"tor-gencert --create-identity-key" fails with no clear error message if passphrase is empty or short
Run tor-gencert to make a new key, but leave the PEM pass phrase empty (just hit enter):
$ ./tor-gencert --create-identity-key
Enter PEM pass phrase:
Nov 15 15:32:59.730 [err] Couldn't write identity key to ./authority_identity_key
Nov 15 15:32:59.730 [err] crypto error while Writing identity key: result too small (in UI routines:UI_set_result_ex)
Nov 15 15:32:59.730 [err] crypto error while Writing identity key: processing error (in UI routines:UI_process)
Nov 15 15:32:59.730 [err] crypto error while Writing identity key: problems getting password (in PEM routines:PEM_def_callback)
Nov 15 15:32:59.730 [err] crypto error while Writing identity key: read key (in PEM routines:do_pk8pkey)It seems to me that having an empty pass phrase should work; but if we want it to not work, we should say that as an error message.
(Found by tech-exorcist on #tor)
In fact, I just tried it with short passphrases, and they also fail with these cryptic error messages. So it sounds like maybe we have a secret minimum passphrase length or something?
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information