eligibility requirements that we outline in these Terms.
+
+You will be responsible for maintaining the availability, integrity
+and confidentiality of the data stored in your wallet. When you setup
+a Taler Wallet, you are strongly advised to follow the precautionary
+measures offered by the software to minimize the chances to losse
+access to or control over your Wallet data. We will not be liable for
+any loss or damage arising from your failure to comply with this
+paragraph.
+
+
+Copyrights and trademarks
+=========================
+
+The Taler Wallet is released under the terms of the GNU General Public
+License (GNU GPL). You have the right to access, use, and share the
+Taler Wallet, in modified or unmodified form. However, the GPL is a
+strong copyleft license, which means that any derivative works must be
+distributed under the same license terms as the original software. If
+you have any questions, you should review the GNU GPL’s full terms and
+conditions at https://www.gnu.org/licenses/gpl-3.0.en.html.  “Taler”
+itself is a trademark of Taler Systems SA. You are welcome to use the
+name in relation to processing payments using the Taler protocol,
+assuming your use is compatible with an official release from the GNU
+Project that is not older than two years.
+
+
+Limitation of liability & disclaimer of warranties
+==================================================
+
+You understand and agree that we have no control over, and no duty to
+take any action regarding: Failures, disruptions, errors, or delays in
+processing that you may experience while using our Services; The risk
+of failure of hardware, software, and Internet connections; The risk
+of malicious software being introduced or found in the software
+underlying the Taler Wallet; The risk that third parties may obtain
+unauthorized access to information stored within your Taler Wallet,
+including, but not limited to your Taler Wallet coins or backup
+encryption keys.  You release us from all liability related to any
+losses, damages, or claims arising from:
+
+1. user error such as forgotten passwords, incorrectly constructed
+   transactions;
+
+2. server failure or data loss;
+
+3. unauthorized access to the Taler Wallet application;
+
+4. bugs or other errors in the Taler Wallet software; and
+
+5. any unauthorized third party activities, including, but not limited
+   to, the use of viruses, phishing, brute forcing, or other means of
+   attack against the Taler Wallet. We make no representations
+   concerning any Third Party Content contained in or accessed through
+   our Services.
+
+Any other terms, conditions, warranties, or representations associated
+with such content, are solely between you and such organizations
+and/or individuals.
+
+To the fullest extent permitted by applicable law, in no event will we
+or any of our officers, directors, representatives, agents, servants,
+counsel, employees, consultants, lawyers, and other personnel
+authorized to act, acting, or purporting to act on our behalf
+(collectively the “Taler Parties”) be liable to you under contract,
+tort, strict liability, negligence, or any other legal or equitable
+theory, for:
+
+1. any lost profits, data loss, cost of procurement of substitute
+   goods or services, or direct, indirect, incidental, special,
+   punitive, compensatory, or consequential damages of any kind
+   whatsoever resulting from:
+
+   1. your use of, or conduct in connection with, our services;
+
+   2. any unauthorized use of your wallet and/or private key due to
+      your failure to maintain the confidentiality of your wallet;
+
+   3. any interruption or cessation of transmission to or from the
+      services; or
+
+   4. any bugs, viruses, trojan horses, or the like that are found in
+      the Taler Wallet software or that may be transmitted to or
+      through our services by any third party (regardless of the
+      source of origination), or
+
+2. any direct damages.
+
+These limitations apply regardless of legal theory, whether based on
+tort, strict liability, breach of contract, breach of warranty, or any
+other legal theory, and whether or not we were advised of the
+possibility of such damages. Some jurisdictions do not allow the
+exclusion or limitation of liability for consequential or incidental
+damages, so the above limitation may not apply to you.
+
+Our services are provided "as is" and without warranty of any kind. To
+the maximum extent permitted by law, we disclaim all representations
+and warranties, express or implied, relating to the services and
+underlying software or any content on the services, whether provided
+or owned by us or by any third party, including without limitation,
+warranties of merchantability, fitness for a particular purpose,
+title, non-infringement, freedom from computer virus, and any implied
+warranties arising from course of dealing, course of performance, or
+usage in trade, all of which are expressly disclaimed. In addition, we
+do not represent or warrant that the content accessible via the
+services is accurate, complete, available, current, free of viruses or
+other harmful components, or that the results of using the services
+will meet your requirements. Some states do not allow the disclaimer
+of implied warranties, so the foregoing disclaimers may not apply to
+you. This paragraph gives you specific legal rights and you may also
+have other legal rights that vary from state to state.
+
+
+Indemnity and Time limitation on claims and Termination
+=======================================================
+
+To the extent permitted by applicable law, you agree to defend,
+indemnify, and hold harmless the Taler Parties from and against any
+and all claims, damages, obligations, losses, liabilities, costs or
+debt, and expenses (including, but not limited to, attorney’s fees)
+arising from: (a) your use of and access to the Services; (b) any
+feedback or submissions you provide to us concerning the Taler Wallet;
+(c) your violation of any term of this Agreement; or (d) your
+violation of any law, rule, or regulation, or the rights of any third
+party.
+
+You agree that any claim you may have arising out of or related to
+your relationship with us must be filed within one year after such
+claim arises, otherwise, your claim in permanently barred.
+
+In the event of termination concerning your use of our Services, your
+obligations under this Agreement will still continue.
+
+
+Discontinuance of services and Force majeure
+============================================
+
+We may, in our sole discretion and without cost to you, with or
+without prior notice, and at any time, modify or discontinue,
+temporarily or permanently, any portion of our Services. We will use
+the Taler protocol’s provisions to notify Wallets if our Services are
+to be discontinued. It is your responsibility to ensure that the Taler
+Wallet is online at least once every three months to observe these
+notifications. We shall not be held responsible or liable for any loss
+of funds in the event that we discontinue or depreciate the Services
+and your Taler Wallet fails to transfer out the coins within a three
+months notification period.
+
+We shall not be held liable for any delays, failure in performance, or
+interruptions of service which result directly or indirectly from any
+cause or condition beyond our reasonable control, including but not
+limited to: any delay or failure due to any act of God, act of civil
+or military authorities, act of terrorism, civil disturbance, war,
+strike or other labor dispute, fire, interruption in
+telecommunications or Internet services or network provider services,
+failure of equipment and/or software, other catastrophe, or any other
+occurrence which is beyond our reasonable control and shall not affect
+the validity and enforceability of any remaining provisions.
+
+
+Governing law, Waivers, Severability and Assignment
+===================================================
+
+No matter where you’re located, the laws of Switzerland will govern
+these Terms. If any provisions of these Terms are inconsistent with
+any applicable law, those provisions will be superseded or modified
+only to the extent such provisions are inconsistent. The parties agree
+to submit to the ordinary courts in Zurich, Switzerland for exclusive
+jurisdiction of any dispute arising out of or related to your use of
+the Services or your breach of these Terms.
+
+Our failure to exercise or delay in exercising any right, power, or
+privilege under this Agreement shall not operate as a waiver; nor
+shall any single or partial exercise of any right, power, or privilege
+preclude any other or further exercise thereof.
+
+You agree that we may assign any of our rights and/or transfer, sub-
+contract, or delegate any of our obligations under these Terms.
+
+If it turns out that any part of this Agreement is invalid, void, or
+for any reason unenforceable, that term will be deemed severable and
+limited or eliminated to the minimum extent necessary.
+
+This Agreement sets forth the entire understanding and agreement as to
+the subject matter hereof and supersedes any and all prior
+discussions, agreements, and understandings of any kind (including,
+without limitation, any prior versions of this Agreement) and every
+nature between us. Except as provided for above, any modification to
+this Agreement must be in writing and must be signed by both parties.
+
+
+Questions or comments
+=====================
+
+We welcome comments, questions, concerns, or suggestions. Please send
+us a message on our contact page at legal@taler-systems.com.
--- a/contrib/tos/en/tos-v0.pdf
+++ b/contrib/tos/en/tos-v0.pdf
--- a/contrib/tos/en/tos-v0.txt
+++ b/contrib/tos/en/tos-v0.txt
@ -0,0 +1,337 @@
+Terms Of Service
+****************
+
+Last Updated: 12.4.2019
+
+Welcome! Taler Systems SA (“we,” “our,” or “us”) provides a payment
+service through our Internet presence (collectively the “Services”).
+Before using our Services, please read the Terms of Service (the
+“Terms” or the “Agreement”) carefully.
+
+
+Overview
+========
+
+This section provides a brief summary of the highlights of this
+Agreement. Please note that when you accept this Agreement, you are
+accepting all of the terms and conditions and not just this section.
+We and possibly other third parties provide Internet services which
+interact with the Taler Wallet’s self-hosted personal payment
+application. When using the Taler Wallet to interact with our
+Services, you are agreeing to our Terms, so please read carefully.
+
+
+Highlights:
+-----------
+
+   * You are responsible for keeping the data in your Taler Wallet at
+     all times under your control. Any losses arising from you not
+     being in control of your private information are your problem.
+
+   * We will try to transfer funds we hold in escrow for our users to
+     any legal recipient to the best of our ability within the
+     limitations of the law and our implementation. However, the
+     Services offered today are highly experimental and the set of
+     recipients of funds is severely restricted.
+
+   * For our Services, we may charge transaction fees. The specific
+     fee structure is provided based on the Taler protocol and should
+     be shown to you when you withdraw electronic coins using a Taler
+     Wallet. You agree and understand that the Taler protocol allows
+     for the fee structure to change.
+
+   * You agree to not intentionally overwhelm our systems with
+     requests and follow responsible disclosure if you find security
+     issues in our services.
+
+   * We cannot be held accountable for our Services not being
+     available due to circumstances beyond our control. If we modify
+     or terminate our services, we will try to give you the
+     opportunity to recover your funds. However, given the
+     experimental state of the Services today, this may not be
+     possible. You are strongly advised to limit your use of the
+     Service to small-scale experiments expecting total loss of all
+     funds.
+
+These terms outline approved uses of our Services. The Services and
+these Terms are still at an experimental stage. If you have any
+questions or comments related to this Agreement, please send us a
+message to legal@taler-systems.com. If you do not agree to this
+Agreement, you must not use our Services.
+
+
+How you accept this policy
+==========================
+
+By sending funds to us (to top-up your Taler Wallet), you acknowledge
+that you have read, understood, and agreed to these Terms. We reserve
+the right to change these Terms at any time. If you disagree with the
+change, we may in the future offer you with an easy option to recover
+your unspent funds. However, in the current experimental period you
+acknowledge that this feature is not yet available, resulting in your
+funds being lost unless you accept the new Terms. If you continue to
+use our Services other than to recover your unspent funds, your
+continued use of our Services following any such change will signify
+your acceptance to be bound by the then current Terms. Please check
+the effective date above to determine if there have been any changes
+since you have last reviewed these Terms.
+
+
+Services
+========
+
+We will try to transfer funds that we hold in escrow for our users to
+any legal recipient to the best of our ability and within the
+limitations of the law and our implementation. However, the Services
+offered today are highly experimental and the set of recipients of
+funds is severely restricted.  The Taler Wallet can be loaded by
+exchanging fiat currencies against electronic coins. We are providing
+this exchange service. Once your Taler Wallet is loaded with
+electronic coins they can be spent for purchases if the seller is
+accepting Taler as a means of payment. We are not guaranteeing that
+any seller is accepting Taler at all or a particular seller.  The
+seller or recipient of deposits of electronic coins must specify the
+target account, as per the design of the Taler protocol. They are
+responsible for following the protocol and specifying the correct bank
+account, and are solely liable for any losses that may arise from
+specifying the wrong account. We will allow the government to link
+wire transfers to the underlying contract hash. It is the
+responsibility of recipients to preserve the full contracts and to pay
+whatever taxes and charges may be applicable. Technical issues may
+lead to situations where we are unable to make transfers at all or
+lead to incorrect transfers that cannot be reversed. We will only
+refuse to execute transfers if the transfers are prohibited by a
+competent legal authority and we are ordered to do so.
+
+When using our Services, you agree to not take any action that
+intentionally imposes an unreasonable load on our infrastructure. If
+you find security problems in our Services, you agree to first report
+them to security@taler-systems.com and grant us the right to publish
+your report. We warrant that we will ourselves publicly disclose any
+issues reported within 3 months, and that we will not prosecute anyone
+reporting security issues if they did not exploit the issue beyond a
+proof-of-concept, and followed the above responsible disclosure
+practice.
+
+
+Fees
+====
+
+You agree to pay the fees for exchanges and withdrawals completed via
+the Taler Wallet ("Fees") as defined by us, which we may change from
+time to time. With the exception of wire transfer fees, Taler
+transaction fees are set for any electronic coin at the time of
+withdrawal and fixed throughout the validity period of the respective
+electronic coin. Your wallet should obtain and display applicable fees
+when withdrawing funds. Fees for coins obtained as change may differ
+from the fees applicable to the original coin. Wire transfer fees that
+are independent from electronic coins may change annually.  You
+authorize us to charge or deduct applicable fees owed in connection
+with deposits, exchanges and withdrawals following the rules of the
+Taler protocol. We reserve the right to provide different types of
+rewards to users either in the form of discount for our Services or in
+any other form at our discretion and without prior notice to you.
+
+
+Eligibility and Financial self-responsibility
+=============================================
+
+To be eligible to use our Services, you must be able to form legally
+binding contracts or have the permission of your legal guardian. By
+using our Services, you represent and warrant that you meet all
+eligibility requirements that we outline in these Terms.
+
+You will be responsible for maintaining the availability, integrity
+and confidentiality of the data stored in your wallet. When you setup
+a Taler Wallet, you are strongly advised to follow the precautionary
+measures offered by the software to minimize the chances to losse
+access to or control over your Wallet data. We will not be liable for
+any loss or damage arising from your failure to comply with this
+paragraph.
+
+
+Copyrights and trademarks
+=========================
+
+The Taler Wallet is released under the terms of the GNU General Public
+License (GNU GPL). You have the right to access, use, and share the
+Taler Wallet, in modified or unmodified form. However, the GPL is a
+strong copyleft license, which means that any derivative works must be
+distributed under the same license terms as the original software. If
+you have any questions, you should review the GNU GPL’s full terms and
+conditions at https://www.gnu.org/licenses/gpl-3.0.en.html.  “Taler”
+itself is a trademark of Taler Systems SA. You are welcome to use the
+name in relation to processing payments using the Taler protocol,
+assuming your use is compatible with an official release from the GNU
+Project that is not older than two years.
+
+
+Limitation of liability & disclaimer of warranties
+==================================================
+
+You understand and agree that we have no control over, and no duty to
+take any action regarding: Failures, disruptions, errors, or delays in
+processing that you may experience while using our Services; The risk
+of failure of hardware, software, and Internet connections; The risk
+of malicious software being introduced or found in the software
+underlying the Taler Wallet; The risk that third parties may obtain
+unauthorized access to information stored within your Taler Wallet,
+including, but not limited to your Taler Wallet coins or backup
+encryption keys.  You release us from all liability related to any
+losses, damages, or claims arising from:
+
+1. user error such as forgotten passwords, incorrectly constructed
+   transactions;
+
+2. server failure or data loss;
+
+3. unauthorized access to the Taler Wallet application;
+
+4. bugs or other errors in the Taler Wallet software; and
+
+5. any unauthorized third party activities, including, but not limited
+   to, the use of viruses, phishing, brute forcing, or other means of
+   attack against the Taler Wallet. We make no representations
+   concerning any Third Party Content contained in or accessed through
+   our Services.
+
+Any other terms, conditions, warranties, or representations associated
+with such content, are solely between you and such organizations
+and/or individuals.
+
+To the fullest extent permitted by applicable law, in no event will we
+or any of our officers, directors, representatives, agents, servants,
+counsel, employees, consultants, lawyers, and other personnel
+authorized to act, acting, or purporting to act on our behalf
+(collectively the “Taler Parties”) be liable to you under contract,
+tort, strict liability, negligence, or any other legal or equitable
+theory, for:
+
+1. any lost profits, data loss, cost of procurement of substitute
+   goods or services, or direct, indirect, incidental, special,
+   punitive, compensatory, or consequential damages of any kind
+   whatsoever resulting from:
+
+   1. your use of, or conduct in connection with, our services;
+
+   2. any unauthorized use of your wallet and/or private key due to
+      your failure to maintain the confidentiality of your wallet;
+
+   3. any interruption or cessation of transmission to or from the
+      services; or
+
+   4. any bugs, viruses, trojan horses, or the like that are found in
+      the Taler Wallet software or that may be transmitted to or
+      through our services by any third party (regardless of the
+      source of origination), or
+
+2. any direct damages.
+
+These limitations apply regardless of legal theory, whether based on
+tort, strict liability, breach of contract, breach of warranty, or any
+other legal theory, and whether or not we were advised of the
+possibility of such damages. Some jurisdictions do not allow the
+exclusion or limitation of liability for consequential or incidental
+damages, so the above limitation may not apply to you.
+
+Our services are provided "as is" and without warranty of any kind. To
+the maximum extent permitted by law, we disclaim all representations
+and warranties, express or implied, relating to the services and
+underlying software or any content on the services, whether provided
+or owned by us or by any third party, including without limitation,
+warranties of merchantability, fitness for a particular purpose,
+title, non-infringement, freedom from computer virus, and any implied
+warranties arising from course of dealing, course of performance, or
+usage in trade, all of which are expressly disclaimed. In addition, we
+do not represent or warrant that the content accessible via the
+services is accurate, complete, available, current, free of viruses or
+other harmful components, or that the results of using the services
+will meet your requirements. Some states do not allow the disclaimer
+of implied warranties, so the foregoing disclaimers may not apply to
+you. This paragraph gives you specific legal rights and you may also
+have other legal rights that vary from state to state.
+
+
+Indemnity and Time limitation on claims and Termination
+=======================================================
+
+To the extent permitted by applicable law, you agree to defend,
+indemnify, and hold harmless the Taler Parties from and against any
+and all claims, damages, obligations, losses, liabilities, costs or
+debt, and expenses (including, but not limited to, attorney’s fees)
+arising from: (a) your use of and access to the Services; (b) any
+feedback or submissions you provide to us concerning the Taler Wallet;
+(c) your violation of any term of this Agreement; or (d) your
+violation of any law, rule, or regulation, or the rights of any third
+party.
+
+You agree that any claim you may have arising out of or related to
+your relationship with us must be filed within one year after such
+claim arises, otherwise, your claim in permanently barred.
+
+In the event of termination concerning your use of our Services, your
+obligations under this Agreement will still continue.
+
+
+Discontinuance of services and Force majeure
+============================================
+
+We may, in our sole discretion and without cost to you, with or
+without prior notice, and at any time, modify or discontinue,
+temporarily or permanently, any portion of our Services. We will use
+the Taler protocol’s provisions to notify Wallets if our Services are
+to be discontinued. It is your responsibility to ensure that the Taler
+Wallet is online at least once every three months to observe these
+notifications. We shall not be held responsible or liable for any loss
+of funds in the event that we discontinue or depreciate the Services
+and your Taler Wallet fails to transfer out the coins within a three
+months notification period.
+
+We shall not be held liable for any delays, failure in performance, or
+interruptions of service which result directly or indirectly from any
+cause or condition beyond our reasonable control, including but not
+limited to: any delay or failure due to any act of God, act of civil
+or military authorities, act of terrorism, civil disturbance, war,
+strike or other labor dispute, fire, interruption in
+telecommunications or Internet services or network provider services,
+failure of equipment and/or software, other catastrophe, or any other
+occurrence which is beyond our reasonable control and shall not affect
+the validity and enforceability of any remaining provisions.
+
+
+Governing law, Waivers, Severability and Assignment
+===================================================
+
+No matter where you’re located, the laws of Switzerland will govern
+these Terms. If any provisions of these Terms are inconsistent with
+any applicable law, those provisions will be superseded or modified
+only to the extent such provisions are inconsistent. The parties agree
+to submit to the ordinary courts in Zurich, Switzerland for exclusive
+jurisdiction of any dispute arising out of or related to your use of
+the Services or your breach of these Terms.
+
+Our failure to exercise or delay in exercising any right, power, or
+privilege under this Agreement shall not operate as a waiver; nor
+shall any single or partial exercise of any right, power, or privilege
+preclude any other or further exercise thereof.
+
+You agree that we may assign any of our rights and/or transfer, sub-
+contract, or delegate any of our obligations under these Terms.
+
+If it turns out that any part of this Agreement is invalid, void, or
+for any reason unenforceable, that term will be deemed severable and
+limited or eliminated to the minimum extent necessary.
+
+This Agreement sets forth the entire understanding and agreement as to
+the subject matter hereof and supersedes any and all prior
+discussions, agreements, and understandings of any kind (including,
+without limitation, any prior versions of this Agreement) and every
+nature between us. Except as provided for above, any modification to
+this Agreement must be in writing and must be signed by both parties.
+
+
+Questions or comments
+=====================
+
+We welcome comments, questions, concerns, or suggestions. Please send
+us a message on our contact page at legal@taler-systems.com.
--- a/contrib/tos/en/tos-v0.xml
+++ b/contrib/tos/en/tos-v0.xml
@ -0,0 +1,311 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
+<!-- Generated by Docutils 0.16 -->
+<document source="/research/taler/exchange/contrib/tos/tos-v0.rst">
+    <section ids="terms-of-service" names="terms\ of\ service">
+        <title>Terms Of Service</title>
+        <paragraph>Last Updated: 12.4.2019</paragraph>
+        <paragraph>Welcome! Taler Systems SA (“we,” “our,” or “us”) provides a payment service
+            through our Internet presence (collectively the “Services”). Before using our
+            Services, please read the Terms of Service (the “Terms” or the “Agreement”)
+            carefully.</paragraph>
+        <section ids="overview" names="overview">
+            <title>Overview</title>
+            <paragraph>This section provides a brief summary of the highlights of this
+                Agreement. Please note that when you accept this Agreement, you are accepting
+                all of the terms and conditions and not just this section. We and possibly
+                other third parties provide Internet services which interact with the Taler
+                Wallet’s self-hosted personal payment application. When using the Taler Wallet
+                to interact with our Services, you are agreeing to our Terms, so please read
+                carefully.</paragraph>
+            <section ids="highlights" names="highlights:">
+                <title>Highlights:</title>
+                <block_quote>
+                    <bullet_list bullet="•">
+                        <list_item>
+                            <paragraph>You are responsible for keeping the data in your Taler Wallet at all times
+                                under your control. Any losses arising from you not being in control of
+                                your private information are your problem.</paragraph>
+                        </list_item>
+                        <list_item>
+                            <paragraph>We will try to transfer funds we hold in escrow for our users to any legal
+                                recipient to the best of our ability within the limitations of the law and
+                                our implementation. However, the Services offered today are highly
+                                experimental and the set of recipients of funds is severely restricted.</paragraph>
+                        </list_item>
+                        <list_item>
+                            <paragraph>For our Services, we may charge transaction fees. The specific fee structure
+                                is provided based on the Taler protocol and should be shown to you when you
+                                withdraw electronic coins using a Taler Wallet. You agree and understand
+                                that the Taler protocol allows for the fee structure to change.</paragraph>
+                        </list_item>
+                        <list_item>
+                            <paragraph>You agree to not intentionally overwhelm our systems with requests and
+                                follow responsible disclosure if you find security issues in our services.</paragraph>
+                        </list_item>
+                        <list_item>
+                            <paragraph>We cannot be held accountable for our Services not being available due to
+                                circumstances beyond our control. If we modify or terminate our services,
+                                we will try to give you the opportunity to recover your funds. However,
+                                given the experimental state of the Services today, this may not be
+                                possible. You are strongly advised to limit your use of the Service
+                                to small-scale experiments expecting total loss of all funds.</paragraph>
+                        </list_item>
+                    </bullet_list>
+                </block_quote>
+                <paragraph>These terms outline approved uses of our Services. The Services and these
+                    Terms are still at an experimental stage. If you have any questions or
+                    comments related to this Agreement, please send us a message to
+                    <reference refuri="mailto:legal@taler-systems.com">legal@taler-systems.com</reference>. If you do not agree to this Agreement, you must not
+                    use our Services.</paragraph>
+            </section>
+        </section>
+        <section ids="how-you-accept-this-policy" names="how\ you\ accept\ this\ policy">
+            <title>How you accept this policy</title>
+            <paragraph>By sending funds to us (to top-up your Taler Wallet), you acknowledge that you
+                have read, understood, and agreed to these Terms. We reserve the right to
+                change these Terms at any time. If you disagree with the change, we may in the
+                future offer you with an easy option to recover your unspent funds. However,
+                in the current experimental period you acknowledge that this feature is not
+                yet available, resulting in your funds being lost unless you accept the new
+                Terms. If you continue to use our Services other than to recover your unspent
+                funds, your continued use of our Services following any such change will
+                signify your acceptance to be bound by the then current Terms. Please check
+                the effective date above to determine if there have been any changes since you
+                have last reviewed these Terms.</paragraph>
+        </section>
+        <section ids="services" names="services">
+            <title>Services</title>
+            <paragraph>We will try to transfer funds that we hold in escrow for our users to any
+                legal recipient to the best of our ability and within the limitations of the
+                law and our implementation. However, the Services offered today are highly
+                experimental and the set of recipients of funds is severely restricted.  The
+                Taler Wallet can be loaded by exchanging fiat currencies against electronic
+                coins. We are providing this exchange service. Once your Taler Wallet is
+                loaded with electronic coins they can be spent for purchases if the seller is
+                accepting Taler as a means of payment. We are not guaranteeing that any seller
+                is accepting Taler at all or a particular seller.  The seller or recipient of
+                deposits of electronic coins must specify the target account, as per the
+                design of the Taler protocol. They are responsible for following the protocol
+                and specifying the correct bank account, and are solely liable for any losses
+                that may arise from specifying the wrong account. We will allow the government
+                to link wire transfers to the underlying contract hash. It is the
+                responsibility of recipients to preserve the full contracts and to pay
+                whatever taxes and charges may be applicable. Technical issues may lead to
+                situations where we are unable to make transfers at all or lead to incorrect
+                transfers that cannot be reversed. We will only refuse to execute transfers if
+                the transfers are prohibited by a competent legal authority and we are ordered
+                to do so.</paragraph>
+            <paragraph>When using our Services, you agree to not take any action that intentionally
+                imposes an unreasonable load on our infrastructure. If you find security
+                problems in our Services, you agree to first report them to
+                <reference refuri="mailto:security@taler-systems.com">security@taler-systems.com</reference> and grant us the right to publish your report. We
+                warrant that we will ourselves publicly disclose any issues reported within 3
+                months, and that we will not prosecute anyone reporting security issues if
+                they did not exploit the issue beyond a proof-of-concept, and followed the
+                above responsible disclosure practice.</paragraph>
+        </section>
+        <section ids="fees" names="fees">
+            <title>Fees</title>
+            <paragraph>You agree to pay the fees for exchanges and withdrawals completed via the
+                Taler Wallet (“Fees”) as defined by us, which we may change from time to
+                time. With the exception of wire transfer fees, Taler transaction fees are set
+                for any electronic coin at the time of withdrawal and fixed throughout the
+                validity period of the respective electronic coin. Your wallet should obtain
+                and display applicable fees when withdrawing funds. Fees for coins obtained as
+                change may differ from the fees applicable to the original coin. Wire transfer
+                fees that are independent from electronic coins may change annually.  You
+                authorize us to charge or deduct applicable fees owed in connection with
+                deposits, exchanges and withdrawals following the rules of the Taler protocol.
+                We reserve the right to provide different types of rewards to users either in
+                the form of discount for our Services or in any other form at our discretion
+                and without prior notice to you.</paragraph>
+        </section>
+        <section ids="eligibility-and-financial-self-responsibility" names="eligibility\ and\ financial\ self-responsibility">
+            <title>Eligibility and Financial self-responsibility</title>
+            <paragraph>To be eligible to use our Services, you must be able to form legally binding
+                contracts or have the permission of your legal guardian. By using our
+                Services, you represent and warrant that you meet all eligibility requirements
+                that we outline in these Terms.</paragraph>
+            <paragraph>You will be responsible for maintaining the availability, integrity and
+                confidentiality of the data stored in your wallet. When you setup a Taler
+                Wallet, you are strongly advised to follow the precautionary measures offered
+                by the software to minimize the chances to losse access to or control over
+                your Wallet data. We will not be liable for any loss or damage arising from
+                your failure to comply with this paragraph.</paragraph>
+        </section>
+        <section ids="copyrights-and-trademarks" names="copyrights\ and\ trademarks">
+            <title>Copyrights and trademarks</title>
+            <paragraph>The Taler Wallet is released under the terms of the GNU General Public License
+                (GNU GPL). You have the right to access, use, and share the Taler Wallet, in
+                modified or unmodified form. However, the GPL is a strong copyleft license,
+                which means that any derivative works must be distributed under the same
+                license terms as the original software. If you have any questions, you should
+                review the GNU GPL’s full terms and conditions at
+                <reference refuri="https://www.gnu.org/licenses/gpl-3.0.en.html">https://www.gnu.org/licenses/gpl-3.0.en.html</reference>.  “Taler” itself is a trademark
+                of Taler Systems SA. You are welcome to use the name in relation to processing
+                payments using the Taler protocol, assuming your use is compatible with an
+                official release from the GNU Project that is not older than two years.</paragraph>
+        </section>
+        <section ids="limitation-of-liability-disclaimer-of-warranties" names="limitation\ of\ liability\ &amp;\ disclaimer\ of\ warranties">
+            <title>Limitation of liability &amp; disclaimer of warranties</title>
+            <paragraph>You understand and agree that we have no control over, and no duty to take any
+                action regarding: Failures, disruptions, errors, or delays in processing that
+                you may experience while using our Services; The risk of failure of hardware,
+                software, and Internet connections; The risk of malicious software being
+                introduced or found in the software underlying the Taler Wallet; The risk that
+                third parties may obtain unauthorized access to information stored within your
+                Taler Wallet, including, but not limited to your Taler Wallet coins or backup
+                encryption keys.  You release us from all liability related to any losses,
+                damages, or claims arising from:</paragraph>
+            <enumerated_list enumtype="loweralpha" prefix="(" suffix=")">
+                <list_item>
+                    <paragraph>user error such as forgotten passwords, incorrectly constructed
+                        transactions;</paragraph>
+                </list_item>
+                <list_item>
+                    <paragraph>server failure or data loss;</paragraph>
+                </list_item>
+                <list_item>
+                    <paragraph>unauthorized access to the Taler Wallet application;</paragraph>
+                </list_item>
+                <list_item>
+                    <paragraph>bugs or other errors in the Taler Wallet software; and</paragraph>
+                </list_item>
+                <list_item>
+                    <paragraph>any unauthorized third party activities, including, but not limited to,
+                        the use of viruses, phishing, brute forcing, or other means of attack
+                        against the Taler Wallet. We make no representations concerning any
+                        Third Party Content contained in or accessed through our Services.</paragraph>
+                </list_item>
+            </enumerated_list>
+            <paragraph>Any other terms, conditions, warranties, or representations associated with
+                such content, are solely between you and such organizations and/or
+                individuals.</paragraph>
+            <paragraph>To the fullest extent permitted by applicable law, in no event will we or any
+                of our officers, directors, representatives, agents, servants, counsel,
+                employees, consultants, lawyers, and other personnel authorized to act,
+                acting, or purporting to act on our behalf (collectively the “Taler Parties”)
+                be liable to you under contract, tort, strict liability, negligence, or any
+                other legal or equitable theory, for:</paragraph>
+            <enumerated_list enumtype="loweralpha" prefix="(" suffix=")">
+                <list_item>
+                    <paragraph>any lost profits, data loss, cost of procurement of substitute goods or
+                        services, or direct, indirect, incidental, special, punitive, compensatory,
+                        or consequential damages of any kind whatsoever resulting from:</paragraph>
+                </list_item>
+            </enumerated_list>
+            <block_quote>
+                <enumerated_list enumtype="lowerroman" prefix="(" suffix=")">
+                    <list_item>
+                        <paragraph>your use of, or conduct in connection with, our services;</paragraph>
+                    </list_item>
+                    <list_item>
+                        <paragraph>any unauthorized use of your wallet and/or private key due to your
+                            failure to maintain the confidentiality of your wallet;</paragraph>
+                    </list_item>
+                    <list_item>
+                        <paragraph>any interruption or cessation of transmission to or from the services; or</paragraph>
+                    </list_item>
+                    <list_item>
+                        <paragraph>any bugs, viruses, trojan horses, or the like that are found in the Taler
+                            Wallet software or that may be transmitted to or through our services by
+                            any third party (regardless of the source of origination), or</paragraph>
+                    </list_item>
+                </enumerated_list>
+            </block_quote>
+            <enumerated_list enumtype="loweralpha" prefix="(" start="2" suffix=")">
+                <list_item>
+                    <paragraph>any direct damages.</paragraph>
+                </list_item>
+            </enumerated_list>
+            <paragraph>These limitations apply regardless of legal theory, whether based on tort,
+                strict liability, breach of contract, breach of warranty, or any other legal
+                theory, and whether or not we were advised of the possibility of such
+                damages. Some jurisdictions do not allow the exclusion or limitation of
+                liability for consequential or incidental damages, so the above limitation may
+                not apply to you.</paragraph>
+            <paragraph>Our services are provided “as is” and without warranty of any kind. To the
+                maximum extent permitted by law, we disclaim all representations and
+                warranties, express or implied, relating to the services and underlying
+                software or any content on the services, whether provided or owned by us or by
+                any third party, including without limitation, warranties of merchantability,
+                fitness for a particular purpose, title, non-infringement, freedom from
+                computer virus, and any implied warranties arising from course of dealing,
+                course of performance, or usage in trade, all of which are expressly
+                disclaimed. In addition, we do not represent or warrant that the content
+                accessible via the services is accurate, complete, available, current, free of
+                viruses or other harmful components, or that the results of using the services
+                will meet your requirements. Some states do not allow the disclaimer of
+                implied warranties, so the foregoing disclaimers may not apply to you. This
+                paragraph gives you specific legal rights and you may also have other legal
+                rights that vary from state to state.</paragraph>
+        </section>
+        <section ids="indemnity-and-time-limitation-on-claims-and-termination" names="indemnity\ and\ time\ limitation\ on\ claims\ and\ termination">
+            <title>Indemnity and Time limitation on claims and Termination</title>
+            <paragraph>To the extent permitted by applicable law, you agree to defend, indemnify, and
+                hold harmless the Taler Parties from and against any and all claims, damages,
+                obligations, losses, liabilities, costs or debt, and expenses (including, but
+                not limited to, attorney’s fees) arising from: (a) your use of and access to
+                the Services; (b) any feedback or submissions you provide to us concerning the
+                Taler Wallet; (c) your violation of any term of this Agreement; or (d) your
+                violation of any law, rule, or regulation, or the rights of any third party.</paragraph>
+            <paragraph>You agree that any claim you may have arising out of or related to your
+                relationship with us must be filed within one year after such claim arises,
+                otherwise, your claim in permanently barred.</paragraph>
+            <paragraph>In the event of termination concerning your use of our Services, your
+                obligations under this Agreement will still continue.</paragraph>
+        </section>
+        <section ids="discontinuance-of-services-and-force-majeure" names="discontinuance\ of\ services\ and\ force\ majeure">
+            <title>Discontinuance of services and Force majeure</title>
+            <paragraph>We may, in our sole discretion and without cost to you, with or without prior
+                notice, and at any time, modify or discontinue, temporarily or permanently,
+                any portion of our Services. We will use the Taler protocol’s provisions to
+                notify Wallets if our Services are to be discontinued. It is your
+                responsibility to ensure that the Taler Wallet is online at least once every
+                three months to observe these notifications. We shall not be held responsible
+                or liable for any loss of funds in the event that we discontinue or depreciate
+                the Services and your Taler Wallet fails to transfer out the coins within a
+                three months notification period.</paragraph>
+            <paragraph>We shall not be held liable for any delays, failure in performance, or
+                interruptions of service which result directly or indirectly from any cause or
+                condition beyond our reasonable control, including but not limited to: any
+                delay or failure due to any act of God, act of civil or military authorities,
+                act of terrorism, civil disturbance, war, strike or other labor dispute, fire,
+                interruption in telecommunications or Internet services or network provider
+                services, failure of equipment and/or software, other catastrophe, or any
+                other occurrence which is beyond our reasonable control and shall not affect
+                the validity and enforceability of any remaining provisions.</paragraph>
+        </section>
+        <section ids="governing-law-waivers-severability-and-assignment" names="governing\ law,\ waivers,\ severability\ and\ assignment">
+            <title>Governing law, Waivers, Severability and Assignment</title>
+            <paragraph>No matter where you’re located, the laws of Switzerland will govern these
+                Terms. If any provisions of these Terms are inconsistent with any applicable
+                law, those provisions will be superseded or modified only to the extent such
+                provisions are inconsistent. The parties agree to submit to the ordinary
+                courts in Zurich, Switzerland for exclusive jurisdiction of any dispute
+                arising out of or related to your use of the Services or your breach of these
+                Terms.</paragraph>
+            <paragraph>Our failure to exercise or delay in exercising any right, power, or privilege
+                under this Agreement shall not operate as a waiver; nor shall any single or
+                partial exercise of any right, power, or privilege preclude any other or
+                further exercise thereof.</paragraph>
+            <paragraph>You agree that we may assign any of our rights and/or transfer, sub-contract,
+                or delegate any of our obligations under these Terms.</paragraph>
+            <paragraph>If it turns out that any part of this Agreement is invalid, void, or for any
+                reason unenforceable, that term will be deemed severable and limited or
+                eliminated to the minimum extent necessary.</paragraph>
+            <paragraph>This Agreement sets forth the entire understanding and agreement as to the
+                subject matter hereof and supersedes any and all prior discussions,
+                agreements, and understandings of any kind (including, without limitation, any
+                prior versions of this Agreement) and every nature between us. Except as
+                provided for above, any modification to this Agreement must be in writing and
+                must be signed by both parties.</paragraph>
+        </section>
+        <section ids="questions-or-comments" names="questions\ or\ comments">
+            <title>Questions or comments</title>
+            <paragraph>We welcome comments, questions, concerns, or suggestions. Please send us a
+                message on our contact page at <reference refuri="mailto:legal@taler-systems.com">legal@taler-systems.com</reference>.</paragraph>
+        </section>
+    </section>
+</document>
--- a/contrib/tos/tos-v0.rst
+++ b/contrib/tos/tos-v0.rst
--- a/contrib/uncrustify_precommit
+++ b/contrib/uncrustify_precommit
@ -1,11 +1,10 @@
 #!/bin/sh

