More log messages for keygen problems

2025-02-22 22:25:51 +01:00 · 2015-08-10 11:04:53 -04:00 · 2015-08-10 11:04:53 -04:00 · 426ef9c8eb
commit 426ef9c8eb
parent c88a8a7ca3
2 changed files with 18 additions and 4 deletions
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@ -246,6 +246,9 @@ write_secret_key(const ed25519_secret_key_t *key, int encrypted,
 * If INIT_ED_KEY_NO_REPAIR is set, and there is any issue loading the keys
 * from disk _other than their absence_ (full or partial), we do not try to
 * replace them.
+ *
+ * If INIT_ED_KEY_SUGGEST_KEYGEN is set, have log messages about failures
+ * refer to the --keygen option.
 */
 ed25519_keypair_t *
 ed_key_init_from_file(const char *fname, uint32_t flags,
@ -358,8 +361,12 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
        /* If we have a secret key and we're reloading the public key,
         * the key must match! */
        if (! ed25519_pubkey_eq(&keypair->pubkey, &pubkey_tmp)) {
-          tor_log(severity, LD_OR, "%s does not match %s!",
-                  public_fname, loaded_secret_fname);
+          tor_log(severity, LD_OR, "%s does not match %s!  If you are trying "
+                  "to restore from backup, make sure you didn't mix up the "
+                  "key files. If you are absolutely sure that %s is the right "
+                  "key for this relay, delete %s or move it out of the way.",
+                  public_fname, loaded_secret_fname,
+                  loaded_secret_fname, public_fname);
          goto err;
        }
      } else {
@ -389,11 +396,17 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
      !(flags & INIT_ED_KEY_MISSING_SECRET_OK)) {
    if (have_encrypted_secret_file) {
      tor_log(severity, LD_OR, "We needed to load a secret key from %s, "
-              "but it was encrypted. Try tor --keygen instead.",
+              "but it was encrypted. Try 'tor --keygen' instead, so you "
+              "can enter the passphrase.",
              secret_fname);
    } else {
      tor_log(severity, LD_OR, "We needed to load a secret key from %s, "
-              "but couldn't find it.", secret_fname);
+              "but couldn't find it. %s", secret_fname,
+              (flags & INIT_ED_KEY_SUGGEST_KEYGEN) ?
+              "If you're keeping your master secret key offline, you will "
+              "need to run 'tor --keygen' to generate new signing keys." :
+              "Did you forget to copy it over when you copied the rest of the "
+              "signing key material?");
    }
    goto err;
  }
--- a/src/or/routerkeys.h
+++ b/src/or/routerkeys.h
@ -16,6 +16,7 @@
 #define INIT_ED_KEY_OMIT_SECRET                 (1u<<7)
 #define INIT_ED_KEY_TRY_ENCRYPTED               (1u<<8)
 #define INIT_ED_KEY_NO_REPAIR                   (1u<<9)
+#define INIT_ED_KEY_SUGGEST_KEYGEN              (1u<<10)

 struct tor_cert_st;
 ed25519_keypair_t *ed_key_init_from_file(const char *fname, uint32_t flags,