[tor-bugs] #5976 [Tor Hidden Services]: Load Tor Hidden Service Key via Tor Control Protocol
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Jun 27 11:03:08 UTC 2012
#5976: Load Tor Hidden Service Key via Tor Control Protocol
---------------------------------+------------------------------------------
Reporter: naif | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor Hidden Services | Version:
Keywords: | Parent:
Points: | Actualpoints:
---------------------------------+------------------------------------------
Comment(by naif):
Replying to [comment:2 mk]:
> Why would an application need to load hidden service private key (as
opposed to HS hostname)?
The hostname is an hash deriving from the RSA key, so if you have the RSA
you can compute the hostname.
The problem is that currently the TorHS key cannot be stored securely like
Apache can do with PKCS#21 digital certificate because it's stored in
clear-text on the filesystem. The only way to protect it is to "encrypt
the filesystem", but it's a workaround.
So this ticket is to propose a method to keep "off-filesystem" this
information, being able to load it into Tor trough Tor control Protocol.
It would be up to a third party piece of software to decide where and how
to store the RSA key, giving integration flexibility that currently it's
not available, allowing to provide more improved security (protecting the
TorHS RSA Key by encrypting it).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5976#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list