[tor-dev] How do Ed25519 relay IDs look like?

Damian Johnson atagar at torproject.org
Sat Aug 1 23:25:27 UTC 2020


> The way I understand it is this: Relay fingerprints are based on the
> RSA key, which will go away eventually. The canonical identifier will
> be the identity. We should start that transition

Thanks Sebastian. In that case we should put more thought into this
because fingerprints are foundational to our control and directory
specifications. Commands, events, descriptors... really everything
reference relays by fingerprint (or optionally sometimes nickname).
Migrating to a new identifier is no small task.

First, I'd advise that we call these 'v2 fingerprints' so it's clear
that we intend to substitute these anywhere traditional fingerprints
are used.

Second, I would advise against truncated base64 identifiers.
Fingerprints are 40 character hex. master-key-ed25519's base64 value
can include slashes (such as
"yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI") which will be
problematic for DirPort urls, GETINFO commands, etc.

The simplest solution would be to simply hexify these values. This
will raise our fingerprint length from 40 to 64 characters which will
slightly impact DirPorts [1], but otherwise I don't anticipate a
problem with such a replacement.

============================================================

import base64


def hexify_id(ed25519_identifier):
  binary_id = base64.b64decode(ed25519_identifier +
((len(ed25519_identifier) % 4) * '='))
  return bytes.hex(binary_id).upper()


identifier = 'yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI'
print('the hex id of "%s" is "%s"' % (identifier, hexify_id(identifier)))

============================================================

% python3.7 demo.py
the hex id of "yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI" is
"CA9D1FC2DA7869AFD53326491B3F2F37B2A6DF361EB75601670A99124D42C072"

============================================================

Cheers! -Damian

[1] At most 96 server or extrainfo descriptors can be downloaded from
DirPorts via their fingerprint due to a limitation on the url length
by squid proxies...

https://gitweb.torproject.org/stem.git/commit/?id=871a957f

Maybe this is no longer relevant? If it is then raising the
fingerprint length from 40 to 64 will reduce this maximum to 60 (which
seems fine to me).


More information about the tor-dev mailing list