Removing Identity files from SN

I’m wondering if i can remove some of the identity files from my running SN and just store them somewhere else.

Is that possible or does the node need all the 8 files pictured in the screenshot?

/EDIT: also, do I have to backup ALL of the files, just in case?

Theoreticaly, Node need them every time whet it make restart to get indentity.

1 Like

You must back them up all at a secure location but why do you want to ‘remove some’ files?

Let’s say i only need the signed certs and not the baseline identity files, it would be safer to just have the signed certs on the always-online machine in case of an intruder on the system.

If ALL the files are needed to run the node anyway, i will of course leave all the files on there…

Those files are of no monetary value for the intruder. The most intruder can do is delete them which you can safely restore from your backup. Let’s say if intruder stole your identity & your node has highest rep, still intruder has to show all the data stored for that identity which he/she/it wont have.

1 Like

This is not true. They can impersonate your node and through that also change things like payout address. I have not tried any of this, but I’m pretty sure if they list the address as the one your node is still running on, they don’t have to have any of the files, because the satellite would still ask your original node for them. And even if that weren’t possible, they could still harm your node by failing audits and getting it disqualified.

This next part needs to be verified, but I think you only need identity.cert, identity.key and ca.cert. The numbered files are just backups of the certs before storj’s authentication server signed them. You’ll need the identity.key to sign communications with others on the network. But I don’t think you would still need the ca.key. Please don’t move anything without confirmation from Storj though.

1 Like

Malicious activity is quite possible via theft of storage node certificates and keys.

At least these two are quite possible:

  1. Eavesdropping on traffic. (the client data encrypted before uploading can not be retrieved) .
  2. Impersonating the node on the network. (damaging a node’s reputation).

Impersonating a storage node that resides on the same subnet forcing that competing node’s reputation below the disqualifying threshold may result in a higher payout for the attacker’s node.

Furthermore, not all attacks are for personal monetary reasons. Some may be nation state attempts at bringing down a adversarial communication system. A malicious actor on the network with stolen certs can do quite a bit of short term damage to the network via DDoS attempts.

if you are in hacked pc, and can download certs no need to damage reputation by inpersonating, just delete some files from node, all other sattelites will do by themself(disqualification).

1 Like

My point was that there are many other possible reasons for stealing a storage node’s certs and keys… and not all of them are for strict financial gain.


Agree in this point.

1 Like