Simple tool to generate keypairs for onion service client auth (also known as
restricted discovery).

See [Tor project doc][0].

### Usage

```bash
❯ go run go.balki.me/onion-auth-gen@latest
private key       : KPNW2PPM4EZRNUWYDXRYBUB2D5G73RLVQTELWBT7RDYELTOSBESA
public descriptor : descriptor:x25519:DBOQW4FQU6XFTELGIFTJCOK3S4NIV4H5LU64R2SJ3NF7VUEIOBHA
```
No go?

```
❯ docker run --rm golang go run go.balki.me/onion-auth-gen@latest
go: downloading go.balki.me/onion-auth-gen v0.1.0
private key       : 2R7T75LJ2KRVNAXFDXJN4CNKSMAEQ22MDXWFPRL2TR2XUCV5LFMQ
public descriptor : descriptor:x25519:LXSR6HYCYJ7MDFY2AU2NQO4QQUSGJCHFEXZBIGYYZKPFMGZWPNVQ
```

Add public descriptor to the onion service server configuration and enter the
private key when prompted in the tor browser

### FAQ

#### Why add client auth for onion service?

When you have an onion service for private use, adding client auth makes it
completely secure against DDOS even when the service's URL is leaked. Even if
you don't explicitly share the onion address, it can leak via HTTP `Referrer`
or `Origin` headers or accidental copy paste.

#### Why this tool?

The [official way][0] requires to install packages and run multiple long shell
command lines. This is a zero dependency pure go mini tool that is quick and
easy to use.


### Related

* [onionshare][1]

---

[0]: https://community.torproject.org/onion-services/advanced/client-auth/
[1]: https://onionshare.org