[tor-dev] HS v3 client authorization types

Ian Goldberg iang at cs.uwaterloo.ca
Mon May 14 14:38:17 UTC 2018

On Thu, May 10, 2018 at 12:20:05AM +0700, Suphanat Chunhapanya wrote:
> On 05/09/2018 03:50 PM, George Kadianakis wrote:
> > b) We might also want to look into XEdDSA and see if we can potentially
> >    use the same keypair for both intro auth (ed25519) and desc auth
> (x25519).
> This will be a great advantage if we can do that because putting two
> private keys in the HidServAuth is so frustrating.

The private key for intro auth is used to make a signature (that will be
different per client), while the private key for desc auth is used to
decrypt the descriptor (which will be the same for all clients), no?

(Not to mention that you should never use the same key for decryption
and signing.)

   - Ian

More information about the tor-dev mailing list