[tor-onions] Doubts about onion v3 services

[Elige TuMooc]

As far as I know (if there is any error, please tell me), the onion v3
services allow the master keys -public and secret (or private)- ed25519,
generated in the directory stipulated in "HiddenServiceDir" to be stored
offline (on a pendrive, for example), because the secret key is used "only"
to generate derived keys, which are what the service actually uses. As far
as I can read in the corresponding protocol, the derivations of the master
keys (which can be stored offline) are: "blinded signing keys and
descriptor signing keys (and their credentials), and their corresponding
descriptor encryption keys" (
https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n529).

Assuming the above is correct,I have some doubts:

1. The keys and other elements derived from the public and private master
keys (like “blinded signing keys”) are generated by the operator, according
to the protocol. Will Tor incorporate any software/tools that make this
procedure easier for the user?

2. If the operator does not generate the derived elements, and only
modifies the torrc file to add "HiddenServiceDir" and "HiddenServicePort",
will the onion service work, or will the lack of the derived elements not
work?

3. As far as I understand, currently the option to save offline the master
keys is not available. Does this mean that derived elements, such as
"blinded signing keys" are not used yet? To what extent is the v3 protocol
implemented?

4. V3 encrypts the onion service descriptor sent to the "HSDir" node to
prevent these nodes from collecting onion addresses. But is this currently
happening, even if the operator does not generate the derived keys using
the master key pair?

I apologize for any write errors (English is not my mother tongue).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-onions/attachments/20190906/688470d2/attachment.html>