gits7r/update-tor-manuals--keygen.txt

## update-tor-manuals--keygen.txt
Update manual for Tor stable and Tor alpha.

1. Replace OfflineMasterKey 0|1 with a reference to the ed25519 identity key, since it's only related to it and not the old RSA one.

OfflineMasterKey 0|1
If set to 1, the Tor relay will never automatically generate a new ed25519 identity (ed25519 master identity key) or even try to load an existing one. Instead, you'll have to use "tor --keygen" to manually manage the ed25519 master identity key along with the temporary signing key and certificate. (Default 0)

2. Add under COMMAND-LINE OPTIONS documentation for --keygen:

--keygen [--DataDirectory <path/to/dir>] [--SigningKeyLifetime <'N days|weeks|months'>] [--newpass]
"tor --keygen" will create a new ed25519 master identity key for a relay or only a fresh temporary signing key and certificate if it already has a master key. Optionally you can encrypt the master identity key with a passphrase, Tor will ask you for one. If you don't want to encrypt the master key, just don't enter any passphrase when asked.

--DataDirectory is optional, use it to provide the path where you want to save the files. A 'keys' subfolder will be created automatically under the target folder which will contain the generated files. (Default: $HOME/.tor)
NOTE: The user running the --keygen command needs to have read and write permissions in the specified target folder. The generated files will be owned by the user who run the command which can be different from the user running the Tor daemon on the system. To use these files you need to move them to the DataDirectory/keys/ folder of your Tor daemon (if different) and change the owner to the user actually running the Tor daemon on the system (if different).

--SigningKeyLifetime is optional, use it if you need a different lifetime for the temporary signing key. (Default: 30 days)

--newpass is optional and should be used with --keygen only when you need to:
a) encrypt an existing ed25519 master identity key saved in plain text - in this case you will have to enter a new passphrase and confirm it.
b) change the passphrase to an existing ed25519 master identity key which is already encrypted - in this case you will have to provide the current passphrase, after that enter a new passphrase and confirm it.
c) decrypt an existing encrypted ed25519 master identity key and save it in plain text - in this case you will have to enter the current passphrase, after that don't enter any new passphrase and confirm.
	Update manual for Tor stable and Tor alpha.

	1. Replace OfflineMasterKey 0\|1 with a reference to the ed25519 identity key, since it's only related to it and not the old RSA one.

	OfflineMasterKey 0\|1
	If set to 1, the Tor relay will never automatically generate a new ed25519 identity (ed25519 master identity key) or even try to load an existing one. Instead, you'll have to use "tor --keygen" to manually manage the ed25519 master identity key along with the temporary signing key and certificate. (Default 0)

	2. Add under COMMAND-LINE OPTIONS documentation for --keygen:

	--keygen [--DataDirectory <path/to/dir>] [--SigningKeyLifetime <'N days\|weeks\|months'>] [--newpass]
	"tor --keygen" will create a new ed25519 master identity key for a relay or only a fresh temporary signing key and certificate if it already has a master key. Optionally you can encrypt the master identity key with a passphrase, Tor will ask you for one. If you don't want to encrypt the master key, just don't enter any passphrase when asked.

	--DataDirectory is optional, use it to provide the path where you want to save the files. A 'keys' subfolder will be created automatically under the target folder which will contain the generated files. (Default: $HOME/.tor)
	NOTE: The user running the --keygen command needs to have read and write permissions in the specified target folder. The generated files will be owned by the user who run the command which can be different from the user running the Tor daemon on the system. To use these files you need to move them to the DataDirectory/keys/ folder of your Tor daemon (if different) and change the owner to the user actually running the Tor daemon on the system (if different).

	--SigningKeyLifetime is optional, use it if you need a different lifetime for the temporary signing key. (Default: 30 days)

	--newpass is optional and should be used with --keygen only when you need to:
	a) encrypt an existing ed25519 master identity key saved in plain text - in this case you will have to enter a new passphrase and confirm it.
	b) change the passphrase to an existing ed25519 master identity key which is already encrypted - in this case you will have to provide the current passphrase, after that enter a new passphrase and confirm it.
	c) decrypt an existing encrypted ed25519 master identity key and save it in plain text - in this case you will have to enter the current passphrase, after that don't enter any new passphrase and confirm.