commit e78021c120e607c164fdd39a72f2356b623e3328 Author: David Fifield <david@bamsoftware.com> Date: Thu Mar 7 00:24:25 2013 -0800 Key and pass in facilitator-howto.txt. --- doc/facilitator-howto.txt | 33 ++++++++++++++++++--------------- 1 files changed, 18 insertions(+), 15 deletions(-) diff --git a/doc/facilitator-howto.txt b/doc/facilitator-howto.txt index 25c0a8c..0da4118 100644 --- a/doc/facilitator-howto.txt +++ b/doc/facilitator-howto.txt @@ -164,10 +164,24 @@ Copy the new tor-facilitator.pem to the facilitator server as # /etc/init.d/apache2 restart +=== Registration daemon setup + +The facilitator-reg-daemon program requires a private RSA key (used to +decrypt encrypted client registrations). + + # openssl genrsa -out /etc/flashproxy/reg-daemon.key 2048 + # chmod 600 /etc/flashproxy/reg-daemon.key + # openssl rsa -pubout < /etc/flashproxy/reg-daemon.key > reg-daemon.pub + +You will have to edit flashproxy-reg-email and copy the contents of +reg-email.pub into the appropriate place. + +Install reg-daemon.key /etc/flashproxy to match what the init script +expects. + === Email poller setup -The facilitator-email-poller program requires a private RSA key (used to -decrypt encrypted client registrations), and a password that is used to +The facilitator-email-poller program requires a password that is used to log in to the designated Gmail account. See the file gmail-setup.txt for instructions on setting up a Gmail account. After you've set up the account and have the password, save it to a file reg-email.pass and make @@ -175,16 +189,5 @@ it not readable or writable by anyone but its owner. # chmod 600 /etc/flashproxy/reg-email.pass -You need an RSA keypair because all client registrations over email are -encrypted. - - # openssl genrsa -out /etc/flashproxy/reg-email.key 2048 - # chmod 600 /etc/flashproxy/reg-email.key - # openssl rsa -pubout < /etc/flashproxy/reg-email.key > reg-email.pub - -You will have to edit flashproxy-reg-email and copy the contents of -reg-email.pub into the appropriate place. - -Install reg-email.key and reg-email.pass to /etc/flashproxy to match -what the init script expects, or else use the --key and --pass options -if you have them stored in another place. +Install reg-email.pass to /etc/flashproxy to match what the init script +expects.