[tor-dev] possible to run --keygen non-interactively?
s7r at sky-ip.org
Sun Nov 15 15:17:34 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
The "Enter passphrase" request when manually calling --keygen is
optional, not mandatory. If you just leave it blank and proceed it
will just create an unencrypted master identity key.
On 11/14/2015 10:18 AM, nusenu wrote:
> is there a way to use tor --keygen non-interactively?
> background: I might want to integrate offline master key
> functionality into ansible-relayor . The basic idea is to
> generate the master keys on the ansible client and push only the
> required signing keys to the relays (master keys never touch the
> relay). Since every step should be automated, master keys will not
> be passphrase protected. I consider unprotected (no passphrase)
> offline master keys still a lot better than online master keys, but
> currently I don't know how to generate master keys without
> passphrase in an non-interactive way (--keygen asks for the
> passphrase when generating a new key).
> If that is not possible (out of the box) yet, would you consider a
> feature request, lets call it '--nopass' that can be used with
> --keygen to generate new keys without passphrase? (a more general
> approach would probably be to have --passphrase <passprase> but
> doing so would potentially write your passphrase to your shell
> history file).
>  https://github.com/nusenu/ansible-relayor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
-----END PGP SIGNATURE-----
More information about the tor-dev