
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The "Enter passphrase" request when manually calling --keygen is optional, not mandatory. If you just leave it blank and proceed it will just create an unencrypted master identity key. On 11/14/2015 10:18 AM, nusenu wrote:
Hi,
is there a way to use tor --keygen non-interactively?
background: I might want to integrate offline master key functionality into ansible-relayor [1]. The basic idea is to generate the master keys on the ansible client and push only the required signing keys to the relays (master keys never touch the relay). Since every step should be automated, master keys will not be passphrase protected. I consider unprotected (no passphrase) offline master keys still a lot better than online master keys, but currently I don't know how to generate master keys without passphrase in an non-interactive way (--keygen asks for the passphrase when generating a new key).
If that is not possible (out of the box) yet, would you consider a feature request, lets call it '--nopass' that can be used with --keygen to generate new keys without passphrase? (a more general approach would probably be to have --passphrase <passprase> but doing so would potentially write your passphrase to your shell history file).
thanks!
[1] https://github.com/nusenu/ansible-relayor -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBCAAGBQJWSKINAAoJEIN/pSyBJlsR4FQH/1OpXMm2tQZ4R8jk3qiskCdB PJvnPd2PpC5drh7jCRa8Z90TuJClx8j4XJ5YnoAswM01il7DSLDOzXMVeSbygKcb aE+clhLe1JkO3lODxVGe+4arkhK1JR00/0Dlh6zKG9EtdB1bWeQ8J9E0z9qOt+R4 AR5ov5ezq2NlICpHDUEZwvKDWdhavKtJxeR6xZ9Yn6EQU4/iZeb/MBgSmdCsLflY HEC7eK3doseXlZPtjYSL2bRPbSvbUJMLSAcN75M09vhgWfdKXDl+MDyinN/hF9gp /ILJ4p0NZtY8VPnrve14CGalQ4XC+oeJv8OY8Kpwy6vWCwf6N5Q6FhjawhxMikU= =UvRo -----END PGP SIGNATURE-----