summaryrefslogtreecommitdiff
path: root/src/or/routerkeys.h
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2015-03-01 16:40:02 +0100
committerNick Mathewson <nickm@torproject.org>2015-06-17 10:11:18 -0400
commitb6eee531bb546683387fb471b754f24bc40580d0 (patch)
treebdfd45d429c8869ee4410592fe15a8b58c9af123 /src/or/routerkeys.h
parentcbdf2c5d8f6fcce432e2355f406ca9e3c2340a5b (diff)
downloadtor-b6eee531bb546683387fb471b754f24bc40580d0.tar.gz
tor-b6eee531bb546683387fb471b754f24bc40580d0.zip
Support encrypted offline master keys with a new --keygen flag
When --keygen is provided, we prompt for a passphrase when we make a new master key; if it is nonempty, we store the secret key in a new crypto_pwbox. Also, if --keygen is provided and there *is* an encrypted master key, we load it and prompt for a passphrase unconditionally. We make a new signing key unconditionally when --keygen is provided. We never overwrite a master key.
Diffstat (limited to 'src/or/routerkeys.h')
-rw-r--r--src/or/routerkeys.h6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/or/routerkeys.h b/src/or/routerkeys.h
index b45a22ac12..1e0199e5e6 100644
--- a/src/or/routerkeys.h
+++ b/src/or/routerkeys.h
@@ -14,6 +14,7 @@
#define INIT_ED_KEY_EXTRA_STRONG (1u<<5)
#define INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT (1u<<6)
#define INIT_ED_KEY_OMIT_SECRET (1u<<7)
+#define INIT_ED_KEY_TRY_ENCRYPTED (1u<<8)
struct tor_cert_st;
ed25519_keypair_t *ed_key_init_from_file(const char *fname, uint32_t flags,
@@ -61,6 +62,11 @@ int should_make_new_ed_keys(const or_options_t *options, const time_t now);
int generate_ed_link_cert(const or_options_t *options, time_t now);
+int read_encrypted_secret_key(ed25519_secret_key_t *out,
+ const char *fname);
+int write_encrypted_secret_key(const ed25519_secret_key_t *out,
+ const char *fname);
+
void routerkeys_free_all(void);
#endif