|
|
Tor 0.2.1.8-alpha (Testing branch)
12-10-2008
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). License: BSD License (revised) Changes:|
|
TOR-GENCERT(1) Tor Manual TOR-GENCERT(1) NAME
tor-gencert - Generate certs and keys for Tor directory authorities SYNOPSIS
tor-gencert [-h|--help] [-v] [-r|--reuse] [--create-identity-key] [-i id_file] [-c cert_file] [-m num] [-a address:port] DESCRIPTION
tor-gencert generates certificates and private keys for use by Tor directory authorities running the v3 Tor directory protocol, as used by Tor 0.2.0 and later. If you are not running a directory authority, you don't need to use tor-gencert. Every directory authority has a long term authority identity key (which is distinct from the identity key it uses as a Tor server); this key should be kept offline in a secure location. It is used to certify shorter-lived signing keys, which are kept online and used by the directory authority to sign votes and consensus documents. After you use this program to generate a signing key and a certificate, copy those files to the keys subdirectory of your Tor process, and send Tor a SIGHUP signal. DO NOT COPY THE IDENTITY KEY. OPTIONS
-v Display verbose output. -h or --help Display help text and exit. -r or --reuse Generate a new certificate, but not a new signing key. This can be used to change the address or lifetime associated with a given key. --create-identity-key Generate a new identity key. You should only use this option the first time you run tor-gencert; in the future, you should use the identity key that's already there. -i FILENAME Read the identity key from the specified file. If the file is not present and --create-identity-key is provided, create the identity key in the specified file. Default: "./authority_identity_key" -s FILENAME Write the signing key to the specified file. Default: "./authority_signing_key" -c FILENAME Write the certificate to the specified file. Default: "./authority_certificate" -m NUM Number of months that the certificate should be valid. Default: 12. --passphrase-fd FILEDES Filedescriptor to read the file descriptor from. Ends at the first NUL or newline. Default: read from the terminal. -a address:port If provided, advertise the address:port combination as this authority's preferred directory port in its certificate. If the address is a hostname, the hostname is resolved to an IP before it's published. BUGS
This probably doesn't run on Windows. That's not a big issue, since we don't really want authorities to be running on Windows anyway. SEE ALSO
tor(1) See also the "dir-spec.txt" file, distributed with Tor. AUTHORS
Roger Dingledine <arma@mit.edu>, Nick Mathewson <nickm@alum.mit.edu>. AUTHOR
Nick Mathewson Author. Tor 09/26/2014 TOR-GENCERT(1)