[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #18098 [Tor]: Implement tor-genkey tool for at least offline HS key creation
#18098: Implement tor-genkey tool for at least offline HS key creation
-----------------------------+--------------------------------
Reporter: dgoulet | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.2.9.x-final
Component: Tor | Version:
Severity: Normal | Keywords: prop-244, tor-hs
Actual Points: | Parent ID: #17239
Points: medium | Sponsor: SponsorR
-----------------------------+--------------------------------
With proposal 224, an operator can choose to keep her master key offline.
Currently, tor as a `--keygen` option used for relay keys. Glueing HS key
support _will_ be complicated (since it's already not that easy
implementation wise).
I propose we create a separate tool called `tor-genkey` (follows the tor-
gencert naming) located in `src/tools` to create keys for different use
case. We could ship this tool with our tor package or even as a separate
package so people don't need to install the whole tor for just generating
keys.
Furthermore, with prop224, an operator choosing to generate her key
offline, we will need to create a bunch of blinded keys in advance with
the offline master key which would make it much more easier than to glue
yet another thing on top of tor cmdline.
Also, revocation of those keys could be a reality at some point in time
which that tool could do really well without having a tons of new code in
tor.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18098>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs