[tor-dev] OfflineMasterKey / ansible-relayor

nusenu nusenu at openmailbox.org
Wed Nov 18 22:19:12 UTC 2015

> background:
> I might want to integrate offline master key functionality into
> ansible-relayor [1].

I added (preliminary) OfflineMasterKey support to ansible-relayor [1] -
in fact it will become the only option eventually as it make many things
actually simpler, would be great if someone could take a look and let me
know whether it looks reasonable.

The security critical parts are probably
- key generation [2]
- copying of key material to the relay [3]

I copy/expose the following files to the relay:

[ 'ed25519_master_id_public_key', 'ed25519_signing_cert',
'ed25519_signing_secret_key', 'secret_id_key', 'secret_onion_key',


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151118/f51bef8f/attachment.sig>

More information about the tor-dev mailing list