[tor-bugs] #16790 [Tor]: Tor should reload keys from disk when receiving a SIGHUP
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 24 14:55:34 UTC 2015
#16790: Tor should reload keys from disk when receiving a SIGHUP
-------------------------+-------------------------------------------------
Reporter: s7r | Owner: nickm
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.7.2-alpha
Resolution: | Keywords: TorCoreTeam201508, ed25519,
Actual Points: | identity keys
Points: | Parent ID:
-------------------------+-------------------------------------------------
Comment (by s7r):
This doesn't work as expected yet.
I have created cert and temporary signing key with a lifetime of 2 days
(the minimum allowed). After 24 hours, I got the normal expected warning:
{{{
[notice] It looks like I should try to generate and sign a new medium-term
signing key, because the one I have is going to expire soon. To do that,
I'm going to have to try to load the permanent master identity key
}}}
This means that Tor should be in the stage when it would reload keys from
disk when receiving a SIGHUP. It does not, it receives the SIGHUP and
reloads. I have even deleted all the ed25519* files in $datadirectory/keys
and sent a SIGHUP. Tor still remembered the cert and signing key loaded
initially, and only did this:
{{{
Aug 24 10:44:54.000 [warn] No key found in
/root/torsrc/data/keys/ed25519_master_id_secret_key or
/root/torsrc/data/keys/ed25519_master_id_public_key.
Aug 24 10:44:54.000 [warn] Master public key was absent; inferring from
public key in signing certificate and saving to disk.
}}}
Only generated and saved to disk ed25519_master_id_public_key and
continued to run with just with this file in $datadirectory/keys.
Obviously if I stop it and start again, it will exit since it's missing
signing key and cert, but sending SIGHUP doesn't do anything, it just
reloads:
{{{
Aug 24 10:52:08.000 [notice] It looks like I should try to generate and
sign a new medium-term signing key, because the one I have is going to
expire soon. To do that, I'm going to have to try to load the permanent
master identity key
Aug 24 10:52:15.000 [notice] Received reload signal (hup). Reloading
config and resetting internal state.
Aug 24 10:52:15.000 [notice] Read configuration file "/root/torsrc/torrc".
Aug 24 10:52:39.000 [notice] It looks like I should try to generate and
sign a new medium-term signing key, because the one I have is going to
expire soon. To do that, I'm going to have to try to load the permanent
master identity key
}}}
Not generating the cert and medium term signing key from memory on SIGHUP
is not a bug, we actually do not want that behavior. What we want is just
to call the validation protocol on a SIGHUP, the same as when it starts
initially.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16790#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list