Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Created by Roger Dingledine@armaReporter

"tor-gencert --create-identity-key" fails with no clear error message if passphrase is empty or short

Run tor-gencert to make a new key, but leave the PEM pass phrase empty (just hit enter):

$ ./tor-gencert --create-identity-key
Enter PEM pass phrase:
Nov 15 15:32:59.730 [err] Couldn't write identity key to ./authority_identity_key
Nov 15 15:32:59.730 [err] crypto error while Writing identity key: result too small (in UI routines:UI_set_result_ex)
Nov 15 15:32:59.730 [err] crypto error while Writing identity key: processing error (in UI routines:UI_process)
Nov 15 15:32:59.730 [err] crypto error while Writing identity key: problems getting password (in PEM routines:PEM_def_callback)
Nov 15 15:32:59.730 [err] crypto error while Writing identity key: read key (in PEM routines:do_pk8pkey)

It seems to me that having an empty pass phrase should work; but if we want it to not work, we should say that as an error message.

(Found by tech-exorcist on #tor)

In fact, I just tried it with short passphrases, and they also fail with these cryptic error messages. So it sounds like maybe we have a secret minimum passphrase length or something?

Edited by Roger Dingledine
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information