[tor-dev] documentation for new offline master key functionality (--keygen is undocumented)
s7r at sky-ip.org
Tue Nov 24 01:33:46 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
I have actually tried this in practice to see what happens.
If you replace the ed25519 medium term singing key and certificate in
$datadirectory/keys, Tor will re-read keys from disk even if you don't
send a SIGHUP when it outputs:
[notice] It looks like I should try to generate and sign a new
medium-term signing key, because the one I have is going to expire
soon. To do that, I'm going to have to try to load the permanent
master identity key.
This message is repeated once every 30 seconds or so. When you send a
SIGHUP, the reload happens instantly.
So, if an user correctly generates and provides the new medium term
signing key and certificate and forgets to SIGHUP (reload), when the
old key expires Tor won't exit. This is good.
On 11/19/2015 2:06 PM, nusenu wrote:
>>>> Does a tor operator has to SIGHUP a running tor instance
>>>> after copying the new signing keys to the appropriate folder
>>>> or will tor attempt to reload that file as soon as this
>>>> signing key expires?
>> Yes, HUP?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
-----END PGP SIGNATURE-----
More information about the tor-dev