16.46. taler-exchange.conf(5)

16.46.1. Name

taler-exchange.conf - Taler exchange configuration file

16.46.2. Description

The configuration file is line-oriented. Blank lines and whitespace at the beginning and end of a line are ignored. Comments start with # or % in the first column (after any beginning-of-line whitespace) and go to the end of the line.

The file is split into sections. Every section begins with [SECTIONNAME] and contains a number of options of the form OPTION=VALUE. There may be whitespace around the = (equal sign). Section names and options are case-insensitive.

The values, however, are case-sensitive. In particular, boolean values are one of YES or NO. Values can include whitespace by surrounding the entire value with " (double quote). Note, however, that there are no escape characters in such strings; all characters between the double quotes (including other double quotes) are taken verbatim.

Values that represent a time duration are represented as a series of one or more NUMBER UNIT pairs, e.g. 60 s, 4 weeks 1 day, 5 years 2 minutes.

Values that represent an amount are in the usual amount syntax: CURRENCY:VALUE.FRACTION, e.g. EUR:1.50. The FRACTION portion may extend up to 8 places.

Values that represent filenames can begin with a /bin/sh-like variable reference. This can be simple, such as $TMPDIR/foo, or complex, such as ${TMPDIR:-${TMP:-/tmp}}/foo. The variables are expanded either using key-values from the [PATHS] section (see below) or from the environment (getenv()). The values from [PATHS] take precedence over those from the environment. If the variable name is found in neither [PATHS] nor the environment, a warning is printed and the value is left unchanged. Variables (including those from the environment) are expanded recursively, so if FOO=$BAR and BAR=buzz then the result is FOO=buzz. Recursion is bounded to at most 128 levels to avoid undefined behavior for mutually recursive expansions like if BAR=$FOO in the example above.

The [PATHS] section is special in that it contains paths that can be referenced using $ in other configuration values that specify filenames. Note that configuration options that are not specifically retrieved by the application as filenames will not see “$”-expressions expanded. To expand $-expressions when using taler-config, you must pass the -f command-line option.

The system automatically pre-populates the [PATHS] section with a few values at run-time (in addition to the values that are in the actual configuration file and automatically overwriting those values if they are present). These automatically generated values refer to installation properties from GNU autoconf. The values are usually dependent on an INSTALL_PREFIX which is determined by the --prefix option given to configure. The canonical values are:

  • LIBEXECDIR = $INSTALL_PREFIX/taler/libexec/

  • DOCDIR = $INSTALL_PREFIX/share/doc/taler/

  • ICONDIR = $INSTALL_PREFIX/share/icons/

  • LOCALEDIR = $INSTALL_PREFIX/share/locale/

  • PREFIX = $INSTALL_PREFIX/

  • BINDIR = $INSTALL_PREFIX/bin/

  • LIBDIR = $INSTALL_PREFIX/lib/taler/

  • DATADIR = $INSTALL_PREFIX/share/taler/

Note that on some platforms, the given paths may differ depending on how the system was compiled or installed, the above are just the canonical locations of the various resources. These automatically generated values are never written to disk.

Files containing default values for many of the options described below are installed under $TALER_EXCHANGE_PREFIX/share/taler-exchange/config.d/. The configuration file given with -c to Taler binaries overrides these defaults.

A configuration file may include another, by using the @INLINE@ directive, for example, in main.conf, you could write @INLINE@ sub.conf to include the entirety of sub.conf at that point in main.conf.

Be extra careful when using taler-exchange-config -V VALUE to change configuration values: it will destroy all uses of @INLINE@ and furthermore remove all comments from the configuration file!

16.46.2.1. GLOBAL OPTIONS

The “[PATHS]” section is special in that it contains paths that can be referenced using “$” in other configuration values that specify filenames. For Taler exchange, it commonly contains the following paths:

TALER_HOME

Home directory of the user, usually “${HOME}”. Can be overwritten by testcases by setting ${TALER_TEST_HOME}.

TALER_DATA_HOME

Where should Taler store its long-term data. Usually “${TALER_HOME}/.local/share/taler-exchange/”.

TALER_CONFIG_HOME

Where is the Taler configuration kept. Usually “${TALER_HOME}/.config/taler-exchange/”.

TALER_CACHE_HOME

Where should Taler store cached data. Usually “${TALER_HOME}/.cache/taler-exchange/”.

