[tor-dev] OfflineMasterKey / ansible-relayor

nusenu nusenu at openmailbox.org
Wed Nov 18 22:19:12 UTC 2015


> background:
> I might want to integrate offline master key functionality into
> ansible-relayor [1].

I added (preliminary) OfflineMasterKey support to ansible-relayor [1] -
in fact it will become the only option eventually as it make many things
actually simpler, would be great if someone could take a look and let me
know whether it looks reasonable.

The security critical parts are probably
- key generation [2]
- copying of key material to the relay [3]

I copy/expose the following files to the relay:

[ 'ed25519_master_id_public_key', 'ed25519_signing_cert',
'ed25519_signing_secret_key', 'secret_id_key', 'secret_onion_key',
'secret_onion_key_ntor']




[1]
https://github.com/nusenu/ansible-relayor/commit/2c4040df7848f382ced02b43f35ca8a9f07ab284
[2]
https://github.com/nusenu/ansible-relayor/blob/2c4040df7848f382ced02b43f35ca8a9f07ab284/tasks/configure.yml#L18
[3]
https://github.com/nusenu/ansible-relayor/blob/2c4040df7848f382ced02b43f35ca8a9f07ab284/tasks/configure.yml#L84

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151118/f51bef8f/attachment.sig>


More information about the tor-dev mailing list