diff options
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/routerkeys.c | 21 | ||||
-rw-r--r-- | src/or/routerkeys.h | 1 |
2 files changed, 18 insertions, 4 deletions
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 025fa6f514..80b26e6bf8 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -246,6 +246,9 @@ write_secret_key(const ed25519_secret_key_t *key, int encrypted, * If INIT_ED_KEY_NO_REPAIR is set, and there is any issue loading the keys * from disk _other than their absence_ (full or partial), we do not try to * replace them. + * + * If INIT_ED_KEY_SUGGEST_KEYGEN is set, have log messages about failures + * refer to the --keygen option. */ ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, @@ -358,8 +361,12 @@ ed_key_init_from_file(const char *fname, uint32_t flags, /* If we have a secret key and we're reloading the public key, * the key must match! */ if (! ed25519_pubkey_eq(&keypair->pubkey, &pubkey_tmp)) { - tor_log(severity, LD_OR, "%s does not match %s!", - public_fname, loaded_secret_fname); + tor_log(severity, LD_OR, "%s does not match %s! If you are trying " + "to restore from backup, make sure you didn't mix up the " + "key files. If you are absolutely sure that %s is the right " + "key for this relay, delete %s or move it out of the way.", + public_fname, loaded_secret_fname, + loaded_secret_fname, public_fname); goto err; } } else { @@ -389,11 +396,17 @@ ed_key_init_from_file(const char *fname, uint32_t flags, !(flags & INIT_ED_KEY_MISSING_SECRET_OK)) { if (have_encrypted_secret_file) { tor_log(severity, LD_OR, "We needed to load a secret key from %s, " - "but it was encrypted. Try tor --keygen instead.", + "but it was encrypted. Try 'tor --keygen' instead, so you " + "can enter the passphrase.", secret_fname); } else { tor_log(severity, LD_OR, "We needed to load a secret key from %s, " - "but couldn't find it.", secret_fname); + "but couldn't find it. %s", secret_fname, + (flags & INIT_ED_KEY_SUGGEST_KEYGEN) ? + "If you're keeping your master secret key offline, you will " + "need to run 'tor --keygen' to generate new signing keys." : + "Did you forget to copy it over when you copied the rest of the " + "signing key material?"); } goto err; } diff --git a/src/or/routerkeys.h b/src/or/routerkeys.h index 9b93358ae3..b4e73aa33f 100644 --- a/src/or/routerkeys.h +++ b/src/or/routerkeys.h @@ -16,6 +16,7 @@ #define INIT_ED_KEY_OMIT_SECRET (1u<<7) #define INIT_ED_KEY_TRY_ENCRYPTED (1u<<8) #define INIT_ED_KEY_NO_REPAIR (1u<<9) +#define INIT_ED_KEY_SUGGEST_KEYGEN (1u<<10) struct tor_cert_st; ed25519_keypair_t *ed_key_init_from_file(const char *fname, uint32_t flags, |