[tor-bugs] #16769 [Tor]: add two new functions when manually calling --keygen for better management

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Aug 11 22:08:18 UTC 2015 

#16769: add two new functions when manually calling --keygen for better management
-------------------------------------------------+-------------------------
 Reporter:  s7r                                  |          Owner:
     Type:  defect                               |         Status:  new
 Priority:  normal                               |      Milestone:  Tor:
Component:  Tor                                  |  0.2.7.x-final
 Keywords:                                       |        Version:  Tor:
  ed25519,relay,keys,TorCoreTeam201508           |  0.2.7.2-alpha
Parent ID:  #16645                               |  Actual Points:
                                                 |         Points:
-------------------------------------------------+-------------------------
 Currently when --keygen is automatically called by Tor, it will define the
 variables (datadirectory, SigningKeyLifetime, etc.) from torrc and/or
 init.d/rc scripts and use those values to look for the master ID key and
 save output files (signing cert and signing key). This is working
 excellent in ed25519_keygen branch and we should not change anything.

 What we need to do is add more functions to --keygen when it is manuall
 called by the user, in order to make it possible to do simple things, such
 as: generating a signing cert and signing key from master ID key backed up
 on a non-writeable media. Also, since we offer the possibility to password
 protect the master ID key, we should also offer the possibility to change
 the password in future.

 Again: all these should be only used when user manually calls --keygen.
 Tor knows what to do when it is called automatically.
 Currently, when manually calling '''tor --keygen''' Tor, will only care
 about a '''--datadirectory''' argument, where it will look for the
 '''ed25519_master_id_secret_key(_encrypted)''' and also save the output
 files '''(ed25519_master_id_public_key; ed25519_signing_cert;
 ed25519_signing_secret_key)'''. The current behavior when we call --keygen
 with --datadirectory is good and doesn't require any change. Few more
 functions needed:

 '''1. Specify the exact location of the master ID key and location for the
 output files separately:'''

 '''''tor --masterkey /mnt/cdrom/relay_x_master_id_key --out
 /var/lib/tor/keys/ --keygen'''''

 - The master ID secret key file can have any name, as opposite to
 --datadirectory (where Tor will only look for
 ed25519_master_id_secret_key(_encrypted)). Tor will detect if the key is
 encrypted or not and ask for the password if it is.

 - --out /path/to/folder will tell Tor the folder where it should save the
 output files (ed25519_master_id_public_key; ed25519_signing_cert;
 ed25519_signing_secret_key). In case there is no --out specified, save to
 current working directory where the command is run. The output files will
 be saved with their default filenames, ready to be moved to keys folder.

 - We create the files with the default lifetime of 30 days, unless user
 also specifies --SigningKeyLifetime 'n days/weeks/months' when calling,
 for example:
 '''''tor --masterkey /mnt/cdrom/relay_x_master_id_key --out
 /var/lib/tor/keys/ --SigningKeyLifetime '10 days' --keygen'''''

 '''2. Add a feature to add/remove or change password:'''

 '''''tor --masterkey /path/to/master_id_key --newpass --keygen'''''
 - Here we can specify the exact master ID key file, it isn't a must to
 have the exact name: ed25519_master_id_secret_key(_encrypted).

 '''''tor --datadirectory /path/to/foolder --newpass --keygen'''''
 - Here Tor will look for ed25519_master_id_secret_key(_encrypted) in the
 folder specified with --datadirectory.

 If it is encrypted, we ask for the current password to decrypt it and 2
 times for a new password. If new password and confirm new password fields
 are left blank, it means the user wants to decrypt it permanently. Vice
 versa, if it is not encrypted, and the user provides a password and
 confirms it, encrypt it with that password.
 Here we modify the file in place, we delete the old one and save the new
 one with the same name (append _encrypted at the end of the filename if we
 just encrypted it or remove this suffix if we just decrypted it). Warn and
 exit in case we couldn't modify the file.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16769>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list