generate relay fingerprint without tor given the datadir/keys folder?
Hi, given the files within the datadir/keys folder (without the datadir/fingerprint file), is there an easy way to generate the relay fingerprint? (using openssl?) According to the spec [1] the fingerprint is the SHA1 hash of the public key. (I assume RSA pubkey) According to the tor man page [2] the RSA public key should be in keys/secret_id_key. openssl rsa -in secret_id_key -pubout| ..? |sha1sum thanks, nusenu [1]
"fingerprint" fingerprint NL
[At most once]
A fingerprint (a HASH_LEN-byte of asn1 encoded public key, encoded in hex, with a single space after every 4 characters) for this router's identity key. A descriptor is considered invalid (and MUST be rejected) if the fingerprint line does not match the public key.
[2]
DataDirectory/keys/secret_id_key A relay’s RSA1024 permanent identity key, including private and public components. Used to sign router descriptors, and to sign other keys.
On Fri, Feb 03, 2017 at 04:12:00PM +0000, nusenu wrote:
Hi,
given the files within the datadir/keys folder (without the datadir/fingerprint file), is there an easy way to generate the relay fingerprint? (using openssl?)
I'm sure that it will be a mess to do it via openssl utility. Some time ago I wrote a tool for showing onion addresses for private key files. Now I pushed a feature to it to display relay fingerprint (because onion address is a truncated fingerprint base32 encoded...). $ go get https://github.com/nogoegst/whatonion $ whatonion -fp /path/to/secret_onion_key Hope it helps, enjoy! -- Ivan Markin
-$ go get https://github.com/nogoegst/whatonion +$ go get github.com/nogoegst/whatonion Whoops, sorry.
On Fri, Feb 03, 2017 at 04:12:00PM +0000, nusenu wrote:
Hi,
given the files within the datadir/keys folder (without the datadir/fingerprint file), is there an easy way to generate the relay fingerprint? (using openssl?)
According to the spec [1] the fingerprint is the SHA1 hash of the public key. (I assume RSA pubkey) According to the tor man page [2] the RSA public key should be in keys/secret_id_key.
openssl rsa -in secret_id_key -pubout| ..? |sha1sum
Not as messy as I thought though: $ openssl rsa -in secret_id_key -outform DER -RSAPublicKey_out | sha1 On GNU/Linux sha1 is probably sha1sum. Happy hacking -- Ivan Markin
participants (2)
-
Ivan Markin -
nusenu