Let’s say i only need the signed certs and not the baseline identity files, it would be safer to just have the signed certs on the always-online machine in case of an intruder on the system.
If ALL the files are needed to run the node anyway, i will of course leave all the files on there…
Those files are of no monetary value for the intruder. The most intruder can do is delete them which you can safely restore from your backup. Let’s say if intruder stole your identity & your node has highest rep, still intruder has to show all the data stored for that identity which he/she/it wont have.
This is not true. They can impersonate your node and through that also change things like payout address. I have not tried any of this, but I’m pretty sure if they list the address as the one your node is still running on, they don’t have to have any of the files, because the satellite would still ask your original node for them. And even if that weren’t possible, they could still harm your node by failing audits and getting it disqualified.
This next part needs to be verified, but I think you only need identity.cert, identity.key and ca.cert. The numbered files are just backups of the certs before storj’s authentication server signed them. You’ll need the identity.key to sign communications with others on the network. But I don’t think you would still need the ca.key. Please don’t move anything without confirmation from Storj though.
Malicious activity is quite possible via theft of storage node certificates and keys.
At least these two are quite possible:
Eavesdropping on traffic. (the client data encrypted before uploading can not be retrieved) .
Impersonating the node on the network. (damaging a node’s reputation).
Impersonating a storage node that resides on the same subnet forcing that competing node’s reputation below the disqualifying threshold may result in a higher payout for the attacker’s node.
Furthermore, not all attacks are for personal monetary reasons. Some may be nation state attempts at bringing down a adversarial communication system. A malicious actor on the network with stolen certs can do quite a bit of short term damage to the network via DDoS attempts.
if you are in hacked pc, and can download certs no need to damage reputation by inpersonating, just delete some files from node, all other sattelites will do by themself(disqualification).
My point was that there are many other possible reasons for stealing a storage node’s certs and keys… and not all of them are for strict financial gain.