[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Bridge "identity crisis" after reinstallation

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Bridge "identity crisis" after reinstallation
From: telekobold via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 16 Dec 2025 01:37:26 +0100
List-id: "support and questions about running Tor relays (exit, non-exit, bridge)" <tor-relays.lists.torproject.org>
Reply-to: telekobold <torproject-ml@xxxxxxxxxxxxx>

Hi,

about four weeks ago, I switched off one of my relays and two of mybridges running on Debian 11 ("Bullseye") systems after discovering the"not recommended" flags on the Tor metrics overview of those relays withthe intension of reinstalling and reconfiguring the underlying VMs andrelays the following days. (A few days later, I read on this list thatthose flags are not that critical, but unfortunately Tor doesn't seem tobe updated for Debian 11 at the official torproject Debian repositories[1]). But as life goes, something always came up in the days thatfollowed. However, a week ago, I finally wanted to reinstall one of thebridges. I'm using Offline Relay Identity Keys [2], so I created a newintermediate key pair consisting of ed25519_signing_cert anded25519_signing_secret_key locally and copied them to /var/lib/tor/keyson my freshly installed VM, together with ed25519_master_id_public_key.Unfortunately, I didn't copy the old secret_id_key key file. I thenrealized that the fingerprint files under /var/lib/tor changed (despitethat IP address, port number and identity key stayed the same) and thatI wasn't able to connect to my bridge using Tor Browser.

So, a week later (yesterday), I gave it a new try and did the completereinstallation and configuration process again, but with the slightdifference of also copying the files secret_onion_key,secret_onion_key_ntor and secret_id_key to /var/lib/tor/keys. Thisresulted in the fingerprint files being as they were on my oldinstallation, but I read the following message at /var/log/tor/notices.log:

[warn] http status 400 ("Looks like your keypair has changed? Thisauthority previously recorded a different RSA identity for this Ed25519identity (or vice versa.) Did you replace or copy some of your keyfiles, but not the others? You should either restore the expectedkeypair, or delete your keys and restart Tor to start your relay with anew identity.") response from dirserver 66.111.2.131:9001. Please correct.

So, I uninstalled tor, copied only the filesed25519_master_id_public_key, secret_id_key, ed25519_signing_cert anded25519_signing_secret_key to /var/lib/tor/keys, which unfortunatelyalso resulted in the above warning message.

My question now: Do I still have a change to recover the "old identity"of my bridge, or did I "burn" the old identity now since the directoryauthorities apparently registered a new identity?


Kind regards
telekobold

[1]https://deb.torproject.org/torproject.org/dists/bullseye/main/binary-amd64/Packages[2]https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorRelaySecurity/OfflineKeys

_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx

Follow-Ups:
- [tor-relays] Re: Bridge "identity crisis" after reinstallation
  - From: Roger Dingledine via tor-relays
- [tor-relays] Re: Bridge "identity crisis" after reinstallation
  - From: telekobold via tor-relays

Prev by Author: [tor-relays] Re: Bridge "identity crisis" after reinstallation
Next by Author: [tor-relays] Re: Netscan Hetzner
Previous by thread: [tor-relays] Re: Relay forest18 is still not on the consensus
Next by thread: [tor-relays] Re: Bridge "identity crisis" after reinstallation
Index(es):
- Author
- Thread