GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  TOR-GENCERT (1)

.ds Aq ’

NAME

tor-gencert - Generate certs and keys for Tor directory authorities

CONTENTS

SYNOPSIS

tor-gencert [-h|--help] [-v] [-r|--reuse] [--create-identity-key] [-i id_file] [-c cert_file] [-m num] [-a address:port]

DESCRIPTION

tor-gencert generates certificates and private keys for use by Tor directory authorities running the v3 Tor directory protocol, as used by Tor 0.2.0 and later. If you are not running a directory authority, you don\(cqt need to use tor-gencert.

Every directory authority has a long term authority identity key (which is distinct from the identity key it uses as a Tor server); this key should be kept offline in a secure location. It is used to certify shorter-lived signing keys, which are kept online and used by the directory authority to sign votes and consensus documents.

After you use this program to generate a signing key and a certificate, copy those files to the keys subdirectory of your Tor process, and send Tor a SIGHUP signal. DO NOT COPY THE IDENTITY KEY.

OPTIONS

-v

Display verbose output.

-h or --help

Display help text and exit.

-r or --reuse

Generate a new certificate, but not a new signing key. This can be used to change the address or lifetime associated with a given key.

--create-identity-key

Generate a new identity key. You should only use this option the first time you run tor-gencert; in the future, you should use the identity key that\(cqs already there.

-i FILENAME

Read the identity key from the specified file. If the file is not present and --create-identity-key is provided, create the identity key in the specified file. Default: "./authority_identity_key"

-s FILENAME

Write the signing key to the specified file. Default: "./authority_signing_key"

-c FILENAME

Write the certificate to the specified file. Default: "./authority_certificate"

-m NUM

Number of months that the certificate should be valid. Default: 12.

--passphrase-fd FILEDES

Filedescriptor to read the file descriptor from. Ends at the first NUL or newline. Default: read from the terminal.

-a address:port

If provided, advertise the address:port combination as this authority\(cqs preferred directory port in its certificate. If the address is a hostname, the hostname is resolved to an IP before it\(cqs published.

BUGS

This probably doesn\(cqt run on Windows. That\(cqs not a big issue, since we don\(cqt really want authorities to be running on Windows anyway.

SEE ALSO

tor(1)

See also the "dir-spec.txt" file, distributed with Tor.

AUTHORS

Roger Dingledine <arma@mit.edu>, Nick Mathewson <nickm@alum.mit.edu>.

AUTHOR

Nick Mathewson

Author.
Search for    or go to Top of page |  Section 1 |  Main Index


Tor TOR-GENCERT (1) 11/13/2015

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.