-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
The "Enter passphrase" request when manually calling --keygen is optional, not mandatory. If you just leave it blank and proceed it will just create an unencrypted master identity key.
On 11/14/2015 10:18 AM, nusenu wrote:
Hi,
is there a way to use tor --keygen non-interactively?
background: I might want to integrate offline master key functionality into ansible-relayor [1]. The basic idea is to generate the master keys on the ansible client and push only the required signing keys to the relays (master keys never touch the relay). Since every step should be automated, master keys will not be passphrase protected. I consider unprotected (no passphrase) offline master keys still a lot better than online master keys, but currently I don't know how to generate master keys without passphrase in an non-interactive way (--keygen asks for the passphrase when generating a new key).
If that is not possible (out of the box) yet, would you consider a feature request, lets call it '--nopass' that can be used with --keygen to generate new keys without passphrase? (a more general approach would probably be to have --passphrase <passprase> but doing so would potentially write your passphrase to your shell history file).
thanks!