Opened 3 years ago

Last modified 23 months ago

#19560 new defect

running tor trying to access its ed25519_signing_secret_key, log message too loud

Reported by: weasel Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.2.8.4-rc
Severity: Normal Keywords: tor-relay ed25519 prop220 logging
Cc: Actual Points:
Parent ID: Points: .1
Reviewer: Sponsor:

Description

I keep my key files away from the running tor instance.

For some reason, tor seems to want to re-open them regularly:

Jul 04 08:17:09.000 [warn] Could not open "/var/lib/tor/keys/ed25519_signing_secret_key": Permission denied

It probably shouldn't want that.

Child Tickets

Change History (8)

comment:1 Changed 3 years ago by cypherpunks

That online key (ed25519 signing key) is supposed to be accessible even if OfflineMasterKey is set to 1, no?

see also:
https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineKeys

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:2 Changed 3 years ago by Sebastian

The online dirauth key had no such requirement

comment:3 Changed 3 years ago by weasel

There is also no such requirement for the (RSA) secret_id_key.

comment:4 Changed 3 years ago by nickm

Milestone: Tor: 0.2.???

IIRC Tor checks its signing key (note, this is NOT the master identity key) so that it can tell if it changed. We can have it fail more quietly I guess. I'd take a patch for that

comment:5 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:6 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:7 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:8 Changed 23 months ago by nickm

Keywords: tor-relay ed25519 prop220 logging added
Points: .1
Summary: running tor trying to access its ed25519_signing_secret_keyrunning tor trying to access its ed25519_signing_secret_key, log message too loud
Note: See TracTickets for help on using tickets.