From b6eee531bb546683387fb471b754f24bc40580d0 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Sun, 1 Mar 2015 16:40:02 +0100 Subject: Support encrypted offline master keys with a new --keygen flag When --keygen is provided, we prompt for a passphrase when we make a new master key; if it is nonempty, we store the secret key in a new crypto_pwbox. Also, if --keygen is provided and there *is* an encrypted master key, we load it and prompt for a passphrase unconditionally. We make a new signing key unconditionally when --keygen is provided. We never overwrite a master key. --- src/or/or.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/or/or.h') diff --git a/src/or/or.h b/src/or/or.h index 81e1c1c1db..230bc470d9 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3405,7 +3405,8 @@ typedef struct { /** What should the tor process actually do? */ enum { CMD_RUN_TOR=0, CMD_LIST_FINGERPRINT, CMD_HASH_PASSWORD, - CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS, CMD_DUMP_CONFIG + CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS, CMD_DUMP_CONFIG, + CMD_KEYGEN } command; char *command_arg; /**< Argument for command-line option. */ -- cgit v1.2.3-54-g00ecf