tor-gencert.1 2.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
  1. .TH tor-gencert 1 "" Jan-2008 ""
  2. .\" manual page by Nick Mathewson
  3. .SH NAME
  4. .LP
  5. tor-gencert \- Generate certs and keys for Tor directory authorities
  6. .SH SYNOPSIS
  7. \fBtor-gencert\fP\ [-h|--help] [-v] [-r|--reuse] [--create-identity-key] [-i \fIid_file\fP] [-c \fIcert_file\fP] [-m \fInum\fP] [-a \fIaddress\fP:\fIport\fP]
  8. .SH DESCRIPTION
  9. \fBtor-gencert\fR generates certificates and private keys for use by Tor
  10. directory authorities running the v3 Tor directory protocol, as used by Tor
  11. 0.2.0 and later. If you are not running a directory authority, you don't
  12. need to use tor-gencert.
  13. .PP
  14. Every directory authority has a long term authority \fIidentity key\fP (which
  15. is distinct from the identity key it uses as a Tor server); this key should
  16. be kept offline in a secure location. It is used to certify shorter-lived
  17. \fIsigning keys\fP, which are kept online and used by the directory authority
  18. to sign votes and consensus documents.
  19. .PP
  20. After you use this program to generate a signing key and a certificate, copy
  21. those files to the keys subdirectory of your Tor process, and send Tor a
  22. SIGHUP signal. DO NOT COPY THE IDENTITY KEY.
  23. .SH OPTIONS
  24. \fB-v\fP
  25. Display verbose output.
  26. .LP
  27. .TP
  28. \fB-h\fP or \fB--help\fP
  29. Display help text and exit.
  30. .LP
  31. .TP
  32. \fB-r\fP or \fB--reuse\fP
  33. Generate a new certificate, but not a new signing key. This can be
  34. used to change the address or lifetime associated with a given key.
  35. .LP
  36. .TP
  37. \fB--create-identity-key\fP
  38. Generate a new identity key. You should only use this option the first
  39. time you run tor-gencert; in the future, you should use the identity
  40. key that's already there.
  41. .LP
  42. .TP
  43. \fB-i \fR\fIFILENAME\fP
  44. Read the identity key from the specified file. If the file is not present
  45. and --create-identity-key is provided, create the identity key in the
  46. specified file. Default: "./authority_identity_key"
  47. .LP
  48. .TP
  49. \fB-s \fR\fIFILENAME\fP
  50. Write the signing key to the specified file. Default:
  51. "./authority_signing_key"
  52. .LP
  53. .TP
  54. \fB-c \fR\fIFILENAME\fP
  55. Write the certificate to the specified file.
  56. Default: "./authority_certificate"
  57. .LP
  58. .TP
  59. \fB-m \fR\fINUM\fP
  60. Number of months that the certificate should be valid. Default: 12.
  61. .LP
  62. .TP
  63. \fB--passphrase-fd \fR\fIFILEDES\fP
  64. Filedescriptor to read the file descriptor from. Ends at the first
  65. NUL or newline. Default: read from the terminal.
  66. .LP
  67. .TP
  68. \fB-a \fR\fIaddress\fR:\fIport\fP
  69. If provided, advertise the address:port combination as this authority's
  70. preferred directory port in its certificate. If the address is a hostname,
  71. the hostname is resolved to an IP before it's published.
  72. .SH BUGS
  73. This probably doesn't run on Windows. That's not a big issue, since we
  74. don't really want authorities to be running on Windows anyway.
  75. .SH SEE ALSO
  76. .BR tor (1)
  77. .PP
  78. See also the "dir-spec.txt" file, distributed with Tor.
  79. .SH AUTHORS
  80. Roger Dingledine <arma@mit.edu>, Nick Mathewson <nickm@alum.mit.edu>.