aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2016-01-28 10:22:06 -0500
committerNick Mathewson <nickm@torproject.org>2016-01-28 10:22:06 -0500
commit6b2087dbe42e2e4a81b5cac9278f81a97f80a1cb (patch)
tree667d6949a63512978728c7e94348ced4371f3165
parent4770db8e992365c12c652f53a7d3fd84bae25bcb (diff)
parentfb64c55cf87615745e7c59c5bdc660119986bab1 (diff)
downloadtor-6b2087dbe42e2e4a81b5cac9278f81a97f80a1cb.tar.gz
tor-6b2087dbe42e2e4a81b5cac9278f81a97f80a1cb.zip
Merge branch 'maint-0.2.7'
-rw-r--r--changes/bug175834
-rw-r--r--doc/tor.1.txt29
2 files changed, 31 insertions, 2 deletions
diff --git a/changes/bug17583 b/changes/bug17583
new file mode 100644
index 0000000000..d77d46759a
--- /dev/null
+++ b/changes/bug17583
@@ -0,0 +1,4 @@
+ o Documentation:
+ - Add a description of the correct use of the '--keygen' command-line
+ option. Closes ticket 17583; based on text by 's7r'.
+
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 0fea831549..9d5bfdc654 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -95,6 +95,30 @@ COMMAND-LINE OPTIONS
which tells Tor to only send warnings and errors to the console, or with
the **--quiet** option, which tells Tor not to log to the console at all.
+[[opt-keygen]] **--keygen** [**--newpass**]
+
+ Running "tor --keygen" creates a new ed25519 master identity key for a
+ relay, or only a fresh temporary signing key and certificate, if you
+ already have a master key. Optionally you can encrypt the master identity
+ key with a passphrase: Tor will ask you for one. If you don't want to
+ encrypt the master key, just don't enter any passphrase when asked. +
+ +
+ The **--newpass** option should be used with --keygen only when you need
+ to add, change, or remove a passphrase on an existing ed25519 master
+ identity key. You will be prompted for the old passphase (if any),
+ and the new passphrase (if any). +
+ +
+ When generating a master key, you will probably want to use
+ **--DataDirectory** to control where the keys
+ and certificates will be stored, and **--SigningKeyLifetime** to
+ control their lifetimes. Their behavior is as documented in the
+ server options section below. (You must have write access to the specified
+ DataDirectory.) +
+ +
+ To use the generated files, you must copy them to the DataDirectory/keys
+ directory of your Tor daemon, and make sure that they are owned by the
+ user actually running the Tor daemon on your system.
+
Other options can be specified on the command-line in the format "--option
value", in the format "option value", or in a configuration file. For
instance, you can tell Tor to start listening for SOCKS connections on port
@@ -1952,8 +1976,9 @@ is non-zero):
[[OfflineMasterKey]] **OfflineMasterKey** **0**|**1**::
If non-zero, the Tor relay will never generate or load its master secret
- key. Instead, you'll have to use "tor --keygen" to manage the master
- secret key. (Default: 0)
+ key. Instead, you'll have to use "tor --keygen" to manage the permanent
+ ed25519 master identity key, as well as the corresponding temporary
+ signing keys and certificates. (Default: 0)
DIRECTORY SERVER OPTIONS
------------------------