-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi everyone,
Two months ago I decided to try the new ed25519 key introduced in Tor 2.7 with OfflineMasterKey set so I can keep the master key in a different place and just upload the medium-term signing key every month. Last month everything went ok: I renewed the key and Tor accepted it. This time instead after generating the new signing key with
# tor --datadirectory path_to_my_master_key --signingkeylifetime '1 months' --keygen
and uploading ed25519_signing_cert and ed25519_signing_secret_key and fixing the permission, Tor keep saying
Feb 03 07:27:40.000 [notice] It looks like I need to generate and sign a new medium-term signing key, because the one I have is expired. To do that, I need to load the permanent master identity key. Feb 03 07:27:40.000 [warn] We needed to load a secret key from /var/lib/tor/keys/ed25519_master_id_secret_key, but couldn't find it. Did you forget to copy it over when you copied the rest of the signing key material? Feb 03 07:27:40.000 [warn] Can't load master identity key; OfflineMasterKey is set. Feb 03 07:27:40.000 [err] Error initializing keys; exiting
That raises two questions to me: - why does Tor think the new keys are already expired? - why is Tor searching ed25519_master_id_secret_key? With OfflineMasterKey set it shouldn't care about the master secret key
Thank you, patacca