[tor-bugs] #28186 [Core Tor/Tor]: HS v3 suggestion as to how to generate a secure service client authentication key pair

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 24 18:18:04 UTC 2018 

#28186: HS v3 suggestion as to how to generate a secure service client
authentication key pair
--------------------------------+------------------------------
 Reporter:  jchevali            |          Owner:  (none)
     Type:  enhancement         |         Status:  new
 Priority:  Medium              |      Component:  Core Tor/Tor
  Version:  Tor: 0.3.5.3-alpha  |       Severity:  Normal
 Keywords:                      |  Actual Points:
Parent ID:                      |         Points:
 Reviewer:                      |        Sponsor:
--------------------------------+------------------------------
 I wonder if the manual should contain an Appendix to suggest how one can
 create HS v3 client authorization key pairs.  This is something I had to
 figure out for myself.

 Here's what I've done: I've created myself a couple of scripts to help
 automate the process.  While still very far from being clean and tidy, it
 could be a start if someone with 'release grade' scripting skills and
 knowledgeable of Tor could clean them up.

 There's three scripts; the first one generates a blob with a private and
 public parts of an authorization key, and the second and third extract
 those parts.

 Here's their content:

 Key pair blob generator:

 {{{
 generate_x25519_key.sh:

 #!/bin/sh
 #
 # This generates a x25519 key pair and prints out the private and public
 parts
 #
 # It works like this:
 # 1. first call to openssl generates the key
 # 2. second call to openssl prints out the key contents
 # 3. tail discards the key contents' header
 # 4. the first cut discards lines not containing data
 # 5. the second cut discards non-data bits in the left margin
 #
 # To preserve the generated key pair, you can send the output of this
 script to a file
 #
 openssl genpkey -algorithm x25519 -out - \
         | openssl pkey -in - -text -noout \
         | tail -n 7 \
         | cut -s -d : -f 1-16 \
         | cut -b 5-49
 }}}

 The script above generates a blob like this (a trimmed down form of
 openssl's own output), which the other two can parse:

 {{{
 f8:9f:b4:2b:5c:f9:6f:dc:28:a2:1b:b2:a8:60:7c:
 67:e1:5c:1f:1c:76:3c:9b:db:39:d8:64:b7:22:e7:
 fe:58

 22:01:cc:69:f4:f7:58:8b:9a:19:0f:06:3c:36:a8:
 0d:e3:35:39:28:6d:b1:f7:1c:b7:18:03:a2:bc:e4:
 d2:35
 }}}

 Here are the two parsers:

 Private key extraction:

 {{{
 extract_x25519_private.sh:

 #!/bin/sh
 #
 # This extracts the private key from a x25519 key pair generated by
 generate_x25519_key.sh
 #
 # It works like this:
 # 1. head selects only the first half of a key pair file (cat of file
 created by the said script)
 #    (the first half is the private key part)
 # 2. xxd converts hex in the private key part to binary
 # 3. base32 converts the binary output of xxd to base32
 # 4. cut discards the = padding at the end
 #
 head -n 3 - \
         | xxd -r -p \
         | base32 \
         | cut -b 1-52
 }}}

 Calling the above with blob fed into it would produce:

 {{{
 7CP3IK247FX5YKFCDOZKQYD4M7QVYHY4OY6JXWZZ3BSLOIXH7ZMA
 }}}

 Public key extraction:

 {{{
 extract_x25519_public.sh:

 #!/bin/sh
 #
 # This extracts the public key from a x25519 key pair generated by
 generate_x25519_key.sh
 #
 # It works like this:
 # 1. tail selects only the second half of a key pair file (cat of file
 created by the said script)
 #    (the second half is the public key part)
 # 2. xxd converts hex in the public key part to binary
 # 3. base32 converts the binary output of xxd to base32
 # 4. cut discards the = padding at the end
 #
 tail -n 3 - \
         | xxd -r -p \
         | base32 \
         | cut -b 1-52
 }}}

 Calling the above with the blob fed into it would produce:

 {{{
 EIA4Y2PU65MIXGQZB4DDYNVIBXRTKOJINWY7OHFXDAB2FPHE2I2Q
 }}}

 I know that the commands exposed here might seem to some trivial, however
 it could help if someone wishes to try out HS v3 client auth and doesn't
 have a key generation tool that adapts to Tor's base32 format, if the
 Appendix is created and he reads it he could find a way to do so (and the
 more testers out there the better, to look for problems, so we should be
 doing all we can to make the process more accessible and create
 shortcuts).

 Of course perhaps the Tor developers already have better tools to achieve
 this, in which case my scripts suggestion doesn't need to be used.

 This ticket is related to #28026

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28186>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list