Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Packages and registries
    • Packages and registries
    • Container Registry
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #18098

prop224: Implement tor-genkey tool for offline HS key creation

With proposal 224, an operator can choose to keep her master key offline. Currently, tor as a --keygen option used for relay keys. Glueing HS key support will be complicated (since it's already not that easy implementation wise).

I propose we create a separate tool called tor-genkey (follows the tor-gencert naming) located in src/tools to create keys for different use case. We could ship this tool with our tor package or even as a separate package so people don't need to install the whole tor for just generating keys.

Furthermore, with prop224, an operator choosing to generate her key offline, we will need to create a bunch of blinded keys in advance with the offline master key which would make it much more easier than to glue yet another thing on top of tor cmdline.

Also, revocation of those keys could be a reality at some point in time which that tool could do really well without having a tons of new code in tor.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking