Hi tor-relays@, I am Clara and work for The Tor Project, Inc. as part of the network team.
As some of you may know, Tor supports a feature called "OfflineMasterKey"[1], which allows you to store the long-term Ed25519 identity key of a relay on a cold device, from which you will generate from time to time a medium-term signing key alongside a certificate signed by the identity key.
While moving my server and re-installing my relay, I thought about using this feature, the recommended approach of using an offline computer seemed rather burdensome to me though.
This made me think about how we could solve that issue by storing the Ed25519 identity key on a Yubikey and let it sign the relevant certificates.
After a week, I came up with a tool called: TorVault[2]. It allows you to use the PIV module on your Yubikey for storing the identity key and signing medium-term certificates. The application itself handles the generation and signing of the medium-term key.
The usage of the program is interactive and as follows: ```sh $ go build -o torvault cmd/torvault/*.go $ ./torvault 1. Yubico YubiKey OTP+FIDO+CCID choose a smart card: 1 choose a slot [9c]: choose an expiration date [2025-05-24]: choose a path for the identity public key [ed25519_master_id_public_key]: choose a path for the signing secret key [ed25519_signing_secret_key]: choose a path for the signing cert [ed25519_signing_cert]:
================================ smart card: Yubico YubiKey OTP+FIDO+CCID 31892185 slot: 0x9c public key: EVLS6NL8wastoApvJUPDzYxJ7FAdOx22RFpqtlzFGpA expiration date: Sat, 24 May 2025 00:00:00 UTC (1748044800) identity public key path: ed25519_master_id_public_key signing secret key path: ed25519_signing_secret_key signing cert path: ed25519_signing_cert ================================
is this correct? (y/n): y enter PIN: success! 🧅 $ systemctl stop tor $ cp ed25519_* /path/to/your/relay/keys $ systemctl start tor ```
In theory, one Yubikey can store up to 17 relay identity keys, before reaching its limit. Unfortunately, Ed25519 support is rather new in Yubikeys, so you will probably need a newer one (I developed it with firmware 5.7).
Another thing you have to keep in mind is, that it is *not possible* to move an existing Ed25519 identity key to a Yubikey. This is a historical limitation of the way on how ctor stores Ed25519 keys. This means, you can only secure new relays with this feature, but not existing ones.
Please also keep in mind that this feature requires you to keep an eye on the expiry date, as an expired certificate will render the relay to be unusable, which will in the long run result in its loss of the guard and other flags.
I am also already using this in production for my own relay.
Feedback is gladly welcome.
Thank You Clara
[1]: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorRelaySecurity/Offli... [2]: https://gitlab.torproject.org/cve/torvault