aboutsummaryrefslogtreecommitdiff
path: root/spec/rend-spec/encrypting-user-data.md
diff options
context:
space:
mode:
Diffstat (limited to 'spec/rend-spec/encrypting-user-data.md')
-rw-r--r--spec/rend-spec/encrypting-user-data.md19
1 files changed, 19 insertions, 0 deletions
diff --git a/spec/rend-spec/encrypting-user-data.md b/spec/rend-spec/encrypting-user-data.md
new file mode 100644
index 0000000..fdf1a30
--- /dev/null
+++ b/spec/rend-spec/encrypting-user-data.md
@@ -0,0 +1,19 @@
+<a id="rend-spec-v3.txt-5"></a>
+
+# Encrypting data between client and host
+
+A successfully completed handshake, as embedded in the
+INTRODUCE/RENDEZVOUS messages, gives the client and hidden service host
+a shared set of keys Kf, Kb, Df, Db, which they use for sending
+end-to-end traffic encryption and authentication as in the regular
+Tor relay encryption protocol, applying encryption with these keys
+before other encryption, and decrypting with these keys before other
+decryption. The client encrypts with Kf and decrypts with Kb; the
+service host does the opposite.
+
+As mentioned
+[previously](./introduction-protocol.md#INTRO-HANDSHAKE-REQS),
+these keys are used the same as for
+[regular relay cell encryption](../tor-spec/routing-relay-cells.md),
+except that instead of using AES-128 and SHA1,
+both parties use AES-256 and SHA3-256.
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion