> I think [2] is the wrong link? There's nothing about this in there. thanks for pointing that out, correct URL: https://trac.torproject.org/projects/tor/ticket/17603
> I think this is expected and correct behavior. > > If medium term signing key exists, and is sufficiently valid in the > future for Tor, it won't try to automatically renew them. > It will use the new SigningKeyLifetime value for the NEW keys, once > the ones it already has are _about_ to expire and Tor _wants_ to > generate new medium term signing key. The important info for me here is: How is "about to expire" defined? x days before expiry or 80% of its lifetime is over? Can it be configured? > If you already have medium term signing key valid 30 days in the > future you can't replace it using the automated key generator in Tor > (no manual --keygen). > > I think it should stay like this. If you want to change the lifetime > of the medium term signing key with --orport, do a rm -rf > ed25519_signing_* before that command. > > P.S. also if they master id key is not encrypted you can use --keygen > in a non-interactive way afaik. yes that is correct. So for the workaround of the workaround I will simply invoke tor twice. First time without --keygen for key generation, then with --keygen for signing key renewal. thanks for the quick reply. _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
