From: Nick Mathewson <nickm@torproject.org>
Date: Fri, 16 Jun 2017 18:26:21 +0000 (-0400)
Subject: Document key-pinning-journal
X-Git-Tag: tor-0.3.1.4-alpha~45
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a73d0fe9a87df762474ee928ff9e6282e5e38430;p=thirdparty%2Ftor.git

Document key-pinning-journal

Closes 22347
---

diff --git a/changes/bug22347 b/changes/bug22347
new file mode 100644
index 0000000000..f294ba0a2d
--- /dev/null
+++ b/changes/bug22347
@@ -0,0 +1,2 @@
+  o Documentation:
+    - Add a manpage description for the key-pinning-journal file.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 5e0a71ca26..7544c03f97 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2741,6 +2741,13 @@ __DataDirectory__**/lock**::
     directory. If access to this file is locked, data directory is already
     in use by Tor.
 
+__DataDirectory__**/key-pinning-journal**::
+    Used by authorities. A line-based file that records mappings between
+    RSA1024 identity keys and Ed25519 identity keys. Authorities enforce
+    these mappings, so that once a relay has picked an Ed25519 key, stealing
+    or factoring the RSA1024 key will no longer let an attacker impersonate
+    the relay.
+
 __DataDirectory__**/keys/***::
     Only used by servers. Holds identity keys and onion keys.