-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Thank you s7r for helping!
On 03/02/2016 17:53, s7r wrote:
Hello - see inline
On 2/3/2016 3:49 PM, Riccardo Mori wrote:
Hi everyone,
Two months ago I decided to try the new ed25519 key introduced in Tor 2.7 with OfflineMasterKey set so I can keep the master key in a different place and just upload the medium-term signing key every month. Last month everything went ok: I renewed the key and Tor accepted it. This time instead after generating the new signing key with
# tor --datadirectory path_to_my_master_key --signingkeylifetime '1 months' --keygen
Why do you use such a value for SigningKeyLifetime when the default is 30 days already? You can just skip --signingkeylifetime and have medium term signing key valid for 30 days (1 month). I am not totally sure *1 months* is a valid argument here (could be, not sure) - why not the default 30 days or more than 1 month?
I wasn't sure about the default value and in case that after an update the default value were changed mine would still be 1 month. Anyway there's no important reason.
In the two text files attached there's the history of the commands I typed (made with script), so if you want you can find more details there . I am going to reply to your question here anyway
- path_to_my_master_key is the path to the folder containing a
'keys' subfolder which contains the ed25519_master_id_secret_key or (_encrypted)?
- the user running the 'tor --keygen' command has read/write
permissions to the targeted folder from --datadirectory?
yes to both of them, the folder contains ed25519_master_id_secret_key_encrypted and ed25519_master_id_public_key
- is the date on the server where the 'tor --keygen' command runs
correct?
Yeah, the date is synchronized with ntp in both systems (the Tor node and my laptop that contains the master key), the only thing that could be an issue is that the two systems are on different time zones: one is UTC+1 and the other is CST (UTC-6)
- fixing the permissions you mean changing the owner of the files
to the user actually running the Tor daemon on your system? (debian-tor, _tor, etc.)
yes, it's debian-tor, Tor node is running on debian 8.3