[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] keypair does not match its older value



Hi,

I tried moving a tor relay with offline master key to a new host but
something went wrong and it printed several warnings:

http status 400 ("Looks like your keypair does not match its older value.") response from dirserver

What did I screw up and how to fix this problem if it happends again?

I suspect it will happen again because I generate a new signing key more
frequently than necessary. I create '15 days' key every week and upload
it (over onion ssh connection). This scheme should be resistant to
occasional upload failures but it's not clear which of the last three
signing keys to use on restart. If passing the wrong key can bring down
the relay I need to switch to a different scheme.

I'm thinking about adding these commands to my crontab:

$ crontab -l
@weekly scp "${DESTDIR}/keys/ed25519_signing_cert" "${DESTDIR}/keys//ed25519_signing_secret_key" ${ONION:?}:
@monthly tor --hush --keygen --SigningKeyLifetime '1 month' "${DESTDIR:?}" && {{{scp command from the previous line}}}

Are there any potential problems with this approach (e.g. 28 days in Feb
vs 31 days in March)?

-- 
Alex
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays