taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: taler:master
Branches Tags
taler:master
taler:new-amount
taler:fail-amount
taler:age-withdraw
taler:master-broken
taler:auction_brandt
..
compare: taler:7624db4efd91aee964b54ad67be38dd901a66040
Branches Tags
taler:new-amount
taler:fail-amount
taler:age-withdraw
taler:master
taler:master-broken
taler:auction_brandt

No commits in common. "master" and "7624db4efd91aee964b54ad67be38dd901a66040" have entirely different histories.
master ... 7624db4efd

1182 changed files with 55252 additions and 167292 deletions
Show Stats Expand all files Collapse all files

13
.gitignore vendored
View File

@ -88,7 +88,6 @@ src/wire-plugins/test_wire_plugin
src/wire-plugins/test_wire_plugin_transactions_taler_bank
src/pq/test_pq
src/sq/test_sq
src/util/test_age_restriction
src/util/test_amount
src/util/test_crypto
src/util/test_json
@ -134,12 +133,6 @@ src/testing/test_auditor_api_rsa
src/testing/test_exchange_api_overlapping_keys_bug_cs
src/testing/test_exchange_api_overlapping_keys_bug_rsa
src/testing/test_exchange_api_home/.local/share/taler/exchange/revocations/
src/testing/test_auditor_api
src/testing/test_auditor_api_version
src/testing/test_exchange_api_keys_cherry_picking
src/testing/test_exchange_api_overlapping_keys_bug
src/testing/test_exchange_api_revocation
src/testing/test_exchange_management_api
src/wire-plugins/test_wire_plugin_legacy_taler_bank
uncrustify.cfg
vgcore.*
@ -162,9 +155,3 @@ po/taler-exchange.pot
po/remove-potcdate.sed
src/include/taler_dbevents.h
src/bank-lib/taler-exchange-wire-gateway-client
src/exchange/taler-exchange-drain
src/kyclogic/taler-exchange-kyc-tester
src/auditor/exchange-httpd-drain.err
src/templating/libmustach.a
contrib/tos/conf.py
contrib/pp/conf.py

2
.gitmodules vendored
View File

@ -7,4 +7,4 @@
branch = prebuilt
[submodule "contrib/gana"]
path = contrib/gana
url = https://git.gnunet.org/gana.git
url = https://git.gnunet.org/git/gana.git

6
ChangeLog
View File

@ -1,9 +1,3 @@
Sat Nov 5 11:32:45 AM CET 2022
Added support for P2P payments.
Added support for explicit reserve lifetime control.
Added support for age restrictions.
Releasing GNU Taler Exchange 0.9.0. -CG
Fri 03 Sep 2021 07:02:05 PM CEST
Add experimental aggregator sharding logic. -CG

5
Makefile.am
View File

@ -15,6 +15,11 @@ else
endif
endif
BUILT_SOURCES = src/include/taler_error_codes.h
src/include/taler_error_codes.h: contrib/gana/gnu-taler-error-codes/registry.rec
contrib/gana-update.sh
@DX_RULES@
ACLOCAL_AMFLAGS = -I m4

100
README
View File

@ -13,14 +13,15 @@ spend their digital coins. Naturally, each Merchant is different, but
Taler includes code examples to help Merchants integrate Taler as a
payment system.
Taler is currently developed by a worldwide group of independent free software
developers and Taler Systems SA. Taler is free software and an official GNU
package (https://www.gnu.org/).
Taler is currently developed by a worldwide group of independent free
software developers and the DECENTRALISE team at Inria Rennes. Taler
is free software and a GNU package (https://www.gnu.org/).
This is an alpha release with a few known bugs, lacking a few important
features, documentation, testing, performance tuning and an external security
audit. However, you can run the code and it largely works fine. This package
also only includes the Taler exchange, not the other components of the system.
This is an alpha release with a few known bugs, lacking a few
important features, documentation, testing, performance tuning and an
external security audit. However, you can run the code and it largely
works fine. that does not work yet. This package also only includes
the Taler exchange, not the other components of the system.
Documentation about Taler can be found at https://taler.net/.
Our bug tracker is at https://bugs.taler.net/.
@ -62,7 +63,7 @@ src/pq/
-- Postgres-specific utility functions
src/exchangedb/
-- Exchange database backend (with database-specific plugins)
-- Exchange database backend (with DB-specific plugins)
src/exchange/
-- taler exchange server
@ -70,50 +71,71 @@ src/exchange/
src/exchange-tools/
-- taler exchange helper programs
src/lib/
src/exchange-lib/
-- libtalerexchange: C API to issue HTTP requests to exchange
src/auditor/
-- tools to generate reports about financial performance and
to validate that the exchange has been operating correctly
src/auditordb/
-- database logic for the auditor component (with database-specific
plugins)
src/benchmark/
-- tool to run performance measurements
src/templating/
-- logic to generate HTML pages from templates at runtime
src/kyclogic/
-- core logic and plugins to trigger and manage KYC processes
as required by banking regulation
src/bank-lib/
-- bank REST client logic and implementation of an in-memory
RTGS emulator ("fakebank") for testing.
src/extensions/
-- extensions to the core logic of an exchange
src/json/
-- helper functions for generating and parsing JSON
src/mhd/
-- helper functions for interacting with GNU libmicrohttpd
src/curl/
-- helper functions for interacting with libcurl
Getting Started
===============
Please follow the exchange manual you can view after
installing using
The following steps illustrate how to set up a exchange HTTP server.
They take as a stub for configuring the exchange the content of 'contrib/exchange-template/config/'.
$ info taler-exchange
1) Create a 'test/' directory and copy the stubs in it:
or by visiting https://docs.taler.net/.
mkdir -p test/config/
cp exchange/contrib/exchange-template/config/* test/config/
cd test/
2) Create the exchange's master with the tool 'gnunet-ecc':
gnunet-ecc -g1 master.priv
3) Edit config/exchange-common.conf by replacing the right value on the line with the
MASTER_PUBLIC_KEY entry with the fresh generated (ASCII version of) master.priv.
This ASCII version is obtained by issuing:
gnunet-ecc -p master.priv
4) Generate other exchange related keys ('denomination' and 'signing' keys), by issuing:
taler-exchange-keyup -m master.priv -o auditor.in
5) A exchange needs a database to operate, so the following instructions relate to
how to set up PostgreSQL. On debian, the two packages needed are:
* postgresql
* postgresql-client
For other operating systems, please refer to the relevant documentation.
In this settlement, the exchange will use a database called 'talercheck' and will
run under the username through which 'taler-exchange-httpd' is launched. Thus assuming
that this user is 'demo', we need to create a 'demo' role for postgresql and make
him the owner of 'talercheck' database.
To perform these administrative tasks we have to impersonate the 'postgres' (by default,
postgres installation assigns privileges to such a user) user, then connect to the running DBMS.
Issue the following:
su # give your root password
su - postgres
psql # this is the command-line client to the DMBS
# the following lines are SQL
CREATE USER demo;
CREATE DATABASE talercheck OWNER demo;
# quit with CTRL-D
7) If any previous step has been successful, it is now possbile to start up the
exchange web server (by default it will listen on port 4241); issue:
taler-exchange-httpd -d `pwd` # assuming we did not move outside of the 'test' directory

7
bootstrap
View File

@ -1,5 +1,4 @@
#!/bin/sh
# This file is in the public domain.
set -eu
@ -8,12 +7,6 @@ if ! git --version >/dev/null; then
exit 1
fi
if ! htmlark --version >/dev/null; then
echo "htmlark not installed"
echo "Run 'pip install htmlark'"
exit 1
fi
echo "$0: Updating submodules"
echo | git submodule update --init

109
configure.ac
View File

@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
#
# This file is part of TALER
# Copyright (C) 2014-2023 Taler Systems SA
# Copyright (C) 2014-2021 Taler Systems SA
#
# TALER is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
@ -17,7 +17,7 @@
#
#
AC_PREREQ([2.69])
AC_INIT([taler-exchange],[0.9.2],[taler-bug@gnunet.org])
AC_INIT([taler-exchange], [0.8.5], [taler-bug@gnunet.org])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_SRCDIR([src/util/util.c])
AC_CONFIG_HEADERS([taler_config.h])
@ -33,6 +33,8 @@ AM_SILENT_RULES([yes])
AC_CONFIG_MACRO_DIR([m4])
AC_PROG_AWK
AC_PROG_CC
# FIXME: AC_PROG_CC_C99 is obsolete, remove for autoconf 2.70
AC_PROG_CC_C99
AC_PROG_OBJC
AC_PROG_INSTALL
AC_PROG_LN_S
@ -63,13 +65,6 @@ AS_IF([test "x$doc_only" != xyes],[
# Force some CFLAGS
CFLAGS="-Wall -Wno-address-of-packed-member $CFLAGS"
TALER_LIB_LDFLAGS="-export-dynamic -no-undefined"
TALER_PLUGIN_LDFLAGS="-export-dynamic -avoid-version -module -no-undefined"
AC_SUBST(TALER_LIB_LDFLAGS)
AC_SUBST(TALER_PLUGIN_LDFLAGS)
# Checks for header files.
AC_CHECK_HEADERS([stdint.h stdlib.h string.h unistd.h sys/socket.h sys/un.h netinet/in.h netinet/ip.h])
@ -83,7 +78,6 @@ AC_DEFINE_UNQUOTED([NEED_LIBGCRYPT_VERSION], ["$need_libgcrypt_version"],
AM_PATH_LIBGCRYPT([$need_libgcrypt_version])
# should expensive tests be run?
AC_MSG_CHECKING(whether to run expensive tests)
AC_ARG_ENABLE([expensivetests],
@ -141,12 +135,20 @@ AS_CASE([$with_gnunet],
[no], [AC_MSG_ERROR([--with-gnunet is required])],
[LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
AC_CHECK_HEADERS([gnunet/gnunet_util_lib.h],
[AC_CHECK_LIB([gnunetutil], [GNUNET_SCHEDULER_run], libgnunetutil=1)])
AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_util_lib.h],
[AC_CHECK_LIB([gnunetutil], [GNUNET_SCHEDULER_run], libgnunetutil=1)],
[], [#ifdef HAVE_GNUNET_PLATFORM_H
#include <gnunet/platform.h>
#endif
#include <gnunet/gnunet_common.h>
#if GNUNET_UTIL_VERSION < 0x00A0104
#fail libgnunetutil is too old
#endif])
AS_IF([test $libgnunetutil != 1],
[AC_MSG_ERROR([[
***
*** You need libgnunetutil >= 0.19.0 to build this program.
*** You need libgnunetutil > 0.14.0 to build this program.
*** (Yes, ">", libgnunetutil 0.14.0 is NOT enough.)
*** This library is part of GNUnet, available at
*** https://gnunet.org
*** ]])])
@ -165,8 +167,11 @@ AS_CASE([$with_gnunet],
[no], [AC_MSG_ERROR([--with-gnunet is required])],
[LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
AC_CHECK_HEADERS([gnunet/gnunet_json_lib.h],
[AC_CHECK_LIB([gnunetjson], [GNUNET_JSON_parse], libgnunetjson=1)])
AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_json_lib.h],
[AC_CHECK_LIB([gnunetjson], [GNUNET_JSON_parse], libgnunetjson=1)],
[], [#ifdef HAVE_GNUNET_PLATFORM_H
#include <gnunet/platform.h>
#endif])
AS_IF([test $libgnunetjson != 1],
[AC_MSG_ERROR([[
***
@ -228,8 +233,11 @@ AS_CASE([$with_gnunet],
[no], [AC_MSG_ERROR([--with-gnunet is required])],
[LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
AC_CHECK_HEADERS([gnunet/gnunet_curl_lib.h],
[AC_CHECK_LIB([gnunetcurl], [GNUNET_CURL_get_select_info], libgnunetcurl=1)])
AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_curl_lib.h],
[AC_CHECK_LIB([gnunetcurl], [GNUNET_CURL_get_select_info], libgnunetcurl=1)],
[], [#ifdef HAVE_GNUNET_PLATFORM_H
#include <gnunet/platform.h>
#endif])
AS_IF([test $libgnunetcurl != 1],
[AC_MSG_ERROR([[
***
@ -244,21 +252,6 @@ CFLAGS=$CFLAGS_SAVE
LDFLAGS=$LDFLAGS_SAVE
LIBS=$LIBS_SAVE
# test for postgres
AX_LIB_POSTGRESQL([13.0])
AS_IF([test "x$found_postgresql" = "xyes"],
[SAVE_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$POSTGRES_CPPFLAGS $CPPFLAGS"
AC_CHECK_HEADERS([libpq-fe.h], [postgres=1], [postgres=0])])
AS_IF([test "x$postgres" != "x1"],
[AC_MSG_ERROR([[
***
*** You need libpq(-dev) >= 13.0 to build this program.
*** ]])])
AM_CONDITIONAL([HAVE_POSTGRESQL], [test "x$postgres" = "x1"])
AC_DEFINE_UNQUOTED([HAVE_POSTGRESQL], [$postgres],
[Define to 1 if Postgres is available])
# Check for GNUnet's libgnunetpq.
libgnunetpq=0
AC_MSG_CHECKING([for libgnunetpq])
@ -271,10 +264,12 @@ AS_CASE([$with_gnunet],
[yes], [],
[no], [AC_MSG_ERROR([--with-gnunet is required])],
[LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
CPPFLAGS="-I$with_gnunet/include ${CPPFLAGS}"])
CPPFLAGS="${CPPFLAGS} ${POSTGRESQL_CPPFLAGS}"
AC_CHECK_HEADERS([gnunet/gnunet_pq_lib.h],
[AC_CHECK_LIB([gnunetpq], [GNUNET_PQ_result_spec_string], libgnunetpq=1)])
CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_pq_lib.h],
[AC_CHECK_LIB([gnunetpq], [GNUNET_PQ_result_spec_string], libgnunetpq=1)],
[], [#ifdef HAVE_GNUNET_PLATFORM_H
#include <gnunet/platform.h>
#endif])
AS_IF([test $libgnunetpq != 1],
[AC_MSG_ERROR([[
***
@ -284,18 +279,19 @@ AS_IF([test $libgnunetpq != 1],
*** is recent!)
*** ]])])
CFLAGS_SAVE=$CFLAGS
LDFLAGS_SAVE=$LDFLAGS
LIBS_SAVE="$LIBS"
# Check for GNUnet's libgnunetsq
libgnunetsq=0
AC_MSG_CHECKING([for libgnunetsq])
AC_CHECK_HEADERS([gnunet/gnunet_sq_lib.h],
[AC_CHECK_LIB([gnunetsq], [GNUNET_SQ_result_spec_string], libgnunetsq=1)])
[AC_CHECK_LIB([gnunetsq], [GNUNET_SQ_result_spec_string], libgnunetsq=1)],
[], [#ifdef HAVE_GNUNET_PLATFORM_H
#include <gnunet/platform.h>
#endif])
# check for libmicrohttpd
microhttpd=0
AC_MSG_CHECKING([for microhttpd])
AC_ARG_WITH([microhttpd],
[AS_HELP_STRING([--with-microhttpd=PFX], [base of microhttpd installation])],
@ -307,7 +303,14 @@ AS_CASE([$with_microhttpd],
[no], [AC_MSG_ERROR([--with-microhttpd is required])],
[LDFLAGS="-L$with_microhttpd/lib $LDFLAGS"
CPPFLAGS="-I$with_microhttpd/include $CPPFLAGS"])
MHD_VERSION_AT_LEAST([0.9.71])
AC_CHECK_LIB(microhttpd,MHD_start_daemon,
[AC_CHECK_HEADER([microhttpd.h],[microhttpd=1])])
AC_CHECK_DECL([MHD_DAEMON_INFO_CURRENT_CONNECTIONS],,[microhttpd=0],[[#include <microhttpd.h>]])
AS_IF([test $microhttpd = 0],
[AC_MSG_ERROR([[
***
*** You need libmicrohttpd >= 0.9.39 to build this program.
*** ]])])
# check for libjansson (Jansson JSON library)
jansson=0
@ -331,6 +334,22 @@ AS_IF([test $jansson = 0],
*** ]])])
# test for postgres
AX_LIB_POSTGRESQL([13.0])
AS_IF([test "x$found_postgresql" = "xyes"],[postgres=true])
TALER_LIB_LDFLAGS="-export-dynamic -no-undefined"
TALER_PLUGIN_LDFLAGS="-export-dynamic -avoid-version -module -no-undefined"
AC_SUBST(TALER_LIB_LDFLAGS)
AC_SUBST(TALER_PLUGIN_LDFLAGS)
CFLAGS_SAVE=$CFLAGS
LDFLAGS_SAVE=$LDFLAGS
LIBS_SAVE="$LIBS"
AM_CONDITIONAL(HAVE_POSTGRESQL, test x$postgres = xtrue)
CFLAGS=$CFLAGS_SAVE
LDFLAGS=$LDFLAGS_SAVE
@ -380,7 +399,10 @@ AS_CASE([$with_twister],
CPPFLAGS="-I$with_twister/include $CPPFLAGS"])
AC_CHECK_HEADERS([taler/taler_twister_service.h],
[AC_CHECK_LIB([talertwister], [TALER_TWISTER_connect], talertwister=1)])
[AC_CHECK_LIB([talertwister], [TALER_TWISTER_connect], talertwister=1)],
[], [#ifdef HAVE_GNUNET_PLATFORM_H
#include <gnunet/platform.h>
#endif])
AM_CONDITIONAL(HAVE_TWISTER, test x$talertwister = x1)
# should developer logic be compiled (not-for-production code)?
@ -520,9 +542,7 @@ AC_CONFIG_FILES([Makefile
src/exchangedb/Makefile
src/exchange-tools/Makefile
src/extensions/Makefile
src/extensions/age_restriction/Makefile
src/lib/Makefile
src/kyclogic/Makefile
src/testing/Makefile
src/benchmark/Makefile
src/include/Makefile
@ -530,7 +550,6 @@ AC_CONFIG_FILES([Makefile
src/mhd/Makefile
src/pq/Makefile
src/sq/Makefile
src/templating/Makefile
src/util/Makefile
])
AC_OUTPUT

53
contrib/Makefile.am
View File

@ -1,21 +1,5 @@
SUBDIRS = .
tmplpkgdatadir = $(prefix)/share/taler/exchange/templates/
dist_tmplpkgdata_DATA = \
persona-exchange-unauthorized.en.must \
persona-load-failure.en.must \
persona-exchange-unpaid.en.must \
persona-logic-failure.en.must \
persona-invalid-response.en.must \
persona-network-timeout.en.must \
persona-kyc-failed.en.must \
persona-provider-failure.en.must
# %%.must: merchant-backoffice/%.html
# WTF: cp $< $@
# English (en)
tosendir=$(datadir)/taler/exchange/tos/en
@ -25,20 +9,18 @@ ppendir=$(datadir)/taler/exchange/pp/en
rdatadir=$(datadir)/taler/exchange
tosen_DATA = \
tos/en/*.txt \
tos/en/*.md \
tos/en/*.pdf \
tos/en/*.epub \
tos/en/*.xml \
tos/en/*.html
tos/en/0.txt \
tos/en/0.pdf \
tos/en/0.epub \
tos/en/0.xml \
tos/en/0.html
ppen_DATA = \
pp/en/*.txt \
pp/en/*.md \
pp/en/*.pdf \
pp/en/*.epub \
pp/en/*.xml \
pp/en/*.html
pp/en/0.txt \
pp/en/0.pdf \
pp/en/0.epub \
pp/en/0.xml \
pp/en/0.html
rdata_DATA = \
auditor-report.tex.j2
@ -58,14 +40,13 @@ EXTRA_DIST = \
gana/gnu-taler-error-codes/Makefile \
tos/Makefile \
tos/README \
tos/bfh-v0.rst \
tos/tos-v0.rst \
tos/conf.py.in \
tos/tos.rst \
tos/conf.py \
tos/locale/de/LC_MESSAGES/tos.po \
pp/Makefile \
pp/README \
pp/pp-v0.rst \
pp/conf.py.in \
pp/pp.rst \
pp/conf.py \
pp/locale/de/LC_MESSAGES/pp.po \
$(rdata_DATA) \
coverage.sh \
@ -78,10 +59,10 @@ TOS_LANGUAGES="en de"
PP_LANGUAGES="en de"
# Change the terms-of-service version (Etag) to generate here!
# This value should be modified whenever there is a substantive
# This value should be incremented whenever there is a substantive
# change in the original text (but not for the translations).
TOS_VERSION=tos-v0
PP_VERSION=pp-v0
TOS_VERSION=0
PP_VERSION=0
update-tos:
VERSION=$(TOS_VERSION) ./update-tos.sh $(TOS_LANGUAGES)

43
contrib/auditor-report.tex.j2
View File

@ -139,10 +139,6 @@ In that time, the wire auditor processed the following table ranges:
{% endif %}
\end{center}
The total credits to the exchange processed in
this audit run was {\bf {{ wire.total_wire_in }}}.
The total debits initiated by the exchange processed in
this audit run was {\bf {{ wire.total_wire_out }}}.
\section{Operations}
@ -150,16 +146,6 @@ The balance of the escrow account should
be {\bf {{ coins.total_escrow_balance }}} (coins)
plus {\bf {{ reserves.total_escrow_balance }}} (reserves).
\noindent
This should match the final balance computed from
ingoing and outgoing wire transfers, which is
{\bf {{ wire.final_balance}} }.
\noindent
A total of {\bf {{ wire.total_drained}} } in profits
were transferred (over the lifetime of the exchange)
to non-escrowed accounts.
\noindent
The active operational risk stands at
{\bf {{ coins.total_active_risk }}}.
@ -169,8 +155,9 @@ Loss (actualized risk from recoups) is
{\bf {{ coins.total_recoup_loss }}}.
\noindent
Losses from irregular reserve operations are at
{\bf {{ reserves.total_irregular_loss }}} (reserves).
Recoups of non-revoked coins are at
{\bf {{ coins.total_irregular_recoups }}} (coins)
plus {\bf {{ reserves.total_irregular_recoups }}} (reserves).
\section{Income}
@ -317,8 +304,8 @@ confirmations to the auditor directly, so if the exchange is slow at
synchronizing its database with the auditor, some deposit
confirmations may be known at the auditor only directly. However, any
delta not accounted for by database synchronization delays is an
indicator of a malicious exchange (or online signing key compromise)
and should be answered by revoking the exchange's online signing keys.
indicator of a malicious exchange (or online singing key compromise)
and should be answered by revoking the exchange's online siging keys.
% TODO: maybe reference PhD thesis on this?
The total amount the exchange currently lags behind is
@ -612,7 +599,7 @@ compromise resulting in proportional financial losses to the exchange.
\endfoot
\hline
{\bf Total loss} &
{{ reserves.total_irregular_loss }} \\
{{ reserves.total_loss_balance_insufficient }} \\
\caption{Reserves with withdrawals higher than reserve funding.}
\label{table:reserve:balance_insufficient}
\endlastfoot
@ -781,7 +768,7 @@ invalid and the amount involved should be considered lost.
\endfoot
\hline
\multicolumn{2}{l}{ {\bf Total losses} } &
{\bf {{ coins.irregular_loss}} } \\
{\bf {{ coins.total_bad_sig_loss}} } \\
\caption{Losses from operations performed on coins without proper signatures.}
\label{table:bad_signature_losses}
\endlastfoot
@ -900,7 +887,7 @@ actually received in some reserves.
{% endif %}
\subsection{Misattributed incoming wire transfers}
\subsection{Missattributed incoming wire transfers}
This section lists cases where the sender account record of an
incoming wire transfer differs between the exchange and the bank.
@ -910,7 +897,7 @@ account.
% Table generation tested by testcase #9 in test-auditor.sh
{% if wire.misattribution_in_inconsistencies|length() == 0 %}
{% if wire.missattribution_in_inconsistencies|length() == 0 %}
{\bf All incoming wire transfer sender accounts matched up.}
{% else %}
\begin{longtable}{p{8.5cm}|r}
@ -925,11 +912,11 @@ account.
\endfoot
\hline
{\bf Total amount} &
{{ wire.total_misattribution_in}} \\
{{ wire.total_missattribution_in}} \\
\caption{Incoming wire transfer sender accounts not matching up.}
\label{table:wire_in:sender_account_inconsistencies}
\endlastfoot
{% for item in wire.misattribution_in_inconsistencies %}
{% for item in wire.missattribution_in_inconsistencies %}
{\tt \small \truncate{8.3cm}{ {{ item.reserve_pub }} } } &
{{ item.amount }} \\ \hline
{% endfor %}
@ -941,7 +928,7 @@ account.
\subsection{Actual outgoing wire transfers} \label{sec:wire_check_out}
This section highlights cases where the exchange misbehaved
This section highlights cases where the exchange missbehaved
with respect to outgoing wire transfers.
% Table generation tested by testcase #11 in test-auditor.sh
@ -987,10 +974,10 @@ with respect to outgoing wire transfers.
\subsection{Denominations without auditor signature}
This section highlights denomination keys that lack a proper
signature from the {\tt taler-auditor-offline} tool. This may be
signature from the {\t taler-auditor-offline} tool. This may be
legitimate, say in case where the auditor's involvement in the
exchange business is ending and a new auditor is responsible for
future denominations. So this must be read with a keen eye on the
future denomnations. So this must be read with a keen eye on the
business situation.
@ -1106,7 +1093,7 @@ have a clear financial impact.
{{ item.row }} &
{{ item.diagnostic }} \\
\nopagebreak
\multicolumn{3}{l}{ {\tiny {\tt \truncate{\textwidth}{ {{ item.id }} } } } } \\ \hline
\multicolumn{3}{l}{ {\tiny {\tt \truncate{\textwidth}{ {{ item.wire_offset_hash }} } } } } \\ \hline
{% endfor %}
\end{longtable}
{% endif %}

