I would really appreciate if someone would reply to my email below if they now anything about this.
telekobold On December 16, 2025 1:37:26 AM GMT+01:00, telekobold via tor-relays <[email protected]> wrote: >Hi, > >about four weeks ago, I switched off one of my relays and two of my bridges >running on Debian 11 ("Bullseye") systems after discovering the "not >recommended" flags on the Tor metrics overview of those relays with the >intension of reinstalling and reconfiguring the underlying VMs and relays the >following days. (A few days later, I read on this list that those flags are >not that critical, but unfortunately Tor doesn't seem to be updated for Debian >11 at the official torproject Debian repositories [1]). But as life goes, >something always came up in the days that followed. However, a week ago, I >finally wanted to reinstall one of the bridges. I'm using Offline Relay >Identity Keys [2], so I created a new intermediate key pair consisting of >ed25519_signing_cert and ed25519_signing_secret_key locally and copied them to >/var/lib/tor/keys on my freshly installed VM, together with >ed25519_master_id_public_key. Unfortunately, I didn't copy the old >secret_id_key key file. I then realized that t he fingerprint files under /var/lib/tor changed (despite that IP address, port number and identity key stayed the same) and that I wasn't able to connect to my bridge using Tor Browser. > >So, a week later (yesterday), I gave it a new try and did the complete >reinstallation and configuration process again, but with the slight difference >of also copying the files secret_onion_key, secret_onion_key_ntor and >secret_id_key to /var/lib/tor/keys. This resulted in the fingerprint files >being as they were on my old installation, but I read the following message at >/var/log/tor/notices.log: > >[warn] http status 400 ("Looks like your keypair has changed? This authority >previously recorded a different RSA identity for this Ed25519 identity (or >vice versa.) Did you replace or copy some of your key files, but not the >others? You should either restore the expected keypair, or delete your keys >and restart Tor to start your relay with a new identity.") response from >dirserver 66.111.2.131:9001. Please correct. > >So, I uninstalled tor, copied only the files ed25519_master_id_public_key, >secret_id_key, ed25519_signing_cert and ed25519_signing_secret_key to >/var/lib/tor/keys, which unfortunately also resulted in the above warning >message. > >My question now: Do I still have a change to recover the "old identity" of my >bridge, or did I "burn" the old identity now since the directory authorities >apparently registered a new identity? > >Kind regards >telekobold > >[1] >https://deb.torproject.org/torproject.org/dists/bullseye/main/binary-amd64/Packages >[2] >https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorRelaySecurity/OfflineKeys >_______________________________________________ >tor-relays mailing list -- [email protected] >To unsubscribe send an email to [email protected] _______________________________________________ tor-relays mailing list -- [email protected] To unsubscribe send an email to [email protected]
