Opened 3 years ago

Last modified 2 weeks ago

#18098 needs_revision enhancement

prop224: Implement tor-genkey tool for offline HS key creation

Reported by: dgoulet Owned by: haxxpop
Priority: Medium Milestone: Tor: 0.4.0.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs
Cc: Actual Points:
Parent ID: Points: 6
Reviewer: Sponsor: SponsorR-can

Description

With proposal 224, an operator can choose to keep her master key offline. Currently, tor as a --keygen option used for relay keys. Glueing HS key support _will_ be complicated (since it's already not that easy implementation wise).

I propose we create a separate tool called tor-genkey (follows the tor-gencert naming) located in src/tools to create keys for different use case. We could ship this tool with our tor package or even as a separate package so people don't need to install the whole tor for just generating keys.

Furthermore, with prop224, an operator choosing to generate her key offline, we will need to create a bunch of blinded keys in advance with the offline master key which would make it much more easier than to glue yet another thing on top of tor cmdline.

Also, revocation of those keys could be a reality at some point in time which that tool could do really well without having a tons of new code in tor.

Child Tickets

Change History (16)

comment:1 Changed 3 years ago by dgoulet

Milestone: Tor: 0.2.9.x-finalTor: 0.2.???
Parent ID: #17239#17242
Sponsor: SponsorRSponsorR-can

Changing parent ID since this is related to the service implementation side of 224 and thus not for 029.

comment:2 Changed 2 years ago by dgoulet

Keywords: prop244 added; prop-244 removed
Parent ID: #17242#20657
Points: medium3

comment:3 Changed 2 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:4 Changed 2 years ago by dgoulet

Keywords: prop224 added; prop244 removed
Parent ID: #20657#12424
Points: 36
Summary: Implement tor-genkey tool for at least offline HS key creationprop224: Implement tor-genkey tool for offline HS key creation

With client authorization coming up (still in development), we will need a way for client to be able to generate keys for their authentication with the service which that tool should be able to do. See proposal 224 for more details about this.

comment:5 Changed 2 years ago by dgoulet

Milestone: Tor: 0.3.???Tor: 0.3.1.x-final

Move the 0.3.??? prop224 tickets to the 031 milestone.

comment:6 Changed 2 years ago by dgoulet

Keywords: prop224-extra added

This keyword indicate that it is a nice extra feature to have for prop224 but not needed for the minimal viable implementation.

comment:7 Changed 22 months ago by dgoulet

Priority: MediumVery High

Prioritize prop224 tickets for 031 milestone. They are all "Enhancement".

comment:8 Changed 21 months ago by dgoulet

Milestone: Tor: 0.3.1.x-finalTor: 0.3.2.x-final

We think it's not realistic for 031.

comment:9 Changed 18 months ago by dgoulet

Milestone: Tor: 0.3.2.x-finalTor: unspecified

We can't make those for 032 so for now they go in Unspecified.

comment:10 Changed 16 months ago by dgoulet

Keywords: prop224 removed
Parent ID: #12424

comment:11 Changed 8 months ago by cypherpunks

Parent ID: #25955

comment:12 Changed 8 months ago by dgoulet

Parent ID: #25955
Priority: Very HighMedium

Unparenting. Nothing to do with v2 deprecation.

comment:13 Changed 3 weeks ago by haxxpop

Owner: set to haxxpop
Status: newassigned

comment:14 Changed 3 weeks ago by haxxpop

Status: assignedneeds_review

comment:15 Changed 3 weeks ago by dgoulet

Keywords: prop224-extra removed
Status: needs_reviewneeds_revision

comment:16 Changed 2 weeks ago by nickm

Milestone: Tor: unspecifiedTor: 0.4.0.x-final
Note: See TracTickets for help on using tickets.