2
contrib/gana

@ -1 +1 @@
Subproject commit bd4e73b2ed06269fdee42eaad21acb5be8be9302
Subproject commit 24eb905bac48869b4184801571c0728c772b299c

61
contrib/gana-update.sh
View File

@ -1,41 +1,34 @@
#!/bin/sh
# This file is in the public domain.
#
# Helper script to recompute error codes based on submodule
# Run from exchange/ main directory.
set -eu
domake ()
{
# $1 -- dir under contrib/
dir="contrib/$1"
make -C $dir
}
ensure ()
{
# $1 -- filename
# $2 -- src dir under contrib/
# $3 -- dst dir under ./
fn="$1"
src="contrib/$2/$fn"
dst="./$3/$fn"
if ! diff $src $dst > /dev/null
# Generate taler-error-codes.h in gana and copy it to
# src/include/taler_error_codes.h
cd contrib/gana/gnu-taler-error-codes
make
cd ../../..
for n in taler_error_codes.c
do
if ! diff contrib/gana/gnu-taler-error-codes/${n} src/util/${n} > /dev/null
then
test ! -f $dst || chmod +w $dst
cp $src $dst
chmod -w $dst
cp contrib/gana/gnu-taler-error-codes/$n src/util/$n
fi
}
domake gana/gnu-taler-error-codes
ensure taler_error_codes.c gana/gnu-taler-error-codes src/util
ensure taler_error_codes.h gana/gnu-taler-error-codes src/include
domake gana/gnu-taler-db-events
ensure taler_dbevents.h gana/gnu-taler-db-events src/include
domake sigp
ensure taler_signatures.h sigp src/include
done
for n in taler_error_codes.h
do
if ! diff contrib/gana/gnu-taler-error-codes/${n} src/include/${n} > /dev/null
then
cp contrib/gana/gnu-taler-error-codes/$n src/include/$n
fi
done
cd contrib/gana/gnu-taler-db-events
make
cd ../../..
for n in taler_dbevents.h
do
if ! diff contrib/gana/gnu-taler-db-events/${n} src/include/${n} > /dev/null
then
cp contrib/gana/gnu-taler-db-events/$n src/include/$n
fi
done

18
contrib/microhttpd.tag
View File

@ -22,12 +22,6 @@
<anchorfile>microhttpd.h</anchorfile>
<arglist></arglist>
</member>
<member kind="define">
<type>#define</type>
<name>MHD_HTTP_UNAVAILABLE_FOR_LEGAL_REASONS</name>
<anchorfile>microhttpd.h</anchorfile>
<arglist></arglist>
</member>
<member kind="define">
<type>#define</type>
<name>MHD_HTTP_BAD_REQUEST</name>
@ -46,12 +40,6 @@
<anchorfile>microhttpd.h</anchorfile>
<arglist></arglist>
</member>
<member kind="define">
<type>#define</type>
<name>MHD_HTTP_CONTENT_TOO_LARGE</name>
<anchorfile>microhttpd.h</anchorfile>
<arglist></arglist>
</member>
<member kind="define">
<type>#define</type>
<name>MHD_HTTP_REQUEST_TIMEOUT</name>
@ -76,12 +64,6 @@
<anchorfile>microhttpd.h</anchorfile>
<arglist></arglist>
</member>
<member kind="define">
<type>#define</type>
<name>MHD_HTTP_NETWORK_AUTHENTICATION_REQUIRED</name>
<anchorfile>microhttpd.h</anchorfile>
<arglist></arglist>
</member>
<member kind="define">
<type>#define</type>
<name>MHD_HTTP_GONE</name>

13
contrib/persona-exchange-unauthorized.en.must
View File

@ -1,13 +0,0 @@
<html>
<head>
<title>KYC server refused access</title>
</head>
<body>
The KYC backend refused the authorization code used by the exchange operator. Please inform the exchange operator about this failure.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

13
contrib/persona-exchange-unpaid.en.must
View File

@ -1,13 +0,0 @@
<html>
<head>
<title>KYC credit exhausted</title>
</head>
<body>
The KYC backend refused the process as the exchange operator's credit balance at the KYC provider is insufficient. Please inform the exchange operator about this failure.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

13
contrib/persona-invalid-response.en.must
View File

@ -1,13 +0,0 @@
<html>
<head>
<title>KYC provider returned unexpected response</title>
</head>
<body>
The KYC backend returned an unexpected response.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

20
contrib/persona-kyc-failed.en.must
View File

@ -1,20 +0,0 @@
<html>
<head>
<title>KYC authentication failed</title>
</head>
<body>
You failed the KYC check. See below for details.
<!-- {{kyc_logic}} indicates the type of KYC provider
which generated the reply; for now, only
"kycaid" is possible. Switch on the
{{kyc_logic}} to render results in a provider-specific
way. (or introduce new templates per provider?) -->
<!-- TODO: figure out exactly what the
format of 'verifications' is here
based on KYCAID documentation and parse
that here. -->
<pre>
{{ verifications }}
</pre>
</body>
</html>

13
contrib/persona-load-failure.en.must
View File

@ -1,13 +0,0 @@
<html>
<head>
<title>KYC provider rate limit reached</title>
</head>
<body>
The KYC backend interaction ran into a rate limit.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

13
contrib/persona-logic-failure.en.must
View File

@ -1,13 +0,0 @@
<html>
<head>
<title>KYC server interaction failed</title>
</head>
<body>
The KYC backend returned a response indicating a problem with the exchange logic. Please inform the exchange operator about this failure.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

13
contrib/persona-network-timeout.en.must
View File

@ -1,13 +0,0 @@
<html>
<head>
<title>KYC provider timeout</title>
</head>
<body>
The KYC backend interaction ran into a timeout.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

13
contrib/persona-provider-failure.en.must
View File

@ -1,13 +0,0 @@
<html>
<head>
<title>KYC provider had an internal error</title>
</head>
<body>
The KYC backend had an internal error.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

2
contrib/pp/README
View File

@ -9,7 +9,7 @@ Generating a new Privacy Policy requires Sphinx, LaTeX with babel
packages for all supported languages. On Debian, you should
at least install:
$ apt install python3-sphinx sphinx-intl texlive-lang-german texlive-lang-english latexmk texlive-latex-recommended texlive-latex-extra
$ apt install python3-sphinx sphinx-intl texlive-lang-german texlive-lang-english
(NOTE: List may be incomplete.)

18
contrib/pp/conf.py.in → contrib/pp/conf.py
View File

@ -1,6 +1,6 @@
"""
This file is part of GNU TALER.
Copyright (C) 2014-2022 Taler Systems SA
Copyright (C) 2014-2020 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU Lesser General Public License as published by the Free Software
@ -68,20 +68,20 @@ source_suffix = {
#source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = '%VERSION%'
master_doc = 'pp'
# General information about the project.
project = u'%VERSION%'
copyright = u'2014-2022 Taler Systems SA (GPLv3+ or GFDL 1.3+)'
project = u'pp'
copyright = u'2014-2020 Taler Systems SA (GPLv3+ or GFDL 1.3+)'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '%VERSION%'
version = '0'
# The full version, including alpha/beta/rc tags.
release = '%VERSION%'
release = '0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
@ -192,7 +192,7 @@ html_short_title = "Privacy Policy"
#html_domain_indices = True
# If false, no index is generated.
html_use_index = True
#html_use_index = True
# If true, the index is split into individual pages for each letter.
#html_split_index = False
@ -231,7 +231,7 @@ latex_elements = {
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
('%VERSION%', '%VERSION%.tex',
('pp', 'pp.tex',
'Privacy Policy', 'GNU Taler team', 'manual'),
]
@ -277,6 +277,6 @@ latex_documents = [
# -- Options for epub output ----------------------------
epub_basename = "%VERSION%"
epub_basename = "pp"
epub_title = "Privacy Policy"

BIN
contrib/pp/en/0.epub Normal file
View File

Binary file not shown.

211
contrib/pp/en/0.html Normal file
View File

@ -0,0 +1,211 @@
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Privacy Policy &#8212; Taler Privacy Policy</title>
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="_static/epub.css" type="text/css" />
<script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
<script src="_static/jquery.js"></script>
<script src="_static/underscore.js"></script>
<script src="_static/doctools.js"></script>
</head><body>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="privacy-policy">
<h1>Privacy Policy<a class="headerlink" href="#privacy-policy" title="Permalink to this headline"></a></h1>
<p>Last Updated: 11.12.2019</p>
<p>This Privacy Policy describes the policies and procedures of Taler Systems SA
(“we,” “our,” or “us”) pertaining to the collection, use, and disclosure of
your information on our sites and related mobile applications and products we
offer (the “Services” or “Taler Wallet”). This Privacy Statement applies to
your personal data when you use our Services, and does not apply to online
websites or services that we do not own or control.</p>
<div class="section" id="overview">
<h2>Overview<a class="headerlink" href="#overview" title="Permalink to this headline"></a></h2>
<p>Your privacy is important to us. We follow a few fundamental principles: We
dont ask you for personally identifiable information (defined below). That
being said, your contact information, such as your phone number, social media
handle, or email address (depending on how you contact us), may be collected
when you communicate with us, for example to report a bug or other error
related to the Taler Wallet. We dont share your information with third
parties except when strictly required to deliver you our Services and
products, or to comply with the law. If you have any questions or concerns
about this policy, please reach out to us at <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;net">privacy<span>&#64;</span>taler-systems<span>&#46;</span>net</a>.</p>
</div>
<div class="section" id="how-you-accept-this-policy">
<h2>How you accept this policy<a class="headerlink" href="#how-you-accept-this-policy" title="Permalink to this headline"></a></h2>
<p>By using our Services or visiting our sites, you agree to the use, disclosure,
and procedures outlined in this Privacy Policy.</p>
</div>
<div class="section" id="what-personal-information-do-we-collect-from-our-users">
<h2>What personal information do we collect from our users?<a class="headerlink" href="#what-personal-information-do-we-collect-from-our-users" title="Permalink to this headline"></a></h2>
<p>The information we collect from you falls into two categories: (i) personally
identifiable information (i.e., data that could potentially identify you as an
individual) (“Personal Information”), and (ii) non-personally identifiable
information (i.e., information that cannot be used to identify who you are)
(“Non-Personal Information”). This Privacy Policy covers both categories and
will tell you how we might collect and use each type.</p>
<p>We do our best to not collect any Personal Information from Taler Wallet
users. We believe that the Taler Wallet never transmits personal information
to our services without at least clear implied consent, and we only process
and retain information with a strict business need. That being said, when
using our Services, we inherently have to collect the following information:</p>
<blockquote>
<div><ul class="simple">
<li><p>Bank account details necessary when receiving funds from you to top-up your wallet or to transfer funds to you when you are being paid via Taler. At the current experimental stage, only the pseudonym and password you entered in the bank demonstrator is stored.</p></li>
<li><p>The amounts being withdrawn or deposited, with associated unique transaction identifiers and cryptographic signatures authorizing the transaction. Note that for purchases, we cannot identify the buyer from the collected data, so when you spend money, we only receive non-personal information.</p></li>
<li><p>When you contact us. We may collect certain information if you choose to contact us, for example to report a bug or other error with the Taler Wallet. This may include contact information such as your name, email address or phone number depending on the method you choose to contact us.</p></li>
</ul>
</div></blockquote>
</div>
<div class="section" id="how-we-collect-and-process-information">
<h2>How we collect and process information<a class="headerlink" href="#how-we-collect-and-process-information" title="Permalink to this headline"></a></h2>
<p>We may process your information for the following reasons:</p>
<blockquote>
<div><ul class="simple">
<li><p>to transfer money as specified by our users (Taler transactions);</p></li>
<li><p>to assist government entities in linking income to the underlying contract as required by law and local regulations</p></li>
<li><p>to support you using the Taler Wallet or to improve our Services</p></li>
</ul>
</div></blockquote>
</div>
<div class="section" id="how-we-share-and-use-the-information-we-gather">
<h2>How we share and use the information we gather<a class="headerlink" href="#how-we-share-and-use-the-information-we-gather" title="Permalink to this headline"></a></h2>
<p>We may share your Personal Data or other information about you only if you are
a merchant receiving income, with your bank, to the degree necessary to
execute the payment.</p>
<p>We retain Personal Data to transfer funds to the accounts designated by our
users. We may retain Personal Data only for as long as mandated by law and
required for the wire transfers.</p>
<p>We primarily use the limited information we receive directly from you to
enhance the Taler Wallet. Some ways we may use your Personal Information are
to: Contact you when necessary to respond to your comments, answer your
questions, or obtain additional information on issues related to bugs or
errors with the Taler Wallet that you reported.</p>
</div>
<div class="section" id="agents-or-third-party-partners">
<h2>Agents or third party partners<a class="headerlink" href="#agents-or-third-party-partners" title="Permalink to this headline"></a></h2>
<p>We may provide your Personal Information to our employees, contractors,
agents, service providers, and designees (“Agents”) to enable them to perform
certain services for us exclusively, including: improvement and maintenance of
our software and Services.</p>
</div>
<div class="section" id="protection-of-us-and-others">
<h2>Protection of us and others<a class="headerlink" href="#protection-of-us-and-others" title="Permalink to this headline"></a></h2>
<p>We reserve the right to access, read, preserve, and disclose any information
that we reasonably believe is necessary to comply with the law or a court
order.</p>
</div>
<div class="section" id="what-personal-information-can-i-access-or-change">
<h2>What personal information can I access or change?<a class="headerlink" href="#what-personal-information-can-i-access-or-change" title="Permalink to this headline"></a></h2>
<p>You can request access to the information we have collected from you. You can
do this by contacting us at <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;net">privacy<span>&#64;</span>taler-systems<span>&#46;</span>net</a>. We will make sure to
provide you with a copy of the data we process about you. To comply with your
request, we may ask you to verify your identity. We will fulfill your request
by sending your copy electronically. For any subsequent access request, we may
charge you with an administrative fee. If you believe that the information we
have collected is incorrect, you are welcome to contact us so we can update it
and keep your data accurate. Any data that is no longer needed for purposes
specified in the “How We Use the Information We Gather” section will be
deleted after ninety (90) days.</p>
</div>
<div class="section" id="what-are-your-data-protection-rights">
<h2>What are your data protection rights?<a class="headerlink" href="#what-are-your-data-protection-rights" title="Permalink to this headline"></a></h2>
<p>Anastasis would like to make sure you are fully aware of all of your
data protection rights. Every user is entitled to the following:</p>
<dl class="simple">
<dt><strong>The right to access</strong>: You have the right to request Anastasis for</dt><dd><p>copies of your personal data. We may charge you a small fee for this
service.</p>
</dd>
</dl>
<p><strong>The right to rectification</strong>: You have the right to request that
Anastasis correct any information you believe is inaccurate. You also
have the right to request Anastasis to complete information you
believe is incomplete. The right to erasure - You have the right to
request that Anastasis erase your personal data, under certain
conditions.</p>
<dl class="simple">
<dt><strong>The right to restrict processing</strong>: You have the right to request</dt><dd><p>that Anastasis restrict the processing of your personal data, under
certain conditions.</p>
</dd>
<dt><strong>The right to object to processing</strong>: You have the right to object to</dt><dd><p>Anastasiss processing of your personal data, under certain
conditions.</p>
</dd>
<dt><strong>The right to data portability</strong>: You have the right to request that</dt><dd><p>Anastasis transfer the data that we have collected to another
organization, or directly to you, under certain conditions.</p>
</dd>
</dl>
<p>If you make a request, we have one month to respond to you. If you
would like to exercise any of these rights, please contact us at our
email: <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;com">privacy<span>&#64;</span>taler-systems<span>&#46;</span>com</a></p>
<p>You can always contact your local data protection authority to enforce
your rights.</p>
</div>
<div class="section" id="data-retention">
<h2>Data retention<a class="headerlink" href="#data-retention" title="Permalink to this headline"></a></h2>
<p>If you uninstall the Taler Wallet mobile applications from your device, or
request that your information be deleted, we still may retain some information
that you have provided to us to maintain the Taler Wallet or to comply with
relevant laws.</p>
</div>
<div class="section" id="data-security">
<h2>Data security<a class="headerlink" href="#data-security" title="Permalink to this headline"></a></h2>
<p>We are committed to making sure your information is protected. We employ
several physical and electronic safeguards to keep your information safe,
including encrypted user passwords, two factor verification and authentication
on passwords where possible, and securing connections with industry standard
transport layer security. You are also welcome to contact us using GnuPG
encrypted e-mail. Even with all these precautions, we cannot fully guarantee
against the access, disclosure, alteration, or deletion of data through
events, including but not limited to hardware or software failure or
unauthorized use. Any information that you provide to us is done so entirely
at your own risk.</p>
</div>
<div class="section" id="changes-and-updates-to-privacy-policy">
<h2>Changes and updates to privacy policy<a class="headerlink" href="#changes-and-updates-to-privacy-policy" title="Permalink to this headline"></a></h2>
<p>We reserve the right to update and revise this privacy policy at any time. We
occasionally review this Privacy Policy to make sure it complies with
applicable laws and conforms to changes in our business. We may need to update
this Privacy Policy, and we reserve the right to do so at any time. If we do
revise this Privacy Policy, we will update the “Effective Date” at the bottom
of this page so that you can tell if it has changed since your last visit. As
we generally do not collect contact information and also do not track your
visits, we will not be able to notify you directly. However, the Taler Wallet
may inform you about a change in the privacy policy once it detects that the
policy has changed. Please review this Privacy Policy regularly to ensure that
you are aware of its terms. Any use of our Services after an amendment to our
Privacy Policy constitutes your acceptance to the revised or amended
agreement.</p>
</div>
<div class="section" id="international-users-and-visitors">
<h2>International users and visitors<a class="headerlink" href="#international-users-and-visitors" title="Permalink to this headline"></a></h2>
<p>Our Services are hosted in Switzerland. If you are a user accessing the
Services from the European Union, Asia, US, or any other region with laws or
regulations governing personal data collection, use, and disclosure that
differ from Swiss laws, please be advised that through your continued use of
the Services, which is governed by Swiss law, you are transferring your
Personal Information to Switzerland and you consent to that transfer.</p>
</div>
<div class="section" id="questions">
<h2>Questions<a class="headerlink" href="#questions" title="Permalink to this headline"></a></h2>
<p>Please contact us at <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;net">privacy<span>&#64;</span>taler-systems<span>&#46;</span>net</a> if you have questions about our
privacy practices that are not addressed in this Privacy Statement.</p>
</div>
</div>
<div class="clearer"></div>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
</body>
</html>

BIN
contrib/pp/en/pp-v0.pdf → contrib/pp/en/0.pdf
View File

Binary file not shown.

0
contrib/pp/en/pp-v0.md → contrib/pp/en/0.txt
View File

2
contrib/pp/en/pp-v0.xml → contrib/pp/en/0.xml
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
<!-- Generated by Docutils 0.16 -->
<document source="/research/taler/exchange/contrib/pp/pp-v0.rst">
<document source="/research/taler/exchange/contrib/pp/pp.rst">
<section ids="privacy-policy" names="privacy\ policy">
<title>Privacy Policy</title>
<paragraph>Last Updated: 11.12.2019</paragraph>

BIN
contrib/pp/en/pp-v0.epub
View File

Binary file not shown.

205
contrib/pp/en/pp-v0.html
View File

File diff suppressed because one or more lines are too long

237
contrib/pp/en/pp-v0.txt
View File

@ -1,237 +0,0 @@
Privacy Policy
**************
Last Updated: 11.12.2019
This Privacy Policy describes the policies and procedures of Taler
Systems SA (“we,” “our,” or “us”) pertaining to the collection, use,
and disclosure of your information on our sites and related mobile
applications and products we offer (the “Services” or “Taler Wallet”).
This Privacy Statement applies to your personal data when you use our
Services, and does not apply to online websites or services that we do
not own or control.
Overview
========
Your privacy is important to us. We follow a few fundamental
principles: We dont ask you for personally identifiable information
(defined below). That being said, your contact information, such as
your phone number, social media handle, or email address (depending on
how you contact us), may be collected when you communicate with us,
for example to report a bug or other error related to the Taler
Wallet. We dont share your information with third parties except when
strictly required to deliver you our Services and products, or to
comply with the law. If you have any questions or concerns about this
policy, please reach out to us at privacy@taler-systems.net.
How you accept this policy
==========================
By using our Services or visiting our sites, you agree to the use,
disclosure, and procedures outlined in this Privacy Policy.
What personal information do we collect from our users?
=======================================================
The information we collect from you falls into two categories: (i)
personally identifiable information (i.e., data that could potentially
identify you as an individual) (“Personal Information”), and (ii) non-
personally identifiable information (i.e., information that cannot be
used to identify who you are) (“Non-Personal Information”). This
Privacy Policy covers both categories and will tell you how we might
collect and use each type.
We do our best to not collect any Personal Information from Taler
Wallet users. We believe that the Taler Wallet never transmits
personal information to our services without at least clear implied
consent, and we only process and retain information with a strict
business need. That being said, when using our Services, we inherently
have to collect the following information:
* Bank account details necessary when receiving funds from you to
top-up your wallet or to transfer funds to you when you are being
paid via Taler. At the current experimental stage, only the
pseudonym and password you entered in the bank demonstrator is
stored.
* The amounts being withdrawn or deposited, with associated unique
transaction identifiers and cryptographic signatures authorizing
the transaction. Note that for purchases, we cannot identify the
buyer from the collected data, so when you spend money, we only
receive non-personal information.
* When you contact us. We may collect certain information if you
choose to contact us, for example to report a bug or other error
with the Taler Wallet. This may include contact information such
as your name, email address or phone number depending on the
method you choose to contact us.
How we collect and process information
======================================
We may process your information for the following reasons:
* to transfer money as specified by our users (Taler transactions);
* to assist government entities in linking income to the underlying
contract as required by law and local regulations
* to support you using the Taler Wallet or to improve our Services
How we share and use the information we gather
==============================================
We may share your Personal Data or other information about you only if
you are a merchant receiving income, with your bank, to the degree
necessary to execute the payment.
We retain Personal Data to transfer funds to the accounts designated
by our users. We may retain Personal Data only for as long as mandated
by law and required for the wire transfers.
We primarily use the limited information we receive directly from you
to enhance the Taler Wallet. Some ways we may use your Personal
Information are to: Contact you when necessary to respond to your
comments, answer your questions, or obtain additional information on
issues related to bugs or errors with the Taler Wallet that you
reported.
Agents or third party partners
==============================
We may provide your Personal Information to our employees,
contractors, agents, service providers, and designees (“Agents”) to
enable them to perform certain services for us exclusively, including:
improvement and maintenance of our software and Services.
Protection of us and others
===========================
We reserve the right to access, read, preserve, and disclose any
information that we reasonably believe is necessary to comply with the
law or a court order.
What personal information can I access or change?
=================================================
You can request access to the information we have collected from you.
You can do this by contacting us at privacy@taler-systems.net. We will
make sure to provide you with a copy of the data we process about you.
To comply with your request, we may ask you to verify your identity.
We will fulfill your request by sending your copy electronically. For
any subsequent access request, we may charge you with an
administrative fee. If you believe that the information we have
collected is incorrect, you are welcome to contact us so we can update
it and keep your data accurate. Any data that is no longer needed for
purposes specified in the “How We Use the Information We Gather”
section will be deleted after ninety (90) days.
What are your data protection rights?
=====================================
Anastasis would like to make sure you are fully aware of all of your
data protection rights. Every user is entitled to the following:
**The right to access**: You have the right to request Anastasis for
copies of your personal data. We may charge you a small fee for
this service.
**The right to rectification**: You have the right to request that
Anastasis correct any information you believe is inaccurate. You also
have the right to request Anastasis to complete information you
believe is incomplete. The right to erasure - You have the right to
request that Anastasis erase your personal data, under certain
conditions.
**The right to restrict processing**: You have the right to request
that Anastasis restrict the processing of your personal data, under
certain conditions.
**The right to object to processing**: You have the right to object to
Anastasis's processing of your personal data, under certain
conditions.
**The right to data portability**: You have the right to request that
Anastasis transfer the data that we have collected to another
organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you
would like to exercise any of these rights, please contact us at our
email: privacy@taler-systems.com
You can always contact your local data protection authority to enforce
your rights.
Data retention
==============
If you uninstall the Taler Wallet mobile applications from your
device, or request that your information be deleted, we still may
retain some information that you have provided to us to maintain the
Taler Wallet or to comply with relevant laws.
Data security
=============
We are committed to making sure your information is protected. We
employ several physical and electronic safeguards to keep your
information safe, including encrypted user passwords, two factor
verification and authentication on passwords where possible, and
securing connections with industry standard transport layer security.
You are also welcome to contact us using GnuPG encrypted e-mail. Even
with all these precautions, we cannot fully guarantee against the
access, disclosure, alteration, or deletion of data through events,
including but not limited to hardware or software failure or
unauthorized use. Any information that you provide to us is done so
entirely at your own risk.
Changes and updates to privacy policy
=====================================
We reserve the right to update and revise this privacy policy at any
time. We occasionally review this Privacy Policy to make sure it
complies with applicable laws and conforms to changes in our business.
We may need to update this Privacy Policy, and we reserve the right to
do so at any time. If we do revise this Privacy Policy, we will update
the “Effective Date” at the bottom of this page so that you can tell
if it has changed since your last visit. As we generally do not
collect contact information and also do not track your visits, we will
not be able to notify you directly. However, the Taler Wallet may
inform you about a change in the privacy policy once it detects that
the policy has changed. Please review this Privacy Policy regularly to
ensure that you are aware of its terms. Any use of our Services after
an amendment to our Privacy Policy constitutes your acceptance to the
revised or amended agreement.
International users and visitors
================================
Our Services are hosted in Switzerland. If you are a user accessing
the Services from the European Union, Asia, US, or any other region
with laws or regulations governing personal data collection, use, and
disclosure that differ from Swiss laws, please be advised that through
your continued use of the Services, which is governed by Swiss law,
you are transferring your Personal Information to Switzerland and you
consent to that transfer.
Questions
=========
Please contact us at privacy@taler-systems.net if you have questions
about our privacy practices that are not addressed in this Privacy
Statement.

0
contrib/pp/pp-v0.rst → contrib/pp/pp.rst
View File

6
contrib/samples/wire-auditor.json
View File

@ -38,8 +38,8 @@
"value": 5,
"fraction": 1000000
},
"misattribution_in_inconsistencies": [],
"total_misattribution_in": {
"missattribution_in_inconsistencies": [],
"total_missattribution_in": {
"currency": "KUDOS",
"value": 0,
"fraction": 0
@ -233,4 +233,4 @@
"fraction": 1000000
},
"lag_details": []
}
}

3
contrib/sigp/.gitignore vendored
View File

@ -1,3 +0,0 @@
/registry.rec
/taler_signatures.h
/taler_signatures.h.tmp

21
contrib/sigp/Makefile
View File

@ -1,21 +0,0 @@
FILES = taler_signatures.h
gana = ../gana
all: check $(FILES)
check: registry.rec
recfix --check registry.rec
registry.rec:
ln -s $(gana)/gnunet-signatures/registry.rec
distclean:
rm -f *.tmp
clean:
rm -f $(FILES) *.tmp registry.rec
taler_signatures.h.tmp: registry.rec h.template
$(gana)/format.sh h.template 'Package = "GNU Taler"' < registry.rec > $@
taler_signatures.h: h.header taler_signatures.h.tmp h.footer
cat h.header taler_signatures.h.tmp h.footer > $@
.PHONY: check clean distclean

10
contrib/sigp/README
View File

@ -1,10 +0,0 @@
This directory contains bootstrap code to extract info from the
Signature Purposes database (registry) and format it in various ways.
It is a peer of ${top_srcdir}/contrib/gana/ (q.v.).
NB: New database entries MUST have field "Package: GNU Taler" if
you want them to be visible to the Makefile in this directory.
Don't make changes to registry.rec here (it is a symlink, after all).
Instead, make them in ../gana/gnunet-signatures/ or from a separate
checkout of the GANA Git repo (commit from there, too).

3
contrib/sigp/h.footer
View File

@ -1,3 +0,0 @@
#endif

31
contrib/sigp/h.header
View File

@ -1,31 +0,0 @@
/*
This file is part of TALER
Copyright (C) 2014-2022 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file taler_signatures.h
* @brief message formats and signature constants used to define
* the binary formats of signatures in Taler
* @author Florian Dold
* @author Benedikt Mueller
*
* This file should define the constants and C structs that one needs
* to know to implement Taler clients (wallets or merchants or
* auditor) that need to produce or verify Taler signatures.
*/
#ifndef TALER_SIGNATURES_H
#define TALER_SIGNATURES_H

6
contrib/sigp/h.template
View File

@ -1,6 +0,0 @@
/**
* {{Comment}}
*/
#define TALER_SIGNATURE_{{Name}} {{Number}}

186
contrib/taler-bank-manage-testing
View File

@ -1,187 +1,27 @@
#!/bin/sh
# This file is in the public domain
# Wrapper around libeufin to first configure the required
# Wrapper around 'taler-bank-manage' to first configure the required
# testing accounts before launching the bank properly.
#
# Takes 4 arguments:
# $1: the Nexus port (Sandbox port prepends 1 to it)
# Takes 3 arguments:
# $1: the configuration file name
# $2: the database name
# $3: exchange base URL (used to specify the default exchange)
# $4: config file (needs patch to specify exchange's PAYTO_URI)
# $3: serve-http or serve-uwsgi
set -eu
if [ "$1" = "--help" ];
if [ "$#" -ne 3 ];
then
echo "This is a tool to launch a libeufin based bank for testing."
echo "Call using: Nexus port number, SQLite file path, exchange base URL, config file path."
exit 0
fi
if [ "$#" -ne 4 ];
then
echo "illegal number of parameters. \
Give: Nexus port number, SQLite file path, exchange base URL, config file path."
echo "illegal number of parameters"
exit 1
fi
# Must not terminate jobs here, as they are needed
# by the script _importing_ this one. Those script
# will then manage the termination.
# trap cleanup EXIT
# Ensure starting accounts exist
taler-bank-manage -c $1 --with-db $2 django provide_accounts
taler-bank-manage -c $1 --with-db $2 django add_bank_account 42
taler-bank-manage -c $1 --with-db $2 django add_bank_account 43
export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:$2"
# Create the default demobank.
libeufin-sandbox config --currency TESTKUDOS default
export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=secret
libeufin-sandbox serve --port "1$1" \
> libeufin-sandbox-stdout.log \
2> libeufin-sandbox-stderr.log &
echo $! > libeufin-sandbox.pid
export LIBEUFIN_SANDBOX_URL="http://localhost:1$1/"
set +e
echo -n "Waiting for Sandbox.."
for n in `seq 1 50`; do
echo -n "."
sleep 1
if wget --timeout=1 \
--tries=3 --waitretry=0 \
-o /dev/null -O /dev/null \
$LIBEUFIN_SANDBOX_URL; then
break
fi
done
echo OK
taler-bank-manage -c $1 --with-db $2 django changepassword_unsafe Exchange x
register_sandbox_account() {
export LIBEUFIN_SANDBOX_USERNAME=$1
export LIBEUFIN_SANDBOX_PASSWORD=$2
libeufin-cli sandbox \
demobank \
register --name "$3"
unset LIBEUFIN_SANDBOX_USERNAME
unset LIBEUFIN_SANDBOX_PASSWORD
}
set -e
echo -n "Register the 'fortytwo' Sandbox user.."
register_sandbox_account fortytwo x "Forty Two"
echo OK
echo -n "Register the 'fortythree' Sandbox user.."
register_sandbox_account fortythree x "Forty Three"
echo OK
echo -n "Register 'exchange' Sandbox user.."
register_sandbox_account exchange x "Exchange Company"
echo OK
echo -n "Register 'tor' Sandbox user.."
register_sandbox_account tor x "Tor Project"
echo OK
echo -n "Register 'gnunet' Sandbox user.."
register_sandbox_account gnunet x "GNUnet"
echo OK
echo -n "Register 'tutorial' Sandbox user.."
register_sandbox_account tutorial x "Tutorial"
echo OK
echo -n "Register 'survey' Sandbox user.."
register_sandbox_account survey x "Survey"
echo OK
echo -n "Specify exchange's PAYTO_URI in the config ..."
export LIBEUFIN_SANDBOX_USERNAME=exchange
export LIBEUFIN_SANDBOX_PASSWORD=x
PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
taler-config -c $4 -s exchange-account-1 -o PAYTO_URI -V $PAYTO
echo " OK"
echo -n "Setting this exchange as the bank's default ..."
EXCHANGE_PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
libeufin-sandbox default-exchange "$3" "$EXCHANGE_PAYTO"
echo " OK"
# Prepare EBICS: create Ebics host and Exchange subscriber.
# Shortly becoming admin to setup Ebics.
export LIBEUFIN_SANDBOX_USERNAME=admin
export LIBEUFIN_SANDBOX_PASSWORD=secret
echo -n "Create EBICS host at Sandbox.."
libeufin-cli sandbox \
--sandbox-url http://localhost:1$1 \
ebicshost create --host-id talerebics
echo OK
echo -n "Create exchange EBICS subscriber at Sandbox.."
libeufin-cli sandbox \
demobank new-ebicssubscriber --host-id talerebics \
--user-id exchangeebics --partner-id talerpartner \
--bank-account exchange # that's a username _and_ a bank account name
echo OK
unset LIBEUFIN_SANDBOX_USERNAME
unset LIBEUFIN_SANDBOX_PASSWORD
# Prepare Nexus, which is the side actually talking
# to the exchange.
export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:$2"
# For convenience, username and password are
# identical to those used at the Sandbox.
echo -n Create exchange Nexus user..
libeufin-nexus superuser exchange --password x
echo OK
libeufin-nexus serve --port $1 \
2> libeufin-nexus-stderr.log \
> libeufin-nexus-stdout.log &
echo $! > libeufin-nexus.pid
export LIBEUFIN_NEXUS_URL=http://localhost:$1
echo -n Waiting for Nexus..
set +e
for n in `seq 1 50`; do
echo -n "."
sleep 1
if wget --timeout=1 \
--tries=3 --waitretry=0 \
-o /dev/null -O /dev/null \
$LIBEUFIN_NEXUS_URL; then
break
fi
done
set -e
echo OK
export LIBEUFIN_NEXUS_USERNAME=exchange
export LIBEUFIN_NEXUS_PASSWORD=x
echo -n Creating a EBICS connection at Nexus..
libeufin-cli connections new-ebics-connection \
--ebics-url "http://localhost:1$1/ebicsweb" \
--host-id talerebics \
--partner-id talerpartner \
--ebics-user-id exchangeebics \
talerconn
echo OK
echo -n Setup EBICS keying..
libeufin-cli connections connect talerconn > /dev/null
echo OK
echo -n Download bank account name from Sandbox..
libeufin-cli connections download-bank-accounts talerconn
echo OK
echo -n Importing bank account info into Nexus..
libeufin-cli connections import-bank-account \
--offered-account-id exchange \
--nexus-bank-account-id exchange-nexus \
talerconn
echo OK
echo -n Setup payments submission task..
# Tries every second.
libeufin-cli accounts task-schedule \
--task-type submit \
--task-name exchange-payments \
--task-cronspec "* * *" \
exchange-nexus
echo OK
# Tries every second. Ask C52
echo -n Setup history fetch task..
libeufin-cli accounts task-schedule \
--task-type fetch \
--task-name exchange-history \
--task-cronspec "* * *" \
--task-param-level report \
--task-param-range-type latest \
exchange-nexus
echo OK
# TBD: create Taler facade.
echo -n Create the Taler facade at Nexus..
libeufin-cli facades \
new-taler-wire-gateway-facade \
--currency TESTKUDOS --facade-name test-facade \
talerconn exchange-nexus
echo OK
# Facade schema: http://localhost:$1/facades/test-facade/taler-wire-gateway/
# Now run Django for good
exec taler-bank-manage -c $1 --with-db $2 $3

213
contrib/taler-nexus-prepare
View File

@ -1,115 +1,128 @@
#!/bin/bash
#!/usr/bin/env python3
# This file is in the public domain.
set -eu
from requests import get, post
from subprocess import call
import base64
# EBICS details
EBICS_URL="http://localhost:5000/ebicsweb"
HOST_ID="HOST01"
PARTNER_ID="PARTNER1"
USER_ID="USER1"
EBICS_URL = "http://localhost:5000/ebicsweb"
HOST_ID = "HOST01"
PARTNER_ID = "PARTNER1"
USER_ID = "USER1"
EBICS_VERSION = "H004"
# This is used _both_ at Sandbox and at Nexus.
# Basically, Nexus imports the offered bank account
# using the same name used by the Sandbox.
BANK_ACCOUNT_LABEL="my-bank-account"
BANK_CONNECTION_LABEL="my-bank-connection"
SUBSCRIBER_IBAN = "ES9121000418450200051332"
SUBSCRIBER_BIC = "BIC"
SUBSCRIBER_NAME = "Exchange"
BANK_ACCOUNT_LABEL = "my-bank-account"
BANK_CONNECTION_LABEL = "my-bank-connection"
FACADE_LABEL="my-facade"
export LIBEUFIN_SANDBOX_USERNAME=exchange
export LIBEUFIN_SANDBOX_PASSWORD=x
export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
libeufin-cli sandbox demobank register --name "Exchange Company"
USERNAME="Exchange"
USER_AUTHORIZATION_HEADER = "basic {}".format(
base64.b64encode(b"Exchange:x").decode("utf-8")
)
export LIBEUFIN_SANDBOX_USERNAME=fortytwo
export LIBEUFIN_SANDBOX_PASSWORD=x
export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
libeufin-cli sandbox demobank register \
--name User42 --iban FR7630006000011234567890189
def assertResponse(response):
if response.status_code != 200:
print("Test failed on URL: {}".format(response.url))
# stdout/stderr from both services is A LOT of text.
# Confusing to dump all that to console.
print("Check nexus.log and sandbox.log, probably under /tmp")
exit(1)
# Allows for finer grained checks.
return response
export LIBEUFIN_SANDBOX_USERNAME=fortythree
export LIBEUFIN_SANDBOX_PASSWORD=x
export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
libeufin-cli sandbox demobank register \
--name User43 --iban GB33BUKB20201555555555
# Create a nexus (super-) user
check_call(["libeufin-nexus",
"superuser",
"--db-name", "/tmp/nexus-exchange-test.sqlite3",
"Exchange",
"--password", "x"]
)
export LIBEUFIN_SANDBOX_USERNAME=admin
export LIBEUFIN_SANDBOX_PASSWORD=secret
export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
echo -n "Create EBICS host at Sandbox..."
libeufin-cli sandbox \
--sandbox-url "http://localhost:5000" \
ebicshost create --host-id $HOST_ID
echo " OK"
# Create a EBICS bank connection.
assertResponse(
post(
"http://localhost:5001/bank-connections",
json=dict(
name=BANK_CONNECTION_LABEL,
source="new",
type="ebics",
data=dict(
ebicsURL=EBICS_URL, hostID=HOST_ID, partnerID=PARTNER_ID, userID=USER_ID
),
),
headers=dict(Authorization=USER_AUTHORIZATION_HEADER),
)
)
echo -n "Create exchange EBICS subscriber at Sandbox..."
libeufin-cli sandbox \
demobank new-ebicssubscriber --host-id $HOST_ID \
--user-id $USER_ID --partner-id $PARTNER_ID \
--bank-account exchange # that's a username _and_ a bank account name
echo " OK"
unset LIBEUFIN_SANDBOX_USERNAME
unset LIBEUFIN_SANDBOX_PASSWORD
unset LIBEUFIN_SANDBOX_URL
# Create a facade
assertResponse(
post(
"http://localhost:5001/facades",
json=dict(
name=FACADE_LABEL,
type="taler-wire-gateway",
creator=USERNAME,
config=dict(
bankAccount=BANK_ACCOUNT_LABEL,
bankConnection=BANK_CONNECTION_LABEL,
reserveTransferLevel="UNUSED",
intervalIncremental="UNUSED"
)
),
headers=dict(Authorization=USER_AUTHORIZATION_HEADER),
)
)
export LIBEUFIN_NEXUS_USERNAME=exchange
export LIBEUFIN_NEXUS_PASSWORD=x
export LIBEUFIN_NEXUS_URL=http://localhost:5001/
# Create the EBICS host at the Sandbox.
assertResponse(
post(
"http://localhost:5000/admin/ebics/host",
json=dict(hostID=HOST_ID, ebicsVersion=EBICS_VERSION),
)
)
echo -n "Create the exchange (super)user at Nexus..."
libeufin-nexus superuser exchange --password x
echo " DONE"
# Create Exchange EBICS subscriber at the Sandbox.
assertResponse(
post(
"http://localhost:5000/admin/ebics/subscribers",
json=dict(hostID=HOST_ID, partnerID=PARTNER_ID, userID=USER_ID),
)
)
echo -n "Creating a EBICS connection at Nexus..."
libeufin-cli connections new-ebics-connection \
--ebics-url $EBICS_URL \
--host-id $HOST_ID \
--partner-id $PARTNER_ID \
--ebics-user-id $USER_ID \
$BANK_CONNECTION_LABEL
echo " OK"
# Create a bank account associated to the Exchange's EBICS subscriber,
# again at the Sandbox.
assertResponse(
post(
"http://localhost:5000/admin/ebics/bank-accounts",
json=dict(
subscriber=dict(hostID=HOST_ID, partnerID=PARTNER_ID, userID=USER_ID),
iban=SUBSCRIBER_IBAN,
bic=SUBSCRIBER_BIC,
name=SUBSCRIBER_NAME,
label=BANK_ACCOUNT_LABEL,
),
)
)
echo -n "Setup EBICS keying..."
libeufin-cli connections connect $BANK_CONNECTION_LABEL > /dev/null
echo " OK"
# 'connect' to the bank: upload+download keys.
assertResponse(
post(
"http://localhost:5001/bank-connections/{}/connect".format(BANK_CONNECTION_LABEL),
json=dict(),
headers=dict(Authorization=USER_AUTHORIZATION_HEADER),
)
)
echo -n "Download bank account name from Sandbox..."
libeufin-cli connections download-bank-accounts $BANK_CONNECTION_LABEL
echo " OK"
echo -n "Importing bank account info into Nexus..."
libeufin-cli connections import-bank-account \
--offered-account-id exchange \
--nexus-bank-account-id $BANK_ACCOUNT_LABEL \
$BANK_CONNECTION_LABEL
echo " OK"
echo -n "Create the Taler facade at Nexus..."
libeufin-cli facades \
new-taler-wire-gateway-facade \
--currency KUDOS --facade-name $FACADE_LABEL \
$BANK_CONNECTION_LABEL $BANK_ACCOUNT_LABEL
echo " DONE"
echo -n Setup payments submission task..
# Tries every second.
libeufin-cli accounts task-schedule \
--task-type submit \
--task-name exchange-payments \
--task-cronspec "* * *" \
$BANK_ACCOUNT_LABEL
echo OK
# Tries every second. Ask C52
echo -n Setup history fetch task..
libeufin-cli accounts task-schedule \
--task-type fetch \
--task-name exchange-history \
--task-cronspec "* * *" \
--task-param-level report \
--task-param-range-type latest \
$BANK_ACCOUNT_LABEL
echo OK
# unset, in case the script gets 'source'd.
unset LIBEUFIN_NEXUS_USERNAME
unset LIBEUFIN_NEXUS_PASSWORD
unset LIBEUFIN_NEXUS_URL
# Download bank accounts.
assertResponse(
post(
"http://localhost:5001/bank-connections/{}/ebics/import-accounts".format(BANK_CONNECTION_LABEL),
json=dict(),
headers=dict(Authorization=USER_AUTHORIZATION_HEADER),
)
)

2
contrib/tos/README
View File

@ -9,7 +9,7 @@ Generating new Terms of Service requires Sphinx, LaTeX with babel
packages for all supported languages. On Debian, you should
at least install:
$ apt install python3-sphinx sphinx-intl texlive-lang-german texlive-lang-english latexmk texlive-latex-recommended texlive-latex-extra
$ apt install python3-sphinx sphinx-intl texlive-lang-german texlive-lang-english
(NOTE: List may be incomplete.)

