-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi,
Things look good in ed25519_keygen - git-018082ef88b688e2.
I can confirm the last defect was fixed (now it saves to disk ed25519_master_id_public_key if it only has ed25519_signing_cert - valid and ed25519_signing_secret_key).
Log messages are fine, no longer saying 'bug' as far as I was able to try it.
I see that the operations will have the same result as what I've suggested, so it should be ok.
Can you please ensure that they are called on all signals? Currently, in the last commit, these operations are not called when we send a reload (HUP) signal (ed25519_master_id_public_key is not saved to disk if missing, etc.).
On 8/10/2015 6:04 PM, Nick Mathewson wrote:
Almost. Here's what I think is going on:
- Load the secret signing key signing certificate. If they are
absent, or expired, or if --keygen was called, we'll need to generate a new one. If it's going to expire soon, we _want_ to generate a new one.
- If we need or want to generate a new signing key, load the
master ID secret key. Otherwise, don't try. If we try to load it and it's absent or encrypted, log a message. If we need to generate a new signing key then exit on error; otherwise just warn.
2b) If we fail to load the master ID secret key, and there were no other keys in the keys directory, then generate a master ID secret key and save it.
- Load the master ID public key. If we loaded a secret key, and
it doesn't match, log and quit. If it doesn't match the master ID public key in a certificate we loaded, log and quit. If we have the public key from one of those other sources and the master ID public key file is missing, recreate it.
- At this point, if we need to generate a new signing key and
cert, and we don't have a secret master ID key, exit.
- If we have a have a secret master ID key, and we need or want
to generate a new signing key and cert, do so, and save them.