Opened 22 months ago

Last modified 3 months ago

#18098 new enhancement

prop224: Implement tor-genkey tool for offline HS key creation

Reported by: dgoulet Owned by:
Priority: Very High Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, prop224-extra
Cc: Actual Points:
Parent ID: Points: 6
Reviewer: Sponsor: SponsorR-can

Description

With proposal 224, an operator can choose to keep her master key offline. Currently, tor as a --keygen option used for relay keys. Glueing HS key support _will_ be complicated (since it's already not that easy implementation wise).

I propose we create a separate tool called tor-genkey (follows the tor-gencert naming) located in src/tools to create keys for different use case. We could ship this tool with our tor package or even as a separate package so people don't need to install the whole tor for just generating keys.

Furthermore, with prop224, an operator choosing to generate her key offline, we will need to create a bunch of blinded keys in advance with the offline master key which would make it much more easier than to glue yet another thing on top of tor cmdline.

Also, revocation of those keys could be a reality at some point in time which that tool could do really well without having a tons of new code in tor.

Child Tickets

Change History (10)

comment:1 Changed 20 months ago by dgoulet

Milestone: Tor: 0.2.9.x-finalTor: 0.2.???
Parent ID: #17239#17242
Sponsor: SponsorRSponsorR-can

Changing parent ID since this is related to the service implementation side of 224 and thus not for 029.

comment:2 Changed 12 months ago by dgoulet

Keywords: prop244 added; prop-244 removed
Parent ID: #17242#20657
Points: medium3

comment:3 Changed 12 months ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:4 Changed 12 months ago by dgoulet

Keywords: prop224 added; prop244 removed
Parent ID: #20657#12424
Points: 36
Summary: Implement tor-genkey tool for at least offline HS key creationprop224: Implement tor-genkey tool for offline HS key creation

With client authorization coming up (still in development), we will need a way for client to be able to generate keys for their authentication with the service which that tool should be able to do. See proposal 224 for more details about this.

comment:5 Changed 11 months ago by dgoulet

Milestone: Tor: 0.3.???Tor: 0.3.1.x-final

Move the 0.3.??? prop224 tickets to the 031 milestone.

comment:6 Changed 11 months ago by dgoulet

Keywords: prop224-extra added

This keyword indicate that it is a nice extra feature to have for prop224 but not needed for the minimal viable implementation.

comment:7 Changed 9 months ago by dgoulet

Priority: MediumVery High

Prioritize prop224 tickets for 031 milestone. They are all "Enhancement".

comment:8 Changed 8 months ago by dgoulet

Milestone: Tor: 0.3.1.x-finalTor: 0.3.2.x-final

We think it's not realistic for 031.

comment:9 Changed 5 months ago by dgoulet

Milestone: Tor: 0.3.2.x-finalTor: unspecified

We can't make those for 032 so for now they go in Unspecified.

comment:10 Changed 3 months ago by dgoulet

Keywords: prop224 removed
Parent ID: #12424
Note: See TracTickets for help on using tickets.