310
contrib/tos/bfh-v0.rst
View File

@ -1,310 +0,0 @@
Terms Of Service
================
Last Updated: 09.06.2022
Welcome! The ICE research center of the Bern University of Applied Sciences
in Switzerland (“we,” “our,” or “us”) provides an experimental payment service
through our Internet presence (collectively the “Services”). Before using our
Services, please read the Terms of Service (the “Terms” or the “Agreement”)
carefully.
This is research
----------------
This is a research experiment. Any funds wired to our Bitcoin address are
considered a donation to our research group. We may use them to enable
payments following the GNU Taler protocol, or simply keep them at our
discretion. The service is experimental and may also be discontinued at
any time, in which case all remaining funds will definitively be kept by
the research group.
Overview
--------
This section provides a brief summary of the highlights of this
Agreement. Please note that when you accept this Agreement, you are accepting
all of the terms and conditions and not just this section. We and possibly
other third parties provide Internet services which interact with the Taler
Wallets self-hosted personal payment application. When using the Taler Wallet
to interact with our Services, you are agreeing to our Terms, so please read
carefully.
Highlights:
~~~~~~~~~~~
• You are responsible for keeping the data in your Taler Wallet at all times
under your control. Any losses arising from you not being in control of
your private information are your problem.
• We may transfer funds we receive from our users to any legal
recipient to the best of our ability within the limitations of the law and
our implementation. However, the Services offered today are highly
experimental and the set of recipients of funds is severely restricted.
Again, we stress this is a research experiment and technically all funds
held by the exchange are owned by the research group of the university.
• For our Services, we may charge transaction fees. The specific fee structure
is provided based on the Taler protocol and should be shown to you when you
withdraw electronic coins using a Taler Wallet. You agree and understand
that the Taler protocol allows for the fee structure to change.
• You agree to not intentionally overwhelm our systems with requests and
follow responsible disclosure if you find security issues in our services.
• We cannot be held accountable for our Services not being available due to
any circumstances. If we modify or terminate our services,
we may give you the opportunity to recover your funds. However,
given the experimental state of the Services today, this may not be
possible. You are strongly advised to limit your use of the Service
to small-scale experiments expecting total loss of all funds.
These terms outline approved uses of our Services. The Services and these
Terms are still at an experimental stage. If you have any questions or
comments related to this Agreement, please send us a message to
ice@bfh.ch. If you do not agree to this Agreement, you must not
use our Services.
How you accept this policy
--------------------------
By sending funds to us (to top-up your Taler Wallet), you acknowledge that you
have read, understood, and agreed to these Terms. We reserve the right to
change these Terms at any time. If you disagree with the change, we may in the
future offer you with an easy option to recover your unspent funds. However,
in the current experimental period you acknowledge that this feature is not
yet available, resulting in your funds being lost unless you accept the new
Terms. If you continue to use our Services other than to recover your unspent
funds, your continued use of our Services following any such change will
signify your acceptance to be bound by the then current Terms. Please check
the effective date above to determine if there have been any changes since you
have last reviewed these Terms.
Services
--------
We will try to transfer funds that we receive from users to any legal
recipient to the best of our ability and within the limitations of the
law. However, the Services offered today are highly experimental and the set
of recipients of funds is severely restricted. The Taler Wallet can be loaded
by exchanging fiat or cryptocurrencies against electronic coins. We are
providing this exchange service. Once your Taler Wallet is loaded with
electronic coins they can be spent for purchases if the seller is accepting
Taler as a means of payment. We are not guaranteeing that any seller is
accepting Taler at all or a particular seller. The seller or recipient of
deposits of electronic coins must specify the target account, as per the
design of the Taler protocol. They are responsible for following the protocol
and specifying the correct bank account, and are solely liable for any losses
that may arise from specifying the wrong account. We may allow the government
to link wire transfers to the underlying contract hash. It is the
responsibility of recipients to preserve the full contracts and to pay
whatever taxes and charges may be applicable. Technical issues may lead to
situations where we are unable to make transfers at all or lead to incorrect
transfers that cannot be reversed. We may refuse to execute transfers if the
transfers are prohibited by a competent legal authority and we are ordered to
do so.
When using our Services, you agree to not take any action that intentionally
imposes an unreasonable load on our infrastructure. If you find security
problems in our Services, you agree to first report them to
security@taler-systems.com and grant us the right to publish your report. We
warrant that we will ourselves publicly disclose any issues reported within 3
months, and that we will not prosecute anyone reporting security issues if
they did not exploit the issue beyond a proof-of-concept, and followed the
above responsible disclosure practice.
Fees
----
You agree to pay the fees for exchanges and withdrawals completed via the
Taler Wallet ("Fees") as defined by us, which we may change from time to
time. With the exception of wire transfer fees, Taler transaction fees are set
for any electronic coin at the time of withdrawal and fixed throughout the
validity period of the respective electronic coin. Your wallet should obtain
and display applicable fees when withdrawing funds. Fees for coins obtained as
change may differ from the fees applicable to the original coin. Wire transfer
fees that are independent from electronic coins may change annually. You
authorize us to charge or deduct applicable fees owed in connection with
deposits, exchanges and withdrawals following the rules of the Taler protocol.
We reserve the right to provide different types of rewards to users either in
the form of discount for our Services or in any other form at our discretion
and without prior notice to you.
Eligibility and Financial self-responsibility
---------------------------------------------
To be eligible to use our Services, you must be able to form legally binding
contracts or have the permission of your legal guardian. By using our
Services, you represent and warrant that you meet all eligibility requirements
that we outline in these Terms.
You will be responsible for maintaining the availability, integrity and
confidentiality of the data stored in your wallet. When you setup a Taler
Wallet, you are strongly advised to follow the precautionary measures offered
by the software to minimize the chances to losse access to or control over
your Wallet data. We will not be liable for any loss or damage arising from
your failure to comply with this paragraph.
Copyrights and trademarks
-------------------------
The Taler Wallet is released under the terms of the GNU General Public License
(GNU GPL). You have the right to access, use, and share the Taler Wallet, in
modified or unmodified form. However, the GPL is a strong copyleft license,
which means that any derivative works must be distributed under the same
license terms as the original software. If you have any questions, you should
review the GNU GPLs full terms and conditions at
https://www.gnu.org/licenses/gpl-3.0.en.html. “Taler” itself is a trademark
of Taler Systems SA. You are welcome to use the name in relation to processing
payments using the Taler protocol, assuming your use is compatible with an
official release from the GNU Project that is not older than two years.
Limitation of liability & disclaimer of warranties
--------------------------------------------------
You understand and agree that we have no control over, and no duty to take any
action regarding: Failures, disruptions, errors, or delays in processing that
you may experience while using our Services; The risk of failure of hardware,
software, and Internet connections; The risk of malicious software being
introduced or found in the software underlying the Taler Wallet; The risk that
third parties may obtain unauthorized access to information stored within your
Taler Wallet, including, but not limited to your Taler Wallet coins or backup
encryption keys. You release us from all liability related to any losses,
damages, or claims arising from:
(a) user error such as forgotten passwords, incorrectly constructed
transactions;
(b) server failure or data loss;
(c) unauthorized access to the Taler Wallet application;
(d) bugs or other errors in the Taler Wallet software; and
(e) any unauthorized third party activities, including, but not limited to,
the use of viruses, phishing, brute forcing, or other means of attack
against the Taler Wallet. We make no representations concerning any
Third Party Content contained in or accessed through our Services.
Any other terms, conditions, warranties, or representations associated with
such content, are solely between you and such organizations and/or
individuals.
To the fullest extent permitted by applicable law, in no event will we or any
of our officers, directors, representatives, agents, servants, counsel,
employees, consultants, lawyers, and other personnel authorized to act,
acting, or purporting to act on our behalf (collectively the “Taler Parties”)
be liable to you under contract, tort, strict liability, negligence, or any
other legal or equitable theory, for:
(a) any lost profits, data loss, cost of procurement of substitute goods or
services, or direct, indirect, incidental, special, punitive, compensatory,
or consequential damages of any kind whatsoever resulting from:
(i) your use of, or conduct in connection with, our services;
(ii) any unauthorized use of your wallet and/or private key due to your
failure to maintain the confidentiality of your wallet;
(iii) any interruption or cessation of transmission to or from the services; or
(iv) any bugs, viruses, trojan horses, or the like that are found in the Taler
Wallet software or that may be transmitted to or through our services by
any third party (regardless of the source of origination), or
(b) any direct damages.
These limitations apply regardless of legal theory, whether based on tort,
strict liability, breach of contract, breach of warranty, or any other legal
theory, and whether or not we were advised of the possibility of such
damages. Some jurisdictions do not allow the exclusion or limitation of
liability for consequential or incidental damages, so the above limitation may
not apply to you.
Our services are provided "as is" and without warranty of any kind. To the
maximum extent permitted by law, we disclaim all representations and
warranties, express or implied, relating to the services and underlying
software or any content on the services, whether provided or owned by us or by
any third party, including without limitation, warranties of merchantability,
fitness for a particular purpose, title, non-infringement, freedom from
computer virus, and any implied warranties arising from course of dealing,
course of performance, or usage in trade, all of which are expressly
disclaimed. In addition, we do not represent or warrant that the content
accessible via the services is accurate, complete, available, current, free of
viruses or other harmful components, or that the results of using the services
will meet your requirements. Some states do not allow the disclaimer of
implied warranties, so the foregoing disclaimers may not apply to you. This
paragraph gives you specific legal rights and you may also have other legal
rights that vary from state to state.
Indemnity and Time limitation on claims and Termination
-------------------------------------------------------
To the extent permitted by applicable law, you agree to defend, indemnify, and
hold harmless the Taler Parties from and against any and all claims, damages,
obligations, losses, liabilities, costs or debt, and expenses (including, but
not limited to, attorneys fees) arising from: (a) your use of and access to
the Services; (b) any feedback or submissions you provide to us concerning the
Taler Wallet; (c) your violation of any term of this Agreement; or (d) your
violation of any law, rule, or regulation, or the rights of any third party.
You agree that any claim you may have arising out of or related to your
relationship with us must be filed within one year after such claim arises,
otherwise, your claim in permanently barred.
In the event of termination concerning your use of our Services, your
obligations under this Agreement will still continue.
Discontinuance of services and Force majeure
--------------------------------------------
We may, in our sole discretion and without cost to you, with or without prior
notice, and at any time, modify or discontinue, temporarily or permanently,
any portion of our Services. We will use the Taler protocols provisions to
notify Wallets if our Services are to be discontinued. It is your
responsibility to ensure that the Taler Wallet is online at least once every
three months to observe these notifications. We shall not be held responsible
or liable for any loss of funds in the event that we discontinue or depreciate
the Services and your Taler Wallet fails to transfer out the coins within a
three months notification period.
We shall not be held liable for any delays, failure in performance, or
interruptions of service which result directly or indirectly from any cause or
condition beyond our reasonable control, including but not limited to: any
delay or failure due to any act of God, act of civil or military authorities,
act of terrorism, civil disturbance, war, strike or other labor dispute, fire,
interruption in telecommunications or Internet services or network provider
services, failure of equipment and/or software, other catastrophe, or any
other occurrence which is beyond our reasonable control and shall not affect
the validity and enforceability of any remaining provisions.
Governing law, Waivers, Severability and Assignment
---------------------------------------------------
No matter where youre located, the laws of Switzerland will govern these
Terms. If any provisions of these Terms are inconsistent with any applicable
law, those provisions will be superseded or modified only to the extent such
provisions are inconsistent. The parties agree to submit to the ordinary
courts in Bern, Switzerland for exclusive jurisdiction of any dispute
arising out of or related to your use of the Services or your breach of these
Terms.
Our failure to exercise or delay in exercising any right, power, or privilege
under this Agreement shall not operate as a waiver; nor shall any single or
partial exercise of any right, power, or privilege preclude any other or
further exercise thereof.
You agree that we may assign any of our rights and/or transfer, sub-contract,
or delegate any of our obligations under these Terms.
If it turns out that any part of this Agreement is invalid, void, or for any
reason unenforceable, that term will be deemed severable and limited or
eliminated to the minimum extent necessary.
This Agreement sets forth the entire understanding and agreement as to the
subject matter hereof and supersedes any and all prior discussions,
agreements, and understandings of any kind (including, without limitation, any
prior versions of this Agreement) and every nature between us. Except as
provided for above, any modification to this Agreement must be in writing and
must be signed by both parties.
Questions or comments
---------------------
We welcome comments, questions, concerns, or suggestions. Please send us a
message on our contact page at legal@taler-systems.com.

19
contrib/tos/conf.py.in → contrib/tos/conf.py
View File

@ -17,7 +17,6 @@
@author Benedikt Muller
@author Sree Harsha Totakura
@author Marcello Stanisci
@author Christian Grothoff
"""
# -*- coding: utf-8 -*-
#
@ -69,20 +68,20 @@ source_suffix = {
#source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = '%VERSION%'
master_doc = 'tos'
# General information about the project.
project = u'%VERSION%'
copyright = u'2014-2022 Taler Systems SA (GPLv3+ or GFDL 1.3+)'
project = u'tos'
copyright = u'2014-2020 Taler Systems SA (GPLv3+ or GFDL 1.3+)'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '%VERSION%'
version = '0'
# The full version, including alpha/beta/rc tags.
release = '%VERSION%'
release = '0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
@ -150,7 +149,7 @@ html_theme_options = {
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
html_title = "Taler Exchange Terms of Service"
html_title = "Taler Terms of Service"
# A shorter title for the navigation bar. Default is the same as html_title.
html_short_title = "Terms of Service"
@ -193,7 +192,7 @@ html_short_title = "Terms of Service"
#html_domain_indices = True
# If false, no index is generated.
html_use_index = True
#html_use_index = True
# If true, the index is split into individual pages for each letter.
#html_split_index = False
@ -232,7 +231,7 @@ latex_elements = {
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
('%VERSION%', '%VERSION%.tex',
('tos', 'tos.tex',
'Terms of Service', 'GNU Taler team', 'manual'),
]
@ -278,6 +277,6 @@ latex_documents = [
# -- Options for epub output ----------------------------
epub_basename = "%VERSION%"
epub_basename = "tos"
epub_title = "Terms of Service"

BIN
contrib/tos/en/0.epub Normal file
View File

Binary file not shown.

304
contrib/tos/en/0.html Normal file
View File

@ -0,0 +1,304 @@
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Terms Of Service &#8212; Taler Terms of Service</title>
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="_static/epub.css" type="text/css" />
<script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
<script src="_static/jquery.js"></script>
<script src="_static/underscore.js"></script>
<script src="_static/doctools.js"></script>
</head><body>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="terms-of-service">
<h1>Terms Of Service<a class="headerlink" href="#terms-of-service" title="Permalink to this headline"></a></h1>
<p>Last Updated: 12.4.2019</p>
<p>Welcome! Taler Systems SA (“we,” “our,” or “us”) provides a payment service
through our Internet presence (collectively the “Services”). Before using our
Services, please read the Terms of Service (the “Terms” or the “Agreement”)
carefully.</p>
<div class="section" id="overview">
<h2>Overview<a class="headerlink" href="#overview" title="Permalink to this headline"></a></h2>
<p>This section provides a brief summary of the highlights of this
Agreement. Please note that when you accept this Agreement, you are accepting
all of the terms and conditions and not just this section. We and possibly
other third parties provide Internet services which interact with the Taler
Wallets self-hosted personal payment application. When using the Taler Wallet
to interact with our Services, you are agreeing to our Terms, so please read
carefully.</p>
<div class="section" id="highlights">
<h3>Highlights:<a class="headerlink" href="#highlights" title="Permalink to this headline"></a></h3>
<blockquote>
<div><ul class="simple">
<li><p>You are responsible for keeping the data in your Taler Wallet at all times
under your control. Any losses arising from you not being in control of
your private information are your problem.</p></li>
<li><p>We will try to transfer funds we hold in escrow for our users to any legal
recipient to the best of our ability within the limitations of the law and
our implementation. However, the Services offered today are highly
experimental and the set of recipients of funds is severely restricted.</p></li>
<li><p>For our Services, we may charge transaction fees. The specific fee structure
is provided based on the Taler protocol and should be shown to you when you
withdraw electronic coins using a Taler Wallet. You agree and understand
that the Taler protocol allows for the fee structure to change.</p></li>
<li><p>You agree to not intentionally overwhelm our systems with requests and
follow responsible disclosure if you find security issues in our services.</p></li>
<li><p>We cannot be held accountable for our Services not being available due to
circumstances beyond our control. If we modify or terminate our services,
we will try to give you the opportunity to recover your funds. However,
given the experimental state of the Services today, this may not be
possible. You are strongly advised to limit your use of the Service
to small-scale experiments expecting total loss of all funds.</p></li>
</ul>
</div></blockquote>
<p>These terms outline approved uses of our Services. The Services and these
Terms are still at an experimental stage. If you have any questions or
comments related to this Agreement, please send us a message to
<a class="reference external" href="mailto:legal&#37;&#52;&#48;taler-systems&#46;com">legal<span>&#64;</span>taler-systems<span>&#46;</span>com</a>. If you do not agree to this Agreement, you must not
use our Services.</p>
</div>
</div>
<div class="section" id="how-you-accept-this-policy">
<h2>How you accept this policy<a class="headerlink" href="#how-you-accept-this-policy" title="Permalink to this headline"></a></h2>
<p>By sending funds to us (to top-up your Taler Wallet), you acknowledge that you
have read, understood, and agreed to these Terms. We reserve the right to
change these Terms at any time. If you disagree with the change, we may in the
future offer you with an easy option to recover your unspent funds. However,
in the current experimental period you acknowledge that this feature is not
yet available, resulting in your funds being lost unless you accept the new
Terms. If you continue to use our Services other than to recover your unspent
funds, your continued use of our Services following any such change will
signify your acceptance to be bound by the then current Terms. Please check
the effective date above to determine if there have been any changes since you
have last reviewed these Terms.</p>
</div>
<div class="section" id="services">
<h2>Services<a class="headerlink" href="#services" title="Permalink to this headline"></a></h2>
<p>We will try to transfer funds that we hold in escrow for our users to any
legal recipient to the best of our ability and within the limitations of the
law and our implementation. However, the Services offered today are highly
experimental and the set of recipients of funds is severely restricted. The
Taler Wallet can be loaded by exchanging fiat currencies against electronic
coins. We are providing this exchange service. Once your Taler Wallet is
loaded with electronic coins they can be spent for purchases if the seller is
accepting Taler as a means of payment. We are not guaranteeing that any seller
is accepting Taler at all or a particular seller. The seller or recipient of
deposits of electronic coins must specify the target account, as per the
design of the Taler protocol. They are responsible for following the protocol
and specifying the correct bank account, and are solely liable for any losses
that may arise from specifying the wrong account. We will allow the government
to link wire transfers to the underlying contract hash. It is the
responsibility of recipients to preserve the full contracts and to pay
whatever taxes and charges may be applicable. Technical issues may lead to
situations where we are unable to make transfers at all or lead to incorrect
transfers that cannot be reversed. We will only refuse to execute transfers if
the transfers are prohibited by a competent legal authority and we are ordered
to do so.</p>
<p>When using our Services, you agree to not take any action that intentionally
imposes an unreasonable load on our infrastructure. If you find security
problems in our Services, you agree to first report them to
<a class="reference external" href="mailto:security&#37;&#52;&#48;taler-systems&#46;com">security<span>&#64;</span>taler-systems<span>&#46;</span>com</a> and grant us the right to publish your report. We
warrant that we will ourselves publicly disclose any issues reported within 3
months, and that we will not prosecute anyone reporting security issues if
they did not exploit the issue beyond a proof-of-concept, and followed the
above responsible disclosure practice.</p>
</div>
<div class="section" id="fees">
<h2>Fees<a class="headerlink" href="#fees" title="Permalink to this headline"></a></h2>
<p>You agree to pay the fees for exchanges and withdrawals completed via the
Taler Wallet (“Fees”) as defined by us, which we may change from time to
time. With the exception of wire transfer fees, Taler transaction fees are set
for any electronic coin at the time of withdrawal and fixed throughout the
validity period of the respective electronic coin. Your wallet should obtain
and display applicable fees when withdrawing funds. Fees for coins obtained as
change may differ from the fees applicable to the original coin. Wire transfer
fees that are independent from electronic coins may change annually. You
authorize us to charge or deduct applicable fees owed in connection with
deposits, exchanges and withdrawals following the rules of the Taler protocol.
We reserve the right to provide different types of rewards to users either in
the form of discount for our Services or in any other form at our discretion
and without prior notice to you.</p>
</div>
<div class="section" id="eligibility-and-financial-self-responsibility">
<h2>Eligibility and Financial self-responsibility<a class="headerlink" href="#eligibility-and-financial-self-responsibility" title="Permalink to this headline"></a></h2>
<p>To be eligible to use our Services, you must be able to form legally binding
contracts or have the permission of your legal guardian. By using our
Services, you represent and warrant that you meet all eligibility requirements
that we outline in these Terms.</p>
<p>You will be responsible for maintaining the availability, integrity and
confidentiality of the data stored in your wallet. When you setup a Taler
Wallet, you are strongly advised to follow the precautionary measures offered
by the software to minimize the chances to losse access to or control over
your Wallet data. We will not be liable for any loss or damage arising from
your failure to comply with this paragraph.</p>
</div>
<div class="section" id="copyrights-and-trademarks">
<h2>Copyrights and trademarks<a class="headerlink" href="#copyrights-and-trademarks" title="Permalink to this headline"></a></h2>
<p>The Taler Wallet is released under the terms of the GNU General Public License
(GNU GPL). You have the right to access, use, and share the Taler Wallet, in
modified or unmodified form. However, the GPL is a strong copyleft license,
which means that any derivative works must be distributed under the same
license terms as the original software. If you have any questions, you should
review the GNU GPLs full terms and conditions at
<a class="reference external" href="https://www.gnu.org/licenses/gpl-3.0.en.html">https://www.gnu.org/licenses/gpl-3.0.en.html</a>. “Taler” itself is a trademark
of Taler Systems SA. You are welcome to use the name in relation to processing
payments using the Taler protocol, assuming your use is compatible with an
official release from the GNU Project that is not older than two years.</p>
</div>
<div class="section" id="limitation-of-liability-disclaimer-of-warranties">
<h2>Limitation of liability &amp; disclaimer of warranties<a class="headerlink" href="#limitation-of-liability-disclaimer-of-warranties" title="Permalink to this headline"></a></h2>
<p>You understand and agree that we have no control over, and no duty to take any
action regarding: Failures, disruptions, errors, or delays in processing that
you may experience while using our Services; The risk of failure of hardware,
software, and Internet connections; The risk of malicious software being
introduced or found in the software underlying the Taler Wallet; The risk that
third parties may obtain unauthorized access to information stored within your
Taler Wallet, including, but not limited to your Taler Wallet coins or backup
encryption keys. You release us from all liability related to any losses,
damages, or claims arising from:</p>
<ol class="loweralpha simple">
<li><p>user error such as forgotten passwords, incorrectly constructed
transactions;</p></li>
<li><p>server failure or data loss;</p></li>
<li><p>unauthorized access to the Taler Wallet application;</p></li>
<li><p>bugs or other errors in the Taler Wallet software; and</p></li>
<li><p>any unauthorized third party activities, including, but not limited to,
the use of viruses, phishing, brute forcing, or other means of attack
against the Taler Wallet. We make no representations concerning any
Third Party Content contained in or accessed through our Services.</p></li>
</ol>
<p>Any other terms, conditions, warranties, or representations associated with
such content, are solely between you and such organizations and/or
individuals.</p>
<p>To the fullest extent permitted by applicable law, in no event will we or any
of our officers, directors, representatives, agents, servants, counsel,
employees, consultants, lawyers, and other personnel authorized to act,
acting, or purporting to act on our behalf (collectively the “Taler Parties”)
be liable to you under contract, tort, strict liability, negligence, or any
other legal or equitable theory, for:</p>
<ol class="loweralpha simple">
<li><p>any lost profits, data loss, cost of procurement of substitute goods or
services, or direct, indirect, incidental, special, punitive, compensatory,
or consequential damages of any kind whatsoever resulting from:</p></li>
</ol>
<blockquote>
<div><ol class="lowerroman simple">
<li><p>your use of, or conduct in connection with, our services;</p></li>
<li><p>any unauthorized use of your wallet and/or private key due to your
failure to maintain the confidentiality of your wallet;</p></li>
<li><p>any interruption or cessation of transmission to or from the services; or</p></li>
<li><p>any bugs, viruses, trojan horses, or the like that are found in the Taler
Wallet software or that may be transmitted to or through our services by
any third party (regardless of the source of origination), or</p></li>
</ol>
</div></blockquote>
<ol class="loweralpha simple" start="2">
<li><p>any direct damages.</p></li>
</ol>
<p>These limitations apply regardless of legal theory, whether based on tort,
strict liability, breach of contract, breach of warranty, or any other legal
theory, and whether or not we were advised of the possibility of such
damages. Some jurisdictions do not allow the exclusion or limitation of
liability for consequential or incidental damages, so the above limitation may
not apply to you.</p>
<p>Our services are provided “as is” and without warranty of any kind. To the
maximum extent permitted by law, we disclaim all representations and
warranties, express or implied, relating to the services and underlying
software or any content on the services, whether provided or owned by us or by
any third party, including without limitation, warranties of merchantability,
fitness for a particular purpose, title, non-infringement, freedom from
computer virus, and any implied warranties arising from course of dealing,
course of performance, or usage in trade, all of which are expressly
disclaimed. In addition, we do not represent or warrant that the content
accessible via the services is accurate, complete, available, current, free of
viruses or other harmful components, or that the results of using the services
will meet your requirements. Some states do not allow the disclaimer of
implied warranties, so the foregoing disclaimers may not apply to you. This
paragraph gives you specific legal rights and you may also have other legal
rights that vary from state to state.</p>
</div>
<div class="section" id="indemnity-and-time-limitation-on-claims-and-termination">
<h2>Indemnity and Time limitation on claims and Termination<a class="headerlink" href="#indemnity-and-time-limitation-on-claims-and-termination" title="Permalink to this headline"></a></h2>
<p>To the extent permitted by applicable law, you agree to defend, indemnify, and
hold harmless the Taler Parties from and against any and all claims, damages,
obligations, losses, liabilities, costs or debt, and expenses (including, but
not limited to, attorneys fees) arising from: (a) your use of and access to
the Services; (b) any feedback or submissions you provide to us concerning the
Taler Wallet; (c) your violation of any term of this Agreement; or (d) your
violation of any law, rule, or regulation, or the rights of any third party.</p>
<p>You agree that any claim you may have arising out of or related to your
relationship with us must be filed within one year after such claim arises,
otherwise, your claim in permanently barred.</p>
<p>In the event of termination concerning your use of our Services, your
obligations under this Agreement will still continue.</p>
</div>
<div class="section" id="discontinuance-of-services-and-force-majeure">
<h2>Discontinuance of services and Force majeure<a class="headerlink" href="#discontinuance-of-services-and-force-majeure" title="Permalink to this headline"></a></h2>
<p>We may, in our sole discretion and without cost to you, with or without prior
notice, and at any time, modify or discontinue, temporarily or permanently,
any portion of our Services. We will use the Taler protocols provisions to
notify Wallets if our Services are to be discontinued. It is your
responsibility to ensure that the Taler Wallet is online at least once every
three months to observe these notifications. We shall not be held responsible
or liable for any loss of funds in the event that we discontinue or depreciate
the Services and your Taler Wallet fails to transfer out the coins within a
three months notification period.</p>
<p>We shall not be held liable for any delays, failure in performance, or
interruptions of service which result directly or indirectly from any cause or
condition beyond our reasonable control, including but not limited to: any
delay or failure due to any act of God, act of civil or military authorities,
act of terrorism, civil disturbance, war, strike or other labor dispute, fire,
interruption in telecommunications or Internet services or network provider
services, failure of equipment and/or software, other catastrophe, or any
other occurrence which is beyond our reasonable control and shall not affect
the validity and enforceability of any remaining provisions.</p>
</div>
<div class="section" id="governing-law-waivers-severability-and-assignment">
<h2>Governing law, Waivers, Severability and Assignment<a class="headerlink" href="#governing-law-waivers-severability-and-assignment" title="Permalink to this headline"></a></h2>
<p>No matter where youre located, the laws of Switzerland will govern these
Terms. If any provisions of these Terms are inconsistent with any applicable
law, those provisions will be superseded or modified only to the extent such
provisions are inconsistent. The parties agree to submit to the ordinary
courts in Zurich, Switzerland for exclusive jurisdiction of any dispute
arising out of or related to your use of the Services or your breach of these
Terms.</p>
<p>Our failure to exercise or delay in exercising any right, power, or privilege
under this Agreement shall not operate as a waiver; nor shall any single or
partial exercise of any right, power, or privilege preclude any other or
further exercise thereof.</p>
<p>You agree that we may assign any of our rights and/or transfer, sub-contract,
or delegate any of our obligations under these Terms.</p>
<p>If it turns out that any part of this Agreement is invalid, void, or for any
reason unenforceable, that term will be deemed severable and limited or
eliminated to the minimum extent necessary.</p>
<p>This Agreement sets forth the entire understanding and agreement as to the
subject matter hereof and supersedes any and all prior discussions,
agreements, and understandings of any kind (including, without limitation, any
prior versions of this Agreement) and every nature between us. Except as
provided for above, any modification to this Agreement must be in writing and
must be signed by both parties.</p>
</div>
<div class="section" id="questions-or-comments">
<h2>Questions or comments<a class="headerlink" href="#questions-or-comments" title="Permalink to this headline"></a></h2>
<p>We welcome comments, questions, concerns, or suggestions. Please send us a
message on our contact page at <a class="reference external" href="mailto:legal&#37;&#52;&#48;taler-systems&#46;com">legal<span>&#64;</span>taler-systems<span>&#46;</span>com</a>.</p>
</div>
</div>
<div class="clearer"></div>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
</body>
</html>

BIN
contrib/tos/en/tos-v0.pdf → contrib/tos/en/0.pdf
View File

Binary file not shown.

0
contrib/tos/en/tos-v0.md → contrib/tos/en/0.txt
View File

2
contrib/tos/en/tos-v0.xml → contrib/tos/en/0.xml
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
<!-- Generated by Docutils 0.16 -->
<document source="/research/taler/exchange/contrib/tos/tos-v0.rst">
<document source="/research/taler/exchange/contrib/tos/tos.rst">
<section ids="terms-of-service" names="terms\ of\ service">
<title>Terms Of Service</title>
<paragraph>Last Updated: 12.4.2019</paragraph>

BIN
contrib/tos/en/bfh-v0.epub
View File

Binary file not shown.

310
contrib/tos/en/bfh-v0.html
View File

File diff suppressed because one or more lines are too long

BIN
contrib/tos/en/bfh-v0.pdf
View File

Binary file not shown.

349
contrib/tos/en/bfh-v0.txt
View File

@ -1,349 +0,0 @@
Terms Of Service
****************
Last Updated: 09.06.2022
Welcome! The ICE research center of the Bern University of Applied
Sciences in Switzerland (“we,” “our,” or “us”) provides an
experimental payment service through our Internet presence
(collectively the “Services”). Before using our Services, please read
the Terms of Service (the “Terms” or the “Agreement”) carefully.
This is research
================
This is a research experiment. Any funds wired to our Bitcoin address
are considered a donation to our research group. We may use them to
enable payments following the GNU Taler protocol, or simply keep them
at our discretion. The service is experimental and may also be
discontinued at any time, in which case all remaining funds will
definitively be kept by the research group.
Overview
========
This section provides a brief summary of the highlights of this
Agreement. Please note that when you accept this Agreement, you are
accepting all of the terms and conditions and not just this section.
We and possibly other third parties provide Internet services which
interact with the Taler Wallets self-hosted personal payment
application. When using the Taler Wallet to interact with our
Services, you are agreeing to our Terms, so please read carefully.
Highlights:
-----------
* You are responsible for keeping the data in your Taler Wallet at
all times under your control. Any losses arising from you not
being in control of your private information are your problem.
* We may transfer funds we receive from our users to any legal
recipient to the best of our ability within the limitations of
the law and our implementation. However, the Services offered
today are highly experimental and the set of recipients of funds
is severely restricted. Again, we stress this is a research
experiment and technically all funds held by the exchange are
owned by the research group of the university.
* For our Services, we may charge transaction fees. The specific
fee structure is provided based on the Taler protocol and should
be shown to you when you withdraw electronic coins using a Taler
Wallet. You agree and understand that the Taler protocol allows
for the fee structure to change.
* You agree to not intentionally overwhelm our systems with
requests and follow responsible disclosure if you find security
issues in our services.
* We cannot be held accountable for our Services not being
available due to any circumstances. If we modify or terminate our
services, we may give you the opportunity to recover your funds.
However, given the experimental state of the Services today, this
may not be possible. You are strongly advised to limit your use
of the Service to small-scale experiments expecting total loss of
all funds.
These terms outline approved uses of our Services. The Services and
these Terms are still at an experimental stage. If you have any
questions or comments related to this Agreement, please send us a
message to ice@bfh.ch. If you do not agree to this Agreement, you must
not use our Services.
How you accept this policy
==========================
By sending funds to us (to top-up your Taler Wallet), you acknowledge
that you have read, understood, and agreed to these Terms. We reserve
the right to change these Terms at any time. If you disagree with the
change, we may in the future offer you with an easy option to recover
your unspent funds. However, in the current experimental period you
acknowledge that this feature is not yet available, resulting in your
funds being lost unless you accept the new Terms. If you continue to
use our Services other than to recover your unspent funds, your
continued use of our Services following any such change will signify
your acceptance to be bound by the then current Terms. Please check
the effective date above to determine if there have been any changes
since you have last reviewed these Terms.
Services
========
We will try to transfer funds that we receive from users to any legal
recipient to the best of our ability and within the limitations of the
law. However, the Services offered today are highly experimental and
the set of recipients of funds is severely restricted. The Taler
Wallet can be loaded by exchanging fiat or cryptocurrencies against
electronic coins. We are providing this exchange service. Once your
Taler Wallet is loaded with electronic coins they can be spent for
purchases if the seller is accepting Taler as a means of payment. We
are not guaranteeing that any seller is accepting Taler at all or a
particular seller. The seller or recipient of deposits of electronic
coins must specify the target account, as per the design of the Taler
protocol. They are responsible for following the protocol and
specifying the correct bank account, and are solely liable for any
losses that may arise from specifying the wrong account. We may allow
the government to link wire transfers to the underlying contract hash.
It is the responsibility of recipients to preserve the full contracts
and to pay whatever taxes and charges may be applicable. Technical
issues may lead to situations where we are unable to make transfers at
all or lead to incorrect transfers that cannot be reversed. We may
refuse to execute transfers if the transfers are prohibited by a
competent legal authority and we are ordered to do so.
When using our Services, you agree to not take any action that
intentionally imposes an unreasonable load on our infrastructure. If
you find security problems in our Services, you agree to first report
them to security@taler-systems.com and grant us the right to publish
your report. We warrant that we will ourselves publicly disclose any
issues reported within 3 months, and that we will not prosecute anyone
reporting security issues if they did not exploit the issue beyond a
proof-of-concept, and followed the above responsible disclosure
practice.
Fees
====
You agree to pay the fees for exchanges and withdrawals completed via
the Taler Wallet ("Fees") as defined by us, which we may change from
time to time. With the exception of wire transfer fees, Taler
transaction fees are set for any electronic coin at the time of
withdrawal and fixed throughout the validity period of the respective
electronic coin. Your wallet should obtain and display applicable fees
when withdrawing funds. Fees for coins obtained as change may differ
from the fees applicable to the original coin. Wire transfer fees that
are independent from electronic coins may change annually. You
authorize us to charge or deduct applicable fees owed in connection
with deposits, exchanges and withdrawals following the rules of the
Taler protocol. We reserve the right to provide different types of
rewards to users either in the form of discount for our Services or in
any other form at our discretion and without prior notice to you.
Eligibility and Financial self-responsibility
=============================================
To be eligible to use our Services, you must be able to form legally
binding contracts or have the permission of your legal guardian. By
using our Services, you represent and warrant that you meet all
eligibility requirements that we outline in these Terms.
You will be responsible for maintaining the availability, integrity
and confidentiality of the data stored in your wallet. When you setup
a Taler Wallet, you are strongly advised to follow the precautionary
measures offered by the software to minimize the chances to losse
access to or control over your Wallet data. We will not be liable for
any loss or damage arising from your failure to comply with this
paragraph.
Copyrights and trademarks
=========================
The Taler Wallet is released under the terms of the GNU General Public
License (GNU GPL). You have the right to access, use, and share the
Taler Wallet, in modified or unmodified form. However, the GPL is a
strong copyleft license, which means that any derivative works must be
distributed under the same license terms as the original software. If
you have any questions, you should review the GNU GPLs full terms and
conditions at https://www.gnu.org/licenses/gpl-3.0.en.html. “Taler”
itself is a trademark of Taler Systems SA. You are welcome to use the
name in relation to processing payments using the Taler protocol,
assuming your use is compatible with an official release from the GNU
Project that is not older than two years.
Limitation of liability & disclaimer of warranties
==================================================
You understand and agree that we have no control over, and no duty to
take any action regarding: Failures, disruptions, errors, or delays in
processing that you may experience while using our Services; The risk
of failure of hardware, software, and Internet connections; The risk
of malicious software being introduced or found in the software
underlying the Taler Wallet; The risk that third parties may obtain
unauthorized access to information stored within your Taler Wallet,
including, but not limited to your Taler Wallet coins or backup
encryption keys. You release us from all liability related to any
losses, damages, or claims arising from:
1. user error such as forgotten passwords, incorrectly constructed
transactions;
2. server failure or data loss;
3. unauthorized access to the Taler Wallet application;
4. bugs or other errors in the Taler Wallet software; and
5. any unauthorized third party activities, including, but not limited
to, the use of viruses, phishing, brute forcing, or other means of
attack against the Taler Wallet. We make no representations
concerning any Third Party Content contained in or accessed through
our Services.
Any other terms, conditions, warranties, or representations associated
with such content, are solely between you and such organizations
and/or individuals.
To the fullest extent permitted by applicable law, in no event will we
or any of our officers, directors, representatives, agents, servants,
counsel, employees, consultants, lawyers, and other personnel
authorized to act, acting, or purporting to act on our behalf
(collectively the “Taler Parties”) be liable to you under contract,
tort, strict liability, negligence, or any other legal or equitable
theory, for:
1. any lost profits, data loss, cost of procurement of substitute
goods or services, or direct, indirect, incidental, special,
punitive, compensatory, or consequential damages of any kind
whatsoever resulting from:
1. your use of, or conduct in connection with, our services;
2. any unauthorized use of your wallet and/or private key due to
your failure to maintain the confidentiality of your wallet;
3. any interruption or cessation of transmission to or from the
services; or
4. any bugs, viruses, trojan horses, or the like that are found in
the Taler Wallet software or that may be transmitted to or
through our services by any third party (regardless of the
source of origination), or
2. any direct damages.
These limitations apply regardless of legal theory, whether based on
tort, strict liability, breach of contract, breach of warranty, or any
other legal theory, and whether or not we were advised of the
possibility of such damages. Some jurisdictions do not allow the
exclusion or limitation of liability for consequential or incidental
damages, so the above limitation may not apply to you.
Our services are provided "as is" and without warranty of any kind. To
the maximum extent permitted by law, we disclaim all representations
and warranties, express or implied, relating to the services and
underlying software or any content on the services, whether provided
or owned by us or by any third party, including without limitation,
warranties of merchantability, fitness for a particular purpose,
title, non-infringement, freedom from computer virus, and any implied
warranties arising from course of dealing, course of performance, or
usage in trade, all of which are expressly disclaimed. In addition, we
do not represent or warrant that the content accessible via the
services is accurate, complete, available, current, free of viruses or
other harmful components, or that the results of using the services
will meet your requirements. Some states do not allow the disclaimer
of implied warranties, so the foregoing disclaimers may not apply to
you. This paragraph gives you specific legal rights and you may also
have other legal rights that vary from state to state.
Indemnity and Time limitation on claims and Termination
=======================================================
To the extent permitted by applicable law, you agree to defend,
indemnify, and hold harmless the Taler Parties from and against any
and all claims, damages, obligations, losses, liabilities, costs or
debt, and expenses (including, but not limited to, attorneys fees)
arising from: (a) your use of and access to the Services; (b) any
feedback or submissions you provide to us concerning the Taler Wallet;
(c) your violation of any term of this Agreement; or (d) your
violation of any law, rule, or regulation, or the rights of any third
party.
You agree that any claim you may have arising out of or related to
your relationship with us must be filed within one year after such
claim arises, otherwise, your claim in permanently barred.
In the event of termination concerning your use of our Services, your
obligations under this Agreement will still continue.
Discontinuance of services and Force majeure
============================================
We may, in our sole discretion and without cost to you, with or
without prior notice, and at any time, modify or discontinue,
temporarily or permanently, any portion of our Services. We will use
the Taler protocols provisions to notify Wallets if our Services are
to be discontinued. It is your responsibility to ensure that the Taler
Wallet is online at least once every three months to observe these
notifications. We shall not be held responsible or liable for any loss
of funds in the event that we discontinue or depreciate the Services
and your Taler Wallet fails to transfer out the coins within a three
months notification period.
We shall not be held liable for any delays, failure in performance, or
interruptions of service which result directly or indirectly from any
cause or condition beyond our reasonable control, including but not
limited to: any delay or failure due to any act of God, act of civil
or military authorities, act of terrorism, civil disturbance, war,
strike or other labor dispute, fire, interruption in
telecommunications or Internet services or network provider services,
failure of equipment and/or software, other catastrophe, or any other
occurrence which is beyond our reasonable control and shall not affect
the validity and enforceability of any remaining provisions.
Governing law, Waivers, Severability and Assignment
===================================================
No matter where youre located, the laws of Switzerland will govern
these Terms. If any provisions of these Terms are inconsistent with
any applicable law, those provisions will be superseded or modified
only to the extent such provisions are inconsistent. The parties agree
to submit to the ordinary courts in Bern, Switzerland for exclusive
jurisdiction of any dispute arising out of or related to your use of
the Services or your breach of these Terms.
Our failure to exercise or delay in exercising any right, power, or
privilege under this Agreement shall not operate as a waiver; nor
shall any single or partial exercise of any right, power, or privilege
preclude any other or further exercise thereof.
You agree that we may assign any of our rights and/or transfer, sub-
contract, or delegate any of our obligations under these Terms.
If it turns out that any part of this Agreement is invalid, void, or
for any reason unenforceable, that term will be deemed severable and
limited or eliminated to the minimum extent necessary.
This Agreement sets forth the entire understanding and agreement as to
the subject matter hereof and supersedes any and all prior
discussions, agreements, and understandings of any kind (including,
without limitation, any prior versions of this Agreement) and every
nature between us. Except as provided for above, any modification to
this Agreement must be in writing and must be signed by both parties.
Questions or comments
=====================
We welcome comments, questions, concerns, or suggestions. Please send
us a message on our contact page at legal@taler-systems.com.

323
contrib/tos/en/bfh-v0.xml
View File

@ -1,323 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
<!-- Generated by Docutils 0.16 -->
<document source="/research/taler/exchange/contrib/tos/bfh-v0.rst">
<section ids="terms-of-service" names="terms\ of\ service">
<title>Terms Of Service</title>
<paragraph>Last Updated: 09.06.2022</paragraph>
<paragraph>Welcome! The ICE research center of the Bern University of Applied Sciences
in Switzerland (“we,” “our,” or “us”) provides an experimental payment service
through our Internet presence (collectively the “Services”). Before using our
Services, please read the Terms of Service (the “Terms” or the “Agreement”)
carefully.</paragraph>
<section ids="this-is-research" names="this\ is\ research">
<title>This is research</title>
<paragraph>This is a research experiment. Any funds wired to our Bitcoin address are
considered a donation to our research group. We may use them to enable
payments following the GNU Taler protocol, or simply keep them at our
discretion. The service is experimental and may also be discontinued at
any time, in which case all remaining funds will definitively be kept by
the research group.</paragraph>
</section>
<section ids="overview" names="overview">
<title>Overview</title>
<paragraph>This section provides a brief summary of the highlights of this
Agreement. Please note that when you accept this Agreement, you are accepting
all of the terms and conditions and not just this section. We and possibly
other third parties provide Internet services which interact with the Taler
Wallets self-hosted personal payment application. When using the Taler Wallet
to interact with our Services, you are agreeing to our Terms, so please read
carefully.</paragraph>
<section ids="highlights" names="highlights:">
<title>Highlights:</title>
<block_quote>
<bullet_list bullet="•">
<list_item>
<paragraph>You are responsible for keeping the data in your Taler Wallet at all times
under your control. Any losses arising from you not being in control of
your private information are your problem.</paragraph>
</list_item>
<list_item>
<paragraph>We may transfer funds we receive from our users to any legal
recipient to the best of our ability within the limitations of the law and
our implementation. However, the Services offered today are highly
experimental and the set of recipients of funds is severely restricted.
Again, we stress this is a research experiment and technically all funds
held by the exchange are owned by the research group of the university.</paragraph>
</list_item>
<list_item>
<paragraph>For our Services, we may charge transaction fees. The specific fee structure
is provided based on the Taler protocol and should be shown to you when you
withdraw electronic coins using a Taler Wallet. You agree and understand
that the Taler protocol allows for the fee structure to change.</paragraph>
</list_item>
<list_item>
<paragraph>You agree to not intentionally overwhelm our systems with requests and
follow responsible disclosure if you find security issues in our services.</paragraph>
</list_item>
<list_item>
<paragraph>We cannot be held accountable for our Services not being available due to
any circumstances. If we modify or terminate our services,
we may give you the opportunity to recover your funds. However,
given the experimental state of the Services today, this may not be
possible. You are strongly advised to limit your use of the Service
to small-scale experiments expecting total loss of all funds.</paragraph>
</list_item>
</bullet_list>
</block_quote>
<paragraph>These terms outline approved uses of our Services. The Services and these
Terms are still at an experimental stage. If you have any questions or
comments related to this Agreement, please send us a message to
<reference refuri="mailto:ice@bfh.ch">ice@bfh.ch</reference>. If you do not agree to this Agreement, you must not
use our Services.</paragraph>
</section>
</section>
<section ids="how-you-accept-this-policy" names="how\ you\ accept\ this\ policy">
<title>How you accept this policy</title>
<paragraph>By sending funds to us (to top-up your Taler Wallet), you acknowledge that you
have read, understood, and agreed to these Terms. We reserve the right to
change these Terms at any time. If you disagree with the change, we may in the
future offer you with an easy option to recover your unspent funds. However,
in the current experimental period you acknowledge that this feature is not
yet available, resulting in your funds being lost unless you accept the new
Terms. If you continue to use our Services other than to recover your unspent
funds, your continued use of our Services following any such change will
signify your acceptance to be bound by the then current Terms. Please check
the effective date above to determine if there have been any changes since you
have last reviewed these Terms.</paragraph>
</section>
<section ids="services" names="services">
<title>Services</title>
<paragraph>We will try to transfer funds that we receive from users to any legal
recipient to the best of our ability and within the limitations of the
law. However, the Services offered today are highly experimental and the set
of recipients of funds is severely restricted. The Taler Wallet can be loaded
by exchanging fiat or cryptocurrencies against electronic coins. We are
providing this exchange service. Once your Taler Wallet is loaded with
electronic coins they can be spent for purchases if the seller is accepting
Taler as a means of payment. We are not guaranteeing that any seller is
accepting Taler at all or a particular seller. The seller or recipient of
deposits of electronic coins must specify the target account, as per the
design of the Taler protocol. They are responsible for following the protocol
and specifying the correct bank account, and are solely liable for any losses
that may arise from specifying the wrong account. We may allow the government
to link wire transfers to the underlying contract hash. It is the
responsibility of recipients to preserve the full contracts and to pay
whatever taxes and charges may be applicable. Technical issues may lead to
situations where we are unable to make transfers at all or lead to incorrect
transfers that cannot be reversed. We may refuse to execute transfers if the
transfers are prohibited by a competent legal authority and we are ordered to
do so.</paragraph>
<paragraph>When using our Services, you agree to not take any action that intentionally
imposes an unreasonable load on our infrastructure. If you find security
problems in our Services, you agree to first report them to
<reference refuri="mailto:security@taler-systems.com">security@taler-systems.com</reference> and grant us the right to publish your report. We
warrant that we will ourselves publicly disclose any issues reported within 3
months, and that we will not prosecute anyone reporting security issues if
they did not exploit the issue beyond a proof-of-concept, and followed the
above responsible disclosure practice.</paragraph>
</section>
<section ids="fees" names="fees">
<title>Fees</title>
<paragraph>You agree to pay the fees for exchanges and withdrawals completed via the
Taler Wallet (“Fees”) as defined by us, which we may change from time to
time. With the exception of wire transfer fees, Taler transaction fees are set
for any electronic coin at the time of withdrawal and fixed throughout the
validity period of the respective electronic coin. Your wallet should obtain
and display applicable fees when withdrawing funds. Fees for coins obtained as
change may differ from the fees applicable to the original coin. Wire transfer
fees that are independent from electronic coins may change annually. You
authorize us to charge or deduct applicable fees owed in connection with
deposits, exchanges and withdrawals following the rules of the Taler protocol.
We reserve the right to provide different types of rewards to users either in
the form of discount for our Services or in any other form at our discretion
and without prior notice to you.</paragraph>
</section>
<section ids="eligibility-and-financial-self-responsibility" names="eligibility\ and\ financial\ self-responsibility">
<title>Eligibility and Financial self-responsibility</title>
<paragraph>To be eligible to use our Services, you must be able to form legally binding
contracts or have the permission of your legal guardian. By using our
Services, you represent and warrant that you meet all eligibility requirements
that we outline in these Terms.</paragraph>
<paragraph>You will be responsible for maintaining the availability, integrity and
confidentiality of the data stored in your wallet. When you setup a Taler
Wallet, you are strongly advised to follow the precautionary measures offered
by the software to minimize the chances to losse access to or control over
your Wallet data. We will not be liable for any loss or damage arising from
your failure to comply with this paragraph.</paragraph>
</section>
<section ids="copyrights-and-trademarks" names="copyrights\ and\ trademarks">
<title>Copyrights and trademarks</title>
<paragraph>The Taler Wallet is released under the terms of the GNU General Public License
(GNU GPL). You have the right to access, use, and share the Taler Wallet, in
modified or unmodified form. However, the GPL is a strong copyleft license,
which means that any derivative works must be distributed under the same
license terms as the original software. If you have any questions, you should
review the GNU GPLs full terms and conditions at
<reference refuri="https://www.gnu.org/licenses/gpl-3.0.en.html">https://www.gnu.org/licenses/gpl-3.0.en.html</reference>. “Taler” itself is a trademark
of Taler Systems SA. You are welcome to use the name in relation to processing
payments using the Taler protocol, assuming your use is compatible with an
official release from the GNU Project that is not older than two years.</paragraph>
</section>
<section ids="limitation-of-liability-disclaimer-of-warranties" names="limitation\ of\ liability\ &amp;\ disclaimer\ of\ warranties">
<title>Limitation of liability &amp; disclaimer of warranties</title>
<paragraph>You understand and agree that we have no control over, and no duty to take any
action regarding: Failures, disruptions, errors, or delays in processing that
you may experience while using our Services; The risk of failure of hardware,
software, and Internet connections; The risk of malicious software being
introduced or found in the software underlying the Taler Wallet; The risk that
third parties may obtain unauthorized access to information stored within your
Taler Wallet, including, but not limited to your Taler Wallet coins or backup
encryption keys. You release us from all liability related to any losses,
damages, or claims arising from:</paragraph>
<enumerated_list enumtype="loweralpha" prefix="(" suffix=")">
<list_item>
<paragraph>user error such as forgotten passwords, incorrectly constructed
transactions;</paragraph>
</list_item>
<list_item>
<paragraph>server failure or data loss;</paragraph>
</list_item>
<list_item>
<paragraph>unauthorized access to the Taler Wallet application;</paragraph>
</list_item>
<list_item>
<paragraph>bugs or other errors in the Taler Wallet software; and</paragraph>
</list_item>
<list_item>
<paragraph>any unauthorized third party activities, including, but not limited to,
the use of viruses, phishing, brute forcing, or other means of attack
against the Taler Wallet. We make no representations concerning any
Third Party Content contained in or accessed through our Services.</paragraph>
</list_item>
</enumerated_list>
<paragraph>Any other terms, conditions, warranties, or representations associated with
such content, are solely between you and such organizations and/or
individuals.</paragraph>
<paragraph>To the fullest extent permitted by applicable law, in no event will we or any
of our officers, directors, representatives, agents, servants, counsel,
employees, consultants, lawyers, and other personnel authorized to act,
acting, or purporting to act on our behalf (collectively the “Taler Parties”)
be liable to you under contract, tort, strict liability, negligence, or any
other legal or equitable theory, for:</paragraph>
<enumerated_list enumtype="loweralpha" prefix="(" suffix=")">
<list_item>
<paragraph>any lost profits, data loss, cost of procurement of substitute goods or
services, or direct, indirect, incidental, special, punitive, compensatory,
or consequential damages of any kind whatsoever resulting from:</paragraph>
</list_item>
</enumerated_list>
<block_quote>
<enumerated_list enumtype="lowerroman" prefix="(" suffix=")">
<list_item>
<paragraph>your use of, or conduct in connection with, our services;</paragraph>
</list_item>
<list_item>
<paragraph>any unauthorized use of your wallet and/or private key due to your
failure to maintain the confidentiality of your wallet;</paragraph>
</list_item>
<list_item>
<paragraph>any interruption or cessation of transmission to or from the services; or</paragraph>
</list_item>
<list_item>
<paragraph>any bugs, viruses, trojan horses, or the like that are found in the Taler
Wallet software or that may be transmitted to or through our services by
any third party (regardless of the source of origination), or</paragraph>
</list_item>
</enumerated_list>
</block_quote>
<enumerated_list enumtype="loweralpha" prefix="(" start="2" suffix=")">
<list_item>
<paragraph>any direct damages.</paragraph>
</list_item>
</enumerated_list>
<paragraph>These limitations apply regardless of legal theory, whether based on tort,
strict liability, breach of contract, breach of warranty, or any other legal
theory, and whether or not we were advised of the possibility of such
damages. Some jurisdictions do not allow the exclusion or limitation of
liability for consequential or incidental damages, so the above limitation may
not apply to you.</paragraph>
<paragraph>Our services are provided “as is” and without warranty of any kind. To the
maximum extent permitted by law, we disclaim all representations and
warranties, express or implied, relating to the services and underlying
software or any content on the services, whether provided or owned by us or by
any third party, including without limitation, warranties of merchantability,
fitness for a particular purpose, title, non-infringement, freedom from
computer virus, and any implied warranties arising from course of dealing,
course of performance, or usage in trade, all of which are expressly
disclaimed. In addition, we do not represent or warrant that the content
accessible via the services is accurate, complete, available, current, free of
viruses or other harmful components, or that the results of using the services
will meet your requirements. Some states do not allow the disclaimer of
implied warranties, so the foregoing disclaimers may not apply to you. This
paragraph gives you specific legal rights and you may also have other legal
rights that vary from state to state.</paragraph>
</section>
<section ids="indemnity-and-time-limitation-on-claims-and-termination" names="indemnity\ and\ time\ limitation\ on\ claims\ and\ termination">
<title>Indemnity and Time limitation on claims and Termination</title>
<paragraph>To the extent permitted by applicable law, you agree to defend, indemnify, and
hold harmless the Taler Parties from and against any and all claims, damages,
obligations, losses, liabilities, costs or debt, and expenses (including, but
not limited to, attorneys fees) arising from: (a) your use of and access to
the Services; (b) any feedback or submissions you provide to us concerning the
Taler Wallet; (c) your violation of any term of this Agreement; or (d) your
violation of any law, rule, or regulation, or the rights of any third party.</paragraph>
<paragraph>You agree that any claim you may have arising out of or related to your
relationship with us must be filed within one year after such claim arises,
otherwise, your claim in permanently barred.</paragraph>
<paragraph>In the event of termination concerning your use of our Services, your
obligations under this Agreement will still continue.</paragraph>
</section>
<section ids="discontinuance-of-services-and-force-majeure" names="discontinuance\ of\ services\ and\ force\ majeure">
<title>Discontinuance of services and Force majeure</title>
<paragraph>We may, in our sole discretion and without cost to you, with or without prior
notice, and at any time, modify or discontinue, temporarily or permanently,
any portion of our Services. We will use the Taler protocols provisions to
notify Wallets if our Services are to be discontinued. It is your
responsibility to ensure that the Taler Wallet is online at least once every
three months to observe these notifications. We shall not be held responsible
or liable for any loss of funds in the event that we discontinue or depreciate
the Services and your Taler Wallet fails to transfer out the coins within a
three months notification period.</paragraph>
<paragraph>We shall not be held liable for any delays, failure in performance, or
interruptions of service which result directly or indirectly from any cause or
condition beyond our reasonable control, including but not limited to: any
delay or failure due to any act of God, act of civil or military authorities,
act of terrorism, civil disturbance, war, strike or other labor dispute, fire,
interruption in telecommunications or Internet services or network provider
services, failure of equipment and/or software, other catastrophe, or any
other occurrence which is beyond our reasonable control and shall not affect
the validity and enforceability of any remaining provisions.</paragraph>
</section>
<section ids="governing-law-waivers-severability-and-assignment" names="governing\ law,\ waivers,\ severability\ and\ assignment">
<title>Governing law, Waivers, Severability and Assignment</title>
<paragraph>No matter where youre located, the laws of Switzerland will govern these
Terms. If any provisions of these Terms are inconsistent with any applicable
law, those provisions will be superseded or modified only to the extent such
provisions are inconsistent. The parties agree to submit to the ordinary
courts in Bern, Switzerland for exclusive jurisdiction of any dispute
arising out of or related to your use of the Services or your breach of these
Terms.</paragraph>
<paragraph>Our failure to exercise or delay in exercising any right, power, or privilege
under this Agreement shall not operate as a waiver; nor shall any single or
partial exercise of any right, power, or privilege preclude any other or
further exercise thereof.</paragraph>
<paragraph>You agree that we may assign any of our rights and/or transfer, sub-contract,
or delegate any of our obligations under these Terms.</paragraph>
<paragraph>If it turns out that any part of this Agreement is invalid, void, or for any
reason unenforceable, that term will be deemed severable and limited or
eliminated to the minimum extent necessary.</paragraph>
<paragraph>This Agreement sets forth the entire understanding and agreement as to the
subject matter hereof and supersedes any and all prior discussions,
agreements, and understandings of any kind (including, without limitation, any
prior versions of this Agreement) and every nature between us. Except as
provided for above, any modification to this Agreement must be in writing and
must be signed by both parties.</paragraph>
</section>
<section ids="questions-or-comments" names="questions\ or\ comments">
<title>Questions or comments</title>
<paragraph>We welcome comments, questions, concerns, or suggestions. Please send us a
message on our contact page at <reference refuri="mailto:legal@taler-systems.com">legal@taler-systems.com</reference>.</paragraph>
</section>
</section>
</document>

BIN
contrib/tos/en/tos-v0.epub
View File

Binary file not shown.

298
contrib/tos/en/tos-v0.html
View File

File diff suppressed because one or more lines are too long

337
contrib/tos/en/tos-v0.txt
View File

@ -1,337 +0,0 @@
Terms Of Service
****************
Last Updated: 12.4.2019
Welcome! Taler Systems SA (“we,” “our,” or “us”) provides a payment
service through our Internet presence (collectively the “Services”).
Before using our Services, please read the Terms of Service (the
“Terms” or the “Agreement”) carefully.
Overview
========
This section provides a brief summary of the highlights of this
Agreement. Please note that when you accept this Agreement, you are
accepting all of the terms and conditions and not just this section.
We and possibly other third parties provide Internet services which
interact with the Taler Wallets self-hosted personal payment
application. When using the Taler Wallet to interact with our
Services, you are agreeing to our Terms, so please read carefully.
Highlights:
-----------
* You are responsible for keeping the data in your Taler Wallet at
all times under your control. Any losses arising from you not
being in control of your private information are your problem.
* We will try to transfer funds we hold in escrow for our users to
any legal recipient to the best of our ability within the
limitations of the law and our implementation. However, the
Services offered today are highly experimental and the set of
recipients of funds is severely restricted.
* For our Services, we may charge transaction fees. The specific
fee structure is provided based on the Taler protocol and should
be shown to you when you withdraw electronic coins using a Taler
Wallet. You agree and understand that the Taler protocol allows
for the fee structure to change.
* You agree to not intentionally overwhelm our systems with
requests and follow responsible disclosure if you find security
issues in our services.
* We cannot be held accountable for our Services not being
available due to circumstances beyond our control. If we modify
or terminate our services, we will try to give you the
opportunity to recover your funds. However, given the
experimental state of the Services today, this may not be
possible. You are strongly advised to limit your use of the
Service to small-scale experiments expecting total loss of all
funds.
These terms outline approved uses of our Services. The Services and
these Terms are still at an experimental stage. If you have any
questions or comments related to this Agreement, please send us a
message to legal@taler-systems.com. If you do not agree to this
Agreement, you must not use our Services.
How you accept this policy
==========================
By sending funds to us (to top-up your Taler Wallet), you acknowledge
that you have read, understood, and agreed to these Terms. We reserve
the right to change these Terms at any time. If you disagree with the
change, we may in the future offer you with an easy option to recover
your unspent funds. However, in the current experimental period you
acknowledge that this feature is not yet available, resulting in your
funds being lost unless you accept the new Terms. If you continue to
use our Services other than to recover your unspent funds, your
continued use of our Services following any such change will signify
your acceptance to be bound by the then current Terms. Please check
the effective date above to determine if there have been any changes
since you have last reviewed these Terms.
Services
========
We will try to transfer funds that we hold in escrow for our users to
any legal recipient to the best of our ability and within the
limitations of the law and our implementation. However, the Services
offered today are highly experimental and the set of recipients of
funds is severely restricted. The Taler Wallet can be loaded by
exchanging fiat currencies against electronic coins. We are providing
this exchange service. Once your Taler Wallet is loaded with
electronic coins they can be spent for purchases if the seller is
accepting Taler as a means of payment. We are not guaranteeing that
any seller is accepting Taler at all or a particular seller. The
seller or recipient of deposits of electronic coins must specify the
target account, as per the design of the Taler protocol. They are
responsible for following the protocol and specifying the correct bank
account, and are solely liable for any losses that may arise from
specifying the wrong account. We will allow the government to link
wire transfers to the underlying contract hash. It is the
responsibility of recipients to preserve the full contracts and to pay
whatever taxes and charges may be applicable. Technical issues may
lead to situations where we are unable to make transfers at all or
lead to incorrect transfers that cannot be reversed. We will only
refuse to execute transfers if the transfers are prohibited by a
competent legal authority and we are ordered to do so.
When using our Services, you agree to not take any action that
intentionally imposes an unreasonable load on our infrastructure. If
you find security problems in our Services, you agree to first report
them to security@taler-systems.com and grant us the right to publish
your report. We warrant that we will ourselves publicly disclose any
issues reported within 3 months, and that we will not prosecute anyone
reporting security issues if they did not exploit the issue beyond a
proof-of-concept, and followed the above responsible disclosure
practice.
Fees
====
You agree to pay the fees for exchanges and withdrawals completed via
the Taler Wallet ("Fees") as defined by us, which we may change from
time to time. With the exception of wire transfer fees, Taler
transaction fees are set for any electronic coin at the time of
withdrawal and fixed throughout the validity period of the respective
electronic coin. Your wallet should obtain and display applicable fees
when withdrawing funds. Fees for coins obtained as change may differ
from the fees applicable to the original coin. Wire transfer fees that
are independent from electronic coins may change annually. You
authorize us to charge or deduct applicable fees owed in connection
with deposits, exchanges and withdrawals following the rules of the
Taler protocol. We reserve the right to provide different types of
rewards to users either in the form of discount for our Services or in
any other form at our discretion and without prior notice to you.
Eligibility and Financial self-responsibility
=============================================
To be eligible to use our Services, you must be able to form legally
binding contracts or have the permission of your legal guardian. By
using our Services, you represent and warrant that you meet all
eligibility requirements that we outline in these Terms.
You will be responsible for maintaining the availability, integrity
and confidentiality of the data stored in your wallet. When you setup
a Taler Wallet, you are strongly advised to follow the precautionary
measures offered by the software to minimize the chances to losse
access to or control over your Wallet data. We will not be liable for
any loss or damage arising from your failure to comply with this
paragraph.
Copyrights and trademarks
=========================
The Taler Wallet is released under the terms of the GNU General Public
License (GNU GPL). You have the right to access, use, and share the
Taler Wallet, in modified or unmodified form. However, the GPL is a
strong copyleft license, which means that any derivative works must be
distributed under the same license terms as the original software. If
you have any questions, you should review the GNU GPLs full terms and
conditions at https://www.gnu.org/licenses/gpl-3.0.en.html. “Taler”
itself is a trademark of Taler Systems SA. You are welcome to use the
name in relation to processing payments using the Taler protocol,
assuming your use is compatible with an official release from the GNU
Project that is not older than two years.
Limitation of liability & disclaimer of warranties
==================================================
You understand and agree that we have no control over, and no duty to
take any action regarding: Failures, disruptions, errors, or delays in
processing that you may experience while using our Services; The risk
of failure of hardware, software, and Internet connections; The risk
of malicious software being introduced or found in the software
underlying the Taler Wallet; The risk that third parties may obtain
unauthorized access to information stored within your Taler Wallet,
including, but not limited to your Taler Wallet coins or backup
encryption keys. You release us from all liability related to any
losses, damages, or claims arising from:
1. user error such as forgotten passwords, incorrectly constructed
transactions;
2. server failure or data loss;
3. unauthorized access to the Taler Wallet application;
4. bugs or other errors in the Taler Wallet software; and
5. any unauthorized third party activities, including, but not limited
to, the use of viruses, phishing, brute forcing, or other means of
attack against the Taler Wallet. We make no representations
concerning any Third Party Content contained in or accessed through
our Services.
Any other terms, conditions, warranties, or representations associated
with such content, are solely between you and such organizations
and/or individuals.
To the fullest extent permitted by applicable law, in no event will we
or any of our officers, directors, representatives, agents, servants,
counsel, employees, consultants, lawyers, and other personnel
authorized to act, acting, or purporting to act on our behalf
(collectively the “Taler Parties”) be liable to you under contract,
tort, strict liability, negligence, or any other legal or equitable
theory, for:
1. any lost profits, data loss, cost of procurement of substitute
goods or services, or direct, indirect, incidental, special,
punitive, compensatory, or consequential damages of any kind
whatsoever resulting from:
1. your use of, or conduct in connection with, our services;
2. any unauthorized use of your wallet and/or private key due to
your failure to maintain the confidentiality of your wallet;
3. any interruption or cessation of transmission to or from the
services; or
4. any bugs, viruses, trojan horses, or the like that are found in
the Taler Wallet software or that may be transmitted to or
through our services by any third party (regardless of the
source of origination), or
2. any direct damages.
These limitations apply regardless of legal theory, whether based on
tort, strict liability, breach of contract, breach of warranty, or any
other legal theory, and whether or not we were advised of the
possibility of such damages. Some jurisdictions do not allow the
exclusion or limitation of liability for consequential or incidental
damages, so the above limitation may not apply to you.
Our services are provided "as is" and without warranty of any kind. To
the maximum extent permitted by law, we disclaim all representations
and warranties, express or implied, relating to the services and
underlying software or any content on the services, whether provided
or owned by us or by any third party, including without limitation,
warranties of merchantability, fitness for a particular purpose,
title, non-infringement, freedom from computer virus, and any implied
warranties arising from course of dealing, course of performance, or
usage in trade, all of which are expressly disclaimed. In addition, we
do not represent or warrant that the content accessible via the
services is accurate, complete, available, current, free of viruses or
other harmful components, or that the results of using the services
will meet your requirements. Some states do not allow the disclaimer
of implied warranties, so the foregoing disclaimers may not apply to
you. This paragraph gives you specific legal rights and you may also
have other legal rights that vary from state to state.
Indemnity and Time limitation on claims and Termination
=======================================================
To the extent permitted by applicable law, you agree to defend,
indemnify, and hold harmless the Taler Parties from and against any
and all claims, damages, obligations, losses, liabilities, costs or
debt, and expenses (including, but not limited to, attorneys fees)
arising from: (a) your use of and access to the Services; (b) any
feedback or submissions you provide to us concerning the Taler Wallet;
(c) your violation of any term of this Agreement; or (d) your
violation of any law, rule, or regulation, or the rights of any third
party.
You agree that any claim you may have arising out of or related to
your relationship with us must be filed within one year after such
claim arises, otherwise, your claim in permanently barred.
In the event of termination concerning your use of our Services, your
obligations under this Agreement will still continue.
Discontinuance of services and Force majeure
============================================
We may, in our sole discretion and without cost to you, with or
without prior notice, and at any time, modify or discontinue,
temporarily or permanently, any portion of our Services. We will use
the Taler protocols provisions to notify Wallets if our Services are
to be discontinued. It is your responsibility to ensure that the Taler
Wallet is online at least once every three months to observe these
notifications. We shall not be held responsible or liable for any loss
of funds in the event that we discontinue or depreciate the Services
and your Taler Wallet fails to transfer out the coins within a three
months notification period.
We shall not be held liable for any delays, failure in performance, or
interruptions of service which result directly or indirectly from any
cause or condition beyond our reasonable control, including but not
limited to: any delay or failure due to any act of God, act of civil
or military authorities, act of terrorism, civil disturbance, war,
strike or other labor dispute, fire, interruption in
telecommunications or Internet services or network provider services,
failure of equipment and/or software, other catastrophe, or any other
occurrence which is beyond our reasonable control and shall not affect
the validity and enforceability of any remaining provisions.
Governing law, Waivers, Severability and Assignment
===================================================
No matter where youre located, the laws of Switzerland will govern
these Terms. If any provisions of these Terms are inconsistent with
any applicable law, those provisions will be superseded or modified
only to the extent such provisions are inconsistent. The parties agree
to submit to the ordinary courts in Zurich, Switzerland for exclusive
jurisdiction of any dispute arising out of or related to your use of
the Services or your breach of these Terms.
Our failure to exercise or delay in exercising any right, power, or
privilege under this Agreement shall not operate as a waiver; nor
shall any single or partial exercise of any right, power, or privilege
preclude any other or further exercise thereof.
You agree that we may assign any of our rights and/or transfer, sub-
contract, or delegate any of our obligations under these Terms.
If it turns out that any part of this Agreement is invalid, void, or
for any reason unenforceable, that term will be deemed severable and
limited or eliminated to the minimum extent necessary.
This Agreement sets forth the entire understanding and agreement as to
the subject matter hereof and supersedes any and all prior
discussions, agreements, and understandings of any kind (including,
without limitation, any prior versions of this Agreement) and every
nature between us. Except as provided for above, any modification to
this Agreement must be in writing and must be signed by both parties.
Questions or comments
=====================
We welcome comments, questions, concerns, or suggestions. Please send
us a message on our contact page at legal@taler-systems.com.

0
contrib/tos/tos-v0.rst → contrib/tos/tos.rst
View File

3
contrib/uncrustify_precommit
View File

@ -1,10 +1,11 @@
#!/bin/sh
# use as .git/hooks/pre-commit
exec 1>&2
RET=0
changed=$(git diff --cached --name-only | grep -v mustach)
changed=$(git diff --cached --name-only)
crustified=""
for f in $changed;

14
contrib/update-pp.sh
View File

@ -14,8 +14,7 @@ cd pp
for l in $@
do
mkdir -p $l
echo "Generating PP for language $l"
cat conf.py.in | sed -e "s/%VERSION%/$VERSION/g" > conf.py
echo Generating PP for language $l
# 'f' is for the supported formats, note that the 'make' target
# MUST match the file extension.
for f in html txt pdf epub xml
@ -23,16 +22,7 @@ do
rm -rf _build
echo " Generating format $f"
make -e SPHINXOPTS="-D language='$l'" $f >>sphinx.log 2>>sphinx.err < /dev/null
if test $f = "html"
then
htmlark -o $l/${VERSION}.$f _build/$f/${VERSION}.$f
else
mv _build/$f/${VERSION}.$f $l/${VERSION}.$f
fi
if test $f = "txt"
then
cp $l/${VERSION}.$f $l/${VERSION}.md
fi
mv _build/$f/pp.$f $l/${VERSION}.$f
done
done
cd ..

15
contrib/update-tos.sh
View File

@ -14,8 +14,7 @@ cd tos
for l in $@
do
mkdir -p $l
echo "Generating TOS for language $l"
cat conf.py.in | sed -e "s/%VERSION%/$VERSION/g" > conf.py
echo Generating TOS for language $l
# 'f' is for the supported formats, note that the 'make' target
# MUST match the file extension.
for f in html txt pdf epub xml
@ -23,17 +22,7 @@ do
rm -rf _build
echo " Generating format $f"
make -e SPHINXOPTS="-D language='$l'" $f >>sphinx.log 2>>sphinx.err < /dev/null
if test $f = "html"
then
htmlark -o $l/${VERSION}.$f _build/$f/${VERSION}.$f
else
mv _build/$f/${VERSION}.$f $l/${VERSION}.$f
fi
if test $f = "txt"
then
cp $l/${VERSION}.$f $l/${VERSION}.md
fi
mv _build/$f/tos.$f $l/${VERSION}.$f
done
done
cd ..
echo "Success"

48
debian/changelog vendored
View File

@ -1,51 +1,3 @@
taler-exchange (0.9.2-3) unstable; urgency=low
* Improvements to timeout handling when DB is not available yet.
-- Florian Dold <dold@taler.net> Tue, 14 Mar 2023 12:30:15 +0100
taler-exchange (0.9.2-2) unstable; urgency=low
* Further improvements to Debian package.
-- Christian Grothoff <grothoff@gnu.org> Sat, 3 Mar 2023 23:50:12 +0200
taler-exchange (0.9.2-1) unstable; urgency=low
* Minor improvements to Debian package, also adds age-withdraw REST APIs.
-- Christian Grothoff <grothoff@gnu.org> Sat, 3 Mar 2023 13:50:12 +0200
taler-exchange (0.9.2) unstable; urgency=low
* Packaging latest release.
-- Christian Grothoff <grothoff@gnu.org> Tue, 21 Feb 2023 13:50:12 +0200
taler-exchange (0.9.1) unstable; urgency=low
* Packaging latest release.
-- Christian Grothoff <grothoff@gnu.org> Tue, 17 Jan 2023 11:50:12 +0200
taler-exchange (0.9.0) unstable; urgency=low
* Packaging latest release.
-- Christian Grothoff <grothoff@gnu.org> Sat, 5 Nov 2022 11:50:12 +0200
taler-exchange (0.8.99-2) unstable; urgency=low
* Packaging latest pre-release from Git.
-- Christian Grothoff <grothoff@gnu.org> Mon, 26 Sep 2022 09:50:12 +0200
taler-exchange (0.8.99-1) unstable; urgency=low
* Updating to latest pre-release from Git.
-- Christian Grothoff <grothoff@taler.net> Mon, 20 Jun 2022 13:12:58 +0200
taler-exchange (0.8.5-3) unstable; urgency=low
* Updating to latest Git with minor bugfixes and improvements.

70
debian/control vendored
View File

@ -9,22 +9,27 @@ Build-Depends:
bash,
debhelper-compat (= 12),
gettext,
libgnunet-dev (>=0.17.1),
libgnunet-dev (>=0.15.3),
libcurl4-gnutls-dev (>=7.35.0) | libcurl4-openssl-dev (>= 7.35.0),
libgcrypt20-dev (>=1.8),
libgcrypt20-dev (>=1.6),
libgnutls28-dev (>=3.2.12),
libidn2-dev,
libjansson-dev,
libltdl-dev (>=2.2),
libmicrohttpd-dev (>=0.9.71),
libpq-dev (>=13),
libmicrohttpd-dev (>=0.9.63),
libpq-dev (>=9.5),
libsodium-dev (>=1.0.11),
libsqlite3-dev (>=3.8),
libunistring-dev (>=0.9.2),
python3-jinja2,
net-tools,
po-debconf,
python3-dev,
texinfo (>=5.2),
zlib1g-dev
Build-Conflicts:
autoconf2.13,
automake1.4
Standards-Version: 4.5.0
Vcs-Git: https://salsa.debian.org/debian/taler-exchange.git
Vcs-browser: https://salsa.debian.org/debian/taler-exchange
@ -39,12 +44,7 @@ Depends:
netbase,
${misc:Depends},
${shlibs:Depends}
Description: Libraries to talk to a GNU Taler exchange.
The package also contains various files fundamental
to all GNU Taler installations, such as the
taler-config configuration command-line tool,
various base configuration files and associated
documentation.
Description: libraries to talk to a GNU Taler exchange
Package: taler-exchange-database
Architecture: any
@ -55,10 +55,7 @@ Depends:
netbase,
${misc:Depends},
${shlibs:Depends}
Description: Programs and libraries to manage a GNU Taler exchange database.
This package contains only the code to setup the
(Postgresql) database interaction (taler-exchange-dbinit
and associated resource files).
Description: programs and libraries to manage a GNU Taler exchange database
Package: taler-exchange
Architecture: any
@ -75,24 +72,8 @@ Depends:
${misc:Depends},
${shlibs:Depends}
Recommends:
taler-exchange-offline (= ${binary:Version}),
postgresql (>=13.0)
Description: GNU's payment system operator.
GNU Taler is the privacy-preserving digital payment
system from the GNU project. This package contains the
core logic that must be run by the payment service
provider or bank to offer payments to consumers and
merchants. At least one exchange must be operated
per currency.
In addition to the core logic, an exchange operator
must also have a system running the "offline" logic
which is packaged as taler-exchange-offline. It is
recommended to keep the "offline" logic on a system
that is never connected to the Internet. However, it
is also possible to run the "offline" logic directly
on the production system, especially for testing.
Finally, an exchange operator should also be prepared
to run a taler-auditor.
taler-exchange-offline (= ${binary:Version})
Description: GNU's payment system operator
Package: taler-exchange-offline
Architecture: any
@ -105,14 +86,7 @@ Depends:
netbase,
${misc:Depends},
${shlibs:Depends}
Description: Tools for managing the GNU Taler exchange offline keys.
A GNU Taler exchange uses an offline key to sign its online
keys, fee structure, bank routing information and other meta
data. The offline signing key is the root of the Taler PKI
that is then embedded in consumer wallets and merchant backends.
This package includes the tool to download material to sign
from the exchange, create signatures, and upload the resulting
signatures to the exchange.
Description: tools for managing the GNU Taler exchange offline keys
Package: taler-auditor
Architecture: any
@ -128,24 +102,16 @@ Depends:
python3-jinja2,
${misc:Depends},
${shlibs:Depends}
Description: GNU's payment system auditor.
GNU Taler is the privacy-preserving digital payment
system from the GNU project. This package contains the
auditor logic. It verifies that the taler-exchange run
by a payment service provider is correctly performing
its bank transactions and thus has the correct balance
in its escrow account. Each exchange operator is
expected to make use of one or more auditors as part
of its regulatory compliance.
Description: GNU's payment system auditor
Package: libtalerexchange-dev
Section: libdevel
Architecture: any
Depends:
libtalerexchange (= ${binary:Version}),
libgnunet-dev (>=0.17.1),
libgcrypt20-dev (>=1.8),
libmicrohttpd-dev (>=0.9.71),
libgnunet-dev (>=0.15.3),
libgcrypt20-dev (>=1.6),
libmicrohttpd-dev (>=0.9.33),
${misc:Depends},
${shlibs:Depends}
Description: libraries to talk to a GNU Taler exchange (development)

2
debian/etc-libtalerexchange/taler/taler.conf vendored
View File

@ -30,8 +30,6 @@
# systems is always rounded to this unit.
#currency_round_unit = KUDOS:0.01
# Monthly amount that mandatorily triggers an AML check
#AML_THRESHOLD = KUDOS:10000000
[paths]

23
debian/etc-taler-auditor/nginx/sites-available/taler-auditor vendored
View File

@ -1,18 +1,7 @@
server {
listen 80;
listen [::]:80;
server_name localhost;
access_log /var/log/nginx/auditor.log;
error_log /var/log/nginx/auditor.err;
location /taler-auditor/ {
proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "localhost";
#proxy_set_header X-Forwarded-Proto "https";
}
location /taler-auditor/ {
proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "example.com";
proxy_set_header X-Forwarded-Proto "https";
}

7
debian/etc-taler-exchange/nginx/sites-available/taler-exchange vendored
View File

@ -2,16 +2,13 @@ server {
listen 80;
listen [::]:80;
server_name localhost;
access_log /var/log/nginx/exchange.log;
error_log /var/log/nginx/exchange.err;
#server_name example.com;
location /taler-exchange/ {
proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "localhost";
#proxy_set_header X-Forwarded-Host "example.com";
#proxy_set_header X-Forwarded-Proto "https";
}
}

12
debian/etc-taler-exchange/taler/conf.d/exchange-business.conf vendored
View File

@ -6,11 +6,11 @@
# which you can get using `taler-exchange-offline setup`.
# This is just an example, your key will be different!
# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
# MASTER_PUBLIC_KEY =
MASTER_PUBLIC_KEY =
# Publicly visible base URL of the exchange.
# BASE_URL = https://example.com/
# BASE_URL =
BASE_URL =
# For your terms of service and privacy policy, you should specify
# an Etag that must be updated whenever there are significant
@ -20,14 +20,12 @@
# TERMS_ETAG =
# PRIVACY_ETAG =
SERVE = unix
UNIXPATH_MODE = 666
# Bank accounts used by the exchange should be specified here:
[exchange-account-1]
enable_credit = no
enable_debit = no
enable_credit = yes
enable_debit = yes
# Account identifier in the form of an RFC-8905 payto:// URI.
# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME
@ -36,4 +34,4 @@ payto_uri =
# Credentials to access the account are in a separate
# config file with restricted permissions.
@inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials-1.secret.conf
@inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials.secret.conf

0
debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf → debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials.secret.conf vendored
View File

2
debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf vendored
View File

@ -4,7 +4,7 @@
# Typically, there should only be a single line here, of the form:
# CONFIG=postgres:///DATABASE
CONFIG=postgres:///DATABASE
# The details of the URI depend on where the database lives and how
# access control was configured.

5
debian/libtalerexchange-dev.install vendored
View File

@ -3,17 +3,12 @@ usr/bin/taler-aggregator-benchmark
usr/bin/taler-exchange-benchmark
usr/bin/taler-fakebank-run
usr/bin/taler-bank-benchmark
usr/bin/taler-exchange-kyc-tester
# Only used in test cases. Maybe these
# shouldn't even be installed?
usr/bin/taler-nexus-prepare
usr/bin/taler-bank-manage-testing
# Man pages
usr/share/man/man1/taler-exchange-kyc-tester*
# Headers
usr/include/taler/*

4
debian/rules vendored
View File

@ -7,9 +7,6 @@ include /usr/share/dpkg/architecture.mk
%:
dh ${@}
override_dh_builddeb:
dh_builddeb -- -Zgzip
override_dh_auto_configure-arch:
dh_auto_configure -- --disable-rpath --with-microhttpd=yes $(shell dpkg-buildflags --export=configure)
@ -40,7 +37,6 @@ override_dh_installsystemd:
dh_installsystemd -ptaler-exchange --name=taler-exchange-aggregator --no-start --no-enable
dh_installsystemd -ptaler-exchange --name=taler-exchange-transfer --no-start --no-enable
dh_installsystemd -ptaler-exchange --name=taler-exchange-wirewatch --no-start --no-enable
dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-cs --no-start --no-enable
dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-eddsa --no-start --no-enable
dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-rsa --no-start --no-enable
dh_installsystemd -ptaler-exchange --name=taler-exchange-closer --no-start --no-enable

13
debian/taler-exchange-offline.postinst vendored
View File

@ -4,21 +4,20 @@ set -e
. /usr/share/debconf/confmodule
TALER_HOME="/var/lib/taler"
case "${1}" in
configure)
if ! getent group taler-exchange-offline >/dev/null; then
addgroup --quiet taler-exchange-offline
addgroup --quiet --system taler-exchange-offline
fi
if ! getent passwd taler-exchange-offline >/dev/null; then
adduser --quiet \
--disabled-password \
--system \
--shell /bin/bash \
--home /home/taler-exchange-offline \
adduser --quiet --system \
--ingroup taler-exchange-offline \
taler-exchange-offline
--no-create-home \
--home ${TALER_HOME} taler-exchange-offline
fi
;;

9
debian/taler-exchange.install vendored
View File

@ -1,25 +1,17 @@
usr/bin/taler-exchange-aggregator
usr/bin/taler-exchange-closer
usr/bin/taler-exchange-dbinit
usr/bin/taler-exchange-drain
usr/bin/taler-exchange-expire
usr/bin/taler-exchange-httpd
usr/bin/taler-exchange-router
usr/bin/taler-exchange-secmod-cs
usr/bin/taler-exchange-secmod-eddsa
usr/bin/taler-exchange-secmod-rsa
usr/bin/taler-exchange-transfer
usr/bin/taler-exchange-wirewatch
usr/bin/taler-exchange-wire-gateway-client
usr/lib/*/taler/libtaler_plugin_kyclogic_*.so
usr/lib/*/taler/libtaler_extension_*.so
usr/share/man/man1/taler-exchange-aggregator*
usr/share/man/man1/taler-exchange-closer*
usr/share/man/man1/taler-exchange-dbinit*
usr/share/man/man1/taler-exchange-drain*
usr/share/man/man1/taler-exchange-expire*
usr/share/man/man1/taler-exchange-httpd*
usr/share/man/man1/taler-exchange-router*
usr/share/man/man1/taler-exchange-secmod-eddsa*
usr/share/man/man1/taler-exchange-secmod-rsa*
usr/share/man/man1/taler-exchange-secmod-cs*
@ -30,7 +22,6 @@ usr/share/man/man1/taler-exchange-wire-gateway-client*
usr/share/info/taler-bank*
usr/share/info/taler-exchange*
usr/share/taler/config.d/*
usr/share/taler/exchange/templates/*.must
# configuration files in /etc/taler
debian/etc-taler-exchange/* etc/

5
debian/taler-exchange.postinst vendored
View File

@ -30,7 +30,6 @@ configure)
if ! getent passwd ${_EUSERNAME} >/dev/null; then
adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_EUSERNAME}
adduser --quiet ${_EUSERNAME} ${_DBGROUPNAME}
adduser --quiet ${_EUSERNAME} ${_GROUPNAME}
fi
if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_RSECUSERNAME}
@ -54,10 +53,10 @@ configure)
adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
fi
if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials-1.secret.conf >/dev/null 2>&1; then
if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials.secret.conf >/dev/null 2>&1; then
dpkg-statoverride --add --update \
${_WIREUSERNAME} root 460 \
/etc/taler/secrets/exchange-accountcredentials-1.secret.conf
/etc/taler/secrets/exchange-accountcredentials.secret.conf
fi
if ! dpkg-statoverride --list /etc/taler/secrets/exchange-db.secret.conf >/dev/null 2>&1; then

13
debian/taler-exchange.postrm vendored
View File

@ -7,16 +7,13 @@ if [ -f /usr/share/debconf/confmodule ]; then
fi
case "${1}" in
purge)
rm -rf /var/lib/taler/exchange-offline /var/lib/taler/exchange-secmod-*
;;
purge) ;;
remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;;
remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear)
;;
*)
echo "postrm called with unknown argument \`${1}'" >&2
exit 1
;;
echo "postrm called with unknown argument \`${1}'" >&2
exit 1
;;
esac
#DEBHELPER#

5
debian/taler-exchange.taler-exchange-aggregator.service vendored
View File

@ -1,18 +1,15 @@
[Unit]
Description=GNU Taler payment system exchange aggregator service
PartOf=taler-exchange.target
After=postgres.service
[Service]
User=taler-exchange-aggregator
Type=simple
Restart=always
RestartSec=1s
RestartSec=100ms
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
RuntimeMaxSec=3600s

17
debian/taler-exchange.taler-exchange-aggregator@.service vendored
View File

@ -1,17 +0,0 @@
[Unit]
Description=GNU Taler payment system exchange aggregator service
PartOf=taler-exchange.target
[Service]
User=taler-exchange-aggregator
Type=simple
Restart=always
RestartSec=1s
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
RuntimeMaxSec=3600s

5
debian/taler-exchange.taler-exchange-closer.service vendored
View File

@ -1,18 +1,15 @@
[Unit]
Description=GNU Taler payment system exchange closer service
PartOf=taler-exchange.target
After=network.target postgres.service
[Service]
User=taler-exchange-closer
Type=simple
Restart=always
RestartSec=1s
RestartSec=100ms
ExecStart=/usr/bin/taler-exchange-closer -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
RuntimeMaxSec=3600s

18
debian/taler-exchange.taler-exchange-expire.service vendored
View File

@ -1,18 +0,0 @@
[Unit]
Description=GNU Taler payment system exchange expire service
PartOf=taler-exchange.target
After=postgres.service
[Service]
User=taler-exchange-expire
Type=simple
Restart=always
RestartSec=1s
ExecStart=/usr/bin/taler-exchange-expire -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
RuntimeMaxSec=3600s

15
debian/taler-exchange.taler-exchange-httpd.service vendored
View File

@ -8,26 +8,17 @@ PartOf=taler-exchange.target
[Service]
User=taler-exchange-httpd
Type=simple
# Depending on the configuration, the service process kills itself and then
# needs to be restarted. Thus no significant delay on restarts.
# Depending on the configuration, the service suicides and then
# needs to be restarted.
Restart=always
# Do not dally on restarts.
RestartSec=1ms
# Disable the service if more than 5 restarts are encountered within 5s.
# These are usually the systemd defaults, but can be overwritten, thus we set
# them here explicitly, as the exchange code assumes StartLimitInterval
# to be >=5s.
StartLimitBurst=5
StartLimitInterval=5s
ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
[Install]
WantedBy=multi-user.target

1
debian/taler-exchange.taler-exchange-httpd@.service vendored
View File

@ -21,7 +21,6 @@ StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
[Install]
WantedBy=multi-user.target

2
debian/taler-exchange.taler-exchange-secmod-cs.service vendored
View File

@ -14,5 +14,3 @@ StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
IPAddressDeny=any
Slice=taler-exchange.slice

3
debian/taler-exchange.taler-exchange-secmod-eddsa.service vendored
View File

@ -14,6 +14,3 @@ StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
IPAddressDeny=any
Slice=taler-exchange.slice

2
debian/taler-exchange.taler-exchange-secmod-rsa.service vendored
View File

@ -14,5 +14,3 @@ StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
IPAddressDeny=any
Slice=taler-exchange.slice

6
debian/taler-exchange.taler-exchange-transfer.service vendored
View File

@ -1,18 +1,16 @@
[Unit]
Description=Taler Exchange Transfer Service
After=network.target postgres.service
After=network.target
PartOf=taler-exchange.target
[Service]
User=taler-exchange-wire
Type=simple
Restart=always
RestartSec=1s
RestartSec=100ms
ExecStart=/usr/bin/taler-exchange-transfer -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
RuntimeMaxSec=3600s

6
debian/taler-exchange.taler-exchange-wirewatch.service vendored
View File

@ -1,18 +1,16 @@
[Unit]
Description=GNU Taler payment system exchange wirewatch service
After=network.target postgres.service
After=network.target
PartOf=taler-exchange.target
[Service]
User=taler-exchange-wire
Type=simple
Restart=always
RestartSec=1s
RuntimeMaxSec=3600s
RestartSec=100ms
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice

4
debian/taler-exchange.taler-exchange-wirewatch@.service vendored
View File

@ -7,12 +7,10 @@ PartOf=taler-exchange.target
User=taler-exchange-wire
Type=simple
Restart=always
RestartSec=1s
RestartSec=100ms
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
RuntimeMaxSec=3600s

7
debian/taler-exchange.taler-exchange.slice vendored
View File

@ -1,7 +0,0 @@
[Unit]
Description=Slice for GNU taler exchange processes
Before=slices.target
[Slice]
# Add settings that should affect all GNU Taler exchange
# components here.

1
debian/taler-exchange.taler-exchange.target vendored
View File

@ -6,7 +6,6 @@ Wants=taler-exchange-httpd.service
Wants=taler-exchange-wirewatch.service
Wants=taler-exchange-aggregator.service
Wants=taler-exchange-closer.service
Wants=taler-exchange-expire.service
Wants=taler-exchange-transfer.service
[Install]

3
debian/taler-exchange.tmpfiles vendored
View File

@ -1,8 +1,7 @@
#Type Path Mode UID GID Age Argument
d /run/taler/exchange-secmod-rsa 0755 taler-exchange-secmod-rsa taler-exchange-secmod - -
d /run/taler/exchange-secmod-cs 0755 taler-exchange-secmod-cs taler-exchange-secmod - -
d /run/taler/exchange-secmod-eddsa 0755 taler-exchange-secmod-eddsa taler-exchange-secmod - -
d /run/taler/exchange-httpd 0750 taler-exchange-httpd www-data - -
d /var/lib/taler/exchange-secmod-cs 0700 taler-exchange-secmod-cs taler-exchange-secmod - -
d /var/lib/taler/exchange-offline 0700 taler-exchange-offline taler-exchange-offline - -
d /var/lib/taler/exchange-secmod-rsa 0700 taler-exchange-secmod-rsa taler-exchange-secmod - -
d /var/lib/taler/exchange-secmod-eddsa 0700 taler-exchange-secmod-eddsa taler-exchange-secmod - -

4
doc/.gitignore vendored
View File

@ -1,6 +1,7 @@
*.aux
*.dvi
*.log
*.pdf
*.out
*.snm
*.toc
@ -24,6 +25,3 @@ taler-exchange.html
taler-exchange.fn
taler-exchange.cp
taler-exchange.auxtaler-exchange.cps
cbdc-es/cbdc-es.pdf
cbdc-it/cbdc-it.pdf
audit/response-202109.pdf

