You may read about PKI here: Public key infrastructure - Wikipedia
About using PKI for peer-to-peer communications you may read in the sections 4.4 Node identity and 4.5 Peer-to-peer communication of our Whitepaper v3.
Is an unsigned Certificate Authority Certificate.
Is a signed (by authorization token from our Auth service) CA Certificate.
Is a Private Key for CA Certificate.
Is an unsigned Identity Certificate, related to your node’s identity - it’s basically a passport of storagenode.
Is a signed Identity Certificate
Is a Private Key for your Identity Certificate.
So you need to backup this folder on case if it could be corrupted or lost, but it’s also advisable to copy this folder to the disk with data to do not confuse identities and their data if your would run multiple nodes and also should prevent you from losing your node if you decide to reinstall your OS (because the identity without its data is useless and also data without its identity is useless too).
After generating a new identity, indentity.cert will contains two certificates:
public key of identity.key signed by ca.key
public key of ca.key signed by ca.key
Your NodeID is derived from the public key of ca.key (double sha256), but to communicate with satellites you need only the identity.key (and the proof that the ca.key is is signed the identity → the 2 certs)
Except that StorjLabs satellites are not talking with anybody, that’s where you need to ask for authorization with visiting Sign up and host a Node on Storj and using the token identity authorize.
As a result, you will have 3 certs:
the public version of identity.key signed by ca.key
the public version of ca.key signed by Storj Labs satellite key
Storj Labs satellite key signed by Storj Labs satellite key
Certs with the number in file names are just backups (the original identity is saved with epoch in the names)
Based on this, you can diff the identity.cert and identity.xxx.cert
the first certificate should be exactly the same (identity public key signed with ca.key)
second certificate should be different (it was signed by ca.key earlier, but after authorization it is signed by Storj Labs key)
this exists only in the new file, but should be the same across all of your datanodes (storjlabs public key signed by storjlabs private key)