As far as I know (if there is any error, please tell me), the onion v3 services allow the master keys -public and secret (or private)- ed25519, generated in the directory stipulated in "HiddenServiceDir" to be stored offline (on a pendrive, for example), because the secret key is used "only" to generate derived keys, which are what the service actually uses. As far as I can read in the corresponding protocol, the derivations of the master keys (which can be stored offline) are: "blinded signing keys and descriptor signing keys (and their credentials), and their corresponding descriptor encryption keys" ( https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n529).
Assuming the above is correct,I have some doubts:
1. The keys and other elements derived from the public and private master keys (like “blinded signing keys”) are generated by the operator, according to the protocol. Will Tor incorporate any software/tools that make this procedure easier for the user?
2. If the operator does not generate the derived elements, and only modifies the torrc file to add "HiddenServiceDir" and "HiddenServicePort", will the onion service work, or will the lack of the derived elements not work?
3. As far as I understand, currently the option to save offline the master keys is not available. Does this mean that derived elements, such as "blinded signing keys" are not used yet? To what extent is the v3 protocol implemented?
4. V3 encrypts the onion service descriptor sent to the "HSDir" node to prevent these nodes from collecting onion addresses. But is this currently happening, even if the operator does not generate the derived keys using the master key pair?
I apologize for any write errors (English is not my mother tongue).