 # use as .git/hooks/pre-commit
-
 exec 1>&2

 RET=0
-changed=$(git diff --cached --name-only)
+changed=$(git diff --cached --name-only | grep -v mustach)
 crustified=""

 for f in $changed;
--- a/contrib/update-pp.sh
+++ b/contrib/update-pp.sh
@ -14,7 +14,8 @@ cd pp
 for l in $@
 do
    mkdir -p $l
-    echo Generating PP for language $l
+    echo "Generating PP for language $l"
+    cat conf.py.in | sed -e "s/%VERSION%/$VERSION/g" > conf.py
    # 'f' is for the supported formats, note that the 'make' target
    # MUST match the file extension.
    for f in html txt pdf epub xml
@ -22,7 +23,16 @@ do
        rm -rf _build
        echo "  Generating format $f"
        make -e SPHINXOPTS="-D language='$l'" $f >>sphinx.log 2>>sphinx.err < /dev/null
-        mv _build/$f/pp.$f $l/${VERSION}.$f
+        if test $f = "html"
+        then
+            htmlark -o $l/${VERSION}.$f _build/$f/${VERSION}.$f
+        else
+            mv _build/$f/${VERSION}.$f $l/${VERSION}.$f
+        fi
+        if test $f = "txt"
+        then
+            cp $l/${VERSION}.$f $l/${VERSION}.md
+        fi
    done
 done
 cd ..
--- a/contrib/update-tos.sh
+++ b/contrib/update-tos.sh
@ -14,7 +14,8 @@ cd tos
 for l in $@
 do
    mkdir -p $l
-    echo Generating TOS for language $l
+    echo "Generating TOS for language $l"
+    cat conf.py.in | sed -e "s/%VERSION%/$VERSION/g" > conf.py
    # 'f' is for the supported formats, note that the 'make' target
    # MUST match the file extension.
    for f in html txt pdf epub xml
@ -22,7 +23,17 @@ do
        rm -rf _build
        echo "  Generating format $f"
        make -e SPHINXOPTS="-D language='$l'" $f >>sphinx.log 2>>sphinx.err < /dev/null
-        mv _build/$f/tos.$f $l/${VERSION}.$f
+        if test $f = "html"
+        then
+            htmlark -o $l/${VERSION}.$f _build/$f/${VERSION}.$f
+        else
+            mv _build/$f/${VERSION}.$f $l/${VERSION}.$f
+        fi
+        if test $f = "txt"
+        then
+            cp $l/${VERSION}.$f $l/${VERSION}.md
+        fi
    done
 done
 cd ..
+echo "Success"
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,21 @@
+taler-exchange (0.9.1) unstable; urgency=low
+
+  * Packaging latest release.
+
+ -- Christian Grothoff <grothoff@gnu.org>  Tue, 17 Jan 2023 11:50:12 +0200
+
+taler-exchange (0.9.0) unstable; urgency=low
+
+  * Packaging latest release.
+
+ -- Christian Grothoff <grothoff@gnu.org>  Sat, 5 Nov 2022 11:50:12 +0200
+
+taler-exchange (0.8.99-2) unstable; urgency=low
+
+  * Packaging latest pre-release from Git.
+
+ -- Christian Grothoff <grothoff@gnu.org>  Mon, 26 Sep 2022 09:50:12 +0200
+
 taler-exchange (0.8.99-1) unstable; urgency=low

  * Updating to latest pre-release from Git.
--- a/debian/control
+++ b/debian/control
@ -39,7 +39,12 @@ Depends:
 netbase,
 ${misc:Depends},
 ${shlibs:Depends}
-Description: libraries to talk to a GNU Taler exchange
+Description: Libraries to talk to a GNU Taler exchange.
+  The package also contains various files fundamental
+  to all GNU Taler installations, such as the
+  taler-config configuration command-line tool,
+  various base configuration files and associated
+  documentation.

 Package: taler-exchange-database
 Architecture: any
@ -50,7 +55,10 @@ Depends:
 netbase,
 ${misc:Depends},
 ${shlibs:Depends}
-Description: programs and libraries to manage a GNU Taler exchange database
+Description: Programs and libraries to manage a GNU Taler exchange database.
+ This package contains only the code to setup the
+ (Postgresql) database interaction (taler-exchange-dbinit
+ and associated resource files).

 Package: taler-exchange
 Architecture: any
@ -69,7 +77,22 @@ Depends:
 Recommends:
  taler-exchange-offline (= ${binary:Version}),
  postgresql (>=13.0)
-Description: GNU's payment system operator
+Description: GNU's payment system operator.
+  GNU Taler is the privacy-preserving digital payment
+  system from the GNU project. This package contains the
+  core logic that must be run by the payment service
+  provider or bank to offer payments to consumers and
+  merchants.  At least one exchange must be operated
+  per currency.
+  In addition to the core logic, an exchange operator
+  must also have a system running the "offline" logic
+  which is packaged as taler-exchange-offline. It is
+  recommended to keep the "offline" logic on a system
+  that is never connected to the Internet. However, it
+  is also possible to run the "offline" logic directly
+  on the production system, especially for testing.
+  Finally, an exchange operator should also be prepared
+  to run a taler-auditor.

 Package: taler-exchange-offline
 Architecture: any
@ -82,7 +105,14 @@ Depends:
 netbase,
 ${misc:Depends},
 ${shlibs:Depends}
-Description: tools for managing the GNU Taler exchange offline keys
+Description: Tools for managing the GNU Taler exchange offline keys.
+ A GNU Taler exchange uses an offline key to sign its online
+ keys, fee structure, bank routing information and other meta
+ data. The offline signing key is the root of the Taler PKI
+ that is then embedded in consumer wallets and merchant backends.
+ This package includes the tool to download material to sign
+ from the exchange, create signatures, and upload the resulting
+ signatures to the exchange.

 Package: taler-auditor
 Architecture: any
@ -98,7 +128,15 @@ Depends:
 python3-jinja2,
 ${misc:Depends},
 ${shlibs:Depends}
-Description: GNU's payment system auditor
+Description: GNU's payment system auditor.
+  GNU Taler is the privacy-preserving digital payment
+  system from the GNU project. This package contains the
+  auditor logic. It verifies that the taler-exchange run
+  by a payment service provider is correctly performing
+  its bank transactions and thus has the correct balance
+  in its escrow account.  Each exchange operator is
+  expected to make use of one or more auditors as part
+  of its regulatory compliance.

 Package: libtalerexchange-dev
 Section: libdevel
--- a/debian/libtalerexchange-dev.install
+++ b/debian/libtalerexchange-dev.install
@ -3,12 +3,17 @@ usr/bin/taler-aggregator-benchmark
 usr/bin/taler-exchange-benchmark
 usr/bin/taler-fakebank-run
 usr/bin/taler-bank-benchmark
+usr/bin/taler-exchange-kyc-tester

 # Only used in test cases.  Maybe these
 # shouldn't even be installed?
 usr/bin/taler-nexus-prepare
 usr/bin/taler-bank-manage-testing

+# Man pages
+usr/share/man/man1/taler-exchange-kyc-tester*
+
+
 # Headers
 usr/include/taler/*

--- a/debian/rules
+++ b/debian/rules
@ -7,6 +7,9 @@ include /usr/share/dpkg/architecture.mk
 %:
 	dh ${@}

+override_dh_builddeb:
+	dh_builddeb -- -Zgzip
+
 override_dh_auto_configure-arch:
 	dh_auto_configure -- --disable-rpath --with-microhttpd=yes $(shell dpkg-buildflags --export=configure)

--- a/debian/taler-exchange.install
+++ b/debian/taler-exchange.install
@ -1,6 +1,7 @@
 usr/bin/taler-exchange-aggregator
 usr/bin/taler-exchange-closer
 usr/bin/taler-exchange-dbinit
+usr/bin/taler-exchange-drain
 usr/bin/taler-exchange-expire
 usr/bin/taler-exchange-httpd
 usr/bin/taler-exchange-router
@ -10,9 +11,12 @@ usr/bin/taler-exchange-secmod-rsa
 usr/bin/taler-exchange-transfer
 usr/bin/taler-exchange-wirewatch
 usr/bin/taler-exchange-wire-gateway-client
+usr/lib/*/taler/libtaler_plugin_kyclogic_*.so
+usr/lib/*/taler/libtaler_extension_*.so
 usr/share/man/man1/taler-exchange-aggregator*
 usr/share/man/man1/taler-exchange-closer*
 usr/share/man/man1/taler-exchange-dbinit*
+usr/share/man/man1/taler-exchange-drain*
 usr/share/man/man1/taler-exchange-expire*
 usr/share/man/man1/taler-exchange-httpd*
 usr/share/man/man1/taler-exchange-router*
@ -26,6 +30,7 @@ usr/share/man/man1/taler-exchange-wire-gateway-client*
 usr/share/info/taler-bank*
 usr/share/info/taler-exchange*
 usr/share/taler/config.d/*
+usr/share/taler/exchange/templates/*.must

 # configuration files in /etc/taler
 debian/etc-taler-exchange/* etc/
--- a/debian/taler-exchange.postrm
+++ b/debian/taler-exchange.postrm
@ -7,13 +7,16 @@ if [ -f /usr/share/debconf/confmodule ]; then
 fi

 case "${1}" in
-purge) ;;
-remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;;
+purge)
+    rm -rf /var/lib/taler/exchange-offline /var/lib/taler/exchange-secmod-*
+    ;;

+remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear)
+    ;;
 *)
-  echo "postrm called with unknown argument \`${1}'" >&2
-  exit 1
-  ;;
+    echo "postrm called with unknown argument \`${1}'" >&2
+    exit 1
+    ;;
 esac

 #DEBHELPER#
--- a/debian/taler-exchange.taler-exchange-aggregator.service
+++ b/debian/taler-exchange.taler-exchange-aggregator.service
@ -1,6 +1,7 @@
 [Unit]
 Description=GNU Taler payment system exchange aggregator service
 PartOf=taler-exchange.target
+After=postgres.service

 [Service]
 User=taler-exchange-aggregator
@ -13,3 +14,4 @@ StandardError=journal
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
+Slice=taler-exchange.slice
--- a/debian/taler-exchange.taler-exchange-aggregator@.service
+++ b/debian/taler-exchange.taler-exchange-aggregator@.service
@ -0,0 +1,16 @@
+[Unit]
+Description=GNU Taler payment system exchange aggregator service
+PartOf=taler-exchange.target
+
+[Service]
+User=taler-exchange-aggregator
+Type=simple
+Restart=always
+RestartSec=100ms
+ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+Slice=taler-exchange.slice
--- a/debian/taler-exchange.taler-exchange-closer.service
+++ b/debian/taler-exchange.taler-exchange-closer.service
@ -1,6 +1,7 @@
 [Unit]
 Description=GNU Taler payment system exchange closer service
 PartOf=taler-exchange.target
+After=network.target postgres.service

 [Service]
 User=taler-exchange-closer
@ -13,3 +14,4 @@ StandardError=journal
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
+Slice=taler-exchange.slice
--- a/debian/taler-exchange.taler-exchange-expire.service
+++ b/debian/taler-exchange.taler-exchange-expire.service
@ -1,6 +1,7 @@
 [Unit]
 Description=GNU Taler payment system exchange expire service
 PartOf=taler-exchange.target
+After=postgres.service

 [Service]
 User=taler-exchange-expire
@ -13,3 +14,4 @@ StandardError=journal
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
+Slice=taler-exchange.slice
--- a/debian/taler-exchange.taler-exchange-httpd.service
+++ b/debian/taler-exchange.taler-exchange-httpd.service
@ -19,6 +19,7 @@ StandardError=journal
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
+Slice=taler-exchange.slice

 [Install]
 WantedBy=multi-user.target
--- a/debian/taler-exchange.taler-exchange-httpd@.service
+++ b/debian/taler-exchange.taler-exchange-httpd@.service
@ -21,6 +21,7 @@ StandardError=journal
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
+Slice=taler-exchange.slice

 [Install]
 WantedBy=multi-user.target
--- a/debian/taler-exchange.taler-exchange-secmod-cs.service
+++ b/debian/taler-exchange.taler-exchange-secmod-cs.service
@ -14,3 +14,5 @@ StandardError=journal
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
+IPAddressDeny=any
+Slice=taler-exchange.slice
--- a/debian/taler-exchange.taler-exchange-secmod-eddsa.service
+++ b/debian/taler-exchange.taler-exchange-secmod-eddsa.service
@ -14,3 +14,6 @@ StandardError=journal
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
+IPAddressDeny=any
+Slice=taler-exchange.slice
+
--- a/debian/taler-exchange.taler-exchange-secmod-rsa.service
+++ b/debian/taler-exchange.taler-exchange-secmod-rsa.service
@ -14,3 +14,5 @@ StandardError=journal
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
+IPAddressDeny=any
+Slice=taler-exchange.slice
--- a/debian/taler-exchange.taler-exchange-transfer.service
+++ b/debian/taler-exchange.taler-exchange-transfer.service
@ -1,6 +1,6 @@
 [Unit]
 Description=Taler Exchange Transfer Service
-After=network.target
+After=network.target postgres.service
 PartOf=taler-exchange.target

 [Service]
@ -14,3 +14,4 @@ StandardError=journal
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
+Slice=taler-exchange.slice
--- a/debian/taler-exchange.taler-exchange-wirewatch.service
+++ b/debian/taler-exchange.taler-exchange-wirewatch.service
@ -1,6 +1,6 @@
 [Unit]
 Description=GNU Taler payment system exchange wirewatch service
-After=network.target
+After=network.target postgres.service
 PartOf=taler-exchange.target

 [Service]
@ -14,3 +14,4 @@ StandardError=journal
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
+Slice=taler-exchange.slice
--- a/debian/taler-exchange.taler-exchange-wirewatch@.service
+++ b/debian/taler-exchange.taler-exchange-wirewatch@.service
@ -14,3 +14,4 @@ StandardError=journal
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
+Slice=taler-exchange.slice
--- a/debian/taler-exchange.taler-exchange.slice
+++ b/debian/taler-exchange.taler-exchange.slice
@ -0,0 +1,7 @@
+[Unit]
+Description=Slice for GNU taler exchange processes
+Before=slices.target
+
+[Slice]
+# Add settings that should affect all GNU Taler exchange
+# components here.
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -21,19 +21,22 @@ man_MANS = \
  prebuilt/man/taler-exchange-benchmark.1  \
  prebuilt/man/taler-exchange-closer.1     \
  prebuilt/man/taler-exchange-dbinit.1  \
+  prebuilt/man/taler-exchange-drain.1  \
  prebuilt/man/taler-exchange-expire.1  \
  prebuilt/man/taler-exchange-httpd.1       \
+  prebuilt/man/taler-exchange-kyc-tester.1       \
  prebuilt/man/taler-exchange-offline.1    \
+  prebuilt/man/taler-exchange-router.1\
  prebuilt/man/taler-exchange-secmod-cs.1\
  prebuilt/man/taler-exchange-secmod-eddsa.1\
  prebuilt/man/taler-exchange-secmod-rsa.1 \
-  prebuilt/man/taler-exchange-router.1\
  prebuilt/man/taler-exchange-transfer.1\
-  prebuilt/man/taler-exchange-wirewatch.1   \
  prebuilt/man/taler-exchange-wire-gateway-client.1\
+  prebuilt/man/taler-exchange-wirewatch.1   \
  prebuilt/man/taler-helper-auditor-aggregation.1 \
  prebuilt/man/taler-helper-auditor-coins.1\
  prebuilt/man/taler-helper-auditor-deposits.1\
+  prebuilt/man/taler-helper-auditor-purses.1\
  prebuilt/man/taler-helper-auditor-reserves.1\
  prebuilt/man/taler-helper-auditor-wire.1

--- a/doc/cs/ads/glossary.tex
+++ b/doc/cs/ads/glossary.tex
@ -1,12 +1,12 @@
 %!TEX root = ../thesis.tex

 %
-% vorher in Konsole folgendes aufrufen: 
+% vorher in Konsole folgendes aufrufen:
 %	makeglossaries makeglossaries dokumentation.acn && makeglossaries dokumentation.glo
 %

 %
-% Glossareintraege --> referenz, name, beschreibung
+% Glossareintraege --> reference, name, beschreibung
 % Aufruf mit \gls{...}
 %
 % \newglossaryentry{non-repudiation}{name={non-repudiation},plural={non-repudiation},description={After a message is signed, one can not dispute that a message was signed}}
@ -18,36 +18,36 @@
 }

 \newglossaryentry{25519}{
-    name        = {Curve25519}, 
-    description = {A popular elliptic curve used in many cryptographic systems based on elliptic curve cryptography. See section \ref{par:curve25519}} 
+    name        = {Curve25519},
+    description = {A popular elliptic curve used in many cryptographic systems based on elliptic curve cryptography. See section \ref{par:curve25519}}
 }

 \newglossaryentry{fdh}{
    name        = {FDH},
-    description = {A Full-Domain Hash is a hash function with an image size equal to the original gorup. See section \ref{sec:rsa-fdh}}. 
-} 
+    description = {A Full-Domain Hash is a hash function with an image size equal to the original gorup. See section \ref{sec:rsa-fdh}}.
+}

