commit ed29ac205461ca0d1e61e3d4caad95381139eedb Author: George Kadianakis desnacked@riseup.net Date: Sat Jun 23 13:24:51 2018 -0500

rend-spec-v3.txt: Clarify role of first layer desc encryption.

It's meant to protect against entities that don't know the identity public key (aka the onion address).

Closes #26379. Pointed out by Steven Murdoch. --- rend-spec-v3.txt | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index 728f38f..0b56fce 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -1124,8 +1124,8 @@ Table of contents: 2.5.1. First layer of encryption [HS-DESC-FIRST-LAYER]

The first layer of HS descriptor encryption is designed to protect - descriptor confidentiality against entities who don't know the blinded - public key of the hidden service. + descriptor confidentiality against entities who don't know the public + identity key of the hidden service.

2.5.1.1. First layer encryption logic

@@ -1136,6 +1136,11 @@ Table of contents: SECRET_DATA = blinded-public-key STRING_CONSTANT = "hsdir-superencrypted-data"

+ The encryption scheme in [HS-DESC-ENCRYPTION-KEYS] uses the service + credential which is derived from the public identity key (see [SUBCRED]) to + ensure that only entities who know the public identity key can decrypt the + first descriptor layer. + The ciphertext is placed on the "superencrypted" field of the descriptor.

Before encryption the plaintext is padded with NUL bytes to the nearest