Generate key pair tor onion service restricted discovery / client authentication
Go to file
2024-09-18 22:32:54 -04:00
go.mod Set lower minimum go version required in go.mod 2024-09-18 22:32:54 -04:00
LICENSE Add LICENSE and README 2024-09-18 22:25:24 -04:00
main.go Add LICENSE and README 2024-09-18 22:25:24 -04:00
README.md Add LICENSE and README 2024-09-18 22:25:24 -04:00

Simple tool to generate keypairs for onion service client auth (also known as restricted discovery).

See Tor project doc.

Usage

 go run go.balki.me/onion-auth-gen@latest
private key       : KPNW2PPM4EZRNUWYDXRYBUB2D5G73RLVQTELWBT7RDYELTOSBESA
public descriptor : descriptor:x25519:DBOQW4FQU6XFTELGIFTJCOK3S4NIV4H5LU64R2SJ3NF7VUEIOBHA

No go?

 docker run --rm golang go run go.balki.me/onion-auth-gen@latest
go: downloading go.balki.me/onion-auth-gen v0.1.0
private key       : 2R7T75LJ2KRVNAXFDXJN4CNKSMAEQ22MDXWFPRL2TR2XUCV5LFMQ
public descriptor : descriptor:x25519:LXSR6HYCYJ7MDFY2AU2NQO4QQUSGJCHFEXZBIGYYZKPFMGZWPNVQ

Add public descriptor to the onion service server configuration and enter the private key when prompted in the tor browser

FAQ

Why add client auth for onion service?

When you have an onion service for private use, adding client auth makes it completely secure against DDOS even when the service's URL is leaked. Even if you don't explicitly share the onion address, it can leak via HTTP Referrer or Origin headers or accidental copy paste.

Why this tool?

The official way requires to install packages and run multiple long shell command lines. This is a zero dependency pure go mini tool that is quick and easy to use.