TALER_RUNTIME_DIR

Where should Taler store system runtime data (like UNIX domain sockets). Usually “${TMP}/taler-exchange-runtime”.

16.46.2.2. CURRENCY SPECIFICATIONS

Sections with a name of the form “[currency-$NAME]” (where “$NAME” could be any unique string) are used to specify details about how currencies should be handled (and in particularly rendered) by the user interface. A detailed motivation for this section can be found in DD51. Different components can have different rules for the same currency. For example, a bank or merchant may decide to render Euros or Dollars with always exactly two fractional decimals, while an Exchange for the same currency may support additional decimals. The required options in each currency specification section are:

ENABLED

Set to YES or NO. If set to NO, the currency specification section is ignored. Can be used to disable currencies or select alternative sections for the same CODE with different choices.

CODE

Code name for the currency. Can be at most 11 characters, only the letters A-Z are allowed. Primary way to identify the currency in the protocol.

NAME

Long human-readable name for the currency. No restrictions, but should match the official name in English.

FRACTIONAL_INPUT_DIGITS

Number of fractional digits that users are allowed to enter manually in the user interface.

FRACTIONAL_NORMAL_DIGITS

Number of fractional digits that will be rendered normally (in terms of size and placement). Digits shown beyond this number will typically be rendered smaller and raised (if possible).

FRACTIONAL_TRAILING_ZERO_DIGITS

Number of fractional digits to pad rendered amounts with even if these digits are all zero. For example, use 2 to render 1 USD as $1.00.

ALT_UNIT_NAMES

JSON map determining how to encode very large or very tiny amounts in this currency. Maps a base10 logarithm to the respective currency symbol. Must include at least an entry for 0 (currency unit). For example, use {“0”:”€”} for Euros or “{“0”:”$”} for Dollars. You could additionally use {“0”:”€”,”3”:”k€”} to render 3000 EUR as 3k€. For BTC a typical map would be {“0”:”BTC”,”-3”:”mBTC”}, informing the UI to render small amounts in milli-Bitcoin (mBTC).

16.46.2.3. EXCHANGE OPTIONS

The following options are from the “[exchange]” section and used by most exchange tools.

CURRENCY

Name of the currency, e.g. “EUR” for Euro.

CURRENCY_ROUND_UNIT

Smallest amount in this currency that can be transferred using the underlying RTGS. For example: “EUR:0.01” or “JPY:1”.

DB

Plugin to use for the database, e.g. “postgres”.

SERVE

Should the HTTP server listen on a UNIX domain socket (set option to “unix”) or on a TCP socket (set option to “tcp”)?

UNIXPATH

Path to listen on if we “SERVE” is set to “unix”.

UNIXPATH_MODE

Access permission mask to use for the “UNIXPATH”.

PORT

Port on which the HTTP server listens, e.g. 8080.

BIND_TO

Hostname to which the exchange HTTP server should be bound to, e.g. “localhost”.

MASTER_PUBLIC_KEY

Crockford Base32-encoded master public key, public version of the exchange’s long-time offline signing key. This configuration option is also used by the auditor to determine the public key of the exchange which it is auditing.

TINY_AMOUNT

Small amount that can be transferred to the exchange for the KYC authentication wire transfers. Should be given as a hint for merchants what amount they need to transfer to begin the KYC transfer. Note that the amount is not enforced by the exchange and that this option is optional. However, if it is not given, merchants will have to guess what amount to transfer, so it really should be configured.

SHOPPING_URL

Web URL where users can discover shops that accept digital cash offered by this exchange. Optional, but highly recommended.

STEFAN_ABS

Absolute amount to add as an offset in the STEFAN fee approximation curve (see DD47). Defaults to CURRENCY:0 if not specified.

STEFAN_LOG

Amount to multiply by the base-2 logarithm of the total amount divided by the amount of the smallest denomination in the STEFAN fee approximation curve (see DD47). Defaults to CURRENCY:0 if not specified.

STEFAN_LIN

Linear floating point factor to be multiplied by the total amount to use in the STEFAN fee approximation curve (see DD47). Defaults to 0.0 if not specified.

BASE_URL

The base URL under which the exchange can be reached. Added to wire transfers to enable tracking by merchants. Used by the KYC logic when interacting with OAuth 2.0.

TOPLEVEL_REDIRECT_URL

Where to redirect visitors that access the top-level “/” endpoint of the exchange. Should point users to information about the exchange operator. Optional setting, defaults to “/terms”.

AGGREGATOR_IDLE_SLEEP_INTERVAL

For how long should the taler-exchange-aggregator sleep when it is idle before trying to look for more work? Default is 60 seconds.

CLOSER_IDLE_SLEEP_INTERVAL

For how long should the taler-exchange-closer sleep when it is idle before trying to look for more work? Default is 60 seconds.

TRANSFER_IDLE_SLEEP_INTERVAL

For how long should the taler-exchange-transfer sleep when it is idle before trying to look for more work? Default is 60 seconds.

WIREWATCH_IDLE_SLEEP_INTERVAL

For how long should the taler-exchange-wirewatch sleep when it is idle before trying to look for more work? Default is 60 seconds.

AGGREGATOR_SHARD_SIZE

Which share of the range from [0,..2147483648] should be processed by one of the shards of the aggregator. Useful only for Taler exchanges with ultra high-performance needs. When changing this value, you must stop all aggregators and run “taler-exchange-dbinit -s” before resuming. Default is 2147483648 (no sharding).

SIGNKEY_LEGAL_DURATION

For how long are signatures with signing keys legally valid?

MAX_KEYS_CACHING

For how long should clients cache /keys responses at most?

MAX_REQUESTS

How many requests should the HTTP server process at most before committing suicide?

TERMS_DIR

Directory where the terms of service of the exchange operator can be fund. The directory must contain sub-directories for every supported language, using the two-character language code in lower case, e.g. “en/” or “fr/”. Each subdirectory must then contain files with the terms of service in various formats. The basename of the file of the current policy must be specified under TERMS_ETAG. The extension defines the mime type. Supported extensions include “html”, “htm”, “txt”, “pdf”, “jpg”, “jpeg”, “png” and “gif”. For example, using a TERMS_ETAG of “0”, the structure could be the following:

  • $TERMS_DIR/en/0.pdf

  • $TERMS_DIR/en/0.html

  • $TERMS_DIR/en/0.txt

  • $TERMS_DIR/fr/0.pdf

  • $TERMS_DIR/fr/0.html

  • $TERMS_DIR/de/0.txt

TERMS_ETAG

Basename of the file(s) in the TERMS_DIR with the current terms of service. The value is also used for the “Etag” in the HTTP request to control caching. Whenever the terms of service change, the TERMS_ETAG MUST also change, and old values MUST NOT be repeated. For example, the date or version number of the terms of service SHOULD be used for the Etag. If there are minor (e.g. spelling) fixes to the terms of service, the TERMS_ETAG probably SHOULD NOT be changed. However, whenever users must approve the new terms, the TERMS_ETAG MUST change.

PRIVACY_DIR

Works the same as TERMS_DIR, just for the privacy policy.

PRIVACY_ETAG

Works the same as TERMS_ETAG, just for the privacy policy.

ENABLE_KYC

Must be set to YES to enable AML/KYC rule enforcement. Note that the administrative endpoints will always work, even if the flag is set to NO.

16.46.2.4. EXCHANGE KYC PROVIDER OPTIONS

The following options must be in the section “[kyc-provider-$PROVIDER_NAME]” sections.

LOGIC

API type of the KYC provider.

Additional logic-specific options may be given in the section.

16.46.2.4.1. EXCHANGE KYC OAUTH2 OPTIONS

The following options must be in the section “[kyc-provider-XXX]” sections with “LOGIC = oauth2”.

KYC_OAUTH2_VALIDITY

Duration (e.g. “12 months”) of the validity of the performed KYC check. Can be “forever”.

KYC_OAUTH2_AUTHORIZE_URL

URL of the OAuth2 endpoint to be used for KYC checks. The authorize URL is where the exchange will redirect the client to begin the authorization process. Example: “http://localhost:8888/oauth/v2/authorize”. To use the plugin in combination with the Challenger service’s /setup step, append “#setup”, thus “https://challenger.example.com/authorize#setup”. Here, “#setup” is not a fragment but merely a hint to the logic to determine the full authorization URL via the /setup/$CLIENT_ID handler.

