[tor-bugs] #18133 [Tor]: In OfflineMasterKey mode master keys are not supposed to be available, do not suggest they should be
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jan 23 11:17:37 UTC 2016
#18133: In OfflineMasterKey mode master keys are not supposed to be available, do
not suggest they should be
-----------------------------+-----------------
Reporter: cypherpunks | Owner:
Type: enhancement | Status: new
Priority: Low | Milestone:
Component: Tor | Version:
Severity: Minor | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+-----------------
When Ed25519 signing keys expire tor logs the following messages:
{{{
(1) [notice] It looks like I should try to generate and sign a new medium-
term signing key, because the one I have is going to expire soon. But
OfflineMasterKey is set, so I won't try to load a permanent master
identity key is set. You will need to use 'tor --keygen' make a new
signing key and certificate.
(2) [notice] It looks like I need to generate and sign a new medium-term
signing key, because the one I have is expired. To do that, I need to load
the permanent master identity key.
(3)[warn] We needed to load a secret key from
.../tor/keys/ed25519_master_id_secret_key, but couldn't find it. Did you
forget to copy it over when you copied the rest of the signing key
material?
(4)[warn] Can't load master identity key; OfflineMasterKey is set.
(5)[err] Unable to update Ed25519 keys! Exiting.
}}}
(3) suggests that one forgot to copy the master key, but in such a setup
OfflineMasterKey 1, the masterkey is not supposed to be there, so the warn
message could be replaced with "please provide tor with new valid Ed25519
signing keys/cert" (or similar) instead of suggesting to the user that it
should copy the master key to the relay - which is not recommended, no?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18133>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list