commit f8af5d78bb9eea2cc6ee90a1f3106b1056664fb5 Author: Georg Koppen <gk@torproject.org> Date: Tue Jan 19 12:06:04 2016 +0000 Bug 18099: Fix MAR key generation instructions --- processes/KeyGeneration | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/processes/KeyGeneration b/processes/KeyGeneration index 2192f8b..4c65523 100644 --- a/processes/KeyGeneration +++ b/processes/KeyGeneration @@ -4,7 +4,7 @@ Tor Browser Signing Key Preparations: ------------- -1) Go offline (ideally use TAILS) +1) Go offline (ideally use Tails) 2) Mount your encrypted offline storage device 3) If not already done prepare the gpg.conf used for that device (See: https://help.riseup.net/en/security/message-security/openpgp/best-practices @@ -44,7 +44,7 @@ MAR Signing Key Preparations ------------ -1) Go offline (ideally use TAILS) +1) Go offline (ideally use Tails) 2) Mount your encrypted offline storage device 3) `cd /path/to/offline/storage` 4) make sure you have libnss3-tools installed (for certutil) @@ -54,12 +54,12 @@ Key Creation Incantations and Instructions ------------------------------------------ 1) `mkdir nssdb` -2) `certutils -d nssdb -N` +2) `certutil -d nssdb -N` 3) Choose a strong passphrase to protect the keys -4) `certutil -d .nss -S -x -g 4096 -Z SHA512 -n marsigner -s "CN=Tor Browser MAR signing key" -t,,` +4) `certutil -d nssdb -S -x -g 4096 -Z SHA512 -n marsigner -s "CN=Tor Browser MAR signing key" -t,,` 5) If there should be additional keys in the database repeat step 4. Note, you need a different CN and ideally a different nickname ("marsigner" in the example above). -6) `certutil -d .nss -L -r -n marsigner -o marsigner.der` +6) `certutil -d nssdb -L -r -n marsigner -o marsigner.der` 7) If you want to export more than one certificate repeat step 6 adjusting the certificate nickname and the name of the output file