[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SSL Keys + Identity of a Tor server

phobos@xxxxxxxxxx wrote:
> On Mon, Jun 02, 2008 at 08:43:44AM -0400, dante@xxxxxxxxxxxxxxxxxxx wrote 0.2K bytes in 9 lines about:
> : If I wanted to preserve the identity of a Tor server, I know I need to
> : keep the ssl keys.  I believe the only files I need to keep are
> : secret_id_key and secret_onion_key in /var/lib/tor/keys directory.  Am I
> : correct?
> https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#UpgradeRelay
> In summary, yes.

Thanks Andrew, two more questions not covered in the FAQ --- I want to
be sure before I do anything I'll regret later.

1) Do I need the secret_onion_key also?  It appears to be regenerated
occasionally so I assuming it doesn't matter for the identity of the
node.  I'm not sure what its function is which is what lead me to the
original post.

2) Is preserving the Nickname and the secret_id_key sufficient, as per
the FAQ?  In particular, if the IP address changes, does it matter?

I should say there are three reasons I'm asking:

1) I'm thinking of moving my tor relay server to another IP address.

2) This server was an ubuntu box and was affected by the debian openssl
flaw.  It used to be flagged as "Named" in the listing, but ever since I
regenerated the keys, it has remained unamed.

3) I'm working on a (new) release of a ramdisk-only tor server (I posted
about it before), but this time, I want to make sure that on reboots, it
preserve all the necessary files to maintain the node's ID.