[tor-relays] Issues with offline master key functionality
Riccardo Mori
patacca at autistici.org
Wed Feb 3 13:49:14 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi everyone,
Two months ago I decided to try the new ed25519 key introduced in Tor
2.7 with OfflineMasterKey set so I can keep the master key in a
different place and just upload the medium-term signing key every month.
Last month everything went ok: I renewed the key and Tor accepted it.
This time instead after generating the new signing key with
# tor --datadirectory path_to_my_master_key --signingkeylifetime '1
months' --keygen
and uploading ed25519_signing_cert and ed25519_signing_secret_key and
fixing the permission, Tor keep saying
Feb 03 07:27:40.000 [notice] It looks like I need to generate and sign
a new medium-term signing key, because the one I have is expired. To
do that, I need to load the permanent master identity key.
Feb 03 07:27:40.000 [warn] We needed to load a secret key from
/var/lib/tor/keys/ed25519_master_id_secret_key, but couldn't find it.
Did you forget to copy it over when you copied the rest of the signing
key material?
Feb 03 07:27:40.000 [warn] Can't load master identity key;
OfflineMasterKey is set.
Feb 03 07:27:40.000 [err] Error initializing keys; exiting
That raises two questions to me:
- why does Tor think the new keys are already expired?
- why is Tor searching ed25519_master_id_secret_key? With
OfflineMasterKey set it shouldn't care about the master secret key
Thank you,
patacca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWsgVWAAoJEE1LNuolWAxg12QP/iy/rd0cPPt8WhzXXCmlRwRi
vNFZ2PO6ltpS9uu0HRgUExpDGG1QY8eLUZxRUPCg1lFPbu/tsfHo+Rz3RB6iAg0Q
rkqkSen4vjAboA2PTfyu6oLQEqX4zHyJ4RaFZcdemgYdm4/B1pbZVMYOgI1EiJQj
bX/WSyjPlAF5gXhWW+F1UH/ucCLcue8LumWdd2qGSILVInzEcXfM2myTi4NRZJry
pearKYlMMSt70+qM7ivBKelYp3iMpZjUZOQa4rDmNEvWncWmHDi+QxggsKBGJ/Kf
ZqwVuatCQT56B10GNGZrc5bUx1cbBjdXj4wMLh3D/8wxMIJztPB9rEI2+C2GzP3d
asG054o2GHQ5HISQqFuFTZ4dzyjudV/g3HbA78kXcLXrTuSVSV0vZ8cEqACiaYSI
dFfIjNTevr9WgWbXPfKFzILAGlBS6gUWJflh8eQY539Jg0LnJI4XpSbSFlvAU8dQ
fzZSLnUGdPC0w8dcPpSeS+ojxiQ1cv7qQoeubpyXvO16ATlxDZ6SW9WwFDKEN72N
xUOwIBGBpj6Onq8UuieMRTqolcd5jc96/4Y1rVCUeegRts+0RloW+ftODf5MjcyR
5uvbvyrm9J9AsAzFkK+ZI7Xi+Fad4lR1rsdM7t9jWndHFb83DEKDOJPyq+aFgk+r
00IxrkcEOwzQUf68QLcP
=xN1c
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list