Module tor_llcrypto::pk::keymanip
source · Expand description
Key manipulation functions for use with public keys.
Tor does some interesting and not-standard things with its curve25519 and ed25519 keys, for several reasons.
In order to prove ownership of a curve25519 private key, Tor
converts it into an ed25519 key, and then uses that ed25519 key to
sign its identity key. We implement this conversion with
convert_curve25519_to_ed25519_public
and
convert_curve25519_to_ed25519_private
.
In Tor’s v3 onion service design, Tor uses a key blinding
algorithm to derive a publicly known Ed25519 key from a different
Ed25519 key used as the .onion address. This algorithm allows
directories to validate the signatures on onion service
descriptors, without knowing which services they represent. We
implement this blinding operation via blind_pubkey
.
§TODO
Recommend more standardized ways to do these things.
Enums§
- An error occurred during a key-blinding operation.
Functions§
- blind_keypair
hsv3-service
Blind the ed25519 secret keysk
using the blinding factorh
, and return the blinded secret key. - blind_pubkey
hsv3-client
Blind the ed25519 public keypk
using the blinding factorh
, and return the blinded public key. - convert_curve25519_to_ed25519_private
cvt-x25519
Convert a curve25519 private key to an ed25519 private key (and give a sign bit) to use with it, for use in ntor key cross-certification. - Convert a curve25519 public key (with sign bit) to an ed25519 public key, for use in ntor key cross-certification.
- Convert an ed25519 private key to a curve25519 private key.