-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 11/19/2015 6:02 PM, nusenu wrote:
thanks for the feedback!
Are secret_onion_* files required at all when restoring a relay? (it doesn't look like it)
If you confirm that I would simply remove them from the list and never copy them over.
remaining with these files:
ed25519_master_id_public_key ed25519_signing_cert ed25519_signing_secret_key secret_id_key
(tor's manual page FILES section is not very verbose in that regard
- unfortunately)
The secret_onion_* files are not required when restoring a relay, no.
Some suggestions:
- - don't copy the ed25519_master_id_public_key file. If it is missing, Tor will just compute it from the certificate and save it to disk. But, if by accident an user copies the medium term signing keys related to another relay, Tor will detect they don't match the ed25519_master_id_public_key file and exit.
- - when you run tor --orport [...] just to generate the keys in a non-interactive way, include a PublishServerDescriptor 0 in the command as well, send the log to /dev/null and terminate the process immediately. The descriptor will have to be published by the Tor process actually running the relay. If the master id private key is not encrypted, --keygen should be able to renew the medium term signing key in a non-interactive way. But it's not a big deal if you decide to do it with tor --orport [...] if it's easier for you this way.
- - make it as hard as you can for users to accidentally mix keys belonging to different relays. This will be a tough one.