-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hello,
Let's recap (hope I am not missing something):
a) you make sure master_id_secret_key is available in /home/[user]/.tor/keys b) you run # tor --keygen and provide the correct passphrase c) you *move* the newly generated ed25519_signing_secret_key and ed25519_signing_cert *FROM* /home/[user]/.tor/keys *TO* /var/lib/tor/keys or wherever your Tor datadirectory is (depending on your OS / distro) and reload or restart Tor. You don't need to shut down Tor while you use --keygen, you can only reload (HUP) or restart after you've moved the new key and cert.
and you still get the same notice that the medium term signing key is going to expire soon?
If yes, can you let me know other details about your setup? Do you use a SigningKeyLifetime parameter in your torrc?
Also, the directory doesn't need to be /home/[user]/.tor/keys if you are willing to pass it with --datadirectory argument (Tor will just need write permission in the target folder):
# tor --datadirectory /some/path --keygen (the master_id_secret_key needs to be inside a keys folder in /some/path, eg: /some/path/keys/ed25519_master_id_secret_key).
The new medium term signing key and cert will be saved in the same folder and you have to manually move them to your working Tor's instance datadirectory folder as explained above.
We are working on making this simpler by allowing to manually set the master id secret key path and ask for a different output folder for the created files.
On 1/4/2016 9:53 PM, 12xBTM wrote:
So my medium-term signing key expires tomorrow, and Tor notices.log is all up and down about:
Jan 04 19:22:46.000 [notice] It looks like I should try to generate and sign a new medium-term signing key, because the one I have is going to expire soon. But OfflineMasterKey is set, so I won't try to load a permanent master identity key is set. You will need to use 'tor --keygen' make a new signing key and certificate.
Now, that's great and all, so I tossed my master_id_public_key and the master_id_secret_key_encrypted into the folder they were originally generated in, which is: /home/[user]/.tor/keys/ed25519.... Turned off Tor, ran "tor --keygen" Gave my password. It generates a new signing_cert and signing_secret_key in the same directory. And now, no matter what I do, Tor keeps giving the same notice over and over again that the keys are expiring.
The documentation for this feature is slightly lacking. So, if anyone knows what I'm doing wrong, that'd be very helpful.