4 files changed, 41 insertions, 10 deletions

diff --git a/changes/ticket33632 b/changes/ticket33632
new file mode 100644
index 0000000000..9d813feaf2
--- /dev/null
+++ b/changes/ticket33632
@@ -0,0 +1,5 @@
+  o Minor features (relay fingerprint, command line):
+    - Allow a relay operator to list the ed25519 keys on the command line
+      by adding the `rsa` and `ed25519` arguments to the --list-fingerprint
+      flag to show the respective RSA and ed25519 relay fingerprint. Closes
+      ticket 33632. Patch by Neel Chauhan.
diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt
index ab273925b1..e886d6f801 100644
--- a/doc/man/tor.1.txt
+++ b/doc/man/tor.1.txt
@@ -91,8 +91,9 @@ The following options in this section are only recognized on the
 [[opt-hash-password]] **`--hash-password`** __PASSWORD__::
     Generate a hashed password for control port access.
 
-[[opt-list-fingerprint]] **`--list-fingerprint`**::
-    Generate your keys and output your nickname and fingerprint.
+[[opt-list-fingerprint]] **`--list-fingerprint`** [__key type__]::
+    Generate your keys and output your nickname and fingerprint. Optionally,
+    you can specify the key type as `rsa` (default) or `ed25519`.
 
 [[opt-verify-config]] **`--verify-config`**::
     Verify whether the configuration file is valid.
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 04a82a5c43..b5cc382258 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -2466,6 +2466,7 @@ static const struct {
     .command=CMD_DUMP_CONFIG,
     .quiet=QUIET_SILENT },
   { .name="--list-fingerprint",
+    .takes_argument=ARGUMENT_OPTIONAL,
     .command=CMD_LIST_FINGERPRINT },
   { .name="--keygen",
     .command=CMD_KEYGEN },
diff --git a/src/app/main/main.c b/src/app/main/main.c
index 31a6fa52ba..e7ffb31b4f 100644
--- a/src/app/main/main.c
+++ b/src/app/main/main.c
@@ -58,6 +58,7 @@
 #include "feature/stats/rephist.h"
 #include "lib/compress/compress.h"
 #include "lib/buf/buffers.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "lib/crypt_ops/crypto_s2k.h"
 #include "lib/net/resolve.h"
@@ -735,29 +736,52 @@ tor_remove_file(const char *filename)
 static int
 do_list_fingerprint(void)
 {
-  char buf[FINGERPRINT_LEN+1];
+  const or_options_t *options = get_options();
+  const char *arg = options->command_arg;
+  char rsa[FINGERPRINT_LEN + 1];
   crypto_pk_t *k;
-  const char *nickname = get_options()->Nickname;
+  const ed25519_public_key_t *edkey;
+  const char *nickname = options->Nickname;
   sandbox_disable_getaddrinfo_cache();
-  if (!server_mode(get_options())) {
+
+  bool show_rsa = !strcmp(arg, "") || !strcmp(arg, "rsa");
+  bool show_ed25519 = !strcmp(arg, "ed25519");
+  if (!show_rsa && !show_ed25519) {
+    log_err(LD_GENERAL,
+      "If you give a key type, you must specify 'rsa' or 'ed25519'. Exiting.");
+    return -1;
+  }
+
+  if (!server_mode(options)) {
     log_err(LD_GENERAL,
             "Clients don't have long-term identity keys. Exiting.");
     return -1;
   }
   tor_assert(nickname);
   if (init_keys() < 0) {
-    log_err(LD_GENERAL,"Error initializing keys; exiting.");
+    log_err(LD_GENERAL, "Error initializing keys; exiting.");
     return -1;
   }
   if (!(k = get_server_identity_key())) {
-    log_err(LD_GENERAL,"Error: missing identity key.");
+    log_err(LD_GENERAL, "Error: missing RSA identity key.");
+    return -1;
+  }
+  if (crypto_pk_get_fingerprint(k, rsa, 1) < 0) {
+    log_err(LD_BUG, "Error computing RSA fingerprint");
     return -1;
   }
-  if (crypto_pk_get_fingerprint(k, buf, 1)<0) {
-    log_err(LD_BUG, "Error computing fingerprint");
+  if (!(edkey = get_master_identity_key())) {
+    log_err(LD_GENERAL,"Error: missing ed25519 identity key.");
     return -1;
   }
-  printf("%s %s\n", nickname, buf);
+  if (show_rsa) {
+    printf("%s %s\n", nickname, rsa);
+  }
+  if (show_ed25519) {
+    char ed25519[ED25519_BASE64_LEN + 1];
+    digest256_to_base64(ed25519, (const char *) edkey->pubkey);
+    printf("%s %s\n", nickname, ed25519);
+  }
   return 0;
 }