-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/19/2015 6:02 PM, nusenu wrote:
thanks for the feedback!
Are secret_onion_* files required at all when restoring a relay? (it doesn't look like it)
If you confirm that I would simply remove them from the list and never copy them over.
remaining with these files:
ed25519_master_id_public_key ed25519_signing_cert ed25519_signing_secret_key secret_id_key
(tor's manual page FILES section is not very verbose in that regard - unfortunately)
The secret_onion_* files are not required when restoring a relay, no. Some suggestions: - - don't copy the ed25519_master_id_public_key file. If it is missing, Tor will just compute it from the certificate and save it to disk. But, if by accident an user copies the medium term signing keys related to another relay, Tor will detect they don't match the ed25519_master_id_public_key file and exit. - - when you run tor --orport [...] just to generate the keys in a non-interactive way, include a PublishServerDescriptor 0 in the command as well, send the log to /dev/null and terminate the process immediately. The descriptor will have to be published by the Tor process actually running the relay. If the master id private key is not encrypted, --keygen should be able to renew the medium term signing key in a non-interactive way. But it's not a big deal if you decide to do it with tor --orport [...] if it's easier for you this way. - - make it as hard as you can for users to accidentally mix keys belonging to different relays. This will be a tough one. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJWTgYxAAoJEIN/pSyBJlsRYlQIALGieVxwnd8OzLXBTd/5CwRO dLjfYC79Y++dDr6ukXb5UMXtFdWpa7T9lCr4NZdZs2PkFw6r7HckJVhboKlPt2cB agYh1j5zO77tghv0BlhmV0x/e8XKz+pZwuDnotQXP9fIRG0cRpi50yWWRANfB7iz yQfbfJE+16Zp2qaUiHbK/Wpt/Lft3S3o9VstV65Z2YgTPTzGmoh5da4bAOVJMxEJ JESEfhbLZNtHTd+0xWN/ybvrKvrTiq7m4ihNRfCRJL31Mtj3LVBl5i93PW5Exd8m L+Kaf+K65zw94le+Id6Rt6BtRhATH8KhFUlemkNCNGFKo0XUgSqH0T5SfpLtvKU= =/w7T -----END PGP SIGNATURE-----