On Sat, Aug 1, 2020 at 6:10 AM nusenu nusenu-lists@riseup.net wrote:
nusenu:
The only question that came up was: Will there be two types of relay fingerprints in the future (Ed25519)?
I assume the correct proposal for the Ed25519 keys is this: https://gitweb.torproject.org/torspec.git/tree/proposals/220-ecc-id-keys.txt
I'm wondering what kind of format is used for a relay's Ed25519 ID in tor?
The spec says base64:
When an ed25519 signature is present, there MAY be a "master-key-ed25519" element containing the base64 encoded ed25519 master key as a single argument. If it is present, it MUST match the identity key in the certificate.
examples: grep master-key-ed 2020-07-28-19-05-00-server-descriptors |head -2
master-key-ed25519 clT/2GWmTY/qU5TBGaudAIjOUUxUdKhMY/Q5riK6G2E master-key-ed25519 qDI9PbwtiKzpR9phLnWI99uimdwNW8+l9c7hDoWV9dQ
Is this the canonical format you use when referring to a relay's Ed25519 identity?
I looked at what stem does in this area [1]. It uses the more accurate name "ed25519_master_key" instead of Ed25519 ID and contains the above mentioned base64 encoded Ed25519 public master key so I assume this is the canonical format since I didn't see any other representation.
I'd like to use "ed25519 identity" or even just "identity" here going forward. While it might make sense to use other names when describing it in relation to other keys, when talking about the relay, it is an identity key.
The base64-encoded form is the best one we have; whenever we output a key, we use that format.
What command does a relay operator need to run to find out his relay's Ed25519 ID on the command line?
base64 encoding (parts of) the ed25519_master_id_public_key file, provides the same output as in master-key-ed25519 descriptor lines but I didn't find a spec for that key file to confirm the try and error approach or a tor command to simply output the ed25519_master_key public key in base64 format.
I'd like to add such a command, as well as support for using ed25519 keys in more places in the UI and the control API. I'm not going to have time for a while, though, but if anybody would be interested in hacking this together, I can point to some of the places in the code you'd need to change.
best wishes,