[tor-dev] documentation for new offline master key functionality (--keygen is undocumented)

s7r s7r at sky-ip.org
Tue Nov 24 01:33:46 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I have actually tried this in practice to see what happens.

If you replace the ed25519 medium term singing key and certificate in
$datadirectory/keys, Tor will re-read keys from disk even if you don't
send a SIGHUP when it outputs:

[notice] It looks like I should try to generate and sign a new
medium-term signing key, because the one I have is going to expire
soon. To do that, I'm going to have to try to load the permanent
master identity key.

This message is repeated once every 30 seconds or so. When you send a
SIGHUP, the reload happens instantly.

So, if an user correctly generates and provides the new medium term
signing key and certificate and forgets to SIGHUP (reload), when the
old key expires Tor won't exit. This is good.

On 11/19/2015 2:06 PM, nusenu wrote:
> 
> 
>>>> Does a tor operator has to SIGHUP a running tor instance
>>>> after copying the new signing keys to the appropriate folder
>>>> or will tor attempt to reload that file as soon as this
>>>> signing key expires?
>>> Yes.
>> 
>> Yes, HUP?
> 
> reference: 
> https://gitweb.torproject.org/tor.git/tree/ReleaseNotes?h=release-0.2.7#n86
>
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJWU756AAoJEIN/pSyBJlsRzMMH/izA61WZAbdIWtB+CijBD5Ap
qqWUZghVzY9UexFTQa7SSaqZuAhziQe/4xBztlDNqw44hjhFBdK0e/p1UP0AF9Md
AN8PCyu5yVpK+39Dlqh4GTkbXUhiEl7EvRGmfylHbSlHuL4A30LBSXyWMNVdha3U
jcSQSb0jjbchhQEZzjKsnAFDNqewL4nNKP4icpuMgfBjy7D1r5Jh3wpH/2X/oTyD
/5zL5LxGwB7FowosuS6c0n0a4qVdgvKPPF7k9MGkmobQ72FAdgBnc9Vdo+2if1eB
ZY/mQO7j2a1jxuvMFinjE4P511wbjIW43JzG7Qj8+AQwEymjBEy+gWp6yrJ4YFE=
=4TU3
-----END PGP SIGNATURE-----


More information about the tor-dev mailing list