KYC_OAUTH2_TOKEN_URL

URL of the OAuth2 endpoint to be used for KYC checks. This is where the server will ultimately send the authorization token from the client and obtain its access token (which currently must be a “bearer” token). Example: “http://localhost:8888/oauth/v2/token” (or just “/token”)

KYC_OAUTH2_INFO_URL

URL of the OAuth2-protected resource endpoint, where the OAuth 2.0 token can be used to download information about the user that has undergone the KYC process. The exchange will use the access token obtained from the KYC_AUTH2_AUTH_URL to show that it is authorized to obtain the details. Example: “http://localhost:8888/api/user/me” or “http://localhost:8888/oauth/v2/info

KYC_OAUTH2_CLIENT_ID

Client ID of the exchange when it talks to the KYC OAuth2 endpoint.

KYC_OAUTH2_CLIENT_SECRET

Client secret of the exchange to use when talking to the KYC Oauth2 endpoint.

KYC_OAUTH2_POST_URL

URL to which the exchange will redirect the client’s browser after successful authorization/login for the KYC process. Example: “http://example.com/thank-you

KYC_OAUTH2_CONVERTER_HELPER

Helper to convert JSON with KYC data returned by the OAuth2.0 info endpoint into GNU Taler internal format. Specific to the OAuth 2.0 provider.

KYC_OAUTH2_DEBUG_MODE

Set to YES to allow error responses to include potentially sensitive private information (such as full responses from the OAuth 2.0 server) that might aid in debugging problems. Should be set to “NO” in production.

16.46.2.4.2. EXCHANGE KYC KYCAID OPTIONS

The following options must be in the section “[kyc-provider-XXX]” sections with “LOGIC = kycaid”.

KYC_KYCAID_VALIDITY

Duration (e.g. “12 months”) of the validity of the performed KYC check. Can be “forever”.

KYC_KYCAID_AUTH_TOKEN

Authentication token to access the KYC service.

KYC_KYCAID_CONVERTER_HELPER

Helper to convert JSON with KYC data returned by KYCAID into GNU Taler internal format. Should probably always be set to “taler-exchange-kyc-kycaid-converter.sh”.

KYC_KYCAID_FORM_ID

ID that specifies the form to use for the KYC process.

KYC_KYCAID_POST_URL

URL to which the exchange will redirect the client’s browser after successful authorization/login for the KYC process.

16.46.2.4.3. EXCHANGE KYC PERSONA OPTIONS

The following options must be in the section “[kyc-provider-XXX]” sections with “LOGIC = persona”.

KYC_PERSONA_VALIDITY

Duration (e.g. “12 months”) of the validity of the performed KYC check. Can be “forever”.

KYC_PERSONA_AUTH_TOKEN

Authentication token to access the KYC service.

KYC_PERSONA_SALT

Salt value to use for request idempotency. Optional, generated at random per process if not given.

KYC_PERSONA_SUBDOMAIN

Subdomain to use under Persona.

KYC_PERSONA_CONVERTER_HELPER

Helper to convert JSON with KYC data returned by Persona into GNU Taler internal format. Should probably always be set to “taler-exchange-kyc-persona-converter.sh”.

KYC_PERSONA_POST_URL

URL to which the exchange will redirect the client’s browser after successful authorization/login for the KYC process.

KYC_PERSONA_TEMPLATE_ID

ID of the Persona template to use.

16.46.2.4.4. EXCHANGE KYC PERSONA GLOBAL OPTIONS

The following option must be in the section “[kyclogic-persona]”.

WEBHOOK_AUTH_TOKEN

Authentication token Persona must supply to our webhook. This is an optional setting.

16.46.2.5. EXCHANGE KYC CHECK OPTIONS

The following options must be in “[kyc-check-$CHECK_NAME]” sections.

TYPE

Which type of check is this? Also determines the SPA form to show to the user for this check.

  • INFO: wait for staff or contact staff out-of band (only information shown, no SPA action)

  • FORM: SPA should show an inline (HTML) form

  • LINK: SPA may start external KYC process or upload

PROVIDER_ID

Provider id, present only if type is LINK. Refers to a kyc-provider-$PROVIDER_ID section.

FORM_NAME

Name of the SPA form, if type is FORM “INFO” and “LINK” are reserved and must not be used. The exchange server and the SPA must agree on a list of supported forms and the resulting attributes. The SPA should include a JSON resource file “forms.json” mapping form names to arrays of attribute names each form provides. The list of possible FORM names is fixed in the SPA for a particular exchange release.

DESCRIPTION

Descriptions to use in the SPA to display the check.

DESCRIPTION_I18N

JSON with internationalized descriptions to use in the SPA to display the check.

