Re: [tor-dev] possible to run --keygen non-interactively?

2015-11-15 Thread s7r 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Oh, right - sorry, misunderstood.

In this case not using --keygen might be a workaround. I do understand
the use of --nopass, I'll include it in the ticket and maybe we can
have it along with --master-key and --out.

On 11/15/2015 5:36 PM, nusenu wrote:
> 
> 
>>> The "Enter passphrase" request when manually calling --keygen
>>> is optional, not mandatory. If you just leave it blank and
>>> proceed it will just create an unencrypted master identity
>>> key.
>> 
>> I know, but that requires someone to press enter (or a dirty
>> expect script) if you want to run that non-interactively.
>> 
>> Something like --nopass would be appreciated (if not there
>> yet?).
>> 
>> https://trac.torproject.org/projects/tor/ticket/17603
> 
> Maybe not using --keygen in the first place is the workaround here
> ;) (So I get master keys without passphrase and non-interactively)
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJWSKeyAAoJEIN/pSyBJlsRLicIAJiHXEl3IA2Hxz/rwGR+X6Qd
HnDWFcDrx1OD4HzeTKA0LVJdhtACGWpT03z+kJ5zo5jDf8pLxMMvPSKfyZBsXQSb
7Lg8TjXL7R+jB+9GRcqBnzJT6Zzgx35I95DoAR5QdkNg6h6uXh7cVZ6NAQCmQL4K
fHYOb8Gi97DTlxFHqZtLFsb8N+RRF9FFIAAKo3TY0IZCxBjcwkEaPBzPwMivQCm4
YlIJbH5XGnkRXoP0w0NFkOTEIFHnDSZmORNSFYotmsHDX1QIwYaOYbKo0fL54AoG
AUPvwMN4luEwXS3HitLCR+9hdujqLk3iz+wTpcfk7NmkI1OOscnzPdu2TnRpZm4=
=WjS0
-END PGP SIGNATURE-
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] possible to run --keygen non-interactively?

2015-11-15 Thread s7r 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

The "Enter passphrase" request when manually calling --keygen is
optional, not mandatory. If you just leave it blank and proceed it
will just create an unencrypted master identity key.

On 11/14/2015 10:18 AM, nusenu wrote:
> Hi,
> 
> is there a way to use tor --keygen non-interactively?
> 
> background: I might want to integrate offline master key
> functionality into ansible-relayor [1]. The basic idea is to
> generate the master keys on the ansible client and push only the
> required signing keys to the relays (master keys never touch the
> relay). Since every step should be automated, master keys will not
> be passphrase protected. I consider unprotected (no passphrase)
> offline master keys still a lot better than online master keys, but
> currently I don't know how to generate master keys without
> passphrase in an non-interactive way (--keygen asks for the
> passphrase when generating a new key).
> 
> If that is not possible (out of the box) yet, would you consider a 
> feature request, lets call it '--nopass' that can be used with
> --keygen to generate new keys without passphrase? (a more general
> approach would probably be to have --passphrase  but
> doing so would potentially write your passphrase to your shell
> history file).
> 
> 
> thanks!
> 
> 
> 
> 
> 
> 
> 
> 
> 
> [1] https://github.com/nusenu/ansible-relayor
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJWSKINAAoJEIN/pSyBJlsR4FQH/1OpXMm2tQZ4R8jk3qiskCdB
PJvnPd2PpC5drh7jCRa8Z90TuJClx8j4XJ5YnoAswM01il7DSLDOzXMVeSbygKcb
aE+clhLe1JkO3lODxVGe+4arkhK1JR00/0Dlh6zKG9EtdB1bWeQ8J9E0z9qOt+R4
AR5ov5ezq2NlICpHDUEZwvKDWdhavKtJxeR6xZ9Yn6EQU4/iZeb/MBgSmdCsLflY
HEC7eK3doseXlZPtjYSL2bRPbSvbUJMLSAcN75M09vhgWfdKXDl+MDyinN/hF9gp
/ILJ4p0NZtY8VPnrve14CGalQ4XC+oeJv8OY8Kpwy6vWCwf6N5Q6FhjawhxMikU=
=UvRo
-END PGP SIGNATURE-
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] possible to run --keygen non-interactively?

2015-11-15 Thread nusenu 


s7r:
> The "Enter passphrase" request when manually calling --keygen is
> optional, not mandatory. If you just leave it blank and proceed it
> will just create an unencrypted master identity key.

I know, but that requires someone to press enter (or a dirty expect
script) if you want to run that non-interactively.

Something like --nopass would be appreciated (if not there yet?).

https://trac.torproject.org/projects/tor/ticket/17603


thanks!
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] possible to run --keygen non-interactively?

2015-11-15 Thread nusenu 


>> The "Enter passphrase" request when manually calling --keygen is
>> optional, not mandatory. If you just leave it blank and proceed it
>> will just create an unencrypted master identity key.
> 
> I know, but that requires someone to press enter (or a dirty expect
> script) if you want to run that non-interactively.
> 
> Something like --nopass would be appreciated (if not there yet?).
> 
> https://trac.torproject.org/projects/tor/ticket/17603

Maybe not using --keygen in the first place is the workaround here ;)
(So I get master keys without passphrase and non-interactively)
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] possible to run --keygen non-interactively?

2015-11-15 Thread nusenu 
> Maybe:
> 
> echo "" | whatyouwanttodo --keygen
> 
> or
> 
> whatyouwanttodo --keygen < EOF

Yes I tried that already, but no it does not work.

That would require the program (tor) to read from sdtin - which it doesn't.


solution:
generate master keys non-interactively:
tor --datadir data --orport 1234 --list-fingerprint
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] possible to run --keygen non-interactively?

2015-11-15 Thread Josef Stautner 
Maybe:

echo "" | whatyouwanttodo --keygen

or

whatyouwanttodo --keygen < EOF

~Josef

Am 15.11.2015 um 16:26 schrieb nusenu:
>
> s7r:
>> The "Enter passphrase" request when manually calling --keygen is
>> optional, not mandatory. If you just leave it blank and proceed it
>> will just create an unencrypted master identity key.
> I know, but that requires someone to press enter (or a dirty expect
> script) if you want to run that non-interactively.
>
> Something like --nopass would be appreciated (if not there yet?).
>
> https://trac.torproject.org/projects/tor/ticket/17603
>
>
> thanks!
> ___
> tor-dev mailing list
> tor-dev@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev




signature.asc
Description: OpenPGP digital signature
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] possible to run --keygen non-interactively?

2015-11-15 Thread teor 

> On 16 Nov 2015, at 02:36, Josef Stautner  wrote:
> 
> EOF is false of course.
> I mean < /dev/null of course :-)
> 
>> Am 15.11.2015 um 16:28 schrieb Josef Stautner:
>> Maybe:
>> 
>> echo "" | whatyouwanttodo --keygen
>> 
>> or
>> 
>> whatyouwanttodo --keygen < EOF

These alternatives will produce different outputs:

The /dev/null alternative produces no input data.
The echo "" alternative produces a newline on most platforms.

Consistent "no password" passwords are another reason to have a --no-pass 
option.

Tim (teor)
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev