Directory authority key certificates

Directory authorities create key certificates to certify their medium-term signing keys (KP_auth_sign_rsa) with their long-term authority identity keys (KP_auth_id_rsa).

An authority key certificate is a netdoc. Authority key certificates can appear as a sub-section of other documents, notably network status votes.

Authorities MUST generate a new signing key and corresponding certificate before the key expires.

Authority key certificate items

`dir-key-certificate-version` — Introduce an auth key cert

dir-key-certificate-version version ..
At start, exactly once

States the protocol version of the key certificate.

version MUST be 3. Implementations MUST reject formats they don’t understand.

`dir-address` — Public directory service address

dir-address address:port ..
At most once

The IP address and TCP port at which this authority serves directory requests over HTTP,

`fingerprint` — authority identity, H(KP_auth_id_rsa)

fingerprint fingerprint ..
Exactly once.

fingerprint is SHA1(DER(KP_auth_id_rsa)), in uppercase hex.

`dir-identity-key` — authority identity key, KP_auth_id_rsa

dir-identity-key
key_ Object, RSA PUBLIC KEY
Exactly once.
No extra arguments

The long-term authority identity key KP_auth_id_rsa for this authority. key is a DER PKCS#1 RSAPublicKey structure encoded as an Object.

This key SHOULD be at least 2048 bits long; it MUST NOT be shorter than 1024 bits.

`dir-key-published` — Certificate generation time

dir-key-published date time ..
Exactly once.

date and time are as for published in a router descriptor.

The time when this document and corresponding key were last generated.

Implementations SHOULD reject certificates that are published too far in the future, though they MAY tolerate some clock skew.

`dir-key-expires` – Certificate expiry time

dir-key-expires date time ..
Exactly once.

The time after which this certificate is no longer valid. date and time are as for dir-key-published.

Implementations SHOULD reject expired certificates, though they MAY tolerate some clock skew.

`dir-signing-key` — Signing key, KP_auth_sign_rsa

dir-signing-key
key_ Object, RSA PUBLIC KEY
Exactly once
No extra arguments.

The directory server’s public signing key KP_auth_sign_rsa. This key MUST be at least 1024 bits, and MAY be longer.

`dir-key-crosscert` — Cross-certificate by KP_auth_sign_rsa

dir-key-crosscert
CrossSignature, Object ID SIGNATURE or SIGNATURE
Exactly once.
No extra arguments.

CrossSignature is a signature, made using the certificate’s signing key KP_auth_sign_rsa, of the PKCS1-padded hash of the certificate’s identity key: SHA1(DER(KP_auth_id_rsa)). For backward compatibility with broken versions of the parser, we wrap the base64-encoded signature in -----BEGIN ID SIGNATURE---- and -----END ID SIGNATURE----- tags. Implementations MUST allow the “ID “ portion to be omitted, however.

Implementations MUST verify that the signature is a correct signature of the hash of the identity key using the signing key.

`dir-key-certification` — Signature

dir-key-certification
RSA signature of the document by KP_auth_id_rsa.
At end, exactly once.
No extra argument.

Tor Specifications