REQUIRES

‘;’-separated list of fields that the CONTEXT must provide as inputs to this check. For example, for a FORM of type CHOICE, this might state choices: string[];. The type after the “:” is for now purely for documentation and is not checked. However, it may be shown to AML staff when they configure measures.

OUTPUTS = “business_name street city country registration”

Description of the outputs provided by the check. Basically, the check’s output is expected to provide the following fields as attribute inputs into a subsequent AML program. INFO never has any outputs.

FALLBACK

Name of an original measure to take if the check fails (for any reason, e.g. provider or form fail to satisfy constraints or provider signals user error) Usually should point to a measure that requests AML staff to investigate. The fallback measure context always includes the reasons for the failure.

16.46.2.6. EXCHANGE KYC RULES

The following options must be in “[kyc-rule-$RULE_NAME]” sections.

OPERATION_TYPE = WITHDRAW

Operation that triggers this rule. Must be one of WITHDRAW, DEPOSIT, MERGE, BALANCE, CLOSE, AGGREGATE, TRANSACTION or REFUND.

NEXT_MEASURES

Space-separated list of next measures to be performed. The SPA should display all of these measures to the user. (They have a choice of either which ones, or in which order they are to be performed.) A special measure name “verboten” is used if the specified threshold may never be crossed (under this set of rules). This option is equivalent to the “new_measure” string in an AmlDecisionRequest (with IS_AND_COMBINATOR replacing the “+”-prefix).

IS_AND_COMBINATOR

“YES” if all NEXT_MEASURES will eventually need to be satisfied, “NO” the user has a choice between them. Not actually enforced by the exchange, but primarily used to inform the user whether this is an “and” or “or”. YES for “and”.

EXPOSED

YES if the rule (specifically, operation type, threshold, timeframe) and the general nature of the next measure (verboten or approval required) should be exposed to the client. Defaults to NO if not set.

THRESHOLD

Threshold amount above which the rule is triggered. The total must be exceeded in the given timeframe.

TIMEFRAME

Timeframe over which the amount to be compared to the THRESHOLD is calculated (for example, “30 days”). Ignored for BALANCE. Can be ‘forever’.

ENABLED = NO

Set to YES to enable the rule (default is NO).

16.46.2.7. EXCHANGE AML PROGRAMS

The following options must be in “[aml-program-$PROG_NAME]” sections.

COMMAND

Name of the program to run. Must match a binary on the local machine where the exchange is running.

DESCRIPTION

Human-readable description of what this AML helper program will do. Used to show to the AML staff.

ENABLED

True if this AML program is enabled (and thus can be used in measures and exposed to AML staff). Optional, default is NO.

FALLBACK

Name of an original measure to take if COMMAND fails Usually points to a measure that asks AML staff to contact the systems administrator. The fallback measure context always includes the reasons for the failure.

16.46.2.8. EXCHANGE KYC MEASURES

The following options must be in “[kyc-measure-$MEASURE_NAME]” sections. These sections define the original measures.

CHECK_NAME

Name of a possible check for this measure. Optional. If not given, PROGRAM should be run immediately (on an empty set of attributes).

CONTEXT = {“choices”:[“individual”,”business”]}

Context for the check. The context can be just an empty JSON object if there is none.

PROGRAM

Program to run on the context and check data to determine the outcome and next measure. Refers to a [aml-program-$PROG_NAME] section name.

VOLUNTARY

Optional. Set to YES to allow this measure to be done voluntarily by a client. Used to offer the SPA to display measures even if they are not required. Default is NO.

16.46.2.9. EXCHANGE EXTENSIONS OPTIONS

The functionality of the exchange can be extended by extensions. Those are shared libraries which implement the extension-API of the exchange and are located under $LIBDIR, starting with prefix libtaler_extension_. Each extension can be enabled by adding a dedicated section “[exchange-extension-<extensionname>]” and the following option:

ENABLED

If set to YES the extension <extensionsname> is enabled. Extension-specific options might be set in the same section.

16.46.2.9.1. EXCHANGE EXTENSION FOR AGE RESTRICTION

The extension for age restriction support can be enabled by adding a section “[exchange-extension-age_restriction]” with the following options:

ENABLE

Must be set to YES in order to activate the extension.

AGE_GROUPS

A colon-seperated string of increasing non-negative integers, defining the buckets of age groups supported by the exchange. Each integer marks the beginning of the next age group. The zero’th age group implicitly starts with 0. For example, the string “10:18” would define three age groups:

  1. Group 0: ages 0 through 9 (including)

  2. Group 1: ages 10 through 17 (including)

  3. Group 2: ages 18 and above

If not provided, the default value is “8:10:12:14:16:18:21”.