 \newglossaryentry{idempotence}{
    name        = {idempotence},
-    description = {Idempotence in the context of computer science is a property to ensure that the state of system will not change, no matter how many times the same request was made. See section \ref{abort-idempotency}} 
-} 
+    description = {Idempotence in the context of computer science is a property to ensure that the state of system will not change, no matter how many times the same request was made. See section \ref{abort-idempotency}}
+}

 \newglossaryentry{abort-idempotency}{
    name        = {abort-idempotency},
-    description = {Abort-idempotency is a special case of \gls{idempotence}. On every step in a protocol it needs to be ensured that even on an abort, the same request always receives the same response. See section \ref{abort-idempotency}} 
-} 
+    description = {Abort-idempotency is a special case of \gls{idempotence}. On every step in a protocol it needs to be ensured that even on an abort, the same request always receives the same response. See section \ref{abort-idempotency}}
+}

 \newglossaryentry{RSABS}{
    name        = {RSA Blind Signatures},
-    description = {Chaums Blind Signature Scheme based on RSA. See section \ref{sec:blind-rsa-sign}} 
+    description = {Chaums Blind Signature Scheme based on RSA. See section \ref{sec:blind-rsa-sign}}
 }

 \newglossaryentry{CSBS}{
    name        = {Clause Blind Schnorr Signatures},
    description = {A secure variant of Blind Schnorr Signature Schemes introduced in section \ref{sec:clause-blind-schnorr-sig}}
-} 
+}

 % \newglossaryentry{25519}{
    % name        = {},
-    % description = {} 
-% } 
+    % description = {}
+% }
--- a/doc/cs/content/1_introduction.tex
+++ b/doc/cs/content/1_introduction.tex
@ -51,7 +51,7 @@ In scope are all necessary changes on the protocol(s) and components for the fol
    \item design and implement a protocol where the user proves to the exchange the knowledge of the coin that is to be signed (optional)
 \end{itemize}

-Out of scope is production readyness of the implementation.
+Out of scope is production readiness of the implementation.
 This is because changes in the protocos and code need to be thoroughly vetted to ensure that no weaknesses or security vulnerabilities were introduced.
 Such an audit is out of scope for the thesis and is recommended to be performed in the future.
 The iOS wallet will not be considered in this work.
@ -69,4 +69,4 @@ Scope changes during the project:
    \item \textbf{Adjusted: } Focus is on the implementation of the exchange protocols (Withdraw, Spend, Refresh and cryptographic utilities)
    \item \textbf{Adjusted: } Implementation of the refresh protocol and wallet-core are nice-to-have goals
    \item \textbf{Removed: } The Merchant and the android wallet implementations are out of scope
-\end{itemize}
+\end{itemize}
--- a/doc/cs/content/3_preliminaries.tex
+++ b/doc/cs/content/3_preliminaries.tex
@ -141,7 +141,6 @@ This can be used to detect compromised signing keys or a malicious exchange.

 \subsection{Properties}
 \label{sec:taler-properties}
-%Alle Taler Eigenschaften die wir angreifen wollen auflisten und bezug nehmen wie diese erreicht werden
 This section describes Taler's properties.

 \subsubsection{Free Software}
@ -299,7 +298,7 @@ If verification is successful, only Alice knows her private key and Bob uses Ali
 A digital signature scheme has a message space M, a signature space S and three algorithms:
 \begin{itemize}
    \item Key generation: $(pk,sk) \gets keyGen()$
-    \item Signatue generation: $s \gets $sign$_sk(m)$
+    \item Signature generation: $s \gets $sign$_sk(m)$
    \item Verification: $ v \gets $verify$_pk(m,s)$ where $v \in {0,1}$
 \end{itemize}
 If the result of the verification algorithm equals 1, a signature for m is called valid.
@ -783,7 +782,7 @@ A good introduction to cut and choose protocols gives the Paper from Claude Cré
        The expression cut-and-choose was later introduced by David Chaum in analogy to a popular cake sharing problem:
        Given a complete cake to be shared among two parties distrusting of each other (for reasons of serious appetite).
        A fair way for them to share the cake is to have one of them cut the cake in two equals hares, and let the other one choose his favourite share.
-        This solution guarantes that it is in the formers best interest to cut the shares as evenly as possible."
+        This solution guarantees that it is in the formers best interest to cut the shares as evenly as possible."
    }
 \end{center}

@ -870,10 +869,10 @@ Figure \ref{fig:withdraw-loophole-exploit} explains how such a payment would wor
 Note that we omitted the parts leading up to the coin creation (contract, agreement of price, number of coins and their denominations).
 This is how it works on a high level:
 \begin{enumerate}
-    \item The malicous merchant generates and blinds coins, which are then transmitted to the customer
+    \item The malicious merchant generates and blinds coins, which are then transmitted to the customer
    \item The customer authorizes the withdraw from his reserve by signing the blinded coins with the private key of his reserve, thus generating withdraw confirmations.
-    \item The withdraw confirmations are transmitted to the exchange, which generates the signatures and returns them to the malicous merchant.
-    \item The malicous merchant unblinds the signatures.
+    \item The withdraw confirmations are transmitted to the exchange, which generates the signatures and returns them to the malicious merchant.
+    \item The malicious merchant unblinds the signatures.
          He is now in possession of the coin, thus the payment is completed.
 \end{enumerate}

@ -882,7 +881,7 @@ This is how it works on a high level:
        \resizebox{1.0\textwidth}{!}{$\displaystyle
        \begin{array}{ l c l}
            % preliminaries
-            \textbf{Customer}          &  & \textbf{malicous Merchant}
+            \textbf{Customer}          &  & \textbf{malicious Merchant}
            \\ \text{knows:} & & \text{knows:}
            \\ \text{reserve keys } w_s, W_p
            \\ \text{denomination public key } D_p = \langle e, N \rangle & & \text{denomination public key } D_p = \langle e, N \rangle
@ -903,7 +902,7 @@ This is how it works on a high level:
            \\
            \hline
            \\
-            \textbf{malicous Merchant} &  & \textbf{Exchange}
+            \textbf{malicious Merchant} &  & \textbf{Exchange}
            \\\text{knows:} & & \text{knows:}
            \\& & \text{reserve public key } W_p
            \\ \text{denomination public key } D_p = \langle e, N \rangle & & \text{denomination keys } d_s, D_p
@ -949,7 +948,6 @@ Chapter 4.1.4 describes more general aspects as well as the contract header and
 \subsubsection{Spend Protocol}
 The payment process begins when a customer submits a shopping cart (one or more items to buy) and commits his intent to buy them.
 The merchant has a key pair skM, pkM of which the customer knows the public key.
-% besseres Wort als commit?
 Note that certain details contained in contract header or deposit permission like merchant \ac{KYC} information, deposit and refund deadlines and fees are left out.
 The deposit state machine can be seen in figure \ref{fig:deposit:states}.
 \begin{figure}[htp]
@ -1033,7 +1031,7 @@ In cases where there are multiple deposit permissions (meaning that multiple coi
              \item Is the signature of the coin valid?
              \item Is $ f $ (the value to be spent) smaller or equal the residual value of the coin (check for overspending attempt)?
          \end{itemize}
-          If all checks are successful, the exchange saves the deposit record containing the deposit permission and its signature in a database, substracts the spent value from the residual value of the coin and schedules the money transfer to the merchant's account $ A_m $ (grouping payments is done to reduce payment fees).
+          If all checks are successful, the exchange saves the deposit record containing the deposit permission and its signature in a database, subtracts the spent value from the residual value of the coin and schedules the money transfer to the merchant's account $ A_m $ (grouping payments is done to reduce payment fees).
          \\The exchange calculates a deposit confirmation signature $ \sigma_{DC} $ for the deposit permission with the exchange signing private key and returns them to the merchant.
          \\This signature is also used to prove that a merchant was the first to receive payment from a certain coin.
          Without this, an evil exchange could later deny confirming a payment and claim double spending.
@ -1180,7 +1178,7 @@ The customer, which holds the old partially spend coin and knows \\$C_{old} = \t
    On the exchange's side various checks are done to validate the request.
    Detailed steps of the commit phase are shown in figure  \ref{fig:refresh-part1}.

-    
+
    \begin{figure}
        \begin{equation*}
        \resizebox{1.0\textwidth}{!}{$\displaystyle
@ -1464,4 +1462,4 @@ When the list of trusted auditor certs of a customer/merchant somehow can be man
 One attack scenario would be to attack customers/merchants with a supply-chain attack on the wallets or merchant backends' implementation.
 With software supply-chain attacks on the rise in 2020/21 (although the concept is not new) such an attack could have a big impact. \\
 Since auditor certs are coupled with the wallet (or merchant) implementation, a bank, country, central bank or auditor will most likely publish a wallet and a merchant implementation for the corresponding Taler ecosystem.
-%This would make it possible for the publisher to make changes on the Taler protocol for this specific implementation.
+%This would make it possible for the publisher to make changes on the Taler protocol for this specific implementation.
--- a/doc/cs/content/4_2_specification.tex
+++ b/doc/cs/content/4_2_specification.tex
@ -256,7 +256,7 @@ Further, the API ensures that a caller must generate two secret $r$ as in the Cl
  * To ensure unpredictability a new nonce should be used when a new r needs to be derived.
  * Uses HKDF internally.
  * Comment: Can be done in one HKDF shot and split output.
-  * 
+  *
  * @param nonce is a random nonce
  * @param lts is a long-term-secret in form of a private key
  * @param[out] r array containing derived secrets r0 and r1
@ -265,8 +265,8 @@ Further, the API ensures that a caller must generate two secret $r$ as in the Cl
 GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
                            const struct GNUNET_CRYPTO_CsPrivateKey *lts,
                            struct GNUNET_CRYPTO_CsRSecret r[2]);
- 
- 
+
+
 /**
  * Extract the public R of the given secret r.
  *
@ -289,7 +289,7 @@ The blinding secrets are generated by a client who provides a secret as seed to
 * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE
 * To ensure unpredictability a new nonce has to be used.
 * Uses HKDF internally
- * 
+ *
 * @param secret is secret to derive blinding factors
 * @param secret_len secret length
 * @param[out] bs array containing the two derivedGNUNET_CRYPTO_CsBlindingSecret
@ -306,7 +306,7 @@ Further the Clause Blind Schnorr API provides an API to calculate the two blinde
 /**
 * Calculate two blinded c's
 * Comment: One would be insecure due to Wagner's algorithm solving ROS
- * 
+ *
 * @param bs array of the two blinding factor structs each containing alpha and beta
 * @param r_pub array of the two signer's nonce R
 * @param pub the public key of the signer
@ -336,7 +336,7 @@ See listing \ref{lst:crypto-sign-api}.
 * To ensure unpredictability a new nonce has to be used for every signature
 * HKDF is used internally for derivation
 * r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive
- * 
+ *
 * @param priv private key to use for the signing and as LTS in HKDF
 * @param r array of the two secret nonce from the signer
 * @param c array of the two blinded c to sign c_b
@ -370,7 +370,7 @@ GNUNET_CRYPTO_cs_unblind (
    struct GNUNET_CRYPTO_CsS *signature_scalar);
 \end{lstlisting}

-The verify API takes the message and its signature with the public key and returns GNUNET\_OK for a valid signature and GNUNET\_SYSERR otherwhise.
+The verify API takes the message and its signature with the public key and returns GNUNET\_OK for a valid signature and GNUNET\_SYSERR otherwise.
 See listing \ref{lst:crypto-verify-api}.

 \begin{lstlisting}[style=bfh-c,language=C,, caption={GNUnet verify API}, label={lst:crypto-verify-api}]
@ -411,7 +411,7 @@ In crypto.c many utility functions are provided to create planchets (for planche
 One difference between \gls{RSABS} and \gls{CSBS} is, that the coin private key and RSA blinding secret can be created at the same point in time, since the RSA blinding secret is created randomly.
 However, for Clause Blind Schnorr secrets an additional step is needed, the public $R_0$ and $R_1$ are required to calculate the blinding seed to derive the secrets.

-A planchet in the Clause Blind Schnorr Signature Scheme can be created as followed (implementation details ommited).
+A planchet in the Clause Blind Schnorr Signature Scheme can be created as followed (implementation details omitted).

 \begin{enumerate}
  \item Create planchet with new \ac{EdDSA} private key
@ -467,7 +467,7 @@ The exchange offline signer requests the future, not yet signed keys by calling
      master\_pub & Exchange's master public key \\
      denom\_secmod\_public\_key & RSA security module public key \\
      denom\_secmod\_cs\_public\_key & \gls{CSBS} security module public key \\
-      signkey\_secmod\_public\_key & Online singing security module public key \\
+      signkey\_secmod\_public\_key & Online signing security module public key \\
  \end{tabular}
  \caption{GET \url{/management/keys} response data}
  \label{tab:management-keys-get}
--- a/doc/cs/content/4_3_implementation.tex
+++ b/doc/cs/content/4_3_implementation.tex
@ -94,8 +94,8 @@ The corresponding crypto helper, that talks with the security module, and its te
    \item \texttt{src/util/test\_helper\_cs.c}: Tests and benchmarks for the \gls{CSBS} crypto helper
 \end{itemize}
 % Crypto API offene Punkte:
-%Input-Validierung von Punkten und Skalar
-% Clamping beschreiben: https://neilmadden.blog/2020/05/28/whats-the-curve25519-clamping-all-about/
+%Input-validation of points and scalars:
+% describe clamping: https://neilmadden.blog/2020/05/28/whats-the-curve25519-clamping-all-about/
 % Testing: inverse operations, blinded signature test


@ -219,7 +219,7 @@ Tests for deposit are implemented here:
 \begin{itemize}
    \item \url{/src/testing/test_exchange_api.c}: Add tests (see "struct TALER\_TESTING\_Command\ spend\_cs[]") that spend \gls{CSBS} coins withdrawn in tests added for withdrawal
    \item \url{/src/json/json_pack.c}: Implement \gls{CSBS} case in function TALER\_JSON\_pack\_denom\_sig
-\end{itemize} 
+\end{itemize}

 \section{Fixing a Minor Security Issue in Taler's RSA Blind Signature Protocols}
 \label{sec:taler-vuln}
@ -230,7 +230,7 @@ The issue was only in the implementation of the current RSA Blind Signature prot
 \label{sec:taler-vuln-desc}

 The redesigned \gls{CSBS} protocols already include the denomination key in the nonce check, which fixes this issue (see \ref{sec:withdraw-protocol-schnorr}).
-In the case of \gls{RSABS}, the current protocol includes an \gls{idempotence} check by persisting the hash value of the blinded coin $m'$. 
+In the case of \gls{RSABS}, the current protocol includes an \gls{idempotence} check by persisting the hash value of the blinded coin $m'$.
 On a withdrawal/refresh the \gls{idempotence} check compares if the hash value of $m'$ was seen in the past and returns the 'old' signature on a match.
 This could lead to the following scenario:

@ -277,7 +277,7 @@ After discussing this issue with Christian Grothoff, the conclusion was to inclu
        return GNUNET_OK;
      case TALER_DENOMINATION_CS:
      ...
-    
+
 \end{lstlisting}

 The issue is fixed by adding a hash of the current denomination key into the calculation of the hash used in the \gls{idempotence} check.
@ -295,7 +295,7 @@ The applied fix can be seen in listing \ref{lst:fixed-idempotence}.
        {
          struct GNUNET_HashContext *hash_context;
          hash_context = GNUNET_CRYPTO_hash_context_start ();
-    
+
          GNUNET_CRYPTO_hash_context_read (hash_context,
                                           &denom_hash->hash,
                                           sizeof(denom_hash->hash));
@ -312,7 +312,7 @@ The applied fix can be seen in listing \ref{lst:fixed-idempotence}.
        {
          struct GNUNET_HashContext *hash_context;
          hash_context = GNUNET_CRYPTO_hash_context_start ();
-    
+
          GNUNET_CRYPTO_hash_context_read (hash_context,
                                           &denom_hash->hash,
                                           sizeof(denom_hash->hash));
--- a/doc/cs/content/5_discussion.tex
+++ b/doc/cs/content/5_discussion.tex
@ -57,7 +57,7 @@ This section compares how the two schemes perform regarding CPU usage, latency,
 Clause Schnorr has fixed key sizes with 256 bits (32 bytes), which we compare against different RSA key sizes (1024, 2048, 3072 and 4096 bits).
 In terms of security, \gls{CSBS} 256 bit keys could be compared to 3072 bit RSA keys (see \url{https://www.keylength.com/} for more information).

