简而言之,它这样工作:

  • There is a primary ed25519 identity secret key file named "ed25519_master_id_secret_key". 这是最重要的一个,所以请确保您在安全的地方存有备份——这份文件十分敏感,应得到充分保护。 如果您手动生成它,Tor 会对它进行加密并在被要求时输入密码。
  • 一个叫"ed25519_signing_secret_key"的中期签名密钥已经被生成,供Tor 使用。 Also, a certificate is generated named "ed25519_signing_cert" which is signed by the primary identity secret key and confirms that the medium term signing key is valid for a certain period of time. 默认有效期为30天,但这个时长可以在torrc里通过设置" 签名密钥有效时间 N 天|周|月 "来自行调节。
  • There is also a primary public key named "ed25519_master_id_public_key, which is the actual identity of the relay advertised in the network. This one is not sensitive and can be easily computed from "ed5519_master_id_secret_key".

Tor will only need access to the medium term signing key and certificate as long as they are valid, so the primary identity secret key can be kept outside DataDirectory/keys, on a storage media or a different computer. 您不得不在中期签名密钥和认证过期前手动更新它们,否则中继服务器上的Tor 进程会在到期时立刻退出。

这个功能是可选的,您不需要使用它除非您想这么做。 If you want your relay to run unattended for longer time without having to manually do the medium term signing key renewal on regular basis, best to leave the primary identity secret key in DataDirectory/keys, just make a backup in case you'll need to reinstall it. 如果您想要使用这个特殊功能,请参考我们在这个话题上更[详细的指南] (https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineKeys)。