Changes between Version 4 and Version 5 of doc/GeneratingDirauthKeys


Ignore:
Timestamp:
Apr 1, 2018, 9:56:41 PM (23 months ago)
Author:
micah
Comment:

fill in some gaps

Legend:

Unmodified
Added
Removed
Modified
  • doc/GeneratingDirauthKeys

    v4 v5  
    6060}}}
    6161
    62 === Generating or Renewing Ed25519 Keys ===
     62=== Generating Ed25519 Keys ===
    6363
    64 To create or renew Ed25519 keys, use:
     64To create Ed25519 keys, use:
    6565{{{
    6666$ tor --keygen --DataDirectory <DIR> --SigningKeyLifetime "30 days"
     
    6868
    6969The default ed25519 online key lifetime is 1 month.
     70
     71You will be asked to provide a passphrase to encrypt the ED25519 master ID secret key. **Please save this password somewhere safe**, you will need it again when things need to be renewed.
    7072
    7173Then copy these files to the keys directory on your authority:
     
    8183}}}
    8284
     85**Be sure** you save all the files generated in <DIR>/keys, because you will need them when it is time to renew things (specifically the ed25519_master_id_secret_key_encrypted and ed25519_master_id_public_key).
     86
     87=== Renewing ED25519 Keys ===
     88
     89Find where you generated the original files in the previous step. They should be located under <DIR>/keys. Also locate the password that you used to encrypt the ED25519 master ID secret key. Then you will need to run:
     90{{{
     91$ tor --keygen --DataDirectory <DIR> --SigningKeyLifetime "30 days"
     92}}}
     93
     94You should be prompted to enter the passphrase for the ED25519 master ID secret key. If you are asked to **"Enter new passphrase"**, then you are generating a **new** ED25519 master ID secret key, this is not what you want to do, if you are renewing keys. If you do this, and then try to replace the generated files on your dirauth, the other authorities will produce this error, and not accept your descriptor:
     95{{{
     96Looks like your keypair has changed? This authority previously recorded a different RSA identity for this Ed25519 identity (or vice versa.) Did you replace or copy some of your key files, but not the others? You should either restore the expected keypair, or delete your keys and restart Tor to start your relay with a new identity."
     97}}}
     98
     99Find the ed25519_master_id_secret_key_encrypted and ed25519_master_id_public_key that you originally generated, and make sure they are in the <DIR>/keys directory and try again. You will be successful, when you are prompted for the existing passphrase: **"Enter passphrase for master key:"**
     100
     101
    83102=== Online Ed25519 Keys ===
    84103