[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Questions about OfflineMasterKey

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Questions about OfflineMasterKey
From: Cristian Consonni <cristian@xxxxxxxxx>
Date: Mon, 29 May 2017 15:52:47 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 29 May 2017 09:53:07 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=balist.es; s=201602; h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject; bh=vfhQMLqc8atLKbnJwgDwg8Eg1j2Tczx7fwDAdAmOWEQ=; b=LUAqk84QB7CBn4/jwculkD5pTgwxf/poLr/nDUN6svHGaAXKFpvGH0zCqfkdnZMgXCi+JYh385AMazKtQarNjOb/3XzUhegHDey62Kf5GX6UbByEpd/CZstGJcVQYG74xp+cncMjH1075TbhcXo6MPsJk8IemL2lCex0tXShkZs=;
In-reply-to: <29d3ec0b-2961-8f98-0168-137ff1da9872@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <ddd3ca0d-46cb-4a7d-7274-24af8b2a179f@balist.es> <29d3ec0b-2961-8f98-0168-137ff1da9872@riseup.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1

Hi nusenu,

thanks for your reply.

On 27/05/2017 00:08, nusenu wrote:
>> If I look inside the DataDir of one of my relays - a standard Debian
>> install - see this:
>> ```
>> ed25519_master_id_public_key
>> ed25519_master_id_secret_key
>> ed25519_signing_cert
>> ed25519_signing_secret_key
>> secret_id_key
>> secret_onion_key
>> secret_onion_key_ntor
>> secret_onion_key_ntor.old
>> secret_onion_key.old
>> ```

>> * In the process of generating the master key (with the command `tor
>> --keygen`, all the files above will be generated.
> 
> --keygen will generate the following files in the "keys" subfolder of
> DataDir:
> 
> ed25519_master_id_public_key
> ed25519_master_id_secret_key
> ed25519_signing_cert
> ed25519_signing_secret_key
> 
> (RSA keys will be generated on a relay's first start if there are none)
> Due to its interactive requirement I do not use --keygen to generate keys.
> https://trac.torproject.org/projects/tor/ticket/17603

Which one are the RSA keys and which one the ED25519 ones? I'm assuming
the RSA keys are the ones generated in the standard install (the one
above without ED25519 in the name), instead the command tor --keygen
generates only ED25519 keys?

>> * To run the node with `OfflineMasterKey 1` you need to copy all the
>> files generated in the previous step *with the exception of the master key*.
> 
> more precisely: a relay in "OfflineMasterKey 1" mode requires 3 files:
> (this is the absolute minimum):
> 
> ed25519_signing_cert
> ed25519_signing_secret_key

Here you list only 2 files, which one is the third?

> Reminder: When you play around with this feature: always make sure to
> keep your Ed25519 + RSA keys. If your Ed25519 key changes while the RSA
> key remains, your relay will be rejected since these keys are pinned
> (for security).

I should keep the files:
```
secret_id_key
secret_onion_key
secret_onion_key_ntor
secret_onion_key_ntor.old
secret_onion_key.old
```
should be kept of the relay, do they matter?

Cristian

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Questions about OfflineMasterKey
  - From: nusenu
- Re: [tor-relays] Questions about OfflineMasterKey
  - From: nusenu

References:
- [tor-relays] Questions about OfflineMasterKey
  - From: Cristian Consonni
- Re: [tor-relays] Questions about OfflineMasterKey
  - From: nusenu

Prev by Author: [tor-relays] Questions about OfflineMasterKey
Next by Author: Re: [tor-relays] Upgrading a relay and changing IP address
Previous by thread: Re: [tor-relays] Questions about OfflineMasterKey
Next by thread: Re: [tor-relays] Questions about OfflineMasterKey
Index(es):
- Author
- Thread