1tor-gencert(1)                                                  tor-gencert(1)
2
3
4

NAME

6       tor-gencert - Generate certs and keys for Tor directory authorities
7
8

SYNOPSIS

10       tor-gencert [-h|--help]  [-v]  [-r|--reuse] [--create-identity-key] [-i
11       id_file] [-c cert_file] [-m num] [-a address:port]
12
13

DESCRIPTION

15       tor-gencert generates certificates and private  keys  for  use  by  Tor
16       directory authorities running the v3 Tor directory protocol, as used by
17       Tor 0.2.0 and later.  If you are not running a directory authority, you
18       don't need to use tor-gencert.
19
20       Every directory authority has a long term authority identity key (which
21       is distinct from the identity key it uses as a Tor  server);  this  key
22       should  be  kept  offline  in a secure location.  It is used to certify
23       shorter-lived signing keys, which are  kept  online  and  used  by  the
24       directory authority to sign votes and consensus documents.
25
26       After you use this program to generate a signing key and a certificate,
27       copy those files to the keys subdirectory of your Tor process, and send
28       Tor a SIGHUP signal. DO NOT COPY THE IDENTITY KEY.
29
30

OPTIONS

32       -v Display verbose output.
33
34       -h or --help
35              Display help text and exit.
36
37       -r or --reuse
38              Generate a new certificate, but not a new signing key.  This can
39              be used to change the address  or  lifetime  associated  with  a
40              given key.
41
42       --create-identity-key
43              Generate  a  new  identity key.  You should only use this option
44              the first time you run tor-gencert; in the  future,  you  should
45              use the identity key that's already there.
46
47       -i FILENAME
48              Read  the  identity key from the specified file.  If the file is
49              not present and --create-identity-key is  provided,  create  the
50              identity key in the specified file.  Default: "./authority_iden‐
51              tity_key"
52
53       -s FILENAME
54              Write  the  signing  key  to  the  specified   file.    Default:
55              "./authority_signing_key"
56
57       -c FILENAME
58              Write   the   certificate   to  the  specified  file.   Default:
59              "./authority_certificate"
60
61       -m NUM Number of months that the certificate should be valid.  Default:
62              12.
63
64       --passphrase-fd FILEDES
65              Filedescriptor  to  read  the file descriptor from.  Ends at the
66              first NUL or newline.  Default: read from the terminal.
67
68       -a address:port
69              If provided, advertise  the  address:port  combination  as  this
70              authority's preferred directory port in its certificate.  If the
71              address is a hostname, the hostname is resolved to an IP  before
72              it's published.
73
74

BUGS

76       This probably doesn't run on Windows.  That's not a big issue, since we
77       don't really want authorities to be running on Windows anyway.
78
79

SEE ALSO

81       tor(1)
82
83       See also the "dir-spec.txt" file, distributed with Tor.
84
85

AUTHORS

87       Roger Dingledine <arma@mit.edu>, Nick Mathewson <nickm@alum.mit.edu>.
88
89
90
91Jan-2008                                                        tor-gencert(1)
Impressum