diff options
author | Nick Mathewson <nickm@torproject.org> | 2015-08-12 14:39:43 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2015-08-12 14:48:14 -0400 |
commit | 5a79d67a45454ab5b7413478702acb93dfa867e2 (patch) | |
tree | 3e61f117a656208e2ab20121d629fa25168959cd /tor-spec.txt | |
parent | 8307e968817e4178941c7647ef4ce6df5bb0c76b (diff) | |
download | torspec-5a79d67a45454ab5b7413478702acb93dfa867e2.tar.gz torspec-5a79d67a45454ab5b7413478702acb93dfa867e2.zip |
Start writing/copying/adding a bunch of stuff about ed25519 keys
Diffstat (limited to 'tor-spec.txt')
-rw-r--r-- | tor-spec.txt | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/tor-spec.txt b/tor-spec.txt index 27c933d..ee0e511 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -142,9 +142,11 @@ see tor-design.pdf. Every Tor relay has multiple public/private keypairs: + These are 1024-bit RSA keys: + - A long-term signing-only "Identity key" used to sign documents and certificates, and used to establish relay identity. - - A medium-term "Onion key" used to decrypt onion skins when accepting + - A medium-term TAP "Onion key" used to decrypt onion skins when accepting circuit extend attempts. (See 5.1.) Old keys MUST be accepted for at least one week after they are no longer advertised. Because of this, relays MUST retain old keys for a while after they're rotated. @@ -152,8 +154,28 @@ see tor-design.pdf. Tor implementations MAY rotate this key as often as they like, and SHOULD rotate this key at least once a day. - Tor relays are also identified by "nicknames"; these are specified in - dir-spec.txt. + This is Curve25519 key: + + - A medium-term ntor "Onion key" used to handle onion key handshakes when + accepting incoming circuit extend requests. As with TAP onion keys, + old ntor keys MUST be accepted for at least one week after they are no + longer advertised. Because of this, relays MUST retain old keys for a + while after they're rotated. + + These are Ed25519 keys: + + - A long-term "master identity" key. This key never + changes; it is used only to sign the "signing" key below. It may be + kept offline. + - A medium-term "signing" key. This key is signed by the master identity + key, and must be kept online. A new one should be generated + periodically. + - A short-term "link authentication" key. Not yet used. + + The RSA identity key and Ed25519 master identity key together identify a + router uniquely. Once a router has used an Ed25519 master identity key + together with a given RSA identity key, neither of those keys may ever be + used with a different key. 2. Connections |