diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-05-28 11:04:33 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-05-28 11:04:33 -0400 |
| commit | 1b52e95028e0d84b7a112e4b8f2e393261dbb19c (patch) | |
| tree | 3dba31b96e31d4c9816a2f124afc5ff2152af2c8 /doc | |
| parent | 0989ba33834c17b2eac3bb87596fca115965ce3c (diff) | |
| parent | 5eb584e2e91bd5d6d204b9bb62a95c0edf43ff71 (diff) | |
| download | tor-1b52e95028e0d84b7a112e4b8f2e393261dbb19c.tar.gz tor-1b52e95028e0d84b7a112e4b8f2e393261dbb19c.zip | |
Merge branch '12498_ed25519_keys_v6'
Fixed numerous conflicts, and ported code to use new base64 api.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/tor.1.txt | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 13f2bdd60c..e7c08f5046 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1857,6 +1857,13 @@ is non-zero): this. If this option is set to 0, Tor will try to pick a reasonable default based on your system's physical memory. (Default: 0) +[[SigningKeyLifetime]] **SigningKeyLifetime** __N__ **days**|**weeks**|**months**:: + For how long should each Ed25519 signing key be valid? Tor uses a + permanent master identity key that can be kept offline, and periodically + generates new "signing" keys that it uses online. This option + configures their lifetime. + (Default: 30 days) + DIRECTORY SERVER OPTIONS ------------------------ @@ -2349,6 +2356,23 @@ The following options are used for running a testing Tor network. authority on a testing network. Overrides the usual default lower bound of 4 KB. (Default: 0) +[[TestingLinkCertLifetime]] **TestingLinkCertifetime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**|**months**:: + Overrides the default lifetime for the certificates used to authenticate + our X509 link cert with our ed25519 signing key. + (Default: 2 days) + +[[TestingAuthKeyLifetime]] **TestingAuthKeyLifetime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**|**months**:: + Overrides the default lifetime for a signing Ed25519 TLS Link authentication + key. + (Default: 2 days) + +[[TestingLinkKeySlop]] **TestingLinkKeySlop** __N__ **seconds**|**minutes**|**hours**:: +[[TestingAuthKeySlop]] **TestingAuthKeySlop** __N__ **seconds**|**minutes**|**hours**:: +[[TestingSigningKeySlop]] **TestingSigningKeySlop** __N__ **seconds**|**minutes**|**hours**:: + How early before the official expiration of a an Ed25519 signing key do + we replace it and issue a new key? + (Default: 3 hours for link and auth; 1 day for signing.) + SIGNALS ------- |