[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] OfflineMasterKey / ansible-relayor



>> I copy/expose the following files to the relay:
>> > 
>> > [ 'ed25519_master_id_public_key', 'ed25519_signing_cert', 
>> > 'ed25519_signing_secret_key', 'secret_id_key', 'secret_onion_key', 
>> > 'secret_onion_key_ntor']
>> > 
>> > 
> When first setting up (new relay) or restoring the relay, yes. But
> when only renewing the ed25519 medium term signing key (if
> ansible-relayor will support this) you only need to copy/expose the
> following files to the relay:
> 
> ed25519_signing_cert, ed25519_signing_secret_key
> 
> If you also move secret_onion_key and secret_onion_key_ntor, it could
> mess Tor's internal automated key rotation, and the descriptors
> available to clients might become invalid, making it impossible for
> clients to extend circuits through this relay. That's why Tor keeps a
> .old version of these keys when rotating, so clients with older
> descriptors won't experience circuit failures when using this relay.
> 
> To detect this, either the user will let ansible-relayor know if he is
> setting up a new relay / restoring a relay or just renewing the
> ed25519 keys for a running relay, either read Tor's
> $datadirectory/keys folder and if secret_id_key exists, assume the latter.

thanks for the feedback!

Are secret_onion_* files required at all when restoring a relay?
(it doesn't look like it)

If you confirm that I would simply remove them from the list and never
copy them over.

remaining with these files:

ed25519_master_id_public_key
ed25519_signing_cert
ed25519_signing_secret_key
secret_id_key

(tor's manual page FILES section is not very verbose in that regard -
unfortunately)

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev