Cristian Consonni:
On 18/05/2017 10:45, nusenu wrote:>> I don't know any context or background but if you fear this could happen end to use tor's OfflineMasterKey feature (without
copying the master key to the server) with a short keylifetime (i.e. 7 days), especially if it is a fallback dir (which requires a tor source code change to remove it).
This feature is interesting and I did not know about it. However, I have been reading the documentation page[1] and I have the impression that the more I read the less I understand how it works.
Since I know you use(d)? ansible-relayor: ansible-relayor uses the OfflineMasterKey feature by default (and can not be disabled)
If I look inside the DataDir of one of my relays - a standard Debian install - see this:
ed25519_master_id_public_key ed25519_master_id_secret_key ed25519_signing_cert ed25519_signing_secret_key secret_id_key secret_onion_key secret_onion_key_ntor secret_onion_key_ntor.old secret_onion_key.oldSo, here some of the things I think I have understood:
- Tor uses a ed25519 key to generate the other keys need to decrypt
incoming traffic and route it to its next destination on the network. I don't know how this works in practice, but probably it is too much detail at the moment.
I don't think that is accurate. Lets agree on: Since tor 0.3.0.x the Ed25519 key is used to authenticate non-persistent keys (link connections to relays).
- In the standard install the master key is the
`ed25519_master_id_secret_key` above, which has no passphrase.
I agree.
- If in `torrc` we declare `OfflineMasterKey 1` then the
`ed25519_master_id_secret_key` will not reside anymore on the relay but on a separate machine.
if you replace "will not" with "can" it is accurate. The torrc option can not say anything about the location of the master key (other machine, same machine or usual folder, ...). It just says that tor will not attempt to load/read the master key.
- In the process of generating the master key (with the command `tor
--keygen`, all the files above will be generated.
--keygen will generate the following files in the "keys" subfolder of DataDir:
ed25519_master_id_public_key ed25519_master_id_secret_key ed25519_signing_cert ed25519_signing_secret_key
(RSA keys will be generated on a relay's first start if there are none) Due to its interactive requirement I do not use --keygen to generate keys. https://trac.torproject.org/projects/tor/ticket/17603
- To run the node with `OfflineMasterKey 1` you need to copy all the
files generated in the previous step *with the exception of the master key*.
more precisely: a relay in "OfflineMasterKey 1" mode requires 3 files: (this is the absolute minimum):
ed25519_signing_cert ed25519_signing_secret_key
I had also a few questions:
- if I use the offline master key protected with a passphrase will I
need to input the passphrase every time I restart Tor
No, the passphrase is only needed when you access the passphrase-protected master key (and that should not be located on the relay).
If you choose to protect your master key with a passphrase you will only need your passphrase everytime you renew your _online_ key/cert.
- Assuming that I am going to use a separate machine to generate the
master key I need to make sure that the version of Tor on the machine that I use to generate the key and the relay?
Running the same version certainly does not hurt but technically running any tor version that has Ed25519 support works ( >= 0.2.7.x)
Reminder: When you play around with this feature: always make sure to keep your Ed25519 + RSA keys. If your Ed25519 key changes while the RSA key remains, your relay will be rejected since these keys are pinned (for security).
hope this helps, nusenu