Note: Age restriction is bound to specific denominations and must be enabled for each selected denomination in the corresponding section by adding the option AGE_RESTRICTED = YES, see EXCHANGE COIN OPTIONS. However, the age groups are defined globally for all denominations.

16.46.2.10. EXCHANGE OFFLINE SIGNING OPTIONS

The following options must be in the section “[exchange-offline]”.

MASTER_PRIV_FILE

Location of the master private key on disk. Only used by tools that can be run offline (as the master key is for offline signing). Mandatory.

SECM_TOFU_FILE

Where to store the public keys of both crypto helper modules. Used to persist the keys after the first invocation of the tool, so that if they ever change in the future, this is detected and the tool can abort. Mandatory.

SECM_DENOM_PUBKEY

Public key of the (RSA) crypto helper module. Optional. If not given, we will rely on TOFU. Note that once TOFU has been established, this option will also be ignored.

SECM_ESIGN_PUBKEY

Public key of the (EdDSA) crypto helper module. Optional. If not given, we will rely on TOFU. Note that once TOFU has been established, this option will also be ignored.

16.46.2.11. EXCHANGE RSA CRYPTO HELPER OPTIONS

The following options must be in the section “[taler-exchange-secmod-rsa]”.

LOOKAHEAD_SIGN

How long do we generate denomination and signing keys ahead of time?

OVERLAP_DURATION

How much should validity periods for coins overlap? Should be long enough to avoid problems with wallets picking one key and then due to network latency another key being valid. The DURATION_WITHDRAW period must be longer than this value.

SM_PRIV_KEY

Where should the security module store its long-term private key?

KEY_DIR

Where should the security module store the private keys it manages?

UNIXPATH

On which path should the security module listen for signing requests?

Note that the taler-exchange-secmod-rsa also evaluates the [coin_*] configuration sections described below.

16.46.2.12. EXCHANGE CS CRYPTO HELPER OPTIONS

The following options must be in the section “[taler-exchange-secmod-cs]”.

LOOKAHEAD_SIGN

How long do we generate denomination and signing keys ahead of time?

OVERLAP_DURATION

How much should validity periods for coins overlap? Should be long enough to avoid problems with wallets picking one key and then due to network latency another key being valid. The DURATION_WITHDRAW period must be longer than this value.

SM_PRIV_KEY

Where should the security module store its long-term private key?

KEY_DIR

Where should the security module store the private keys it manages?

UNIXPATH

On which path should the security module listen for signing requests?

Note that the taler-exchange-secmod-cs also evaluates the [coin_*] configuration sections described below.

16.46.2.13. EXCHANGE EDDSA CRYPTO HELPER OPTIONS

The following options must be in the section “[taler-exchange-secmod-eddsa]”.

LOOKAHEAD_SIGN

How long do we generate denomination and signing keys ahead of time?

OVERLAP_DURATION

How much should validity periods for coins overlap? Should be long enough to avoid problems with wallets picking one key and then due to network latency another key being valid. The DURATION_WITHDRAW period must be longer than this value.

DURATION

For how long should EdDSA keys be valid for signing?

SM_PRIV_KEY

Where should the security module store its long-term private key?

KEY_DIR

Where should the security module store the private keys it manages?

UNIXPATH

On which path should the security module listen for signing requests?

16.46.2.14. EXCHANGE DATABASE OPTIONS

The following options must be in the section “[exchangedb]”.

IDLE_RESERVE_EXPIRATION_TIME

After which time period should reserves be closed if they are idle?

LEGAL_RESERVE_EXPIRATION_TIME

After what time do we forget about (drained) reserves during garbage collection?

AGGREGATOR_SHIFT

Delay between a deposit being eligible for aggregation and the aggregator actually triggering.

DEFAULT_PURSE_LIMIT

Number of concurrent purses that a reserve may have active if it is paid to be opened for a year.

MAX_AML_PROGRAM_RUNTIME

Maximum time an AML program is allowed to run. (Optional for taler-auditor.)

16.46.2.15. EXCHANGE POSTGRES BACKEND DATABASE OPTIONS

The following options must be in section “[exchangedb-postgres]” if the “postgres” plugin was selected for the database.

