[tor-dev] possible to run --keygen non-interactively?

nusenu nusenu at openmailbox.org
Sat Nov 14 08:18:28 UTC 2015


is there a way to use tor --keygen non-interactively?

I might want to integrate offline master key functionality into
ansible-relayor [1]. The basic idea is to generate the master keys on
the ansible client and push only the required signing keys to the relays
(master keys never touch the relay).
Since every step should be automated, master keys will not be passphrase
protected. I consider unprotected (no passphrase) offline master keys
still a lot better than online master keys, but currently I don't know
how to generate master keys without passphrase in an non-interactive way
(--keygen asks for the passphrase when generating a new key).

If that is not possible (out of the box) yet, would you consider a
feature request, lets call it '--nopass' that can be used with --keygen
to generate new keys without passphrase? (a more general approach would
probably be to have --passphrase <passprase> but doing so would
potentially write your passphrase to your shell history file).


[1] https://github.com/nusenu/ansible-relayor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151114/368a3ce0/attachment.sig>

More information about the tor-dev mailing list