Hi,
given the files within the datadir/keys folder (without the datadir/fingerprint file), is there an easy way to generate the relay fingerprint? (using openssl?)
According to the spec [1] the fingerprint is the SHA1 hash of the public key. (I assume RSA pubkey) According to the tor man page [2] the RSA public key should be in keys/secret_id_key.
openssl rsa -in secret_id_key -pubout| ..? |sha1sum
thanks, nusenu
[1]
"fingerprint" fingerprint NL [At most once] A fingerprint (a HASH_LEN-byte of asn1 encoded public key, encoded in hex, with a single space after every 4 characters) for this router's identity key. A descriptor is considered invalid (and MUST be rejected) if the fingerprint line does not match the public key.
[2]
DataDirectory/keys/secret_id_key A relay’s RSA1024 permanent identity key, including private and public components. Used to sign router descriptors, and to sign other keys.
On Fri, Feb 03, 2017 at 04:12:00PM +0000, nusenu wrote:
Hi,
given the files within the datadir/keys folder (without the datadir/fingerprint file), is there an easy way to generate the relay fingerprint? (using openssl?)
I'm sure that it will be a mess to do it via openssl utility. Some time ago I wrote a tool for showing onion addresses for private key files. Now I pushed a feature to it to display relay fingerprint (because onion address is a truncated fingerprint base32 encoded...).
$ go get https://github.com/nogoegst/whatonion
$ whatonion -fp /path/to/secret_onion_key
Hope it helps, enjoy! -- Ivan Markin
-$ go get https://github.com/nogoegst/whatonion +$ go get github.com/nogoegst/whatonion
Whoops, sorry.
On Fri, Feb 03, 2017 at 04:12:00PM +0000, nusenu wrote:
Hi,
given the files within the datadir/keys folder (without the datadir/fingerprint file), is there an easy way to generate the relay fingerprint? (using openssl?)
According to the spec [1] the fingerprint is the SHA1 hash of the public key. (I assume RSA pubkey) According to the tor man page [2] the RSA public key should be in keys/secret_id_key.
openssl rsa -in secret_id_key -pubout| ..? |sha1sum
Not as messy as I thought though: $ openssl rsa -in secret_id_key -outform DER -RSAPublicKey_out | sha1
On GNU/Linux sha1 is probably sha1sum.
Happy hacking -- Ivan Markin