-\subsection{CPU Usage}  
+\subsection{CPU Usage}
 Various benchmarks were made on different CPU architectures.
 This section discusses the main results, detailed information about the performance comparison can be found in appendix \ref{chap:app-perf}.
 We thank the Taler team for providing measurements from additional systems and architectures.
@ -75,7 +75,7 @@ Signing and blinding operations are much faster in \gls{CSBS}, also \gls{CSBS} s
 \begin{bfhBox}[BFH-MediumBlue]{Setup}
 	CPU: 8-core AMD Ryzen 7 PRO 5850U \\
    OS: Ubuntu 21.10 Linux 5.13.0-25-generic \#26-Ubuntu SMP Fri Jan 7 15:48:31 UTC 2022 x86\_64 x86\_64 x86\_64 GNU/Linux \\
-    libsodium version: 1.0.18-1build1 \\ 
+    libsodium version: 1.0.18-1build1 \\
    libgcrypt version: 1.8.7-5ubuntu2 \\\\
    Benchmarks with other hardware setups can be found in appendix \ref{chap:app-perf}.
 \end{bfhBox}
@ -112,7 +112,7 @@ RSA 1024 is in some situations faster than the \gls{CSBS} implementation.
 Note that 1024 bit keys are not recommended for many use cases, but the highest currently known RSA factorization done is 829 bits \cite{enwiki:1055393696}.
 The following section \ref{sec:disc-risk} explains the risk running RSA 1024 or \gls{CSBS} denominations further.\\
 The blind and unblind operations are running in a wallet implementation, therefore the comparison with RSA 1024 is very interesting for devices with less CPU power.
-Comparison of such hardware can be found in appendix \ref{chap:app-perf}, these comparison results come to the same conlcusion.\\
+Comparison of such hardware can be found in appendix \ref{chap:app-perf}, these comparison results come to the same conclusion.\\
 Although RSA 1024 bit is much faster in the blinding operation, \gls{CSBS} still perform better when calculating the blinding and unblinding operations together.
 \gls{CSBS} unblinding computes only an addition of two scalars $s + \alpha \mod p$, while RSA computes $s * r^{-1}$.
 To conclude, \gls{CSBS} are faster than RSA 1024 bit and provide a better level of security.
@ -205,7 +205,7 @@ The disk space comparison for a wallet can be found in \ref{tab:comp-wallet-spac
    These are theoretical calculations, implementations may choose to persist additional values.
 \end{bfhWarnBox}
 The reasons that \gls{CSBS} use less bandwidth is mostly because the signature/key sizes are much smaller.
-The bandwith improvements for the \texttt{/keys} API is the same as specified in the table with disk space comparison \ref{tab:comp-sign-space}.
+The bandwidth improvements for the \texttt{/keys} API is the same as specified in the table with disk space comparison \ref{tab:comp-sign-space}.
 For \gls{CSBS} many calculations are performed twice, therefore also two values are submitted.
 Table \ref{tab:comp-band-withd} compares the bandwidth used in a withdrawal.
 The 32 byte values $2 * n_w, 2 * D_p, R_0, R_1, s,W_p, c_0, c_1, \sigma_W$ as well as an integer $b$ are transmitted for \gls{CSBS}.\\
@ -222,14 +222,14 @@ Depending on the hash size another 32 byte (or 64 byte) value is transmitted.
    \setupBfhTabular
    \begin{tabular}{lccr}
        \rowcolor{BFH-tablehead}
-        \textbf{Signature Scheme} & \textbf{Bandwith used} & \textbf{Factor} & \textbf{1M coins}\\\hline
+        \textbf{Signature Scheme} & \textbf{Bandwidth used} & \textbf{Factor} & \textbf{1M coins}\\\hline
        CS 256 bits & 356 bytes & 1x & 324 MB\\\hline
        RSA 1024 bit & 448 bytes & 1.3x & 448 MB \\\hline
        RSA 2048 bit & 832 bytes & 2.5x & 832 MB\\\hline
        RSA 3072 bit & 1216 bytes & 3.75x & 1216 MB\\\hline
        RSA 4096 bit & 1600 bytes & 4.9x & 1600 MB\\\hline
    \end{tabular}
-    \caption{Bandwith comparison withdrawal}
+    \caption{Bandwidth comparison withdrawal}
    \label{tab:comp-band-withd}
 \end{table}

--- a/doc/cs/content/6_conclusion.tex
+++ b/doc/cs/content/6_conclusion.tex
@ -25,8 +25,8 @@ The thesis provides several results to add support for Schnorr's blind signature
    \end{itemize}
    \item Comparison and Analysis
    \begin{itemize}
-        \item Performance (speed, space, latency \& bandwith)
-        \item Security 
+        \item Performance (speed, space, latency \& bandwidth)
+        \item Security
        \item Scheme Comparison
    \end{itemize}
    \item Fixing a minor security issue in Taler's current protocols
@ -47,7 +47,7 @@ This section provides an outlook on what can be done in future work.
    \item Evaluating \& implementing \gls{CSBS} on other curves
 \end{itemize}

-There are some remaining protocols to implement, which were out of scope for this thesis. 
+There are some remaining protocols to implement, which were out of scope for this thesis.
 To run \gls{CSBS} in production, these protocols have to be implemented too.
 Further, the merchant needs to support \gls{CSBS} too.
 The merchant implementation can be done fast, as the merchant only verifies denomination signatures in most cases. \\
@ -58,7 +58,7 @@ A security audit should always be made when implementing big changes like these.
 As mentioned in the scope section, the optional goal to find and implement a good solution for the withdraw loophole was dropped.
 This was due to the scope shift and because the analysis of the problem showed that finding a good solution needs more research and is a whole project in itself (see \ref{sec:scope} for more information).\\
 Furthermore, \gls{CSBS} could be implemented on other curves.
-For example Curve448 \cite{cryptoeprint:2015:625} could be used, as it provides 224 bits of security, wheras \gls{25519} \cite{bern:curve25519} provides about 128 bits of security.
+For example Curve448 \cite{cryptoeprint:2015:625} could be used, as it provides 224 bits of security, whereas \gls{25519} \cite{bern:curve25519} provides about 128 bits of security.
 Curve secp256k1 could further improve \gls{CSBS} performance.
 While providing support for Curve448 should not be problematic, a potential implementation for secp256k1 needs further analysis (see \cite{bernlange:safecurves} and \cite{bip:schnorr-bitc} for more information).

@ -67,4 +67,4 @@ This thesis includes understanding, analyzing, integrating and implementing a re
 Furthermore, the implementation is done in Taler, an intuitive and modern solution for a social responsible payment system with high ethical standards.
 Although there was a lot of work, we enjoyed working on such a modern and very interesting topic.
 Especially the first successful signature verification and the signature scheme performance benchmarks motivated us to push the implementation and integration into Taler forward.\\
-We are happy to provide an implementation of a modern scheme and making it available as free software.
+We are happy to provide an implementation of a modern scheme and making it available as free software.
--- a/doc/doxygen/taler.doxy
+++ b/doc/doxygen/taler.doxy
@ -153,7 +153,8 @@ EXCLUDE_PATTERNS       = */test_* \
                         */.git/* \
                         */perf_* .* \
                         .* \
-                         */gnu-taler-error-codes/*
+                         */gnu-taler-error-codes/* \
+                         */src/templating/mustach*
 EXCLUDE_SYMBOLS        =
 EXAMPLE_PATH           =
 EXAMPLE_PATTERNS       = *
--- a/doc/prebuilt
+++ b/doc/prebuilt
@ -1 +1 @@
-Subproject commit 1ed97b23f19c80fa84b21a5eb0c686d5491e8ec6
+Subproject commit 8452f991dd967328207fab52a99beb19e2cb4dff
--- a/doc/system/taler/implementation.tex
+++ b/doc/system/taler/implementation.tex
@ -1179,7 +1179,7 @@ Section~\ref{sec:compromised-signing-key-detection}.

 In the future, we plan for the auditor to expose additional endpoints where
 wallets and merchant backends can submit (cryptographic) proofs of
-missbehavior from an exchange. The goal would be to automatically verify the
+misbehavior from an exchange. The goal would be to automatically verify the
 proofs, take corrective action by including the information in the audit
 report and possibly even compensating the victim.

--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -23,12 +23,15 @@ SUBDIRS = \
  $(PQ_DIR) \
  $(SQ_DIR) \
  mhd \
+  templating \
  bank-lib \
  exchangedb \
+  kyclogic \
  exchange \
  auditordb \
  auditor \
  lib \
  exchange-tools \
+  extensions/age_restriction \
  testing \
  benchmark
--- a/src/auditor/.gitignore
+++ b/src/auditor/.gitignore
@ -19,3 +19,8 @@ generate-auditor-basedb-revocation.conf
 revocation-tmp-*
 auditor-basedb.wdb
 taler-auditor-sync
+auditor-basedb.sqlite3
+taler-auditor-test.sqlite3
+libeufin-nexus.pid
+libeufin-sandbox.pid
+taler-helper-auditor-purses
--- a/src/auditor/Makefile.am
+++ b/src/auditor/Makefile.am
@ -22,6 +22,7 @@ bin_PROGRAMS = \
  taler-helper-auditor-aggregation \
  taler-helper-auditor-coins \
  taler-helper-auditor-deposits \
+  taler-helper-auditor-purses \
  taler-helper-auditor-reserves \
  taler-helper-auditor-wire

@ -65,21 +66,6 @@ taler_auditor_dbinit_CPPFLAGS = \
  -I$(top_srcdir)/src/pq/ \
  $(POSTGRESQL_CPPFLAGS)

-taler_helper_auditor_reserves_SOURCES = \
-  taler-helper-auditor-reserves.c
-taler_helper_auditor_reserves_LDADD = \
-  $(LIBGCRYPT_LIBS) \
-  $(top_builddir)/src/util/libtalerutil.la \
-  $(top_builddir)/src/json/libtalerjson.la \
-  $(top_builddir)/src/bank-lib/libtalerbank.la \
-  $(top_builddir)/src/exchangedb/libtalerexchangedb.la \
-  $(top_builddir)/src/auditordb/libtalerauditordb.la \
-  libauditorreport.la \
-  -ljansson \
-  -lgnunetjson \
-  -lgnunetutil \
-  $(XLIB)
-
 taler_helper_auditor_coins_SOURCES = \
  taler-helper-auditor-coins.c
 taler_helper_auditor_coins_LDADD = \
@ -125,6 +111,38 @@ taler_helper_auditor_deposits_LDADD = \
  -lgnunetutil \
  $(XLIB)

+taler_helper_auditor_purses_SOURCES = \
+  taler-helper-auditor-purses.c
+taler_helper_auditor_purses_LDADD = \
+  $(LIBGCRYPT_LIBS) \
+  $(top_builddir)/src/util/libtalerutil.la \
+  $(top_builddir)/src/json/libtalerjson.la \
+  $(top_builddir)/src/bank-lib/libtalerbank.la \
+  $(top_builddir)/src/exchangedb/libtalerexchangedb.la \
+  $(top_builddir)/src/auditordb/libtalerauditordb.la \
+  libauditorreport.la \
+  -ljansson \
+  -lgnunetjson \
+  -lgnunetutil \
+  $(XLIB)
+
+taler_helper_auditor_reserves_SOURCES = \
+  taler-helper-auditor-reserves.c
+taler_helper_auditor_reserves_LDADD = \
+  $(LIBGCRYPT_LIBS) \
+  $(top_builddir)/src/util/libtalerutil.la \
+  $(top_builddir)/src/json/libtalerjson.la \
+  $(top_builddir)/src/bank-lib/libtalerbank.la \
+  $(top_builddir)/src/exchangedb/libtalerexchangedb.la \
+  $(top_builddir)/src/auditordb/libtalerauditordb.la \
+  libauditorreport.la \
+  -ljansson \
+  -lgnunetjson \
+  -lgnunetutil \
+  $(XLIB)
+
+
+
 taler_helper_auditor_wire_SOURCES = \
  taler-helper-auditor-wire.c
 taler_helper_auditor_wire_LDADD = \
@ -203,15 +221,6 @@ EXTRA_DIST = \
  test-sync-in.conf \
  test-sync-out.conf \
  generate-auditor-basedb.sh \
-  generate-revoke-basedb.sh \
  generate-auditor-basedb.conf \
-  generate-auditor-basedb-template.conf \
-  $(check_SCRIPTS) \
-  auditor-basedb.age \
-  auditor-basedb.conf \
-  auditor-basedb.sql \
-  auditor-basedb.mpub \
-  revoke-basedb.age \
-  revoke-basedb.conf \
-  revoke-basedb.sql \
-  revoke-basedb.mpub
+  generate-revoke-basedb.sh \
+  $(check_SCRIPTS)
--- a/src/auditor/auditor-basedb.age
+++ b/src/auditor/auditor-basedb.age
@ -1 +0,0 @@
-1655640402
--- a/src/auditor/auditor-basedb.conf
+++ b/src/auditor/auditor-basedb.conf
@ -1,187 +0,0 @@
-[arm]
-CONFIG = /research/taler/exchange/src/auditor/auditor-basedb.conf
-
-[benchmark]
-MERCHANT_DETAILS = merchant_details.json
-BANK_DETAILS = bank_details.json
-
-[coin_kudos_10]
-rsa_keysize = 1024
-CIPHER = RSA
-fee_refund = TESTKUDOS:0.01
-fee_refresh = TESTKUDOS:0.03
-fee_deposit = TESTKUDOS:0.01
-fee_withdraw = TESTKUDOS:0.01
-duration_legal = 3 years
-duration_spend = 2 years
-duration_withdraw = 7 days
-value = TESTKUDOS:10
-
-[coin_kudos_8]
-rsa_keysize = 1024
-CIPHER = RSA
-fee_refund = TESTKUDOS:0.04
-fee_refresh = TESTKUDOS:0.03
-fee_deposit = TESTKUDOS:0.02
-fee_withdraw = TESTKUDOS:0.05
-duration_legal = 3 years
-duration_spend = 2 years
-duration_withdraw = 7 days
-value = TESTKUDOS:8
-
-[coin_kudos_5]
-rsa_keysize = 1024
-CIPHER = RSA
-fee_refund = TESTKUDOS:0.01
-fee_refresh = TESTKUDOS:0.03
-fee_deposit = TESTKUDOS:0.01
-fee_withdraw = TESTKUDOS:0.01
-duration_legal = 3 years
-duration_spend = 2 years
-duration_withdraw = 7 days
-value = TESTKUDOS:5
-
-[coin_kudos_4]
-rsa_keysize = 1024
-CIPHER = RSA
-fee_refund = TESTKUDOS:0.02
-fee_refresh = TESTKUDOS:0.04
-fee_deposit = TESTKUDOS:0.03
-fee_withdraw = TESTKUDOS:0.03
-duration_legal = 3 years
-duration_spend = 2 years
-duration_withdraw = 7 days
-value = TESTKUDOS:4
-
-[coin_kudos_2]
-rsa_keysize = 1024
-CIPHER = RSA
-fee_refund = TESTKUDOS:0.02
-fee_refresh = TESTKUDOS:0.04
-fee_deposit = TESTKUDOS:0.03
-fee_withdraw = TESTKUDOS:0.03
-duration_legal = 3 years
-duration_spend = 2 years
-duration_withdraw = 7 days
-value = TESTKUDOS:2
-
-[coin_kudos_1]
-rsa_keysize = 1024
-CIPHER = RSA
-fee_refund = TESTKUDOS:0.01
-fee_refresh = TESTKUDOS:0.03
-fee_deposit = TESTKUDOS:0.02
-fee_withdraw = TESTKUDOS:0.02
-duration_legal = 3 years
-duration_spend = 2 years
-duration_withdraw = 7 days
-value = TESTKUDOS:1
-
-[coin_kudos_ct_10]
-rsa_keysize = 1024
-CIPHER = RSA
-fee_refund = TESTKUDOS:0.01
-fee_refresh = TESTKUDOS:0.03
-fee_deposit = TESTKUDOS:0.01
-fee_withdraw = TESTKUDOS:0.01
-duration_legal = 3 years
-duration_spend = 2 years
-duration_withdraw = 7 days
-value = TESTKUDOS:0.10
-
-[coin_kudos_ct_1]
-rsa_keysize = 1024
-CIPHER = RSA
-fee_refund = TESTKUDOS:0.01
-fee_refresh = TESTKUDOS:0.01
-fee_deposit = TESTKUDOS:0.01
-fee_withdraw = TESTKUDOS:0.01
-duration_legal = 3 years
-duration_spend = 2 years
-duration_withdraw = 7 days
-value = TESTKUDOS:0.01
-
-[payments-generator]
-exchange = http://localhost:8081/
-exchange-admin = http://localhost:18080/
-exchange_admin = http://localhost:18080/
-merchant = http://localhost:9966/
-bank = http://localhost:8082/
-instance = default
-currency = TESTKUDOS
-
-[merchant-exchange-default]
-CURRENCY = TESTKUDOS
-EXCHANGE_BASE_URL = http://localhost:8081/
-MASTER_KEY = JM0NJXHM6Y6HYAPK2WDFH3HDJ2E9KZWGKM3E0FYRV2V3HCTB3DQ0
-
-[merchant-account-merchant]
-ACTIVE_default = YES
-HONOR_default = YES
-PAYTO_URI = payto://x-taler-bank/localhost/42
-
-[exchange-accountcredentials-1]
-PASSWORD = x
-USERNAME = Exchange
-WIRE_GATEWAY_AUTH_METHOD = basic
-WIRE_GATEWAY_URL = http://localhost:8082/taler-wire-gateway/Exchange/
-
-[exchange-account-1]
-enable_credit = yes
-enable_debit = yes
-PAYTO_URI = payto://x-taler-bank/localhost/Exchange
-
-[instance-default]
-NAME = Merchant Inc.
-KEYFILE = ${TALER_DATA_HOME}/merchant/default.priv
-
-[taler]
-CURRENCY_ROUND_UNIT = TESTKUDOS:0.01
-CURRENCY = TESTKUDOS
-
-[merchantdb-postgres]
-CONFIG = postgres:///auditor-basedb
-
-[merchant]
-DEFAULT_MAX_WIRE_FEE = TESTKUDOS:0.10
-KEYFILE = ${TALER_DATA_HOME}/merchant/merchant.priv
-DEFAULT_MAX_DEPOSIT_FEE = TESTKUDOS:0.1
-WIREFORMAT = default
-WIRE_TRANSFER_DELAY = 1 minute
-FORCE_AUDIT = YES
-UNIXPATH = ${TALER_RUNTIME_DIR}/merchant.http
-
-[exchangedb-postgres]
-CONFIG = postgres:///auditor-basedb
-
-[exchange]
-LOOKAHEAD_SIGN = 32 weeks 1 day
-SIGNKEY_DURATION = 4 weeks
-MASTER_PUBLIC_KEY = JM0NJXHM6Y6HYAPK2WDFH3HDJ2E9KZWGKM3E0FYRV2V3HCTB3DQ0
-SIGNKEY_LEGAL_DURATION = 4 weeks
-UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http
-
-[bank]
-SERVE = http
-ALLOW_REGISTRATIONS = YES
-SUGGESTED_EXCHANGE_PAYTO = payto://x-taler-bank/localhost/2
-SUGGESTED_EXCHANGE = http://localhost:8081/
-HTTP_PORT = 8082
-MAX_DEBT_BANK = TESTKUDOS:100000.0
-MAX_DEBT = TESTKUDOS:50.0
-DATABASE = postgres:///auditor-basedb
-
-[auditordb-postgres]
-CONFIG = postgres:///auditor-basedb
-
-[auditor]
-PUBLIC_KEY = 73NJKBP4MHJF8274K88F4WFWKNYMK8T6MTSE6HHYS6WC01H9YH7G
-TINY_AMOUNT = TESTKUDOS:0.01
-BASE_URL = http://localhost:8083/
-
-[PATHS]
-TALER_CACHE_HOME = $TALER_HOME/.cache/taler/
-TALER_CONFIG_HOME = $TALER_HOME/.config/taler/
-TALER_DATA_HOME = $TALER_HOME/.local/share/taler/
-TALER_HOME = ${PWD}/generate_auditordb_home/
-
--- a/src/auditor/auditor-basedb.fees
+++ b/src/auditor/auditor-basedb.fees
--- a/src/auditor/auditor-basedb.mpub
+++ b/src/auditor/auditor-basedb.mpub
@ -1 +0,0 @@
-JM0NJXHM6Y6HYAPK2WDFH3HDJ2E9KZWGKM3E0FYRV2V3HCTB3DQ0
--- a/src/auditor/auditor-basedb.sql
+++ b/src/auditor/auditor-basedb.sql
--- a/src/auditor/batch.conf
+++ b/src/auditor/batch.conf
@ -1,6 +1,3 @@
-[arm]
-CONFIG = /research/taler/exchange/src/auditor/batch.conf
-
 [benchmark]
 MERCHANT_DETAILS = merchant_details.json
 BANK_DETAILS = bank_details.json
--- a/src/auditor/batch.sh
+++ b/src/auditor/batch.sh
@ -193,7 +193,7 @@ echo " DONE"

 echo -n "Setting up merchant"

-curl -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://x-taler-bank/localhost/43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_ms" : 3600000},"default_pay_delay":{"d_ms": 3600000}}' http://localhost:9966/management/instances
+curl -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://x-taler-bank/localhost/43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' http://localhost:9966/management/instances


 echo " DONE"
--- a/src/auditor/generate-auditor-basedb-template.conf
+++ b/src/auditor/generate-auditor-basedb-template.conf
@ -1 +0,0 @@
-@INLINE@ generate-auditor-basedb.conf
--- a/src/auditor/generate-auditor-basedb.conf
+++ b/src/auditor/generate-auditor-basedb.conf
@ -1,82 +1,19 @@
-[exchange]
-MAX_KEYS_CACHING = forever
-DB = postgres
-SERVE = tcp
-UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http
-UNIXPATH_MODE = 660
-PORT = 8081
-BASE_URL = http://localhost:8081/
-SIGNKEY_DURATION = 4 weeks
-SIGNKEY_LEGAL_DURATION = 4 weeks
-LOOKAHEAD_SIGN = 32 weeks 1 day
-
-[merchant]
-SERVE = tcp
-PORT = 9966
-UNIXPATH = ${TALER_RUNTIME_DIR}/merchant.http
-UNIXPATH_MODE = 660
-DEFAULT_WIRE_FEE_AMORTIZATION = 1
-DB = postgres
-WIREFORMAT = default
-# Set very low, so we can be sure that the database generated
-# will contain wire transfers "ready" for the aggregator.
-WIRE_TRANSFER_DELAY = 1 minute
-DEFAULT_PAY_DEADLINE = 1 day
-DEFAULT_MAX_DEPOSIT_FEE = TESTKUDOS:0.1
-KEYFILE = ${TALER_DATA_HOME}/merchant/merchant.priv
-DEFAULT_MAX_WIRE_FEE = TESTKUDOS:0.10
-
-# Ensure that merchant reports EVERY deposit confirmation to auditor
-FORCE_AUDIT = YES
+[exchange-offline]
+MASTER_PRIV_FILE = auditor-basedb.mpriv

 [instance-default]
 KEYFILE = ${TALER_DATA_HOME}/merchant/default.priv
 NAME = Merchant Inc.

-[auditor]
-DB = postgres
-AUDITOR_PRIV_FILE = ${TALER_DATA_HOME}/auditor/offline-keys/auditor.priv
-SERVE = tcp
-UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http
-UNIXPATH_MODE = 660
-PORT = 8083
-BASE_URL = http://localhost:8083/
-TINY_AMOUNT = TESTKUDOS:0.01
-
-[PATHS]
-TALER_HOME = ${PWD}/generate_auditordb_home/
-TALER_DATA_HOME = $TALER_HOME/.local/share/taler/
-TALER_CONFIG_HOME = $TALER_HOME/.config/taler/
-TALER_CACHE_HOME = $TALER_HOME/.cache/taler/
-TALER_RUNTIME_DIR = ${TMPDIR:-${TMP:-/tmp}}/taler-system-runtime/
-
-[bank]
-DATABASE = postgres:///taler-auditor-basedb
-MAX_DEBT = TESTKUDOS:50.0
-MAX_DEBT_BANK = TESTKUDOS:100000.0
-HTTP_PORT = 8082
-SUGGESTED_EXCHANGE = http://localhost:8081/
-SUGGESTED_EXCHANGE_PAYTO = payto://x-taler-bank/localhost/2
-ALLOW_REGISTRATIONS = YES
-SERVE = http
-
-[exchangedb]
-IDLE_RESERVE_EXPIRATION_TIME = 4 weeks
-LEGAL_RESERVE_EXPIRATION_TIME = 7 years
-
-[taler]
-CURRENCY = TESTKUDOS
-CURRENCY_ROUND_UNIT = TESTKUDOS:0.01
-
 [exchange-account-1]
-PAYTO_URI = payto://x-taler-bank/localhost/Exchange
+PAYTO_URI = payto://iban/SANDBOXX/DE989651?receiver-name=Exchange+Company
 enable_debit = yes
 enable_credit = yes

 [exchange-accountcredentials-1]
-WIRE_GATEWAY_URL = "http://localhost:8082/taler-wire-gateway/Exchange/"
+WIRE_GATEWAY_URL = http://localhost:8082/facades/test-facade/taler-wire-gateway/
 WIRE_GATEWAY_AUTH_METHOD = basic
-USERNAME = Exchange
+USERNAME = exchange
 PASSWORD = x

 [merchant-account-merchant]
@ -85,6 +22,7 @@ HONOR_default = YES
 ACTIVE_default = YES

 [merchant-exchange-default]
+MASTER_KEY = RKNMPRGXCX35H11WEYXDXYHPR7NX2QK9BG15MT0QEF75PC5KR470
 EXCHANGE_BASE_URL = http://localhost:8081/
 CURRENCY = TESTKUDOS

@ -193,30 +131,59 @@ fee_refund = TESTKUDOS:0.01
 CIPHER = RSA
 rsa_keysize = 1024

-[coin_kudos_ct_1]
-value = TESTKUDOS:0.01
-duration_withdraw = 7 days
-duration_spend = 2 years
-duration_legal = 3 years
-fee_withdraw = TESTKUDOS:0.01
-fee_deposit = TESTKUDOS:0.01
-fee_refresh = TESTKUDOS:0.01
-fee_refund = TESTKUDOS:0.01
-CIPHER = RSA
-rsa_keysize = 1024
-
-[coin_kudos_ct_10]
-value = TESTKUDOS:0.10
-duration_withdraw = 7 days
-duration_spend = 2 years
-duration_legal = 3 years
-fee_withdraw = TESTKUDOS:0.01
-fee_deposit = TESTKUDOS:0.01
-fee_refresh = TESTKUDOS:0.03
-fee_refund = TESTKUDOS:0.01
-CIPHER = RSA
-rsa_keysize = 1024
-
 [benchmark]
 BANK_DETAILS = bank_details.json
 MERCHANT_DETAILS = merchant_details.json
+
+[arm]
+CONFIG = /research/taler/exchange/src/auditor/auditor-basedb.conf
+
+[taler]
+CURRENCY_ROUND_UNIT = TESTKUDOS:0.01
+CURRENCY = TESTKUDOS
+
+[merchantdb-postgres]
+CONFIG = postgres:///auditor-basedb
+
+[merchant]
+WIREFORMAT = default
+DEFAULT_MAX_DEPOSIT_FEE = TESTKUDOS:0.1
+KEYFILE = ${TALER_DATA_HOME}/merchant/merchant.priv
+DEFAULT_MAX_WIRE_FEE = TESTKUDOS:0.10
+WIRE_TRANSFER_DELAY = 1 minute
+FORCE_AUDIT = YES
+UNIXPATH = ${TALER_RUNTIME_DIR}/merchant.http
+
+[exchangedb-postgres]
+CONFIG = postgres:///auditor-basedb
+
+[exchange]
+MASTER_PUBLIC_KEY = RKNMPRGXCX35H11WEYXDXYHPR7NX2QK9BG15MT0QEF75PC5KR470
+SIGNKEY_DURATION = 4 weeks
+LOOKAHEAD_SIGN = 32 weeks 1 day
+SIGNKEY_LEGAL_DURATION = 4 weeks
+UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http
+
+[bank]
+HTTP_PORT = 8082
+SUGGESTED_EXCHANGE = http://localhost:8081/
+SUGGESTED_EXCHANGE_PAYTO = payto://x-taler-bank/localhost/2
+ALLOW_REGISTRATIONS = YES
+SERVE = http
+MAX_DEBT_BANK = TESTKUDOS:100000.0
+MAX_DEBT = TESTKUDOS:50.0
+DATABASE = postgres:///auditor-basedb
+
+[auditordb-postgres]
+CONFIG = postgres:///auditor-basedb
+
+[auditor]
+BASE_URL = http://localhost:8083/
+TINY_AMOUNT = TESTKUDOS:0.01
+PUBLIC_KEY = 0EHPW5WEKHXPPN4MPJNGA7Z6D29JP21GKVNV8ARFB1YW7WWJX20G
+
+[PATHS]
+TALER_CACHE_HOME = $TALER_HOME/.cache/taler/
+TALER_CONFIG_HOME = $TALER_HOME/.config/taler/
+TALER_DATA_HOME = $TALER_HOME/.local/share/taler/
+TALER_HOME = ${PWD}/generate_auditordb_home/
--- a/src/auditor/generate-auditor-basedb.sh
+++ b/src/auditor/generate-auditor-basedb.sh
@ -3,8 +3,8 @@
 # testing from a 'correct' interaction between exchange,
 # wallet and merchant.
 #
-# Creates $BASEDB.sql, $BASEDB.fees, $BASEDB.mpub and
-# $BASEDB.age.
+# Creates $BASEDB.sql, $BASEDB.fees,
+# $BASEDB.{mpub,mpriv}.
 # Default $BASEDB is "auditor-basedb", override via $1.
 #
 # Currently must be run online as it interacts with
@ -14,30 +14,47 @@
 # and be allowed to create/drop databases.
 #
 set -eu
+#set -x

 # Cleanup to run whenever we exit
-function cleanup()
+function exit_cleanup()
 {
+    echo "Running generate-auditor-basedb exit cleanup logic..."
+    if test -f ${MY_TMP_DIR:-/}/libeufin-sandbox.pid
+    then
+        PID=`cat ${MY_TMP_DIR}/libeufin-sandbox.pid 2> /dev/null`
+        kill $PID 2> /dev/null || true
+        rm ${MY_TMP_DIR}/libeufin-sandbox.pid
+        echo "Killed libeufin sandbox $PID"
+        wait $PID || true
+    fi
+    if test -f ${MY_TMP_DIR:-/}/libeufin-nexus.pid
+    then
+        PID=`cat ${MY_TMP_DIR}/libeufin-nexus.pid 2> /dev/null`
+        kill $PID 2> /dev/null || true
+        rm ${MY_TMP_DIR}/libeufin-nexus.pid
+        echo "Killed libeufin nexus $PID"
+        wait $PID || true
+    fi
+    echo "killing libeufin DONE"
    for n in `jobs -p`
    do
        kill $n 2> /dev/null || true
    done
-    wait
+    wait || true
 }

 # Install cleanup handler (except for kill -9)
-trap cleanup EXIT
+trap exit_cleanup EXIT


 # Exit, with status code "skip" (no 'real' failure)
 function exit_skip() {
-    echo $1
+    echo "SKIPPING: $1"
    exit 77
 }
-
 # Where do we write the result?
 BASEDB=${1:-"auditor-basedb"}
-
 # Name of the Postgres database we will use for the script.
 # Will be dropped, do NOT use anything that might be used
 # elsewhere
@ -48,15 +65,17 @@ export WALLET_DB=${BASEDB:-"wallet"}.wdb
 # delete existing wallet database
 rm -f $WALLET_DB

-
 # Configuration file will be edited, so we create one
 # from the template.
-CONF=${BASEDB}.conf
+export CONF=$1.conf
 cp generate-auditor-basedb.conf $CONF
+echo "Created configuration at ${CONF}"
+DATA_DIR=$1/exchange-data-dir/
+mkdir -p $DATA_DIR
+taler-config -c $CONF -s PATHS -o TALER_HOME -V $DATA_DIR

-
-echo -n "Testing for taler-bank-manage"
-taler-bank-manage --help >/dev/null </dev/null || exit_skip " MISSING"
+echo -n "Testing for libeufin"
+libeufin-cli --help >/dev/null </dev/null || exit_skip " MISSING"
 echo " FOUND"
 echo -n "Testing for taler-wallet-cli"
 taler-wallet-cli -v >/dev/null </dev/null || exit_skip " MISSING"
@ -65,42 +84,41 @@ echo -n "Testing for curl"
 curl --help >/dev/null </dev/null || exit_skip " MISSING"
 echo " FOUND"

-
-pwd
-# Clean up
-
-DATA_DIR=`taler-config -f -c $CONF -s PATHS -o TALER_HOME`
-rm -rf $DATA_DIR || true
-
 # reset database
 dropdb $TARGET_DB >/dev/null 2>/dev/null || true
 createdb $TARGET_DB || exit_skip "Could not create database $TARGET_DB"
-
+ORIGIN=`pwd`
+MY_TMP_DIR=`dirname $1`

 # obtain key configuration data
-MASTER_PRIV_FILE=`taler-config -f -c $CONF -s exchange-offline -o MASTER_PRIV_FILE`
+MASTER_PRIV_FILE=$1.mpriv
 MASTER_PRIV_DIR=`dirname $MASTER_PRIV_FILE`
+taler-config -f -c ${CONF} -s exchange-offline -o MASTER_PRIV_FILE -V ${MASTER_PRIV_FILE}
+rm -f "${MASTER_PRIV_FILE}"
 mkdir -p $MASTER_PRIV_DIR
-gnunet-ecc -g1 $MASTER_PRIV_FILE > /dev/null
-MASTER_PUB=`gnunet-ecc -p $MASTER_PRIV_FILE`
-EXCHANGE_URL=`taler-config -c $CONF -s EXCHANGE -o BASE_URL`
+gnunet-ecc -l/dev/null -g1 $MASTER_PRIV_FILE > /dev/null
+export MASTER_PUB=`gnunet-ecc -p $MASTER_PRIV_FILE`
+export EXCHANGE_URL=`taler-config -c $CONF -s EXCHANGE -o BASE_URL`
 MERCHANT_PORT=`taler-config -c $CONF -s MERCHANT -o PORT`
-MERCHANT_URL=http://localhost:${MERCHANT_PORT}/
+export MERCHANT_URL=http://localhost:${MERCHANT_PORT}/
 BANK_PORT=`taler-config -c $CONF -s BANK -o HTTP_PORT`
-BANK_URL=http://localhost:${BANK_PORT}/
-AUDITOR_URL=http://localhost:8083/
-AUDITOR_PRIV_FILE=`taler-config -f -c $CONF -s AUDITOR -o AUDITOR_PRIV_FILE`
+BANK_URL="http://localhost:1${BANK_PORT}"
+export AUDITOR_URL=http://localhost:8083/
+AUDITOR_PRIV_FILE=$1.apriv
 AUDITOR_PRIV_DIR=`dirname $AUDITOR_PRIV_FILE`
+taler-config -f -c ${CONF} -s auditor -o AUDITOR_PRIV_FILE -V ${AUDITOR_PRIV_FILE}
 mkdir -p $AUDITOR_PRIV_DIR
-gnunet-ecc -g1 $AUDITOR_PRIV_FILE > /dev/null
+gnunet-ecc -l/dev/null -g1 $AUDITOR_PRIV_FILE > /dev/null
 AUDITOR_PUB=`gnunet-ecc -p $AUDITOR_PRIV_FILE`

-echo "AUDITOR PUB is $AUDITOR_PUB using file $AUDITOR_PRIV_FILE"
+echo "MASTER PUB is ${MASTER_PUB} using file ${MASTER_PRIV_FILE}"
+echo "AUDITOR PUB is ${AUDITOR_PUB} using file ${AUDITOR_PRIV_FILE}"

 # patch configuration
 taler-config -c $CONF -s exchange -o MASTER_PUBLIC_KEY -V $MASTER_PUB
 taler-config -c $CONF -s auditor -o PUBLIC_KEY -V $AUDITOR_PUB
 taler-config -c $CONF -s merchant-exchange-default -o MASTER_KEY -V $MASTER_PUB
+
 taler-config -c $CONF -s exchangedb-postgres -o CONFIG -V postgres:///$TARGET_DB
 taler-config -c $CONF -s auditordb-postgres -o CONFIG -V postgres:///$TARGET_DB
 taler-config -c $CONF -s merchantdb-postgres -o CONFIG -V postgres:///$TARGET_DB
@ -119,19 +137,193 @@ taler-auditor-dbinit -c $CONF || exit_skip "Failed to initialize auditor DB"
 taler-auditor-exchange -c $CONF -m $MASTER_PUB -u $EXCHANGE_URL || exit_skip "Failed to add exchange to auditor"

