diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-03-01 16:40:02 +0100 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-06-17 10:11:18 -0400 |
| commit | b6eee531bb546683387fb471b754f24bc40580d0 (patch) | |
| tree | bdfd45d429c8869ee4410592fe15a8b58c9af123 /src/or/routerkeys.h | |
| parent | cbdf2c5d8f6fcce432e2355f406ca9e3c2340a5b (diff) | |
| download | tor-b6eee531bb546683387fb471b754f24bc40580d0.tar.gz tor-b6eee531bb546683387fb471b754f24bc40580d0.zip | |
Support encrypted offline master keys with a new --keygen flag
When --keygen is provided, we prompt for a passphrase when we make a
new master key; if it is nonempty, we store the secret key in a new
crypto_pwbox.
Also, if --keygen is provided and there *is* an encrypted master key,
we load it and prompt for a passphrase unconditionally.
We make a new signing key unconditionally when --keygen is provided.
We never overwrite a master key.
Diffstat (limited to 'src/or/routerkeys.h')
| -rw-r--r-- | src/or/routerkeys.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/or/routerkeys.h b/src/or/routerkeys.h index b45a22ac12..1e0199e5e6 100644 --- a/src/or/routerkeys.h +++ b/src/or/routerkeys.h @@ -14,6 +14,7 @@ #define INIT_ED_KEY_EXTRA_STRONG (1u<<5) #define INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT (1u<<6) #define INIT_ED_KEY_OMIT_SECRET (1u<<7) +#define INIT_ED_KEY_TRY_ENCRYPTED (1u<<8) struct tor_cert_st; ed25519_keypair_t *ed_key_init_from_file(const char *fname, uint32_t flags, @@ -61,6 +62,11 @@ int should_make_new_ed_keys(const or_options_t *options, const time_t now); int generate_ed_link_cert(const or_options_t *options, time_t now); +int read_encrypted_secret_key(ed25519_secret_key_t *out, + const char *fname); +int write_encrypted_secret_key(const ed25519_secret_key_t *out, + const char *fname); + void routerkeys_free_all(void); #endif |