Directory authority key certificates

Directory authorities create key certificates to certify their medium-term signing keys (KP_auth_sign_rsa) with their long-term authority identity keys (KP_auth_id_rsa).

An authority key certificate is a netdoc. Authority key certificates can appear as a sub-section of other documents, notably network status votes.

Authorities MUST generate a new signing key and corresponding certificate before the key expires.

Authority key certificate items

dir-key-certificate-version — Introduce an auth key cert

  • dir-key-certificate-version version ..
  • At start, exactly once

States the protocol version of the key certificate.

version MUST be 3. Implementations MUST reject formats they don’t understand.

dir-address — Public directory service address

  • dir-address address:port ..
  • At most once

The IP address and TCP port at which this authority serves directory requests over HTTP,

fingerprint — authority identity, H(KP_auth_id_rsa)

  • fingerprint fingerprint ..
  • Exactly once.

fingerprint is SHA1(DER(KP_auth_id_rsa)), in uppercase hex.

dir-identity-key — authority identity key, KP_auth_id_rsa

  • dir-identity-key
  • key_ Object, RSA PUBLIC KEY
  • Exactly once.
  • No extra arguments

The long-term authority identity key KP_auth_id_rsa for this authority. key is a DER PKCS#1 RSAPublicKey structure encoded as an Object.

This key SHOULD be at least 2048 bits long; it MUST NOT be shorter than 1024 bits.

dir-key-published — Certificate generation time

  • dir-key-published date time ..
  • Exactly once.

date and time are as for published in a router descriptor.

The time when this document and corresponding key were last generated.

Implementations SHOULD reject certificates that are published too far in the future, though they MAY tolerate some clock skew.

dir-key-expires – Certificate expiry time

  • dir-key-expires date time ..
  • Exactly once.

The time after which this certificate is no longer valid. date and time are as for dir-key-published.

Implementations SHOULD reject expired certificates, though they MAY tolerate some clock skew.

dir-signing-key — Signing key, KP_auth_sign_rsa

  • dir-signing-key
  • key_ Object, RSA PUBLIC KEY
  • Exactly once
  • No extra arguments.

The directory server’s public signing key KP_auth_sign_rsa. This key MUST be at least 1024 bits, and MAY be longer.

dir-key-crosscert — Cross-certificate by KP_auth_sign_rsa

  • dir-key-crosscert
  • CrossSignature, Object ID SIGNATURE or SIGNATURE
  • Exactly once.
  • No extra arguments.

CrossSignature is a signature, made using the certificate’s signing key KP_auth_sign_rsa, of the PKCS1-padded hash of the certificate’s identity key: SHA1(DER(KP_auth_id_rsa)). For backward compatibility with broken versions of the parser, we wrap the base64-encoded signature in -----BEGIN ID SIGNATURE---- and -----END ID SIGNATURE----- tags. Implementations MUST allow the “ID “ portion to be omitted, however.

Implementations MUST verify that the signature is a correct signature of the hash of the identity key using the signing key.

dir-key-certification — Signature