Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#17603 closed enhancement (not a bug)

allow non-interactive --keygen usage (with empty passphrase): --nopass

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: tyseom Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by tyseom

Cc: tyseom added

comment:2 Changed 4 years ago by cypherpunks

Resolution: worksforme
Status: newclosed

not using --keypass is the solution

tor --datadir data --orport 1234 --list-fingerprint
Last edited 4 years ago by cypherpunks (previous) (diff)

comment:3 Changed 4 years ago by cypherpunks

Resolution: worksforme
Status: closedreopened

s7r's decription of --nopass can be found in a related trac entry:
https://trac.torproject.org/projects/tor/ticket/17127#comment:6

comment:4 Changed 4 years ago by s7r

Resolution: not a bug
Status: reopenedclosed

For the --nopass part which I find useful we will stick with #17127 .

For the part that Tor does not automatically renew the medium term signing key sufficiently valid in the future with the new SigningKeyLifetime value WITHOUT manually calling --keygen, this is expected and wanted behavior. The automated key renewal will be called by Tor when the medium term signing key it has is ABOUT to expire and it WANTS (or NEEDS) to generate a new medium term signing key.

If you want to override existent medium term signing key valid for 30 days in the future from $now, you CANNOT do it by adding SigningKeyLifetime 2 days in torrc and reload/restart. The new SigningKeyLifetime value will be used when the existent key is about to expire and Tor wants to generate new one. You have to do it with the manual --keygen instead if you want immediate replacement.

Closing this for the above stated reasons.

comment:5 in reply to:  4 Changed 4 years ago by cypherpunks

Replying to s7r:

For the --nopass part which I find useful we will stick with #17127 .

ok. please adjust its description/title as it doesn't say anything about the --nopass except comment 6
https://trac.torproject.org/projects/tor/ticket/17127#comment:6

For the part that Tor does not automatically renew the medium term signing key sufficiently valid in the future with the new SigningKeyLifetime value WITHOUT manually calling --keygen, this is expected and wanted behavior. The automated key renewal will be called by Tor when the medium term signing key it has is ABOUT to expire and it WANTS (or NEEDS) to generate a new medium term signing key.

That is actually unrelated to this ticket (and I'm fine with tor's current behavior)

comment:6 Changed 4 years ago by s7r

Ok, adjusted.

Yes, second part was for:
https://lists.torproject.org/pipermail/tor-dev/2015-November/009991.html

I believed the ticket was related to that also, given that its description contains a link to a mail list thread (didn't click it to re-check, thought it's related to the link I just copied above where you also included this ticket as reference).

Thanks!

Note: See TracTickets for help on using tickets.