8
doc/Makefile.am
View File

@ -21,22 +21,16 @@ man_MANS = \
prebuilt/man/taler-exchange-benchmark.1 \
prebuilt/man/taler-exchange-closer.1 \
prebuilt/man/taler-exchange-dbinit.1 \
prebuilt/man/taler-exchange-drain.1 \
prebuilt/man/taler-exchange-expire.1 \
prebuilt/man/taler-exchange-httpd.1 \
prebuilt/man/taler-exchange-kyc-tester.1 \
prebuilt/man/taler-exchange-offline.1 \
prebuilt/man/taler-exchange-router.1\
prebuilt/man/taler-exchange-secmod-cs.1\
prebuilt/man/taler-exchange-secmod-eddsa.1\
prebuilt/man/taler-exchange-secmod-rsa.1 \
prebuilt/man/taler-exchange-transfer.1\
prebuilt/man/taler-exchange-wire-gateway-client.1\
prebuilt/man/taler-exchange-wirewatch.1 \
prebuilt/man/taler-exchange-wire-gateway-client.1\
prebuilt/man/taler-helper-auditor-aggregation.1 \
prebuilt/man/taler-helper-auditor-coins.1\
prebuilt/man/taler-helper-auditor-deposits.1\
prebuilt/man/taler-helper-auditor-purses.1\
prebuilt/man/taler-helper-auditor-reserves.1\
prebuilt/man/taler-helper-auditor-wire.1

21
doc/cbdc-it/cbdc-it.tex
View File

@ -43,14 +43,14 @@ migliorate per tutelare la privacy nelle transazioni, soddisfare i
requisiti normativi in modo efficace e offrire un livello di protezione
resistente ai computer quantistici contro il rischio sistemico per
la privacy. Né la politica monetaria né la stabilità del sistema
finanziario sarebbero realmente interessate da questo sistema, dal
finanziario sarebbero realmente interessate da questo sistema dal
momento che una moneta emessa in questo modo replicherebbe il contante
fisico anziché i depositi bancari. \\
JEL: E42, E51, E52, E58, G2
\\
Parole chiave: monete digitali, banca centrale, CBDC, firma cieca (\textit{blind signatures}),
Parole chiave: monete digitali, banca centrale, CBDC, firma cieca,
criptovalute stabili, \textit{stablecoins}
\end{abstract}
@ -91,7 +91,7 @@ CoinMarketCap elenca oltre 5.000 criptovalute. Recentemente le banche
centrali hanno iniziato a considerare, o almeno a studiare,
l'emissione di monete digitali~\cite[vedi][]{AuerBoehme,AuerCornelli,Boar,Kiff,Mancini-Griffoli}.
Attualmente, le banche centrali emettono due tipi di moneta: (i)
Attualmente le banche centrali emettono due tipi di moneta: (i)
riserve sotto forma di conti di regolamento presso le banche centrali,
destinate solo agli operatori dei mercati finanziari, e (ii) divisa
disponibile per tutti sotto forma di banconote. Di conseguenza, la
@ -1088,14 +1088,13 @@ possono supportare milioni di transazioni al secondo.
% una discussione a riguardo:
% https://italian.stackexchange.com/questions/3653/probabilmente-indicativo-o-congiuntivo
% Not incorrect but FIXED anyway.
Infine, il costo totale del sistema è basso. Il costo principale è
rappresentato dall'archiviazione a lungo termine di 110 kilobyte
per transazione. Gli esperimenti su un prototipo di GNU Taler che
utilizzava i prezzi di \textit{Amazon Web Service} hanno stabilito
che il costo del sistema (archiviazione, larghezza di banda e capacità
di calcolo) su larga scala sarebbe inferiore a 0,0001 USD per
transazione~\cite[per i dettagli sui dati, si veda][]{Dold}.
Infine, il costo totale del sistema è basso. Probabilmente il costo
principale è rappresentato dall'archiviazione sicura per
molti anni di 110 kilobyte per transazione. Gli esperimenti su un
prototipo di GNU Taler che utilizzava i prezzi di \textit{Amazon Web Service}
hanno stabilito che il costo del sistema (archiviazione, larghezza di
banda e capacità di calcolo) su larga scala sarebbe inferiore a
0,0001 USD per transazione~\cite[per i dettagli sui dati, si veda][]{Dold}.
\section{Considerazioni normative e politiche}
\label{5.-considerazioni-normative-e-politiche}

28
doc/cs/ads/glossary.tex
View File

@ -1,12 +1,12 @@
%!TEX root = ../thesis.tex
%
% vorher in Konsole folgendes aufrufen:
% vorher in Konsole folgendes aufrufen:
% makeglossaries makeglossaries dokumentation.acn && makeglossaries dokumentation.glo
%
%
% Glossareintraege --> reference, name, beschreibung
% Glossareintraege --> referenz, name, beschreibung
% Aufruf mit \gls{...}
%
% \newglossaryentry{non-repudiation}{name={non-repudiation},plural={non-repudiation},description={After a message is signed, one can not dispute that a message was signed}}
@ -18,36 +18,36 @@
}
\newglossaryentry{25519}{
name = {Curve25519},
description = {A popular elliptic curve used in many cryptographic systems based on elliptic curve cryptography. See section \ref{par:curve25519}}
name = {Curve25519},
description = {A popular elliptic curve used in many cryptographic systems based on elliptic curve cryptography. See section \ref{par:curve25519}}
}
\newglossaryentry{fdh}{
name = {FDH},
description = {A Full-Domain Hash is a hash function with an image size equal to the original gorup. See section \ref{sec:rsa-fdh}}.
}
description = {A Full-Domain Hash is a hash function with an image size equal to the original gorup. See section \ref{sec:rsa-fdh}}.
}
\newglossaryentry{idempotence}{
name = {idempotence},
description = {Idempotence in the context of computer science is a property to ensure that the state of system will not change, no matter how many times the same request was made. See section \ref{abort-idempotency}}
}
description = {Idempotence in the context of computer science is a property to ensure that the state of system will not change, no matter how many times the same request was made. See section \ref{abort-idempotency}}
}
\newglossaryentry{abort-idempotency}{
name = {abort-idempotency},
description = {Abort-idempotency is a special case of \gls{idempotence}. On every step in a protocol it needs to be ensured that even on an abort, the same request always receives the same response. See section \ref{abort-idempotency}}
}
description = {Abort-idempotency is a special case of \gls{idempotence}. On every step in a protocol it needs to be ensured that even on an abort, the same request always receives the same response. See section \ref{abort-idempotency}}
}
\newglossaryentry{RSABS}{
name = {RSA Blind Signatures},
description = {Chaums Blind Signature Scheme based on RSA. See section \ref{sec:blind-rsa-sign}}
description = {Chaums Blind Signature Scheme based on RSA. See section \ref{sec:blind-rsa-sign}}
}
\newglossaryentry{CSBS}{
name = {Clause Blind Schnorr Signatures},
description = {A secure variant of Blind Schnorr Signature Schemes introduced in section \ref{sec:clause-blind-schnorr-sig}}
}
}
% \newglossaryentry{25519}{
% name = {},
% description = {}
% }
% description = {}
% }

4
doc/cs/content/1_introduction.tex
View File

@ -51,7 +51,7 @@ In scope are all necessary changes on the protocol(s) and components for the fol
\item design and implement a protocol where the user proves to the exchange the knowledge of the coin that is to be signed (optional)
\end{itemize}
Out of scope is production readiness of the implementation.
Out of scope is production readyness of the implementation.
This is because changes in the protocos and code need to be thoroughly vetted to ensure that no weaknesses or security vulnerabilities were introduced.
Such an audit is out of scope for the thesis and is recommended to be performed in the future.
The iOS wallet will not be considered in this work.
@ -69,4 +69,4 @@ Scope changes during the project:
\item \textbf{Adjusted: } Focus is on the implementation of the exchange protocols (Withdraw, Spend, Refresh and cryptographic utilities)
\item \textbf{Adjusted: } Implementation of the refresh protocol and wallet-core are nice-to-have goals
\item \textbf{Removed: } The Merchant and the android wallet implementations are out of scope
\end{itemize}
\end{itemize}

22
doc/cs/content/3_preliminaries.tex
View File

@ -141,6 +141,7 @@ This can be used to detect compromised signing keys or a malicious exchange.
\subsection{Properties}
\label{sec:taler-properties}
%Alle Taler Eigenschaften die wir angreifen wollen auflisten und bezug nehmen wie diese erreicht werden
This section describes Taler's properties.
\subsubsection{Free Software}
@ -298,7 +299,7 @@ If verification is successful, only Alice knows her private key and Bob uses Ali
A digital signature scheme has a message space M, a signature space S and three algorithms:
\begin{itemize}
\item Key generation: $(pk,sk) \gets keyGen()$
\item Signature generation: $s \gets $sign$_sk(m)$
\item Signatue generation: $s \gets $sign$_sk(m)$
\item Verification: $ v \gets $verify$_pk(m,s)$ where $v \in {0,1}$
\end{itemize}
If the result of the verification algorithm equals 1, a signature for m is called valid.
@ -782,7 +783,7 @@ A good introduction to cut and choose protocols gives the Paper from Claude Cré
The expression cut-and-choose was later introduced by David Chaum in analogy to a popular cake sharing problem:
Given a complete cake to be shared among two parties distrusting of each other (for reasons of serious appetite).
A fair way for them to share the cake is to have one of them cut the cake in two equals hares, and let the other one choose his favourite share.
This solution guarantees that it is in the formers best interest to cut the shares as evenly as possible."
This solution guarantes that it is in the formers best interest to cut the shares as evenly as possible."
}
\end{center}
@ -869,10 +870,10 @@ Figure \ref{fig:withdraw-loophole-exploit} explains how such a payment would wor
Note that we omitted the parts leading up to the coin creation (contract, agreement of price, number of coins and their denominations).
This is how it works on a high level:
\begin{enumerate}
\item The malicious merchant generates and blinds coins, which are then transmitted to the customer
\item The malicous merchant generates and blinds coins, which are then transmitted to the customer
\item The customer authorizes the withdraw from his reserve by signing the blinded coins with the private key of his reserve, thus generating withdraw confirmations.
\item The withdraw confirmations are transmitted to the exchange, which generates the signatures and returns them to the malicious merchant.
\item The malicious merchant unblinds the signatures.
\item The withdraw confirmations are transmitted to the exchange, which generates the signatures and returns them to the malicous merchant.
\item The malicous merchant unblinds the signatures.
He is now in possession of the coin, thus the payment is completed.
\end{enumerate}
@ -881,7 +882,7 @@ This is how it works on a high level:
\resizebox{1.0\textwidth}{!}{$\displaystyle
\begin{array}{ l c l}
% preliminaries
\textbf{Customer} & & \textbf{malicious Merchant}
\textbf{Customer} & & \textbf{malicous Merchant}
\\ \text{knows:} & & \text{knows:}
\\ \text{reserve keys } w_s, W_p
\\ \text{denomination public key } D_p = \langle e, N \rangle & & \text{denomination public key } D_p = \langle e, N \rangle
@ -902,7 +903,7 @@ This is how it works on a high level:
\\
\hline
\\
\textbf{malicious Merchant} & & \textbf{Exchange}
\textbf{malicous Merchant} & & \textbf{Exchange}
\\\text{knows:} & & \text{knows:}
\\& & \text{reserve public key } W_p
\\ \text{denomination public key } D_p = \langle e, N \rangle & & \text{denomination keys } d_s, D_p
@ -948,6 +949,7 @@ Chapter 4.1.4 describes more general aspects as well as the contract header and
\subsubsection{Spend Protocol}
The payment process begins when a customer submits a shopping cart (one or more items to buy) and commits his intent to buy them.
The merchant has a key pair skM, pkM of which the customer knows the public key.
% besseres Wort als commit?
Note that certain details contained in contract header or deposit permission like merchant \ac{KYC} information, deposit and refund deadlines and fees are left out.
The deposit state machine can be seen in figure \ref{fig:deposit:states}.
\begin{figure}[htp]
@ -1031,7 +1033,7 @@ In cases where there are multiple deposit permissions (meaning that multiple coi
\item Is the signature of the coin valid?
\item Is $ f $ (the value to be spent) smaller or equal the residual value of the coin (check for overspending attempt)?
\end{itemize}
If all checks are successful, the exchange saves the deposit record containing the deposit permission and its signature in a database, subtracts the spent value from the residual value of the coin and schedules the money transfer to the merchant's account $ A_m $ (grouping payments is done to reduce payment fees).
If all checks are successful, the exchange saves the deposit record containing the deposit permission and its signature in a database, substracts the spent value from the residual value of the coin and schedules the money transfer to the merchant's account $ A_m $ (grouping payments is done to reduce payment fees).
\\The exchange calculates a deposit confirmation signature $ \sigma_{DC} $ for the deposit permission with the exchange signing private key and returns them to the merchant.
\\This signature is also used to prove that a merchant was the first to receive payment from a certain coin.
Without this, an evil exchange could later deny confirming a payment and claim double spending.
@ -1178,7 +1180,7 @@ The customer, which holds the old partially spend coin and knows \\$C_{old} = \t
On the exchange's side various checks are done to validate the request.
Detailed steps of the commit phase are shown in figure \ref{fig:refresh-part1}.
\begin{figure}
\begin{equation*}
\resizebox{1.0\textwidth}{!}{$\displaystyle
@ -1462,4 +1464,4 @@ When the list of trusted auditor certs of a customer/merchant somehow can be man
One attack scenario would be to attack customers/merchants with a supply-chain attack on the wallets or merchant backends' implementation.
With software supply-chain attacks on the rise in 2020/21 (although the concept is not new) such an attack could have a big impact. \\
Since auditor certs are coupled with the wallet (or merchant) implementation, a bank, country, central bank or auditor will most likely publish a wallet and a merchant implementation for the corresponding Taler ecosystem.
%This would make it possible for the publisher to make changes on the Taler protocol for this specific implementation.
%This would make it possible for the publisher to make changes on the Taler protocol for this specific implementation.

18
doc/cs/content/4_2_specification.tex
View File

@ -256,7 +256,7 @@ Further, the API ensures that a caller must generate two secret $r$ as in the Cl
* To ensure unpredictability a new nonce should be used when a new r needs to be derived.
* Uses HKDF internally.
* Comment: Can be done in one HKDF shot and split output.
*
*
* @param nonce is a random nonce
* @param lts is a long-term-secret in form of a private key
* @param[out] r array containing derived secrets r0 and r1
@ -265,8 +265,8 @@ Further, the API ensures that a caller must generate two secret $r$ as in the Cl
GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
const struct GNUNET_CRYPTO_CsPrivateKey *lts,
struct GNUNET_CRYPTO_CsRSecret r[2]);
/**
* Extract the public R of the given secret r.
*
@ -289,7 +289,7 @@ The blinding secrets are generated by a client who provides a secret as seed to
* To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE
* To ensure unpredictability a new nonce has to be used.
* Uses HKDF internally
*
*
* @param secret is secret to derive blinding factors
* @param secret_len secret length
* @param[out] bs array containing the two derivedGNUNET_CRYPTO_CsBlindingSecret
@ -306,7 +306,7 @@ Further the Clause Blind Schnorr API provides an API to calculate the two blinde
/**
* Calculate two blinded c's
* Comment: One would be insecure due to Wagner's algorithm solving ROS
*
*
* @param bs array of the two blinding factor structs each containing alpha and beta
* @param r_pub array of the two signer's nonce R
* @param pub the public key of the signer
@ -336,7 +336,7 @@ See listing \ref{lst:crypto-sign-api}.
* To ensure unpredictability a new nonce has to be used for every signature
* HKDF is used internally for derivation
* r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive
*
*
* @param priv private key to use for the signing and as LTS in HKDF
* @param r array of the two secret nonce from the signer
* @param c array of the two blinded c to sign c_b
@ -370,7 +370,7 @@ GNUNET_CRYPTO_cs_unblind (
struct GNUNET_CRYPTO_CsS *signature_scalar);
\end{lstlisting}
The verify API takes the message and its signature with the public key and returns GNUNET\_OK for a valid signature and GNUNET\_SYSERR otherwise.
The verify API takes the message and its signature with the public key and returns GNUNET\_OK for a valid signature and GNUNET\_SYSERR otherwhise.
See listing \ref{lst:crypto-verify-api}.
\begin{lstlisting}[style=bfh-c,language=C,, caption={GNUnet verify API}, label={lst:crypto-verify-api}]
@ -411,7 +411,7 @@ In crypto.c many utility functions are provided to create planchets (for planche
One difference between \gls{RSABS} and \gls{CSBS} is, that the coin private key and RSA blinding secret can be created at the same point in time, since the RSA blinding secret is created randomly.
However, for Clause Blind Schnorr secrets an additional step is needed, the public $R_0$ and $R_1$ are required to calculate the blinding seed to derive the secrets.
A planchet in the Clause Blind Schnorr Signature Scheme can be created as followed (implementation details omitted).
A planchet in the Clause Blind Schnorr Signature Scheme can be created as followed (implementation details ommited).
\begin{enumerate}
\item Create planchet with new \ac{EdDSA} private key
@ -467,7 +467,7 @@ The exchange offline signer requests the future, not yet signed keys by calling
master\_pub & Exchange's master public key \\
denom\_secmod\_public\_key & RSA security module public key \\
denom\_secmod\_cs\_public\_key & \gls{CSBS} security module public key \\
signkey\_secmod\_public\_key & Online signing security module public key \\
signkey\_secmod\_public\_key & Online singing security module public key \\
\end{tabular}
\caption{GET \url{/management/keys} response data}
\label{tab:management-keys-get}

14
doc/cs/content/4_3_implementation.tex
View File

@ -94,8 +94,8 @@ The corresponding crypto helper, that talks with the security module, and its te
\item \texttt{src/util/test\_helper\_cs.c}: Tests and benchmarks for the \gls{CSBS} crypto helper
\end{itemize}
% Crypto API offene Punkte:
%Input-validation of points and scalars:
% describe clamping: https://neilmadden.blog/2020/05/28/whats-the-curve25519-clamping-all-about/
%Input-Validierung von Punkten und Skalar
% Clamping beschreiben: https://neilmadden.blog/2020/05/28/whats-the-curve25519-clamping-all-about/
% Testing: inverse operations, blinded signature test
@ -219,7 +219,7 @@ Tests for deposit are implemented here:
\begin{itemize}
\item \url{/src/testing/test_exchange_api.c}: Add tests (see "struct TALER\_TESTING\_Command\ spend\_cs[]") that spend \gls{CSBS} coins withdrawn in tests added for withdrawal
\item \url{/src/json/json_pack.c}: Implement \gls{CSBS} case in function TALER\_JSON\_pack\_denom\_sig
\end{itemize}
\end{itemize}
\section{Fixing a Minor Security Issue in Taler's RSA Blind Signature Protocols}
\label{sec:taler-vuln}
@ -230,7 +230,7 @@ The issue was only in the implementation of the current RSA Blind Signature prot
\label{sec:taler-vuln-desc}
The redesigned \gls{CSBS} protocols already include the denomination key in the nonce check, which fixes this issue (see \ref{sec:withdraw-protocol-schnorr}).
In the case of \gls{RSABS}, the current protocol includes an \gls{idempotence} check by persisting the hash value of the blinded coin $m'$.
In the case of \gls{RSABS}, the current protocol includes an \gls{idempotence} check by persisting the hash value of the blinded coin $m'$.
On a withdrawal/refresh the \gls{idempotence} check compares if the hash value of $m'$ was seen in the past and returns the 'old' signature on a match.
This could lead to the following scenario:
@ -277,7 +277,7 @@ After discussing this issue with Christian Grothoff, the conclusion was to inclu
return GNUNET_OK;
case TALER_DENOMINATION_CS:
...
\end{lstlisting}
The issue is fixed by adding a hash of the current denomination key into the calculation of the hash used in the \gls{idempotence} check.
@ -295,7 +295,7 @@ The applied fix can be seen in listing \ref{lst:fixed-idempotence}.
{
struct GNUNET_HashContext *hash_context;
hash_context = GNUNET_CRYPTO_hash_context_start ();
GNUNET_CRYPTO_hash_context_read (hash_context,
&denom_hash->hash,
sizeof(denom_hash->hash));
@ -312,7 +312,7 @@ The applied fix can be seen in listing \ref{lst:fixed-idempotence}.
{
struct GNUNET_HashContext *hash_context;
hash_context = GNUNET_CRYPTO_hash_context_start ();
GNUNET_CRYPTO_hash_context_read (hash_context,
&denom_hash->hash,
sizeof(denom_hash->hash));

12
doc/cs/content/5_discussion.tex
View File

@ -57,7 +57,7 @@ This section compares how the two schemes perform regarding CPU usage, latency,
Clause Schnorr has fixed key sizes with 256 bits (32 bytes), which we compare against different RSA key sizes (1024, 2048, 3072 and 4096 bits).
In terms of security, \gls{CSBS} 256 bit keys could be compared to 3072 bit RSA keys (see \url{https://www.keylength.com/} for more information).
\subsection{CPU Usage}
\subsection{CPU Usage}
Various benchmarks were made on different CPU architectures.
This section discusses the main results, detailed information about the performance comparison can be found in appendix \ref{chap:app-perf}.
We thank the Taler team for providing measurements from additional systems and architectures.
@ -75,7 +75,7 @@ Signing and blinding operations are much faster in \gls{CSBS}, also \gls{CSBS} s
\begin{bfhBox}[BFH-MediumBlue]{Setup}
CPU: 8-core AMD Ryzen 7 PRO 5850U \\
OS: Ubuntu 21.10 Linux 5.13.0-25-generic \#26-Ubuntu SMP Fri Jan 7 15:48:31 UTC 2022 x86\_64 x86\_64 x86\_64 GNU/Linux \\
libsodium version: 1.0.18-1build1 \\
libsodium version: 1.0.18-1build1 \\
libgcrypt version: 1.8.7-5ubuntu2 \\\\
Benchmarks with other hardware setups can be found in appendix \ref{chap:app-perf}.
\end{bfhBox}
@ -112,7 +112,7 @@ RSA 1024 is in some situations faster than the \gls{CSBS} implementation.
Note that 1024 bit keys are not recommended for many use cases, but the highest currently known RSA factorization done is 829 bits \cite{enwiki:1055393696}.
The following section \ref{sec:disc-risk} explains the risk running RSA 1024 or \gls{CSBS} denominations further.\\
The blind and unblind operations are running in a wallet implementation, therefore the comparison with RSA 1024 is very interesting for devices with less CPU power.
Comparison of such hardware can be found in appendix \ref{chap:app-perf}, these comparison results come to the same conclusion.\\
Comparison of such hardware can be found in appendix \ref{chap:app-perf}, these comparison results come to the same conlcusion.\\
Although RSA 1024 bit is much faster in the blinding operation, \gls{CSBS} still perform better when calculating the blinding and unblinding operations together.
\gls{CSBS} unblinding computes only an addition of two scalars $s + \alpha \mod p$, while RSA computes $s * r^{-1}$.
To conclude, \gls{CSBS} are faster than RSA 1024 bit and provide a better level of security.
@ -205,7 +205,7 @@ The disk space comparison for a wallet can be found in \ref{tab:comp-wallet-spac
These are theoretical calculations, implementations may choose to persist additional values.
\end{bfhWarnBox}
The reasons that \gls{CSBS} use less bandwidth is mostly because the signature/key sizes are much smaller.
The bandwidth improvements for the \texttt{/keys} API is the same as specified in the table with disk space comparison \ref{tab:comp-sign-space}.
The bandwith improvements for the \texttt{/keys} API is the same as specified in the table with disk space comparison \ref{tab:comp-sign-space}.
For \gls{CSBS} many calculations are performed twice, therefore also two values are submitted.
Table \ref{tab:comp-band-withd} compares the bandwidth used in a withdrawal.
The 32 byte values $2 * n_w, 2 * D_p, R_0, R_1, s,W_p, c_0, c_1, \sigma_W$ as well as an integer $b$ are transmitted for \gls{CSBS}.\\
@ -222,14 +222,14 @@ Depending on the hash size another 32 byte (or 64 byte) value is transmitted.
\setupBfhTabular
\begin{tabular}{lccr}
\rowcolor{BFH-tablehead}
\textbf{Signature Scheme} & \textbf{Bandwidth used} & \textbf{Factor} & \textbf{1M coins}\\\hline
\textbf{Signature Scheme} & \textbf{Bandwith used} & \textbf{Factor} & \textbf{1M coins}\\\hline
CS 256 bits & 356 bytes & 1x & 324 MB\\\hline
RSA 1024 bit & 448 bytes & 1.3x & 448 MB \\\hline
RSA 2048 bit & 832 bytes & 2.5x & 832 MB\\\hline
RSA 3072 bit & 1216 bytes & 3.75x & 1216 MB\\\hline
RSA 4096 bit & 1600 bytes & 4.9x & 1600 MB\\\hline
\end{tabular}
\caption{Bandwidth comparison withdrawal}
\caption{Bandwith comparison withdrawal}
\label{tab:comp-band-withd}
\end{table}

10
doc/cs/content/6_conclusion.tex
View File

@ -25,8 +25,8 @@ The thesis provides several results to add support for Schnorr's blind signature
\end{itemize}
\item Comparison and Analysis
\begin{itemize}
\item Performance (speed, space, latency \& bandwidth)
\item Security
\item Performance (speed, space, latency \& bandwith)
\item Security
\item Scheme Comparison
\end{itemize}
\item Fixing a minor security issue in Taler's current protocols
@ -47,7 +47,7 @@ This section provides an outlook on what can be done in future work.
\item Evaluating \& implementing \gls{CSBS} on other curves
\end{itemize}
There are some remaining protocols to implement, which were out of scope for this thesis.
There are some remaining protocols to implement, which were out of scope for this thesis.
To run \gls{CSBS} in production, these protocols have to be implemented too.
Further, the merchant needs to support \gls{CSBS} too.
The merchant implementation can be done fast, as the merchant only verifies denomination signatures in most cases. \\
@ -58,7 +58,7 @@ A security audit should always be made when implementing big changes like these.
As mentioned in the scope section, the optional goal to find and implement a good solution for the withdraw loophole was dropped.
This was due to the scope shift and because the analysis of the problem showed that finding a good solution needs more research and is a whole project in itself (see \ref{sec:scope} for more information).\\
Furthermore, \gls{CSBS} could be implemented on other curves.
For example Curve448 \cite{cryptoeprint:2015:625} could be used, as it provides 224 bits of security, whereas \gls{25519} \cite{bern:curve25519} provides about 128 bits of security.
For example Curve448 \cite{cryptoeprint:2015:625} could be used, as it provides 224 bits of security, wheras \gls{25519} \cite{bern:curve25519} provides about 128 bits of security.
Curve secp256k1 could further improve \gls{CSBS} performance.
While providing support for Curve448 should not be problematic, a potential implementation for secp256k1 needs further analysis (see \cite{bernlange:safecurves} and \cite{bip:schnorr-bitc} for more information).
@ -67,4 +67,4 @@ This thesis includes understanding, analyzing, integrating and implementing a re
Furthermore, the implementation is done in Taler, an intuitive and modern solution for a social responsible payment system with high ethical standards.
Although there was a lot of work, we enjoyed working on such a modern and very interesting topic.
Especially the first successful signature verification and the signature scheme performance benchmarks motivated us to push the implementation and integration into Taler forward.\\
We are happy to provide an implementation of a modern scheme and making it available as free software.
We are happy to provide an implementation of a modern scheme and making it available as free software.

3
doc/doxygen/taler.doxy
View File

@ -153,8 +153,7 @@ EXCLUDE_PATTERNS = */test_* \
*/.git/* \
*/perf_* .* \
.* \
*/gnu-taler-error-codes/* \
*/src/templating/mustach*
*/gnu-taler-error-codes/*
EXCLUDE_SYMBOLS =
EXAMPLE_PATH =
EXAMPLE_PATTERNS = *

Some files were not shown because too many files have changed in this diff Show More