[tor-dev] documentation for new offline master key functionality (--keygen is undocumented)

nusenu nusenu at openmailbox.org
Sat Nov 28 21:04:49 UTC 2015

> I have actually tried this in practice to see what happens.
> If you replace the ed25519 medium term singing key and certificate in
> $datadirectory/keys, Tor will re-read keys from disk even if you don't
> send a SIGHUP when it outputs:
> [notice] It looks like I should try to generate and sign a new
> medium-term signing key, because the one I have is going to expire
> soon. To do that, I'm going to have to try to load the permanent
> master identity key.

If that logentry is generated on a system with 'OfflineMasterKey 1' I
would find it a bit misleading since it will never be able to load the
permanent master key.

> This message is repeated once every 30 seconds or so. When you send a
> SIGHUP, the reload happens instantly.
> So, if an user correctly generates and provides the new medium term
> signing key and certificate and forgets to SIGHUP (reload), when the
> old key expires Tor won't exit. This is good.

Thanks for this info, so we don't have to do anything else than just
replace the key files (no explicit SIGHUP needed) - and tor will read it
when necessary. That is great since it makes key renewal idempotent out
of the box.

More information about the tor-dev mailing list