[tor-bugs] #18098 [Tor]: Implement tor-genkey tool for at least offline HS key creation

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jan 19 09:31:18 UTC 2016


#18098: Implement tor-genkey tool for at least offline HS key creation
-----------------------------+--------------------------------
     Reporter:  dgoulet      |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  Medium       |  Milestone:  Tor: 0.2.9.x-final
    Component:  Tor          |    Version:
     Severity:  Normal       |   Keywords:  prop-244, tor-hs
Actual Points:               |  Parent ID:  #17239
       Points:  medium       |    Sponsor:  SponsorR
-----------------------------+--------------------------------
 With proposal 224, an operator can choose to keep her master key offline.
 Currently, tor as a `--keygen` option used for relay keys. Glueing HS key
 support _will_ be complicated (since it's already not that easy
 implementation wise).

 I propose we create a separate tool called `tor-genkey` (follows the tor-
 gencert naming) located in `src/tools` to create keys for different use
 case. We could ship this tool with our tor package or even as a separate
 package so people don't need to install the whole tor for just generating
 keys.

 Furthermore, with prop224, an operator choosing to generate her key
 offline, we will need to create a bunch of blinded keys in advance with
 the offline master key which would make it much more easier than to glue
 yet another thing on top of tor cmdline.

 Also, revocation of those keys could be a reality at some point in time
 which that tool could do really well without having a tons of new code in
 tor.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18098>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list