 # Launch services
-echo "Launching services"
-taler-bank-manage-testing $CONF postgres:///$TARGET_DB serve &> taler-bank.log &
+echo "Launching services (pre audit DB: $TARGET_DB)"
+
+rm -rf ${TARGET_DB}-sandbox.sqlite3
+export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:${TARGET_DB}-sandbox.sqlite3"
+# Create the default demobank.
+cd $MY_TMP_DIR
+export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=secret
+libeufin-sandbox config --currency "TESTKUDOS" default
+libeufin-sandbox serve --port "1${BANK_PORT}" \
+  > ${MY_TMP_DIR}/libeufin-sandbox-stdout.log \
+  2> ${MY_TMP_DIR}/libeufin-sandbox-stderr.log &
+echo $! > ${MY_TMP_DIR}/libeufin-sandbox.pid
+cd $ORIGIN
+export LIBEUFIN_SANDBOX_URL="http://localhost:1${BANK_PORT}"
+set +e
+echo -n "Waiting for Sandbox..."
+OK=0
+for n in `seq 1 100`; do
+  echo -n "."
+  sleep 1
+  if wget --timeout=1 \
+    --user admin --password secret --auth-no-challenge \
+    --tries=3 --waitretry=0 \
+    -o /dev/null -O /dev/null \
+    ${LIBEUFIN_SANDBOX_URL};
+  then
+    OK=1
+    break
+  fi
+done
+if test $OK != 1
+then
+    exit_skip " Failed to launch sandbox"
+fi
+echo "OK"
+
+register_sandbox_account() {
+    export LIBEUFIN_SANDBOX_USERNAME=$1
+    export LIBEUFIN_SANDBOX_PASSWORD=$2
+    cd $MY_TMP_DIR
+    libeufin-cli sandbox \
+      demobank \
+      register --name "$3"
+    cd $ORIGIN
+    unset LIBEUFIN_SANDBOX_USERNAME
+    unset LIBEUFIN_SANDBOX_PASSWORD
+}
+set -e
+echo -n "Register the 'fortytwo' Sandbox user.."
+register_sandbox_account fortytwo x "Forty Two"
+echo OK
+echo -n "Register the 'fortythree' Sandbox user.."
+register_sandbox_account fortythree x "Forty Three"
+echo OK
+echo -n "Register 'exchange' Sandbox user.."
+register_sandbox_account exchange x "Exchange Company"
+echo OK
+echo -n "Specify exchange's PAYTO_URI in the config ..."
+export LIBEUFIN_SANDBOX_USERNAME=exchange
+export LIBEUFIN_SANDBOX_PASSWORD=x
+cd $MY_TMP_DIR
+PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
+taler-config -c $CONF -s exchange-account-1 -o PAYTO_URI -V $PAYTO
+echo " OK"
+echo -n "Setting this exchange as the bank's default ..."
+EXCHANGE_PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
+libeufin-sandbox default-exchange "$EXCHANGE_URL" "$EXCHANGE_PAYTO"
+echo " OK"
+# Prepare EBICS: create Ebics host and Exchange subscriber.
+# Shortly becoming admin to setup Ebics.
+export LIBEUFIN_SANDBOX_USERNAME=admin
+export LIBEUFIN_SANDBOX_PASSWORD=secret
+echo -n "Create EBICS host at Sandbox.."
+libeufin-cli sandbox \
+  --sandbox-url "http://localhost:1${BANK_PORT}" \
+  ebicshost create --host-id "talerebics"
+echo "OK"
+echo -n "Create exchange EBICS subscriber at Sandbox.."
+libeufin-cli sandbox \
+  demobank new-ebicssubscriber --host-id talerebics \
+  --user-id exchangeebics --partner-id talerpartner \
+  --bank-account exchange # that's a username _and_ a bank account name
+echo "OK"
+unset LIBEUFIN_SANDBOX_USERNAME
+unset LIBEUFIN_SANDBOX_PASSWORD
+# Prepare Nexus, which is the side actually talking
+# to the exchange.
+rm -rf ${TARGET_DB}-nexus.sqlite3
+export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:${TARGET_DB}-nexus.sqlite3"
+# For convenience, username and password are
+# identical to those used at the Sandbox.
+echo -n "Create exchange Nexus user..."
+libeufin-nexus superuser exchange --password x
+echo " OK"
+libeufin-nexus serve --port ${BANK_PORT} \
+  2> ${MY_TMP_DIR}/libeufin-nexus-stderr.log \
+  > ${MY_TMP_DIR}/libeufin-nexus-stdout.log &
+echo $! > ${MY_TMP_DIR}/libeufin-nexus.pid
+export LIBEUFIN_NEXUS_URL="http://localhost:${BANK_PORT}"
+echo -n "Waiting for Nexus..."
+set +e
+OK=0
+for n in `seq 1 50`; do
+  echo -n "."
+  sleep 1
+  if wget --timeout=1 \
+    --tries=3 --waitretry=0 \
+    -o /dev/null -O /dev/null \
+    $LIBEUFIN_NEXUS_URL;
+  then
+    OK=1
+    break
+  fi
+done
+if test $OK != 1
+then
+    exit_skip " Failed to launch Nexus at $LIBEUFIN_NEXUS_URL"
+fi
+set -e
+echo "OK"
+export LIBEUFIN_NEXUS_USERNAME=exchange
+export LIBEUFIN_NEXUS_PASSWORD=x
+echo -n "Creating an EBICS connection at Nexus..."
+libeufin-cli connections new-ebics-connection \
+  --ebics-url "http://localhost:1${BANK_PORT}/ebicsweb" \
+  --host-id "talerebics" \
+  --partner-id "talerpartner" \
+  --ebics-user-id "exchangeebics" \
+  talerconn
+echo "OK"
+echo -n "Setup EBICS keying..."
+libeufin-cli connections connect "talerconn" > /dev/null
+echo "OK"
+echo -n "Download bank account name from Sandbox..."
+libeufin-cli connections download-bank-accounts "talerconn"
+echo "OK"
+echo -n "Importing bank account info into Nexus..."
+libeufin-cli connections import-bank-account \
+  --offered-account-id "exchange" \
+  --nexus-bank-account-id "exchange-nexus" \
+  "talerconn"
+echo "OK"
+echo -n "Setup payments submission task..."
+# Tries every second.
+libeufin-cli accounts task-schedule \
+  --task-type submit \
+  --task-name "exchange-payments" \
+  --task-cronspec "* * *" \
+  "exchange-nexus"
+echo "OK"
+# Tries every second.  Ask C52
+echo -n "Setup history fetch task..."
+libeufin-cli accounts task-schedule \
+  --task-type fetch \
+  --task-name "exchange-history" \
+  --task-cronspec "* * *" \
+  --task-param-level report \
+  --task-param-range-type latest \
+  "exchange-nexus"
+echo "OK"
+# create Taler facade.
+echo -n "Create the Taler facade at Nexus..."
+libeufin-cli facades \
+  new-taler-wire-gateway-facade \
+  --currency "TESTKUDOS" --facade-name "test-facade" \
+  "talerconn" "exchange-nexus"
+echo "OK"
+cd $ORIGIN
+# Facade schema: http://localhost:$BANK_PORT/facades/test-facade/taler-wire-gateway/
+
+
 TFN=`which taler-exchange-httpd`
 TBINPFX=`dirname $TFN`
 TLIBEXEC=${TBINPFX}/../lib/taler/libexec/
-taler-exchange-secmod-eddsa -c $CONF 2> taler-exchange-secmod-eddsa.log &
-taler-exchange-secmod-rsa -c $CONF 2> taler-exchange-secmod-rsa.log &
-taler-exchange-secmod-cs -c $CONF 2> taler-exchange-secmod-cs.log &
-taler-exchange-httpd -c $CONF 2> taler-exchange-httpd.log &
-taler-merchant-httpd -c $CONF -L INFO 2> taler-merchant-httpd.log &
-taler-exchange-wirewatch -c $CONF 2> taler-exchange-wirewatch.log &
-taler-auditor-httpd -L INFO -c $CONF 2> taler-auditor-httpd.log &
+taler-exchange-secmod-eddsa -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-eddsa.log &
+taler-exchange-secmod-rsa -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-rsa.log &
+taler-exchange-secmod-cs -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-cs.log &
+taler-exchange-httpd -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-httpd.log &
+taler-merchant-httpd -c $CONF -L INFO 2> ${MY_TMP_DIR}/taler-merchant-httpd.log &
+taler-exchange-wirewatch -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-wirewatch.log &
+taler-auditor-httpd -L INFO -c $CONF 2> ${MY_TMP_DIR}/taler-auditor-httpd.log &
+export BANK_PORT
+export EXCHANGE_URL
+export MERCHANT_URL
+export AUDITOR_URL

+echo -n "Waiting for services to be available "
 # Wait for all bank to be available (usually the slowest)
 for n in `seq 1 50`
 do
@ -139,14 +331,14 @@ do
    sleep 0.2
    OK=0
    # bank
-    wget http://localhost:8082/ -o /dev/null -O /dev/null >/dev/null || continue
+    wget http://localhost:${BANK_PORT}/ -o /dev/null -O /dev/null >/dev/null || continue
    OK=1
    break
 done

 if [ 1 != $OK ]
 then
-    exit_skip "Failed to launch services"
+    exit_skip "Failed to launch services (bank)"
 fi

 # Wait for all services to be available
@ -156,29 +348,28 @@ do
    sleep 0.1
    OK=0
    # exchange
-    wget http://localhost:8081/seed -o /dev/null -O /dev/null >/dev/null || continue
+    wget ${EXCHANGE_URL}seed -o /dev/null -O /dev/null >/dev/null || continue
    # merchant
-    wget http://localhost:9966/ -o /dev/null -O /dev/null >/dev/null || continue
+    wget ${MERCHANT_URL} -o /dev/null -O /dev/null >/dev/null || continue
    # Auditor
-    wget http://localhost:8083/ -o /dev/null -O /dev/null >/dev/null || continue
+    wget ${AUDITOR_URL} -o /dev/null -O /dev/null >/dev/null || continue
    OK=1
    break
 done

 if [ 1 != $OK ]
 then
-    exit_skip "Failed to launch services"
+    bash
+    exit_skip "Failed to launch services (Taler)"
 fi
-echo " DONE"
-
 echo -n "Setting up keys"
 taler-exchange-offline -c $CONF \
  download sign \
-  enable-account payto://x-taler-bank/localhost/Exchange \
+  enable-account `taler-config -c $CONF -s exchange-account-1 -o PAYTO_URI` \
  enable-auditor $AUDITOR_PUB $AUDITOR_URL "TESTKUDOS Auditor" \
-  wire-fee now x-taler-bank TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 \
-  global-fee now TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 1h 1h 1year 5 \
-  upload &> taler-exchange-offline.log
+  wire-fee now iban TESTKUDOS:0.07 TESTKUDOS:0.01 \
+  global-fee now TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 1h 1year 5 \
+  upload &> ${MY_TMP_DIR}/taler-exchange-offline.log

 echo -n "."

@ -200,14 +391,14 @@ echo " DONE"
 echo -n "Adding auditor signatures ..."

 taler-auditor-offline -c $CONF \
-  download sign upload &> taler-auditor-offline.log
+  download sign upload &> ${MY_TMP_DIR}/taler-auditor-offline.log

 echo " DONE"
 # Setup merchant

 echo -n "Setting up merchant"

-curl -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://x-taler-bank/localhost/43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_ms" : 3600000},"default_pay_delay":{"d_ms": 3600000}}' http://localhost:9966/management/instances
+curl -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://iban/SANDBOXX/DE474361?receiver-name=Merchant43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' http://localhost:9966/management/instances


 echo " DONE"
@ -215,8 +406,7 @@ echo " DONE"
 # run wallet CLI
 echo "Running wallet"

-
-taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api 'runIntegrationTest' \
+taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api --expect-success 'runIntegrationTest' \
  "$(jq -n '
    {
      amountToSpend: "TESTKUDOS:4",
@ -227,27 +417,27 @@ taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api 'runIntegrationTest' \
    }' \
    --arg MERCHANT_URL "$MERCHANT_URL" \
    --arg EXCHANGE_URL "$EXCHANGE_URL" \
-    --arg BANK_URL "$BANK_URL"
-  )" &> taler-wallet-cli.log
-
+    --arg BANK_URL "$BANK_URL/demobanks/default/access-api/"
+  )" &> ${MY_TMP_DIR}/taler-wallet-cli.log

 echo "Shutting down services"
-cleanup
+exit_cleanup

 # Dump database
-echo "Dumping database"
+echo "Dumping database ${BASEDB}(-libeufin).sql"
 pg_dump -O $TARGET_DB | sed -e '/AS integer/d' > ${BASEDB}.sql
+cd $MY_TMP_DIR
+sqlite3 ${TARGET_DB}-nexus.sqlite3 ".dump" > ${BASEDB}-libeufin-nexus.sql
+sqlite3 ${TARGET_DB}-sandbox.sqlite3 ".dump" > ${BASEDB}-libeufin-sandbox.sql
+rm ${TARGET_DB}-sandbox.sqlite3 ${TARGET_DB}-nexus.sqlite3 # libeufin DB
+cd $ORIGIN

 echo $MASTER_PUB > ${BASEDB}.mpub

-date +%s > ${BASEDB}.age
-
 # clean up
 echo "Final clean up"
 dropdb $TARGET_DB

-rm -rf $DATA_DIR || true
-
 echo "====================================="
 echo "  Finished generation of $BASEDB"
 echo "====================================="
--- a/src/auditor/generate-revoke-basedb.sh
+++ b/src/auditor/generate-revoke-basedb.sh
@ -6,10 +6,29 @@
 # create/drop databases.
 #
 set -eu
+# set -x

 # Cleanup to run whenever we exit
-function cleanup()
+function exit_cleanup()
 {
+    echo "Running generate-revoke-basedb exit cleanup logic..."
+    if test -f ${MY_TMP_DIR:-/}/libeufin-sandbox.pid
+    then
+        PID=`cat ${MY_TMP_DIR}/libeufin-sandbox.pid 2> /dev/null`
+        kill $PID 2> /dev/null || true
+        rm ${MY_TMP_DIR}/libeufin-sandbox.pid
+        echo "Killed libeufin sandbox $PID"
+        wait $PID || true
+    fi
+    if test -f ${MY_TMP_DIR}/libeufin-nexus.pid
+    then
+        PID=`cat ${MY_TMP_DIR}/libeufin-nexus.pid 2> /dev/null`
+        kill $PID 2> /dev/null || true
+        rm ${MY_TMP_DIR}/libeufin-nexus.pid
+        echo "Killed libeufin nexus $PID"
+        wait $PID || true
+    fi
+    echo "killing libeufin DONE"
    for n in `jobs -p`
    do
        kill $n 2> /dev/null || true
@ -17,8 +36,17 @@ function cleanup()
    wait
 }

+function get_payto_uri() {
+    export LIBEUFIN_SANDBOX_USERNAME=$1
+    export LIBEUFIN_SANDBOX_PASSWORD=$2
+    export LIBEUFIN_SANDBOX_URL=$BANK_URL
+    cd $MY_TMP_DIR
+    libeufin-cli sandbox demobank info --bank-account $1 | jq --raw-output '.paytoUri'
+    cd $ORIGIN
+}
+
 # Install cleanup handler (except for kill -9)
-trap cleanup EXIT
+trap exit_cleanup EXIT

 # Exit, with status code "skip" (no 'real' failure)
 function exit_skip() {
@ -39,12 +67,15 @@ rm -f $WALLET_DB

 # Configuration file will be edited, so we create one
 # from the template.
-export CONF=generate-auditor-basedb-revocation.conf
+export CONF=${BASEDB}.conf
 cp generate-auditor-basedb.conf $CONF
+echo "Created configuration at ${CONF}"
+DATA_DIR=$1/exchange-data-dir/
+mkdir -p $DATA_DIR
+taler-config -c $CONF -s PATHS -o TALER_HOME -V $DATA_DIR

-
-echo -n "Testing for taler-bank-manage"
-taler-bank-manage --help >/dev/null </dev/null || exit_skip " MISSING"
+echo -n "Testing for libeufin(-cli)"
+libeufin-cli --help >/dev/null </dev/null || exit_skip " MISSING"
 echo " FOUND"
 echo -n "Testing for taler-wallet-cli"
 taler-wallet-cli -v >/dev/null </dev/null || exit_skip " MISSING"
@ -53,36 +84,41 @@ echo -n "Testing for curl"
 curl --help >/dev/null </dev/null || exit_skip " MISSING"
 echo " FOUND"

-
-
-# Clean up
-DATA_DIR=`taler-config -f -c $CONF -s PATHS -o TALER_HOME`
-rm -rf $DATA_DIR || true
-
 # reset database
 dropdb $TARGET_DB >/dev/null 2>/dev/null || true
 createdb $TARGET_DB || exit_skip "Could not create database $TARGET_DB"
+ORIGIN=`pwd`
+MY_TMP_DIR=`dirname $1`
+

 # obtain key configuration data
-MASTER_PRIV_FILE=`taler-config -f -c $CONF -s exchange-offline -o MASTER_PRIV_FILE`
+MASTER_PRIV_FILE=$1.mpriv
 MASTER_PRIV_DIR=`dirname $MASTER_PRIV_FILE`
+taler-config -f -c $CONF -s exchange-offline -o MASTER_PRIV_FILE -V ${MASTER_PRIV_FILE}
 mkdir -p $MASTER_PRIV_DIR
+rm -f "${MASTER_PRIV_FILE}"
 gnunet-ecc -g1 $MASTER_PRIV_FILE > /dev/null
 export MASTER_PUB=`gnunet-ecc -p $MASTER_PRIV_FILE`
 export EXCHANGE_URL=`taler-config -c $CONF -s EXCHANGE -o BASE_URL`
 MERCHANT_PORT=`taler-config -c $CONF -s MERCHANT -o PORT`
 export MERCHANT_URL=http://localhost:${MERCHANT_PORT}/
 BANK_PORT=`taler-config -c $CONF -s BANK -o HTTP_PORT`
-export BANK_URL=http://localhost:${BANK_PORT}/
+export BANK_URL=http://localhost:1${BANK_PORT}
 export AUDITOR_URL=http://localhost:8083/
-AUDITOR_PRIV_FILE=`taler-config -f -c $CONF -s AUDITOR -o AUDITOR_PRIV_FILE`
+AUDITOR_PRIV_FILE=$1.apriv
 AUDITOR_PRIV_DIR=`dirname $AUDITOR_PRIV_FILE`
+taler-config -f -c ${CONF} -s auditor -o AUDITOR_PRIV_FILE -V ${AUDITOR_PRIV_FILE}
 mkdir -p $AUDITOR_PRIV_DIR
-gnunet-ecc -g1 $AUDITOR_PRIV_FILE > /dev/null
+gnunet-ecc -l /dev/null -g1 $AUDITOR_PRIV_FILE > /dev/null
 AUDITOR_PUB=`gnunet-ecc -p $AUDITOR_PRIV_FILE`

+echo "MASTER PUB is ${MASTER_PUB} using file ${MASTER_PRIV_FILE}"
+echo "AUDITOR PUB is ${AUDITOR_PUB} using file ${AUDITOR_PRIV_FILE}"
+
+
 # patch configuration
 taler-config -c $CONF -s exchange -o MASTER_PUBLIC_KEY -V $MASTER_PUB
+taler-config -c $CONF -s auditor -o PUBLIC_KEY -V $AUDITOR_PUB
 taler-config -c $CONF -s merchant-exchange-default -o MASTER_KEY -V $MASTER_PUB
 taler-config -c $CONF -s exchangedb-postgres -o CONFIG -V postgres:///$TARGET_DB
 taler-config -c $CONF -s auditordb-postgres -o CONFIG -V postgres:///$TARGET_DB
@ -105,22 +141,188 @@ taler-auditor-exchange -c $CONF -m $MASTER_PUB -u $EXCHANGE_URL

 # Launch services
 echo "Launching services"
-taler-bank-manage-testing $CONF postgres:///$TARGET_DB serve &> revocation-bank.log &
+
+export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:${TARGET_DB}-sandbox.sqlite3"
+# Create the default demobank.
+cd $MY_TMP_DIR
+export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=secret
+libeufin-sandbox config --currency "TESTKUDOS" default
+libeufin-sandbox serve --port "1${BANK_PORT}" \
+  > ${MY_TMP_DIR}/libeufin-sandbox-stdout.log \
+  2> ${MY_TMP_DIR}/libeufin-sandbox-stderr.log &
+echo $! > ${MY_TMP_DIR}/libeufin-sandbox.pid
+cd $ORIGIN
+export LIBEUFIN_SANDBOX_URL="http://localhost:1${BANK_PORT}"
+set +e
+echo -n "Waiting for Sandbox..."
+OK=0
+for n in `seq 1 50`; do
+  echo -n "."
+  sleep 1
+  if wget --timeout=1 \
+    --user admin --password secret --auth-no-challenge \
+    --tries=3 --waitretry=0 \
+    -o /dev/null -O /dev/null \
+    ${LIBEUFIN_SANDBOX_URL};
+  then
+    OK=1
+    break
+  fi
+done
+if test $OK != 1
+then
+    exit_skip " Failed to launch sandbox"
+fi
+echo "OK"
+
+register_sandbox_account() {
+    export LIBEUFIN_SANDBOX_USERNAME=$1
+    export LIBEUFIN_SANDBOX_PASSWORD=$2
+    cd $MY_TMP_DIR
+    libeufin-cli sandbox \
+      demobank \
+      register --name "$3"
+    cd $ORIGIN
+    unset LIBEUFIN_SANDBOX_USERNAME
+    unset LIBEUFIN_SANDBOX_PASSWORD
+}
+set -e
+echo -n "Register the 'fortytwo' Sandbox user.."
+register_sandbox_account fortytwo x "Forty Two"
+echo OK
+echo -n "Register the 'fortythree' Sandbox user.."
+register_sandbox_account fortythree x "Forty Three"
+echo OK
+echo -n "Register 'exchange' Sandbox user.."
+register_sandbox_account exchange x "Exchange Company"
+echo OK
+echo -n "Specify exchange's PAYTO_URI in the config ..."
+export LIBEUFIN_SANDBOX_USERNAME=exchange
+export LIBEUFIN_SANDBOX_PASSWORD=x
+cd $MY_TMP_DIR
+PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
+taler-config -c $CONF -s exchange-account-1 -o PAYTO_URI -V $PAYTO
+echo " OK"
+echo -n "Setting this exchange as the bank's default ..."
+EXCHANGE_PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
+libeufin-sandbox default-exchange "$EXCHANGE_URL" "$EXCHANGE_PAYTO"
+echo " OK"
+# Prepare EBICS: create Ebics host and Exchange subscriber.
+# Shortly becoming admin to setup Ebics.
+export LIBEUFIN_SANDBOX_USERNAME=admin
+export LIBEUFIN_SANDBOX_PASSWORD=secret
+echo -n "Create EBICS host at Sandbox.."
+libeufin-cli sandbox \
+  --sandbox-url "http://localhost:1${BANK_PORT}" \
+  ebicshost create --host-id "talerebics"
+echo "OK"
+echo -n "Create exchange EBICS subscriber at Sandbox.."
+libeufin-cli sandbox \
+  demobank new-ebicssubscriber --host-id talerebics \
+  --user-id exchangeebics --partner-id talerpartner \
+  --bank-account exchange # that's a username _and_ a bank account name
+echo "OK"
+unset LIBEUFIN_SANDBOX_USERNAME
+unset LIBEUFIN_SANDBOX_PASSWORD
+# Prepare Nexus, which is the side actually talking
+# to the exchange.
+export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:${TARGET_DB}-nexus.sqlite3"
+# For convenience, username and password are
+# identical to those used at the Sandbox.
+echo -n "Create exchange Nexus user..."
+libeufin-nexus superuser exchange --password x
+echo " OK"
+libeufin-nexus serve --port ${BANK_PORT} \
+  2> ${MY_TMP_DIR}/libeufin-nexus-stderr.log \
+  > ${MY_TMP_DIR}/libeufin-nexus-stdout.log &
+echo $! > ${MY_TMP_DIR}/libeufin-nexus.pid
+export LIBEUFIN_NEXUS_URL="http://localhost:${BANK_PORT}"
+echo -n "Waiting for Nexus..."
+set +e
+OK=0
+for n in `seq 1 50`; do
+  echo -n "."
+  sleep 1
+  if wget --timeout=1 \
+    --tries=3 --waitretry=0 \
+    -o /dev/null -O /dev/null \
+    $LIBEUFIN_NEXUS_URL;
+  then
+    OK=1
+    break
+  fi
+done
+if test $OK != 1
+then
+    exit_skip " Failed to launch Nexus at $LIBEUFIN_NEXUS_URL"
+fi
+set -e
+echo "OK"
+export LIBEUFIN_NEXUS_USERNAME=exchange
+export LIBEUFIN_NEXUS_PASSWORD=x
+echo -n "Creating an EBICS connection at Nexus..."
+libeufin-cli connections new-ebics-connection \
+  --ebics-url "http://localhost:1${BANK_PORT}/ebicsweb" \
+  --host-id "talerebics" \
+  --partner-id "talerpartner" \
+  --ebics-user-id "exchangeebics" \
+  talerconn
+echo "OK"
+echo -n "Setup EBICS keying..."
+libeufin-cli connections connect "talerconn" > /dev/null
+echo "OK"
+echo -n "Download bank account name from Sandbox..."
+libeufin-cli connections download-bank-accounts "talerconn"
+echo "OK"
+echo -n "Importing bank account info into Nexus..."
+libeufin-cli connections import-bank-account \
+  --offered-account-id "exchange" \
+  --nexus-bank-account-id "exchange-nexus" \
+  "talerconn"
+echo "OK"
+echo -n "Setup payments submission task..."
+# Tries every second.
+libeufin-cli accounts task-schedule \
+  --task-type submit \
+  --task-name "exchange-payments" \
+  --task-cronspec "* * *" \
+  "exchange-nexus"
+echo "OK"
+# Tries every second.  Ask C52
+echo -n "Setup history fetch task..."
+libeufin-cli accounts task-schedule \
+  --task-type fetch \
+  --task-name "exchange-history" \
+  --task-cronspec "* * *" \
+  --task-param-level report \
+  --task-param-range-type latest \
+  "exchange-nexus"
+echo "OK"
+# create Taler facade.
+echo -n "Create the Taler facade at Nexus..."
+libeufin-cli facades \
+  new-taler-wire-gateway-facade \
+  --currency "TESTKUDOS" --facade-name "test-facade" \
+  "talerconn" "exchange-nexus"
+echo "OK"
+cd $ORIGIN
+# Facade schema: http://localhost:$BANK_PORT/facades/test-facade/taler-wire-gateway/
+
 TFN=`which taler-exchange-httpd`
 TBINPFX=`dirname $TFN`
 TLIBEXEC=${TBINPFX}/../lib/taler/libexec/
-taler-exchange-secmod-eddsa -c $CONF 2> taler-exchange-secmod-eddsa.log &
+taler-exchange-secmod-eddsa -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-eddsa.log &
 SIGNKEY_HELPER_PID=$!
-taler-exchange-secmod-rsa -c $CONF 2> taler-exchange-secmod-rsa.log &
+taler-exchange-secmod-rsa -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-rsa.log &
 RSA_DENOM_HELPER_PID=$!
-taler-exchange-secmod-cs -c $CONF 2> taler-exchange-secmod-cs.log &
+taler-exchange-secmod-cs -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-cs.log &
 CS_DENOM_HELPER_PID=$!
-taler-exchange-httpd -c $CONF 2> taler-exchange-httpd.log &
+taler-exchange-httpd -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-httpd.log &
 EXCHANGE_PID=$!
-taler-merchant-httpd -c $CONF -L INFO 2> taler-merchant-httpd.log &
+taler-merchant-httpd -c $CONF -L INFO 2> ${MY_TMP_DIR}/taler-merchant-httpd.log &
 MERCHANT_PID=$!
-taler-exchange-wirewatch -c $CONF 2> taler-exchange-wirewatch.log &
-taler-auditor-httpd -c $CONF 2> taler-auditor-httpd.log &
+taler-exchange-wirewatch -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-wirewatch.log &
+taler-auditor-httpd -c $CONF 2> ${MY_TMP_DIR}/taler-auditor-httpd.log &

 # Wait for all bank to be available (usually the slowest)
 for n in `seq 1 50`
@ -157,7 +359,7 @@ done

 if [ 1 != $OK ]
 then
-    cleanup
+    exit_cleanup
    exit_skip "Failed to launch Taler services"
 fi
 echo " DONE"
@ -166,11 +368,11 @@ echo -n "Setting up keys"

 taler-exchange-offline -c $CONF \
  download sign \
-  enable-account payto://x-taler-bank/localhost/Exchange \
+  enable-account `taler-config -c $CONF -s exchange-account-1 -o PAYTO_URI` \
  enable-auditor $AUDITOR_PUB $AUDITOR_URL "TESTKUDOS Auditor" \
-  wire-fee now x-taler-bank TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 \
-  global-fee now TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 1h 1h 1year 5 \
-  upload &> taler-exchange-offline.log
+  wire-fee now iban TESTKUDOS:0.01 TESTKUDOS:0.01 \
+  global-fee now TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 1h 1year 5 \
+  upload &> ${MY_TMP_DIR}/taler-exchange-offline.log

 echo -n "."

@ -191,27 +393,27 @@ fi


 taler-auditor-offline -c $CONF \
-  download sign upload &> taler-auditor-offline.log
+  download sign upload &> ${MY_TMP_DIR}/taler-auditor-offline.log

 echo " DONE"

 # Setup merchant
 echo -n "Setting up merchant"

-curl -H "Content-Type: application/json" -X POST -d '{"auth": {"method": "external"}, "payto_uris":["payto://x-taler-bank/localhost/43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_ms" : 3600000},"default_pay_delay":{"d_ms": 3600000}}' http://localhost:9966/management/instances
+curl -H "Content-Type: application/json" -X POST -d '{"auth": {"method": "external"}, "payto_uris":["payto://iban/SANDBOXX/DE474361?receiver-name=Merchant43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' http://localhost:9966/management/instances


 # run wallet CLI
 echo "Running wallet"

-taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api 'withdrawTestBalance' \
+taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api --expect-success 'withdrawTestBalance' \
  "$(jq -n '
    {
      amount: "TESTKUDOS:8",
      bankBaseUrl: $BANK_URL,
      exchangeBaseUrl: $EXCHANGE_URL,
    }' \
-    --arg BANK_URL $BANK_URL \
+    --arg BANK_URL "$BANK_URL/demobanks/default/access-api/" \
    --arg EXCHANGE_URL $EXCHANGE_URL
  )"

@ -232,13 +434,13 @@ export susp=$(echo "$coins" | jq --arg rc "$rc" '[.coins[] | select(.coin_pub !=

 # Do the revocation
 taler-exchange-offline -c $CONF \
-  revoke-denomination "${rd}" upload &> taler-exchange-offline-revoke.log
+  revoke-denomination "${rd}" upload &> ${MY_TMP_DIR}/taler-exchange-offline-revoke.log

 sleep 1 # Give exchange time to create replacmenent key

 # Re-sign replacement keys
 taler-auditor-offline -c $CONF \
-  download sign upload &> taler-auditor-offline.log
+  download sign upload &> ${MY_TMP_DIR}/taler-auditor-offline.log

 # Now we suspend the other coins, so later we will pay with the recouped coin
 taler-wallet-cli --wallet-db=$WALLET_DB advanced suspend-coins "$susp"
@ -286,13 +488,13 @@ kill -TERM $EXCHANGE_PID
 kill -TERM $RSA_DENOM_HELPER_PID
 kill -TERM $CS_DENOM_HELPER_PID
 kill -TERM $SIGNKEY_HELPER_PID
-taler-exchange-secmod-eddsa $TIMETRAVEL -c $CONF 2> taler-exchange-secmod-eddsa.log &
+taler-exchange-secmod-eddsa $TIMETRAVEL -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-eddsa.log &
 SIGNKEY_HELPER_PID=$!
-taler-exchange-secmod-rsa $TIMETRAVEL -c $CONF 2> taler-exchange-secmod-rsa.log &
+taler-exchange-secmod-rsa $TIMETRAVEL -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-rsa.log &
 RSA_DENOM_HELPER_PID=$!
-taler-exchange-secmod-cs $TIMETRAVEL -c $CONF 2> taler-exchange-secmod-cs.log &
+taler-exchange-secmod-cs $TIMETRAVEL -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-cs.log &
 CS_DENOM_HELPER_PID=$!
-taler-exchange-httpd $TIMETRAVEL -c $CONF 2> taler-exchange-httpd.log &
+taler-exchange-httpd $TIMETRAVEL -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-httpd.log &
 export EXCHANGE_PID=$!

 # Wait for exchange to be available
@ -333,13 +535,13 @@ export susp=$(echo "$coins" | jq --arg freshc "$freshc" '[.coins[] | select(.coi
 # Do the revocation of freshc
 echo "Revoking ${fresh_denom} (to affect coin ${freshc})"
 taler-exchange-offline -c $CONF \
-  revoke-denomination "${fresh_denom}" upload &> taler-exchange-offline-revoke-2.log
+  revoke-denomination "${fresh_denom}" upload &> ${MY_TMP_DIR}/taler-exchange-offline-revoke-2.log

 sleep 1 # Give exchange time to create replacmenent key

 # Re-sign replacement keys
 taler-auditor-offline -c $CONF \
-  download sign upload &> taler-auditor-offline.log
+  download sign upload &> ${MY_TMP_DIR}/taler-auditor-offline.log

 # Now we suspend the other coins, so later we will pay with the recouped coin
 taler-wallet-cli $TIMETRAVEL --wallet-db=$WALLET_DB advanced suspend-coins "$susp"
@ -353,7 +555,7 @@ taler-wallet-cli $TIMETRAVEL --wallet-db=$WALLET_DB run-until-done

 echo "Restarting merchant (so new keys are known)"
 kill -TERM $MERCHANT_PID
-taler-merchant-httpd -c $CONF -L INFO 2> taler-merchant-httpd.log &
+taler-merchant-httpd -c $CONF -L INFO 2> ${MY_TMP_DIR}/taler-merchant-httpd.log &
 MERCHANT_PID=$!
 # Wait for merchant to be again available
 for n in `seq 1 50`
@ -383,25 +585,29 @@ taler-wallet-cli $TIMETRAVEL --wallet-db=$WALLET_DB run-until-done
 echo "Bought something with refresh-recouped coin"

 echo "Shutting down services"
-cleanup
+exit_cleanup


 # Dump database
 echo "Dumping database"
+echo "Dumping PostgreSQL database: ${BASEDB}.sql"
 pg_dump -O $TARGET_DB | sed -e '/AS integer/d' > ${BASEDB}.sql
+echo "Dumping libeufin database: ${TARGET_DB}-libeufin-*.sql"
+cd $MY_TMP_DIR
+sqlite3 ${TARGET_DB}-nexus.sqlite3 ".dump" > ${BASEDB}-libeufin-nexus.sql
+sqlite3 ${TARGET_DB}-sandbox.sqlite3 ".dump" > ${BASEDB}-libeufin-sandbox.sql
+
+rm ${TARGET_DB}-sandbox.sqlite3 ${TARGET_DB}-nexus.sqlite3 # libeufin DB
+
+cd $ORIGIN

 echo $MASTER_PUB > ${BASEDB}.mpub
-date +%s > ${BASEDB}.age

-# clean up
 echo "Final clean up"
 dropdb $TARGET_DB
-rm -rf $DATA_DIR || true
-rm -f $CONF
-rm -r $TMP_DIR

 echo "====================================="
-echo "  Finished revocation DB generation  "
+echo "  Finished generation of $BASEDB "
 echo "====================================="

 exit 0
--- a/src/auditor/report-lib.c
+++ b/src/auditor/report-lib.c
@ -588,6 +588,9 @@ TALER_ARL_init (const struct GNUNET_CONFIGURATION_Handle *c)
      GNUNET_free (master_public_key_str);
      return GNUNET_SYSERR;
    }
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "Running auditor against exchange master public key `%s'\n",
+                master_public_key_str);
    GNUNET_free (master_public_key_str);
  } /* end of -m not given */

--- a/src/auditor/revoke-basedb.age
+++ b/src/auditor/revoke-basedb.age
@ -1 +0,0 @@
-1655640625
--- a/src/auditor/revoke-basedb.conf
+++ b/src/auditor/revoke-basedb.conf
@ -1,34 +1,34 @@
 [auditor]
-DB = postgres
+PUBLIC_KEY = CK4P6P5VXR82B1A4C3PY5DCHG8HDZA1HSZR76Z8D6FD57MASFT70
 TINY_AMOUNT = TESTKUDOS:0.01
 BASE_URL = http://localhost:8083/

 [exchange-account-1]
-PAYTO_URI = payto://x-taler-bank/localhost/Exchange
+PAYTO_URI = payto://iban/SANDBOXX/DE717324?receiver-name=Exchange+Company
 enable_debit = yes
 enable_credit = yes

 [exchange-accountcredentials-1]
-WIRE_GATEWAY_URL = "http://localhost:8082/taler-wire-gateway/Exchange/"
+WIRE_GATEWAY_URL = "http://localhost:8082/facades/test-facade/taler-wire-gateway/"
 WIRE_GATEWAY_AUTH_METHOD = basic
-USERNAME = Exchange
+USERNAME = exchange
 PASSWORD = x

 [exchangedb]
 WIREFEE_BASE_DIR = ${PWD}/wirefees/

 [auditordb-postgres]
-CONFIG = postgres:///taler-auditor-test
+CONFIG = postgres:///revoke-basedb

 [exchangedb-postgres]
-CONFIG = postgres:///taler-auditor-test
+CONFIG = postgres:///revoke-basedb

 [taler]
 CURRENCY = TESTKUDOS
 CURRENCY_ROUND_UNIT = TESTKUDOS:0.01

 [bank]
-DATABASE = postgres:///taler-auditor-test
+DATABASE = postgres:///revoke-basedb
 MAX_DEBT = TESTKUDOS:50.0
 MAX_DEBT_BANK = TESTKUDOS:100000.0
 HTTP_PORT = 8082
--- a/src/auditor/revoke-basedb.fees
+++ b/src/auditor/revoke-basedb.fees
--- a/src/auditor/revoke-basedb.mpub
+++ b/src/auditor/revoke-basedb.mpub
@ -1 +0,0 @@
-MREDG0XYVSX4RPYSA6JNQZ93P2DDBG45F3M6RBZXRS49M0JTVN40
--- a/Show More
+++ b/Show More
				`@ -1 +0,0 @@`
				`JM0NJXHM6Y6HYAPK2WDFH3HDJ2E9KZWGKM3E0FYRV2V3HCTB3DQ0`
				`@ -1 +0,0 @@`
				`MREDG0XYVSX4RPYSA6JNQZ93P2DDBG45F3M6RBZXRS49M0JTVN40`