[tor-relays] Questions about OfflineMasterKey

teor teor2345 at gmail.com
Thu Jun 1 00:02:11 UTC 2017


> On 1 Jun 2017, at 02:59, nusenu <nusenu-lists at riseup.net> wrote:
> 
>>>> 
>>>> * To run the node with `OfflineMasterKey 1` you need to copy all the
>>>> files generated in the previous step *with the exception of the master key*.
>>> 
>>> more precisely: a relay in "OfflineMasterKey 1" mode requires 3 files:
>>> (this is the absolute minimum):
>>> 
>>> ed25519_signing_cert
>>> ed25519_signing_secret_key
>> 
>> Here you list only 2 files, which one is the third?
> 
> since I'm copying also the RSA key I initially wrote "3" but since it is
> not required I removed it (it gets generated if there is none)

You must keep the same pair of RSA and ed25519 keys.
Or you must create new RSA and ed25519 keys at the same time.

If you don't, your relay will be rejected from the network some time soon.

>>> Reminder: When you play around with this feature: always make sure to
>>> keep your Ed25519 + RSA keys. If your Ed25519 key changes while the RSA
>>> key remains, your relay will be rejected since these keys are pinned
>>> (for security).
>> 
>> I should keep the files:
>> ```
>> secret_id_key
>> secret_onion_key
>> secret_onion_key_ntor
>> secret_onion_key_ntor.old
>> secret_onion_key.old
>> ```
>> should be kept of the relay, do they matter?
> 
> keep the /keys subfolder of your datadir and you are fine (you don't
> need them all but it does not hurt)

You should keep the onion keys because clients use them to connect to
your relay. If you don't, it will take a few hours for clients to learn
the new ones.

T
--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170601/6c53b16a/attachment.sig>


More information about the tor-relays mailing list