commit ed29ac205461ca0d1e61e3d4caad95381139eedb Author: George Kadianakis <desnacked@riseup.net> Date: Sat Jun 23 13:24:51 2018 -0500 rend-spec-v3.txt: Clarify role of first layer desc encryption. It's meant to protect against entities that don't know the identity public key (aka the onion address). Closes #26379. Pointed out by Steven Murdoch. --- rend-spec-v3.txt | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index 728f38f..0b56fce 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -1124,8 +1124,8 @@ Table of contents: 2.5.1. First layer of encryption [HS-DESC-FIRST-LAYER] The first layer of HS descriptor encryption is designed to protect - descriptor confidentiality against entities who don't know the blinded - public key of the hidden service. + descriptor confidentiality against entities who don't know the public + identity key of the hidden service. 2.5.1.1. First layer encryption logic @@ -1136,6 +1136,11 @@ Table of contents: SECRET_DATA = blinded-public-key STRING_CONSTANT = "hsdir-superencrypted-data" + The encryption scheme in [HS-DESC-ENCRYPTION-KEYS] uses the service + credential which is derived from the public identity key (see [SUBCRED]) to + ensure that only entities who know the public identity key can decrypt the + first descriptor layer. + The ciphertext is placed on the "superencrypted" field of the descriptor. Before encryption the plaintext is padded with NUL bytes to the nearest