As far as I know (if there is any error, please tell me), the onion v3 services allow the master keys -public and secret (or private)- ed25519, generated in the directory stipulated in "HiddenServiceDir" to be stored offline (on a pendrive, for example), because the secret key is used "only" to generate derived keys, which are what the service actually uses. As far as I can read in the corresponding protocol, the derivations of the master keys (which can be stored offline) are: "blinded signing keys and descriptor signing keys (and their credentials), and their corresponding descriptor encryption keys" ( https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n529).
Assuming the above is correct,I have some doubts:
1. The keys and other elements derived from the public and private master keys (like “blinded signing keys”) are generated by the operator, according to the protocol. Will Tor incorporate any software/tools that make this procedure easier for the user?
2. If the operator does not generate the derived elements, and only modifies the torrc file to add "HiddenServiceDir" and "HiddenServicePort", will the onion service work, or will the lack of the derived elements not work?
3. As far as I understand, currently the option to save offline the master keys is not available. Does this mean that derived elements, such as "blinded signing keys" are not used yet? To what extent is the v3 protocol implemented?
4. V3 encrypts the onion service descriptor sent to the "HSDir" node to prevent these nodes from collecting onion addresses. But is this currently happening, even if the operator does not generate the derived keys using the master key pair?
I apologize for any write errors (English is not my mother tongue).
Hi,
On 6 Sep 2019, at 08:01, Elige TuMooc eligetumooc@gmail.com wrote:
As far as I know (if there is any error, please tell me), the onion v3 services allow the master keys -public and secret (or private)- ed25519, generated in the directory stipulated in "HiddenServiceDir" to be stored offline (on a pendrive, for example), because the secret key is used "only" to generate derived keys, which are what the service actually uses. As far as I can read in the corresponding protocol, the derivations of the master keys (which can be stored offline) are: "blinded signing keys and descriptor signing keys (and their credentials), and their corresponding descriptor encryption keys" (https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n529).
Assuming the above is correct,I have some doubts:
- The keys and other elements derived from the public and private master keys (like “blinded signing keys”) are generated by the operator, according to the protocol. Will Tor incorporate any software/tools that make this procedure easier for the user?
v3 onion services work right now, but with online keys.
When we implement offline v3 onion service keys, they will come with some extra tools. The tools will be like the tools for offline relay keys.
- If the operator does not generate the derived elements, and only modifies the torrc file to add "HiddenServiceDir" and "HiddenServicePort", will the onion service work, or will the lack of the derived elements not work?
Tor generates all the keys itself, store the master key in that directory, and periodically generate the blinded keys. v3 onion services have worked this way since the first release in Tor 0.3.2.
- As far as I understand, currently the option to save offline the master keys is not available.
You're right, here is the ticket to implement offline master keys: https://trac.torproject.org/projects/tor/ticket/29054
Does this mean that derived elements, such as "blinded signing keys" are not used yet?
Blinded keys have been implemented for v3 onion services since the initial release.
To what extent is the v3 protocol implemented?
We're working on giving v2 and v3 onion services the same features right now. The features you get depend on the Tor release you're running.
Here's a ticket where we are tracking this work: https://trac.torproject.org/projects/tor/ticket/29995
There might be other tickets as well, hopefully other people on this list can find them.
- V3 encrypts the onion service descriptor sent to the "HSDir" node to prevent these nodes from collecting onion addresses. But is this currently happening, even if the operator does not generate the derived keys using the master key pair?
Descriptor onion addresses have been hidden for v3 onion services since the initial release.
T
tor-onions@lists.torproject.org