|
|
= Directory Authority Ed25519 Keys =
|
|
|
# Directory Authority Ed25519 Keys
|
|
|
|
|
|
If you want to know how to generate or renew keys, see [[GeneratingDirauthKeys]].
|
|
|
|
|
|
== Legacy RSA Keys ==
|
|
|
## Legacy RSA Keys
|
|
|
|
|
|
So far, Tor relays always had an identity key that got auto-created when first
|
|
|
configuring Tor as a relay and was stored in the 'keys' directory inside Tor's
|
... | ... | @@ -33,7 +33,7 @@ You probably knew all of this so far (except for the stuff I got wrong, you |
|
|
probably knew better). Sorry for being boring. The exciting part is that none
|
|
|
of the above changes at all, for now. But here's the new stuff!
|
|
|
|
|
|
== New Ed25519 Keys ==
|
|
|
## New Ed25519 Keys
|
|
|
|
|
|
Because RSA 1024 is really sucky nowadays, we're moving to ed25519-backed relay
|
|
|
identity keys. As an added bonus, the key can optionally be stored offline (not
|
... | ... | @@ -77,7 +77,7 @@ combinations in dirauth votes already - but having two relays on the same |
|
|
IP:Port is not treated as an error by Tor's vote parsing code, so the bug was
|
|
|
never uncovered.
|
|
|
|
|
|
== Offline Ed25519 Keys ==
|
|
|
## Offline Ed25519 Keys
|
|
|
|
|
|
Back to the first issue, to make sure your relay never accidentally creates an
|
|
|
ed25519 key online, the config option 'OfflineMasterKey 1' can be set. If Tor
|
... | ... | |