[tor-dev] How do Ed25519 relay IDs look like?
atagar at torproject.org
Sat Aug 1 23:25:27 UTC 2020
> The way I understand it is this: Relay fingerprints are based on the
> RSA key, which will go away eventually. The canonical identifier will
> be the identity. We should start that transition
Thanks Sebastian. In that case we should put more thought into this
because fingerprints are foundational to our control and directory
specifications. Commands, events, descriptors... really everything
reference relays by fingerprint (or optionally sometimes nickname).
Migrating to a new identifier is no small task.
First, I'd advise that we call these 'v2 fingerprints' so it's clear
that we intend to substitute these anywhere traditional fingerprints
Second, I would advise against truncated base64 identifiers.
Fingerprints are 40 character hex. master-key-ed25519's base64 value
can include slashes (such as
"yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI") which will be
problematic for DirPort urls, GETINFO commands, etc.
The simplest solution would be to simply hexify these values. This
will raise our fingerprint length from 40 to 64 characters which will
slightly impact DirPorts , but otherwise I don't anticipate a
problem with such a replacement.
binary_id = base64.b64decode(ed25519_identifier +
((len(ed25519_identifier) % 4) * '='))
identifier = 'yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI'
print('the hex id of "%s" is "%s"' % (identifier, hexify_id(identifier)))
% python3.7 demo.py
the hex id of "yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI" is
 At most 96 server or extrainfo descriptors can be downloaded from
DirPorts via their fingerprint due to a limitation on the url length
by squid proxies...
Maybe this is no longer relevant? If it is then raising the
fingerprint length from 40 to 64 will reduce this maximum to 60 (which
seems fine to me).
More information about the tor-dev