[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #16679 [Tor]: Ed25519 --keygen won't work
#16679: Ed25519 --keygen won't work
------------------------+-----------------------------------
Reporter: s7r | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.7.2-alpha
Resolution: | Keywords: ed25519 identity keys
Actual Points: | Parent ID:
Points: |
------------------------+-----------------------------------
Comment (by s7r):
Even this error makes it look like the process fails to generate keys, it
actually generates a master ID key, signing key and key-cert in
$HOME/.tor/keys.
We should configure it that it would save the master id key to working
directory (where the command is run) and not in $HOME/.tor/keys, unless
otherwise specified via --datadirectory argument.
Secondly, why does it also generate automatically a signing key and key-
cert? With what validity period, since it never asks? I assume it is just
using the defaults of 30 days.
When --keygen command is run manually, Tor should just create an ed25519
master ID key. Signing key and key-cert should be generated with a second
command, which would require the master ID key and a SigningKeyLifetime
argument. When the master ID key is in /datadirectory/keys, it is not
password protected and Tor service is started, then Tor can automatically
create a signing key and key-cert with the validity period in torrc's
SigningKeyLifetime (30 days unless specified otherwise).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16679#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs