- There is a primary ed25519 identity secret key file named "ed25519_master_id_secret_key".
- 一个叫"ed25519_signing_secret_key"的中期签名密钥已经被生成，供Tor 使用。
Also, a certificate is generated named "ed25519_signing_cert" which is signed by the primary identity secret key and confirms that the medium term signing key is valid for a certain period of time.
默认有效期为30天，但这个时长可以在torrc里通过设置" 签名密钥有效时间 N 天|周|月 "来自行调节。
- There is also a primary public key named "ed25519_master_id_public_key, which is the actual identity of the relay advertised in the network.
This one is not sensitive and can be easily computed from "ed5519_master_id_secret_key".
Tor will only need access to the medium term signing key and certificate as long as they are valid, so the primary identity secret key can be kept outside DataDirectory/keys, on a storage media or a different computer.
If you want your relay to run unattended for longer time without having to manually do the medium term signing key renewal on regular basis, best to leave the primary identity secret key in DataDirectory/keys, just make a backup in case you'll need to reinstall it.