Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch 'maint-0.2.7'

Nick Mathewson 9 years ago
parent
4770db8e99 fb64c55cf8
commit
6b2087dbe4
2 changed files with 31 additions and 2 deletions
Split View Show Diff Stats
  1. 4 0
      changes/bug17583
  2. 27 2
      doc/tor.1.txt

+ 4 - 0
changes/bug17583
View File 

@@ -0,0 +1,4 @@
 
+  o Documentation:
 
+    - Add a description of the correct use of the '--keygen' command-line
 
+      option. Closes ticket 17583; based on text by 's7r'.
 
+

+ 27 - 2
doc/tor.1.txt
View File 

@@ -95,6 +95,30 @@ COMMAND-LINE OPTIONS
 
     which tells Tor to only send warnings and errors to the console, or with
 
     the **--quiet** option, which tells Tor not to log to the console at all.
 
 
+[[opt-keygen]] **--keygen** [**--newpass**]
 
+
 
+   Running "tor --keygen" creates a new ed25519 master identity key for a
 
+   relay, or only a fresh temporary signing key and certificate, if you
 
+   already have a master key.  Optionally you can encrypt the master identity
 
+   key with a passphrase: Tor will ask you for one. If you don't want to
 
+   encrypt the master key, just don't enter any passphrase when asked. +
 
+ +
 
+   The **--newpass** option should be used with --keygen only when you need
 
+   to add, change, or remove a passphrase on an existing ed25519 master
 
+   identity key. You will be prompted for the old passphase (if any),
 
+   and the new passphrase (if any). +
 
+ +
 
+   When generating a master key, you will probably want to use
 
+   **--DataDirectory** to control where the keys
 
+   and certificates will be stored, and **--SigningKeyLifetime** to
 
+   control their lifetimes.  Their behavior is as documented in the
 
+   server options section below.  (You must have write access to the specified
 
+   DataDirectory.) +
 
+ +
 
+   To use the generated files, you must copy them to the DataDirectory/keys
 
+   directory of your Tor daemon, and make sure that they are owned by the
 
+   user actually running the Tor daemon on your system.
 
+
 
 Other options can be specified on the command-line in the format "--option
 
 value", in the format "option value", or in a configuration file.  For
 
 instance, you can tell Tor to start listening for SOCKS connections on port
 
@@ -1952,8 +1976,9 @@ is non-zero):
 
 
 [[OfflineMasterKey]] **OfflineMasterKey** **0**|**1**::
 
     If non-zero, the Tor relay will never generate or load its master secret
 
-    key.  Instead, you'll have to use "tor --keygen" to manage the master
 
-    secret key. (Default: 0)
 
+    key.  Instead, you'll have to use "tor --keygen" to manage the permanent
 
+    ed25519 master identity key, as well as the corresponding temporary
 
+    signing keys and certificates. (Default: 0)
 
 
 DIRECTORY SERVER OPTIONS
 
 ------------------------