[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Questions about OfflineMasterKey



Hi,

On 18/05/2017 10:45, nusenu wrote:>> Currently, my server hosting
kitten1 and kitten2 (tor guard and fallback
>> directory) is under seizure since 14/05 11h.
 butplease revoke
>> immediatly kitten1 & kitten2 tor node.
>> Those nodes are also fallback directory.
>
> I don't know any context or background but if you fear this could happen
end to use tor's OfflineMasterKey feature (without
> copying the master key to the server) with a short keylifetime (i.e. 7
> days), especially if it is a fallback dir
> (which requires a tor source code change to remove it).

This feature is interesting and I did not know about it.
However, I have been reading the documentation page[1] and I have the
impression that the more I read the less I understand how it works.

If I look inside the DataDir of one of my relays - a standard Debian
install - see this:
```
ed25519_master_id_public_key
ed25519_master_id_secret_key
ed25519_signing_cert
ed25519_signing_secret_key
secret_id_key
secret_onion_key
secret_onion_key_ntor
secret_onion_key_ntor.old
secret_onion_key.old
```

So, here some of the things I think I have understood:
* Tor uses a ed25519 key to generate the other keys need to decrypt
incoming traffic and route it to its next destination on the network. I
don't know how this works in practice, but probably it is too much
detail at the moment.
* In the standard install the master key is the
`ed25519_master_id_secret_key` above, which has no passphrase.
* If in `torrc` we declare `OfflineMasterKey 1` then the
`ed25519_master_id_secret_key` will not reside anymore on the relay but
on a separate machine.
* In the process of generating the master key (with the command `tor
--keygen`, all the files above will be generated.
* To run the node with `OfflineMasterKey 1` you need to copy all the
files generated in the previous step *with the exception of the master key*.

I had also a few questions:
* is the above correct?
* if I use the offline master key protected with a passphrase will I
need to input the passphrase every time I restart Tor (I have in mind
what Apache does when you restart it and have certificates protected
with a passphrase)?
* Assuming that I am going to use a separate machine to generate the
master key I need to make sure that the version of Tor on the machine
that I use to generate the key and the relay?

Thanks for your help.

Cristian

[1]:
https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineKeys


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays