[tor-bugs] #18133 [Tor]: In OfflineMasterKey mode master keys are not supposed to be available, do not suggest they should be

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jan 23 11:17:37 UTC 2016 

#18133: In OfflineMasterKey mode master keys are not supposed to be available, do
not suggest they should be
-----------------------------+-----------------
     Reporter:  cypherpunks  |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  Low          |  Milestone:
    Component:  Tor          |    Version:
     Severity:  Minor        |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |    Sponsor:
-----------------------------+-----------------
 When Ed25519 signing keys expire tor logs the following messages:

 {{{
 (1) [notice] It looks like I should try to generate and sign a new medium-
 term signing key, because the one I have is going to expire soon. But
 OfflineMasterKey is set, so I won't try to load a permanent master
 identity key is set. You will need to use 'tor --keygen' make a new
 signing key and certificate.

 (2) [notice] It looks like I need to generate and sign a new medium-term
 signing key, because the one I have is expired. To do that, I need to load
 the permanent master identity key.

 (3)[warn] We needed to load a secret key from
 .../tor/keys/ed25519_master_id_secret_key, but couldn't find it. Did you
 forget to copy it over when you copied the rest of the signing key
 material?

 (4)[warn] Can't load master identity key; OfflineMasterKey is set.

 (5)[err] Unable to update Ed25519 keys!  Exiting.
 }}}


 (3) suggests that one forgot to copy the master key, but in such a setup
 OfflineMasterKey 1, the masterkey is not supposed to be there, so the warn
 message could be replaced with "please provide tor with new valid Ed25519
 signing keys/cert" (or similar) instead of suggesting to the user that it
 should copy the master key to the relay - which is not recommended, no?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18133>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list