49 lines
1.4 KiB
Markdown
49 lines
1.4 KiB
Markdown
|
Simple tool to generate keypairs for onion service client auth (also known as
|
|||
|
restricted discovery).
|
|||
|
|
|||
|
See [Tor project doc][0].
|
|||
|
|
|||
|
### Usage
|
|||
|
|
|||
|
```bash
|
|||
|
❯ go run go.balki.me/onion-auth-gen@latest
|
|||
|
private key : KPNW2PPM4EZRNUWYDXRYBUB2D5G73RLVQTELWBT7RDYELTOSBESA
|
|||
|
public descriptor : descriptor:x25519:DBOQW4FQU6XFTELGIFTJCOK3S4NIV4H5LU64R2SJ3NF7VUEIOBHA
|
|||
|
```
|
|||
|
No go?
|
|||
|
|
|||
|
```
|
|||
|
❯ docker run --rm golang go run go.balki.me/onion-auth-gen@latest
|
|||
|
go: downloading go.balki.me/onion-auth-gen v0.1.0
|
|||
|
private key : 2R7T75LJ2KRVNAXFDXJN4CNKSMAEQ22MDXWFPRL2TR2XUCV5LFMQ
|
|||
|
public descriptor : descriptor:x25519:LXSR6HYCYJ7MDFY2AU2NQO4QQUSGJCHFEXZBIGYYZKPFMGZWPNVQ
|
|||
|
```
|
|||
|
|
|||
|
Add public descriptor to the onion service server configuration and enter the
|
|||
|
private key when prompted in the tor browser
|
|||
|
|
|||
|
### FAQ
|
|||
|
|
|||
|
#### Why add client auth for onion service?
|
|||
|
|
|||
|
When you have an onion service for private use, adding client auth makes it
|
|||
|
completely secure against DDOS even when the service's URL is leaked. Even if
|
|||
|
you don't explicitly share the onion address, it can leak via HTTP `Referrer`
|
|||
|
or `Origin` headers or accidental copy paste.
|
|||
|
|
|||
|
#### Why this tool?
|
|||
|
|
|||
|
The [official way][0] requires to install packages and run multiple long shell
|
|||
|
command lines. This is a zero dependency pure go mini tool that is quick and
|
|||
|
easy to use.
|
|||
|
|
|||
|
|
|||
|
### Related
|
|||
|
|
|||
|
* [onionshare][1]
|
|||
|
|
|||
|
---
|
|||
|
|
|||
|
[0]: https://community.torproject.org/onion-services/advanced/client-auth/
|
|||
|
[1]: https://onionshare.org
|