diff options
author | David Goulet <dgoulet@torproject.org> | 2024-01-30 15:25:50 +0000 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2024-01-30 15:25:50 +0000 |
commit | 10a27eb83eb2b5c9cdb1476f7acad9f05e670f49 (patch) | |
tree | 5fefbc7c19dc91ef4a6678adafbb0617238439eb /spec/rend-spec | |
parent | a153707cc630e6d135c63c86d454750d6080edc6 (diff) | |
parent | 2b985949fa92656f7d28fab1525df84cc86e5b11 (diff) | |
download | torspec-10a27eb83eb2b5c9cdb1476f7acad9f05e670f49.tar.gz torspec-10a27eb83eb2b5c9cdb1476f7acad9f05e670f49.zip |
Merge branch 'arti_1221' into 'main'
rend-spec: Note that the subject key in enc-key-cert always has sign=0.
See merge request tpo/core/torspec!240
Diffstat (limited to 'spec/rend-spec')
-rw-r--r-- | spec/rend-spec/hsdesc-encrypt.md | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/spec/rend-spec/hsdesc-encrypt.md b/spec/rend-spec/hsdesc-encrypt.md index f267dcb..3e91172 100644 --- a/spec/rend-spec/hsdesc-encrypt.md +++ b/spec/rend-spec/hsdesc-encrypt.md @@ -391,10 +391,15 @@ Followed by zero or more introduction points as follows (see section signing key. For "ntor" keys, certificate is a proposal 220 certificate - wrapped in "-----BEGIN ED25519 CERT-----" armor. The subject + wrapped in "-----BEGIN ED25519 CERT-----" armor. + + The subject key is the the ed25519 equivalent of a curve25519 public encryption key (`KP_hss_ntor`), with the ed25519 key - derived using the process in proposal 228 appendix A. The + derived using the process in proposal 228 appendix A, + and its sign bit set to zero. + + The signing key is the descriptor signing key (`KP_hs_desc_sign`). The certificate type must be [0B], and the signing-key extension is mandatory. @@ -406,6 +411,11 @@ Followed by zero or more introduction points as follows (see section encryption key `KP_hss_ntor` is already available from the `enc-key` entry. + ALSO NOTE: Setting the sign bit of the subject key + to zero makes the subjected unusable for verification; + this is also a mistake preserved for compatiblility with + C tor. + "legacy-key" NL key NL [None or at most once per introduction point] |