[tor-dev] generate relay fingerprint without tor given the datadir/keys folder?

nusenu nusenu at openmailbox.org
Fri Feb 3 16:12:00 UTC 2017


given the files within the datadir/keys folder (without the
datadir/fingerprint file), is there an easy way to generate the relay
fingerprint? (using openssl?)

According to the spec [1] the fingerprint is the SHA1 hash of the public
key. (I assume RSA pubkey)
According to the tor man page [2] the RSA public key should be in

openssl rsa -in secret_id_key -pubout| ..? |sha1sum


>     "fingerprint" fingerprint NL
>        [At most once]
>        A fingerprint (a HASH_LEN-byte of asn1 encoded public key, encoded in
>        hex, with a single space after every 4 characters) for this router's
>        identity key. A descriptor is considered invalid (and MUST be
>        rejected) if the fingerprint line does not match the public key.

>        DataDirectory/keys/secret_id_key
>            A relay’s RSA1024 permanent identity key, including private and
>            public components. Used to sign router descriptors, and to sign
>            other keys.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170203/4e49b59e/attachment.sig>

More information about the tor-dev mailing list