CONFIG

How to access the database, e.g. “postgres:///taler-exchange” to use the “taler-exchange” database. Testcases use “talercheck”.

16.46.2.16. EXCHANGE ACCOUNT OPTIONS

An exchange (or merchant) can have multiple bank accounts. The following options are for sections named “[exchange-account-SOMETHING]”. The SOMETHING is arbitrary and should be chosen to uniquely identify the bank account for the operator. These options are used by the taler-exchange-aggregator, taler-exchange-closer, taler-exchange-transfer and taler-exchange-wirewatch tools.

PAYTO_URI

Specifies the payto://-URL of the account. The general format is payto://$METHOD/$DETAILS. Examples: payto://x-taler-bank/localhost:8899/Exchange or payto://iban/GENODEF1SLR/DE67830654080004822650/ or payto://iban/DE67830654080004822650/ (providing the BIC is optional). Note: only the wire-method is actually used from the URI. Alternatively, you can also just specify the wire method.

WIRE_METHOD

Specifies the wire method following RFC 8905. Examples: x-taler-bank, iban or wallee. This option is ignored if a PAYTO_URI is specified, and mandatory if PAYTO_URI is not given.

ENABLE_DEBIT

Must be set to YES for the accounts that the taler-exchange-aggregator and taler-exchange-closer should debit.

ENABLE_CREDIT

Must be set to YES for the accounts that the taler-exchange-wirewatch should check for credits. It is yet uncertain if the merchant implementation may check this flag as well.

Additionally, for each enabled account there MUST be another matching section named “[exchange-accountcredentials-SOMETHING]”. This section SHOULD be in a secret/ configuration file that is only readable for the taler-exchange-wirewatch and taler-exchange-transfer processes. It contains the credentials to access the bank account:

WIRE_GATEWAY_URL

URL of the wire gateway. Typically of the form https://$HOSTNAME[:$PORT]/taler-wire-gateway/$USERNAME/ where $HOSTNAME is the hostname of the system running the bank (such as the Taler Python bank or the Nexus) and $USERNAME is the username of the exchange’s bank account (usually matching the USERNAME option used for authentication). Example: https://bank.demo.taler.net/taler-wire-gateway/Exchange/.

WIRE_GATEWAY_AUTH_METHOD

This option determines how the exchange (auditor/wirewatch/aggregator) authenticates with the wire gateway. Choices are basic, bearer and none.

USERNAME

User name for basic authentication with the wire gateway.

PASSWORD

Password for basic authentication with the wire gateway.

TOKEN

Token for bearer authentication with the wire gateway.

16.46.2.17. EXCHANGE COIN OPTIONS

The following options must be in sections starting with "[coin_]" and are largely used by taler-exchange-httpd to determine the meta data for the denomination keys. Some of the options are used by the taler-exchange-secmod-rsa to determine which RSA keys to create (and of what key length). Note that the section names must match, so this part of the configuration MUST be shared between the RSA helper and the exchange. Configuration values MUST NOT be changed in a running setup. Instead, if parameters for a denomination type are to change, a fresh section name should be introduced (and the existing section should be deleted).

VALUE

Value of the coin, e.g. “EUR:1.50” for 1 Euro and 50 Cents (per coin).

DURATION_WITHDRAW

How long should the same key be used for clients to withdraw coins of this value?

DURATION_SPEND

How long do clients have to spend these coins?

DURATION_LEGAL

How long does the exchange have to keep records for this denomination?

FEE_WITHDRAW

What fee is charged for withdrawal?

FEE_DEPOSIT

What fee is charged for depositing?

FEE_REFRESH

What fee is charged for refreshing?

FEE_REFUND

What fee is charged for refunds? When a coin is refunded, the deposit fee is returned. Instead, the refund fee is charged to the customer.

CIPHER

What cryptosystem should be used? Must be set to either “CS” or “RSA”. The respective crypto-helper will then generate the keys for this denomination.

RSA_KEYSIZE

What is the RSA keysize modulos (in bits)? Only used if “CIPHER=RSA”.

AGE_RESTRICTED

Setting this option to YES marks the denomination as age restricted (default is NO). For this option to be accepted the extension for age restriction MUST be enabled.

16.46.3. SEE ALSO

taler-exchange-dbinit(1), taler-exchange-httpd(1), taler-exchange-offline(1)

16.46.4. BUGS

Report bugs by using https://bugs.taler.net/ or by sending electronic mail to <taler@gnu.org>.