diff options
Diffstat (limited to 'spec/rend-spec-v3/hidden-service-descriptors-encryption-format-hs-desc-enc.md')
| -rw-r--r-- | spec/rend-spec-v3/hidden-service-descriptors-encryption-format-hs-desc-enc.md | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/spec/rend-spec-v3/hidden-service-descriptors-encryption-format-hs-desc-enc.md b/spec/rend-spec-v3/hidden-service-descriptors-encryption-format-hs-desc-enc.md index 719d4fa..834aceb 100644 --- a/spec/rend-spec-v3/hidden-service-descriptors-encryption-format-hs-desc-enc.md +++ b/spec/rend-spec-v3/hidden-service-descriptors-encryption-format-hs-desc-enc.md @@ -1,6 +1,6 @@ <a id="rend-spec-v3.txt-2.5"></a> -## Hidden service descriptors: encryption format [HS-DESC-ENC] +## Hidden service descriptors: encryption format \[HS-DESC-ENC\] Hidden service descriptors are protected by two layers of encryption. Clients need to decrypt both layers to connect to the hidden service. @@ -12,7 +12,7 @@ and protects against entities that do not possess valid client credentials. <a id="rend-spec-v3.txt-2.5.1"></a> -### First layer of encryption [HS-DESC-FIRST-LAYER] +### First layer of encryption \[HS-DESC-FIRST-LAYER\] The first layer of HS descriptor encryption is designed to protect descriptor confidentiality against entities who don't know the public @@ -23,7 +23,7 @@ identity key of the hidden service. #### First layer encryption logic The encryption keys and format for the first layer of encryption are -generated as specified in [HS-DESC-ENCRYPTION-KEYS] with customization +generated as specified in \[HS-DESC-ENCRYPTION-KEYS\] with customization parameters: ```text @@ -31,8 +31,8 @@ parameters: STRING_CONSTANT = "hsdir-superencrypted-data" ``` -The encryption scheme in [HS-DESC-ENCRYPTION-KEYS] uses the service -credential which is derived from the public identity key (see [SUBCRED]) to +The encryption scheme in \[HS-DESC-ENCRYPTION-KEYS\] uses the service +credential which is derived from the public identity key (see \[SUBCRED\]) to ensure that only entities who know the public identity key can decrypt the first descriptor layer. @@ -64,7 +64,7 @@ Here are all the supported fields: "desc-auth-type" SP type NL -[Exactly once] +\[Exactly once\] ```text This field contains the type of authorization used to protect the @@ -138,7 +138,7 @@ Here are all the supported fields: <a id="rend-spec-v3.txt-2.5.1.3"></a> -#### Client behavior [FIRST-LAYER-CLIENT-BEHAVIOR] +#### Client behavior \[FIRST-LAYER-CLIENT-BEHAVIOR\] ```text The goal of clients at this stage is to decrypt the "encrypted" field as @@ -183,7 +183,7 @@ Here are all the supported fields: <a id="rend-spec-v3.txt-2.5.2"></a> -### Second layer of encryption [HS-DESC-SECOND-LAYER] +### Second layer of encryption \[HS-DESC-SECOND-LAYER\] The second layer of descriptor encryption is designed to protect descriptor confidentiality against unauthorized clients. If client authorization is @@ -199,7 +199,7 @@ does not offer any additional security, but is still used. #### Second layer encryption keys The encryption keys and format for the second layer of encryption are -generated as specified in [HS-DESC-ENCRYPTION-KEYS] with customization +generated as specified in \[HS-DESC-ENCRYPTION-KEYS\] with customization parameters as follows: ```text @@ -220,7 +220,7 @@ list of intro points etc. The plaintext has the following format: "create2-formats" SP formats NL -[Exactly once] +\[Exactly once\] ```text A space-separated list of integers denoting CREATE2 cell HTYPEs @@ -387,7 +387,7 @@ Other encryption and authentication key formats are allowed; clients should ignore ones they do not recognize. Clients who manage to extract the introduction points of the hidden service -can proceed with the introduction protocol as specified in [INTRO-PROTOCOL]. +can proceed with the introduction protocol as specified in \[INTRO-PROTOCOL\]. Compatibility note: At least some versions of OnionBalance do not include a final newline when generating this inner plaintext section; other @@ -396,7 +396,7 @@ newline. <a id="rend-spec-v3.txt-2.5.3"></a> -### Deriving hidden service descriptor encryption keys [HS-DESC-ENCRYPTION-KEYS] +### Deriving hidden service descriptor encryption keys \[HS-DESC-ENCRYPTION-KEYS\] In this section we present the generic encryption format for hidden service descriptors. We use the same encryption format in both encryption layers, @@ -439,7 +439,7 @@ Here is the key generation logic: <a id="rend-spec-v3.txt-2.5.4"></a> -### Number of introduction points [NUM_INTRO_POINT] +### Number of introduction points \[NUM_INTRO_POINT\] This section defines how many introduction points an hidden service descriptor can have at minimum, by default and the maximum: |