[tor-relays] Questions about OfflineMasterKey

nusenu nusenu-lists at riseup.net
Wed May 31 16:59:00 UTC 2017


> Which one are the RSA keys and which one the ED25519 ones? 

Ed25519 master:
ed25519_master_id_public_key
ed25519_master_id_secret_key
Ed25519 signing:
ed25519_signing_cert
ed25519_signing_secret_key

RSA:
secret_id_key

>>> * To run the node with `OfflineMasterKey 1` you need to copy all the
>>> files generated in the previous step *with the exception of the master key*.
>>
>> more precisely: a relay in "OfflineMasterKey 1" mode requires 3 files:
>> (this is the absolute minimum):
>>
>> ed25519_signing_cert
>> ed25519_signing_secret_key
> 
> Here you list only 2 files, which one is the third?

since I'm copying also the RSA key I initially wrote "3" but since it is
not required I removed it (it gets generated if there is none)


>> Reminder: When you play around with this feature: always make sure to
>> keep your Ed25519 + RSA keys. If your Ed25519 key changes while the RSA
>> key remains, your relay will be rejected since these keys are pinned
>> (for security).
> 
> I should keep the files:
> ```
> secret_id_key
> secret_onion_key
> secret_onion_key_ntor
> secret_onion_key_ntor.old
> secret_onion_key.old
> ```
> should be kept of the relay, do they matter?

keep the /keys subfolder of your datadir and you are fine (you don't
need them all but it does not hurt)


-- 
https://mastodon.social/@nusenu
https://twitter.com/nusenu_

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170531/e5191c22/attachment.sig>


More information about the tor-relays mailing list