Re: [tor-dev] possible to run --keygen non-interactively?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Oh, right - sorry, misunderstood. In this case not using --keygen might be a workaround. I do understand the use of --nopass, I'll include it in the ticket and maybe we can have it along with --master-key and --out. On 11/15/2015 5:36 PM, nusenu wrote: > > >>> The "Enter passphrase" request when manually calling --keygen >>> is optional, not mandatory. If you just leave it blank and >>> proceed it will just create an unencrypted master identity >>> key. >> >> I know, but that requires someone to press enter (or a dirty >> expect script) if you want to run that non-interactively. >> >> Something like --nopass would be appreciated (if not there >> yet?). >> >> https://trac.torproject.org/projects/tor/ticket/17603 > > Maybe not using --keygen in the first place is the workaround here > ;) (So I get master keys without passphrase and non-interactively) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJWSKeyAAoJEIN/pSyBJlsRLicIAJiHXEl3IA2Hxz/rwGR+X6Qd HnDWFcDrx1OD4HzeTKA0LVJdhtACGWpT03z+kJ5zo5jDf8pLxMMvPSKfyZBsXQSb 7Lg8TjXL7R+jB+9GRcqBnzJT6Zzgx35I95DoAR5QdkNg6h6uXh7cVZ6NAQCmQL4K fHYOb8Gi97DTlxFHqZtLFsb8N+RRF9FFIAAKo3TY0IZCxBjcwkEaPBzPwMivQCm4 YlIJbH5XGnkRXoP0w0NFkOTEIFHnDSZmORNSFYotmsHDX1QIwYaOYbKo0fL54AoG AUPvwMN4luEwXS3HitLCR+9hdujqLk3iz+wTpcfk7NmkI1OOscnzPdu2TnRpZm4= =WjS0 -END PGP SIGNATURE- ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] possible to run --keygen non-interactively?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The "Enter passphrase" request when manually calling --keygen is optional, not mandatory. If you just leave it blank and proceed it will just create an unencrypted master identity key. On 11/14/2015 10:18 AM, nusenu wrote: > Hi, > > is there a way to use tor --keygen non-interactively? > > background: I might want to integrate offline master key > functionality into ansible-relayor [1]. The basic idea is to > generate the master keys on the ansible client and push only the > required signing keys to the relays (master keys never touch the > relay). Since every step should be automated, master keys will not > be passphrase protected. I consider unprotected (no passphrase) > offline master keys still a lot better than online master keys, but > currently I don't know how to generate master keys without > passphrase in an non-interactive way (--keygen asks for the > passphrase when generating a new key). > > If that is not possible (out of the box) yet, would you consider a > feature request, lets call it '--nopass' that can be used with > --keygen to generate new keys without passphrase? (a more general > approach would probably be to have --passphrase but > doing so would potentially write your passphrase to your shell > history file). > > > thanks! > > > > > > > > > > [1] https://github.com/nusenu/ansible-relayor -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJWSKINAAoJEIN/pSyBJlsR4FQH/1OpXMm2tQZ4R8jk3qiskCdB PJvnPd2PpC5drh7jCRa8Z90TuJClx8j4XJ5YnoAswM01il7DSLDOzXMVeSbygKcb aE+clhLe1JkO3lODxVGe+4arkhK1JR00/0Dlh6zKG9EtdB1bWeQ8J9E0z9qOt+R4 AR5ov5ezq2NlICpHDUEZwvKDWdhavKtJxeR6xZ9Yn6EQU4/iZeb/MBgSmdCsLflY HEC7eK3doseXlZPtjYSL2bRPbSvbUJMLSAcN75M09vhgWfdKXDl+MDyinN/hF9gp /ILJ4p0NZtY8VPnrve14CGalQ4XC+oeJv8OY8Kpwy6vWCwf6N5Q6FhjawhxMikU= =UvRo -END PGP SIGNATURE- ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] possible to run --keygen non-interactively?
s7r: > The "Enter passphrase" request when manually calling --keygen is > optional, not mandatory. If you just leave it blank and proceed it > will just create an unencrypted master identity key. I know, but that requires someone to press enter (or a dirty expect script) if you want to run that non-interactively. Something like --nopass would be appreciated (if not there yet?). https://trac.torproject.org/projects/tor/ticket/17603 thanks! ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] possible to run --keygen non-interactively?
>> The "Enter passphrase" request when manually calling --keygen is >> optional, not mandatory. If you just leave it blank and proceed it >> will just create an unencrypted master identity key. > > I know, but that requires someone to press enter (or a dirty expect > script) if you want to run that non-interactively. > > Something like --nopass would be appreciated (if not there yet?). > > https://trac.torproject.org/projects/tor/ticket/17603 Maybe not using --keygen in the first place is the workaround here ;) (So I get master keys without passphrase and non-interactively) ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] possible to run --keygen non-interactively?
> Maybe: > > echo "" | whatyouwanttodo --keygen > > or > > whatyouwanttodo --keygen < EOF Yes I tried that already, but no it does not work. That would require the program (tor) to read from sdtin - which it doesn't. solution: generate master keys non-interactively: tor --datadir data --orport 1234 --list-fingerprint ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] possible to run --keygen non-interactively?
Maybe: echo "" | whatyouwanttodo --keygen or whatyouwanttodo --keygen < EOF ~Josef Am 15.11.2015 um 16:26 schrieb nusenu: > > s7r: >> The "Enter passphrase" request when manually calling --keygen is >> optional, not mandatory. If you just leave it blank and proceed it >> will just create an unencrypted master identity key. > I know, but that requires someone to press enter (or a dirty expect > script) if you want to run that non-interactively. > > Something like --nopass would be appreciated (if not there yet?). > > https://trac.torproject.org/projects/tor/ticket/17603 > > > thanks! > ___ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] possible to run --keygen non-interactively?
> On 16 Nov 2015, at 02:36, Josef Stautnerwrote: > > EOF is false of course. > I mean < /dev/null of course :-) > >> Am 15.11.2015 um 16:28 schrieb Josef Stautner: >> Maybe: >> >> echo "" | whatyouwanttodo --keygen >> >> or >> >> whatyouwanttodo --keygen < EOF These alternatives will produce different outputs: The /dev/null alternative produces no input data. The echo "" alternative produces a newline on most platforms. Consistent "no password" passwords are another reason to have a --no-pass option. Tim (teor) ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev