I finally wanted to reinstall one of the bridges. I'm using Offline
Relay Identity Keys [2], so I created a new intermediate key pair consisting
of ed25519_signing_cert and ed25519_signing_secret_key locally and copied
them to /var/lib/tor/keys on my freshly installed VM, together with
ed25519_master_id_public_key. Unfortunately, I didn't copy the old
secret_id_key key file. I then realized that the fingerprint files under
/var/lib/tor changed (despite that IP address, port number and identity key
stayed the same) and that I wasn't able to connect to my bridge using Tor
Browser.So, a week later (yesterday), I gave it a new try and did the complete
reinstallation and configuration process again, but with the slight
difference of also copying the files secret_onion_key, secret_onion_key_ntor
and secret_id_key to /var/lib/tor/keys. This resulted in the fingerprint
files being as they were on my old installation, but I read the following
message at /var/log/tor/notices.log:[warn] http status 400 ("Looks like your keypair has changed? This authority
previously recorded a different RSA identity for this Ed25519 identity (or
vice versa.) Did you replace or copy some of your key files, but not the
others? You should either restore the expected keypair, or delete your keys
and restart Tor to start your relay with a new identity.") response from
dirserver 66.111.2.131:9001. Please correct.
Yes -- this happens because of how we bind the old RSA identity keys to
the new Ed identity keys. At the beginning, Tor had only RSA identity
keys, and then we wanted to move to ED identity keys, but we wanted to
be able to know that a given old (too short, risky) RSA key mapped to
exactly one Ed key, else there could be surprising attacks later where
you e.g. break somebody's RSA key and then claim to be that relay using
a new Ed key.
See Section 3.1 of
for more details.
So, I uninstalled tor, copied only the files ed25519_master_id_public_key,
secret_id_key, ed25519_signing_cert and ed25519_signing_secret_key to
/var/lib/tor/keys, which unfortunately also resulted in the above warning
message.
Yes, your new Ed key is now only usable when you use that RSA key that
you originally used too.
My question now: Do I still have a change to recover the "old identity" of
my bridge, or did I "burn" the old identity now since the directory
authorities apparently registered a new identity?
Since you said bridge, it is only the one bridge authority which is
keeping this mapping (to bind RSA and Ed keys in a trust-on-first-use
way).
But no, it sounds like you need to either find that original RSA key
(secret_id_key) too, or you need to generate fresh keys.
Thanks for running a bridge!
--Roger
···
On Tue, Dec 16, 2025 at 01:37:26AM +0100, telekobold via tor-relays wrote:
_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org