[tor-dev] How do Ed25519 relay IDs look like?

Nick Mathewson nickm at torproject.org
Sat Aug 1 13:41:34 UTC 2020

On Sat, Aug 1, 2020 at 6:10 AM nusenu <nusenu-lists at riseup.net> wrote:
> nusenu:
> >> The only question that came up was: Will there be two types of relay fingerprints
> >> in the future (Ed25519)?
> >
> > I assume the correct proposal for the Ed25519 keys is this:
> > https://gitweb.torproject.org/torspec.git/tree/proposals/220-ecc-id-keys.txt
> >
> > I'm wondering what kind of format is used for a relay's Ed25519 ID in tor?
> >
> > The spec says base64:
> >
> >>    When an ed25519 signature is present, there MAY be a "master-key-ed25519"
> >>    element containing the base64 encoded ed25519 master key as a single
> >>    argument.  If it is present, it MUST match the identity key in
> >>    the certificate.
> >
> > examples:
> > grep master-key-ed 2020-07-28-19-05-00-server-descriptors |head -2
> >
> > master-key-ed25519 clT/2GWmTY/qU5TBGaudAIjOUUxUdKhMY/Q5riK6G2E
> > master-key-ed25519 qDI9PbwtiKzpR9phLnWI99uimdwNW8+l9c7hDoWV9dQ
> >
> > Is this the canonical format you use when referring to a relay's Ed25519 identity?
> I looked at what stem does in this area [1].
> It uses the more accurate name "ed25519_master_key" instead of Ed25519 ID
> and contains the above mentioned base64 encoded Ed25519 public master key
> so I assume this is the canonical format since I didn't see any other representation.

I'd like to use "ed25519 identity" or even just "identity" here going
forward.  While it might make sense to use other names when describing
it in relation to other keys, when talking about the relay, it is an
identity key.

The base64-encoded form is the best one we have; whenever we output a
key, we use that format.

> > What command does a relay operator need to run to find out
> > his relay's Ed25519 ID on the command line?
> base64 encoding (parts of) the ed25519_master_id_public_key
> file, provides the same output as in master-key-ed25519 descriptor lines
> but I didn't find a spec for that key file to confirm the try and error approach
> or a tor command to simply output the ed25519_master_key public key in base64 format.

I'd like to add such a command, as well as support for using ed25519
keys in more places in the UI and the control API.  I'm not going to
have time for a while, though, but if anybody would be interested in
hacking this together, I can point to some of the places in the code
you'd need to change.

best wishes,

More information about the tor-dev mailing list