mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Document the contents of $datadir/keys
Ticket 17621.
This commit is contained in:
parent
8d962233f6
commit
af4b7d0405
3
changes/doc17621
Normal file
3
changes/doc17621
Normal file
@ -0,0 +1,3 @@
|
||||
o Documentation:
|
||||
- Document the contents of the 'datadir/keys' subdirectory in the manual
|
||||
page. Closes ticekt 17621.
|
@ -2702,6 +2702,61 @@ __DataDirectory__**/lock**::
|
||||
__DataDirectory__**/keys/***::
|
||||
Only used by servers. Holds identity keys and onion keys.
|
||||
|
||||
__DataDirectory__**/keys/authority_identity_key**::
|
||||
A directory authority's master identity key, used to authenticate its
|
||||
signing key. Tor doesn't use this while it's running. The tor-gencert
|
||||
program uses this. If you're running an authority, you should keep this
|
||||
key offline, and not actually put it here.
|
||||
|
||||
__DataDirectory__**/keys/authority_certificate**::
|
||||
A directory authority's certificate, which authenticates the authority's
|
||||
current vote- and consensus-signing key using its master identity key.
|
||||
Only directory authorities use this file.
|
||||
|
||||
__DataDirectory__**/keys/authority_signing_key**::
|
||||
A directory authority's signing key, used to sign votes and consensuses.
|
||||
Only directory authorities use this file. Corresponds to the
|
||||
**authority_certificate** cert.
|
||||
|
||||
__DataDirectory__**/keys/legacy_certificate**::
|
||||
As authority_certificate: used only when V3AuthUseLegacyKey is set.
|
||||
See documentation for V3AuthUseLegacyKey.
|
||||
|
||||
__DataDirectory__**/keys/legacy_signing_key**::
|
||||
As authority_signing_key: used only when V3AuthUseLegacyKey is set.
|
||||
See documentation for V3AuthUseLegacyKey.
|
||||
|
||||
__DataDirectory__**/keys/secret_id_key**::
|
||||
A relay's RSA1024 permanent identity key, including private and public
|
||||
components. Used to sign router descriptors, and to sign other keys.
|
||||
|
||||
__DataDirectory__**/keys/ed25519_master_id_public_key**::
|
||||
The public part of a relay's Ed25519 permanent identity key.
|
||||
|
||||
__DataDirectory__**/keys/ed25519_master_id_secret_key**::
|
||||
The private part of a relay's Ed25519 permanent identity key. This key
|
||||
is used to sign the medium-term ed25519 signing key. This file can be
|
||||
kept offline, or kept encrypted. If so, Tor will not be able to generate
|
||||
new signing keys itself; you'll need to use tor --keygen yourself to do
|
||||
so.
|
||||
|
||||
__DataDirectory__**/keys/ed25519_signing_secret_key**::
|
||||
The private and public components of a relay's medium-term Ed25519 signing
|
||||
key. This key is authenticated by the Ed25519 master key, in turn
|
||||
authenticates other keys (and router descriptors).
|
||||
|
||||
__DataDirectory__**/keys/ed25519_signing_cert**::
|
||||
The certificate which authenticates "ed25519_signing_secret_key" as
|
||||
having been signed by the Ed25519 master key.
|
||||
|
||||
__DataDirectory__**/keys/secret_onion_key**::
|
||||
A relay's RSA1024 short-term onion key. Used to decrypt old-style ("TAP")
|
||||
circuit extension requests.
|
||||
|
||||
__DataDirectory__**/keys/secret_onion_key_ntor**::
|
||||
A relay's Curve25519 short-term onion key. Used to handle modern ("ntor")
|
||||
circuit extension requests.
|
||||
|
||||
__DataDirectory__**/fingerprint**::
|
||||
Only used by servers. Holds the fingerprint of the server's identity key.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user