Hi,

It [looks like `TestingSigningKeySlop`][1] might be what you are looking for. I'm not entirely sure why it's categorized as a Testing option, as it seems to do something useful outside of testing, so maybe don't use it just yet? There doesn't seem to be a way to print the expiration time from that warning you get. You can get that time by running `tor -f /path/to/torrc --key-expiration sign --format iso8601 --quiet` (or `--format timestamp` if you are into unix timestamps). In an [hopefully close future][2], it will also be possible to setup alerting if you have monitoring through Grafana or similar (or by querying the MetricsPort with a script).

[1]: https://gitlab.torproject.org/tpo/core/tor/-/blob/34da50718a4395936736c32e8c... [2]: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/698

Regards,

trinity-1686a

On Mon, 22 May 2023 at 09:04, telekobold torproject-ml@telekobold.de wrote:

Hi everyone,

I'm using OfflineMasterKey 1 for my Tor bridge, hosting and renewing the long-term identity key on a Tails USB stick.

I observed that Tor starts printing warning messages to /var/log/tor/notices.log 24 hours before the intermediate key expires. My question is if there is a flag that could be set in the torrc file to start printing these warning message more than 24 hours before the expiration time, possibly even with outputting the exact expiration time? If there isn't such an option, does anyone happen to have a script ready for this (before I start trying to implement something like this myself)?

Kind regards telekobold _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays