Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ea95ce25b6
Branches Tags
tor
/
doc
/
tor-gencert.1

tor-gencert.1 2.8 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. .TH tor-gencert 1 "" Jan-2008 ""
    2. 

  2. .\" manual page by Nick Mathewson
    3. 

  3. .SH NAME
    4. 

  4. .LP
    5. 

  5. tor-gencert \- Generate certs and keys for Tor directory authorities
    6. 

  6. 

  7. .SH SYNOPSIS
    8. 

  8. \fBtor-gencert\fP\ [-h|--help] [-v] [-r|--reuse] [--create-identity-key] [-i \fIid_file\fP] [-c \fIcert_file\fP] [-m \fInum\fP] [-a \fIaddress\fP:\fIport\fP]
    9. 

  9. 

  10. .SH DESCRIPTION
    11. 

  11. \fBtor-gencert\fR generates certificates and private keys for use by Tor
    12. 

  12. directory authorities running the v3 Tor directory protocol, as used by Tor
    13. 

  13. 0.2.0 and later.  If you are not running a directory authority, you don't
    14. 

  14. need to use tor-gencert.
    15. 

  15. .PP
    16. 

  16. Every directory authority has a long term authority \fIidentity key\fP (which
    17. 

  17. is distinct from the identity key it uses as a Tor server); this key should
    18. 

  18. be kept offline in a secure location.  It is used to certify shorter-lived
    19. 

  19. \fIsigning keys\fP, which are kept online and used by the directory authority
    20. 

  20. to sign votes and consensus documents.
    21. 

  21. .PP
    22. 

  22. After you use this program to generate a signing key and a certificate, copy
    23. 

  23. those files to the keys subdirectory of your Tor process, and send Tor a
    24. 

  24. SIGHUP signal. DO NOT COPY THE IDENTITY KEY.
    25. 

  25. 

  26. .SH OPTIONS
    27. 

  27. \fB-v\fP
    28. 

  28. Display verbose output.
    29. 

  29. .LP
    30. 

  30. .TP
    31. 

  31. \fB-h\fP or \fB--help\fP
    32. 

  32. Display help text and exit.
    33. 

  33. .LP
    34. 

  34. .TP
    35. 

  35. \fB-r\fP or \fB--reuse\fP
    36. 

  36. Generate a new certificate, but not a new signing key.  This can be
    37. 

  37. used to change the address or lifetime associated with a given key.
    38. 

  38. .LP
    39. 

  39. .TP
    40. 

  40. \fB--create-identity-key\fP
    41. 

  41. Generate a new identity key.  You should only use this option the first
    42. 

  42. time you run tor-gencert; in the future, you should use the identity
    43. 

  43. key that's already there.
    44. 

  44. .LP
    45. 

  45. .TP
    46. 

  46. \fB-i \fR\fIFILENAME\fP
    47. 

  47. Read the identity key from the specified file.  If the file is not present
    48. 

  48. and --create-identity-key is provided, create the identity key in the
    49. 

  49. specified file.  Default: "./authority_identity_key"
    50. 

  50. .LP
    51. 

  51. .TP
    52. 

  52. \fB-s \fR\fIFILENAME\fP
    53. 

  53. Write the signing key to the specified file.  Default:
    54. 

  54. "./authority_signing_key"
    55. 

  55. .LP
    56. 

  56. .TP
    57. 

  57. \fB-c \fR\fIFILENAME\fP
    58. 

  58. Write the certificate to the specified file.
    59. 

  59. Default: "./authority_certificate"
    60. 

  60. .LP
    61. 

  61. .TP
    62. 

  62. \fB-m \fR\fINUM\fP
    63. 

  63. Number of months that the certificate should be valid.  Default: 12.
    64. 

  64. .LP
    65. 

  65. .TP
    66. 

  66. \fB--passphrase-fd \fR\fIFILEDES\fP
    67. 

  67. Filedescriptor to read the file descriptor from.  Ends at the first
    68. 

  68. NUL or newline.  Default: read from the terminal.
    69. 

  69. .LP
    70. 

  70. .TP
    71. 

  71. \fB-a \fR\fIaddress\fR:\fIport\fP
    72. 

  72. If provided, advertise the address:port combination as this authority's
    73. 

  73. preferred directory port in its certificate.  If the address is a hostname,
    74. 

  74. the hostname is resolved to an IP before it's published.
    75. 

  75. 

  76. .SH BUGS
    77. 

  77. This probably doesn't run on Windows.  That's not a big issue, since we
    78. 

  78. don't really want authorities to be running on Windows anyway.
    79. 

  79. 

  80. .SH SEE ALSO
    81. 

  81. .BR tor (1)
    82. 

  82. .PP
    83. 

  83. See also the "dir-spec.txt" file, distributed with Tor.
    84. 

  84. 

  85. .SH AUTHORS
    86. 

  86. Roger Dingledine <arma@mit.edu>, Nick Mathewson <nickm@alum.mit.edu>.
    87.