[tor-relays] Questions about OfflineMasterKey
Cristian Consonni
cristian at balist.es
Fri May 26 16:14:53 UTC 2017
Hi,
On 18/05/2017 10:45, nusenu wrote:>> Currently, my server hosting
kitten1 and kitten2 (tor guard and fallback
>> directory) is under seizure since 14/05 11h.
butplease revoke
>> immediatly kitten1 & kitten2 tor node.
>> Those nodes are also fallback directory.
>
> I don't know any context or background but if you fear this could happen
end to use tor's OfflineMasterKey feature (without
> copying the master key to the server) with a short keylifetime (i.e. 7
> days), especially if it is a fallback dir
> (which requires a tor source code change to remove it).
This feature is interesting and I did not know about it.
However, I have been reading the documentation page[1] and I have the
impression that the more I read the less I understand how it works.
If I look inside the DataDir of one of my relays - a standard Debian
install - see this:
```
ed25519_master_id_public_key
ed25519_master_id_secret_key
ed25519_signing_cert
ed25519_signing_secret_key
secret_id_key
secret_onion_key
secret_onion_key_ntor
secret_onion_key_ntor.old
secret_onion_key.old
```
So, here some of the things I think I have understood:
* Tor uses a ed25519 key to generate the other keys need to decrypt
incoming traffic and route it to its next destination on the network. I
don't know how this works in practice, but probably it is too much
detail at the moment.
* In the standard install the master key is the
`ed25519_master_id_secret_key` above, which has no passphrase.
* If in `torrc` we declare `OfflineMasterKey 1` then the
`ed25519_master_id_secret_key` will not reside anymore on the relay but
on a separate machine.
* In the process of generating the master key (with the command `tor
--keygen`, all the files above will be generated.
* To run the node with `OfflineMasterKey 1` you need to copy all the
files generated in the previous step *with the exception of the master key*.
I had also a few questions:
* is the above correct?
* if I use the offline master key protected with a passphrase will I
need to input the passphrase every time I restart Tor (I have in mind
what Apache does when you restart it and have certificates protected
with a passphrase)?
* Assuming that I am going to use a separate machine to generate the
master key I need to make sure that the version of Tor on the machine
that I use to generate the key and the relay?
Thanks for your help.
Cristian
[1]:
https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineKeys
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170526/d85210fb/attachment-0001.sig>
More information about the tor-relays
mailing list