-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thank you s7r for helping! On 03/02/2016 17:53, s7r wrote:
Hello - see inline
On 2/3/2016 3:49 PM, Riccardo Mori wrote:
Hi everyone,
Two months ago I decided to try the new ed25519 key introduced in Tor 2.7 with OfflineMasterKey set so I can keep the master key in a different place and just upload the medium-term signing key every month. Last month everything went ok: I renewed the key and Tor accepted it. This time instead after generating the new signing key with
# tor --datadirectory path_to_my_master_key --signingkeylifetime '1 months' --keygen
Why do you use such a value for SigningKeyLifetime when the default is 30 days already? You can just skip --signingkeylifetime and have medium term signing key valid for 30 days (1 month). I am not totally sure *1 months* is a valid argument here (could be, not sure) - why not the default 30 days or more than 1 month?
I wasn't sure about the default value and in case that after an update the default value were changed mine would still be 1 month. Anyway there's no important reason. In the two text files attached there's the history of the commands I typed (made with script), so if you want you can find more details there . I am going to reply to your question here anyway
- path_to_my_master_key is the path to the folder containing a 'keys' subfolder which contains the ed25519_master_id_secret_key or (_encrypted)?
- the user running the 'tor --keygen' command has read/write permissions to the targeted folder from --datadirectory?
yes to both of them, the folder contains ed25519_master_id_secret_key_encrypted and ed25519_master_id_public_key
- is the date on the server where the 'tor --keygen' command runs correct?
Yeah, the date is synchronized with ntp in both systems (the Tor node and my laptop that contains the master key), the only thing that could be an issue is that the two systems are on different time zones: one is UTC+1 and the other is CST (UTC-6)
- fixing the permissions you mean changing the owner of the files to the user actually running the Tor daemon on your system? (debian-tor, _tor, etc.)
yes, it's debian-tor, Tor node is running on debian 8.3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWskQYAAoJEE1LNuolWAxgQr0QAISu2/uDFJaRQOCpT3IAeR1i KOLCZn0+V/0AOWQHnDH58/KT3m4cqE8ELhJLD3zuWJUqZI6ABr8r8wP30bJVW8JO hjhaECK88ziwmk+7JR9MNugnbfTDHCyl+PYkSJZTfal04sdY59JaOWTgyHHp1c/P UxXbvbGawxDPvlR+WvphsVgXcy3C4Ws3P5Xxkdk5P9jwAYn5rTCVWT4/2KpokHGr wUxsxDPM/Z13oOaKIPkFp+/4zzWf0GhiCVT6x3OrG27z1+9aweMhlt/tgRMC5dQC d8NE/tTLqnPVOtS/9PICKmpUwI0IswQSGmEaNOPho8yraZltFEpAcZyhV4MkzrdX rnfX+DV7aYL8rICDuggh9GbSvqgFiD3Y0y8ZN12K1Po+mkb55DTiLd1sUh3yAGUk HWbV+LipVIjlkn7wLKL9Ehi5+v2v3e0YnGHNdX4skCrdVV2i9lv+ts2j6mmUg2DE xD0wmolVZCXxJ6il9IdFGC63Dghp1kofeDvFbULsnk410IyDdz1f8BngVmfJjksb EwoSjktOQW0U2lEgZpADS9//Y8nCnivju6MjWkwg0WKRW3BHnu11byIhGxWjFOAx AxPPSm07uMyn+ShEJjFCY/ccRp8n+s0Ki6m1cOoZQou+R/qa4b0yof5XMqk9NBLq 33zWVJlySKIsWU1Ia6nd =n4Z0 -----END PGP SIGNATURE-----