diff options
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/rend-spec/hsdesc-encrypt.md | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/spec/rend-spec/hsdesc-encrypt.md b/spec/rend-spec/hsdesc-encrypt.md index f267dcb..567637d 100644 --- a/spec/rend-spec/hsdesc-encrypt.md +++ b/spec/rend-spec/hsdesc-encrypt.md @@ -391,10 +391,15 @@ Followed by zero or more introduction points as follows (see section signing key. For "ntor" keys, certificate is a proposal 220 certificate - wrapped in "-----BEGIN ED25519 CERT-----" armor. The subject + wrapped in "-----BEGIN ED25519 CERT-----" armor. + + The subject key is the the ed25519 equivalent of a curve25519 public encryption key (`KP_hss_ntor`), with the ed25519 key - derived using the process in proposal 228 appendix A. The + derived using the process in proposal 228 appendix A, + and its sign bit set to zero. + + The signing key is the descriptor signing key (`KP_hs_desc_sign`). The certificate type must be [0B], and the signing-key extension is mandatory. @@ -406,6 +411,11 @@ Followed by zero or more introduction points as follows (see section encryption key `KP_hss_ntor` is already available from the `enc-key` entry. + ALSO NOTE: Setting the sign bit of the subject key + to zero makes the subjected unusable for verification; + this is also a mistake preserved for compatiblility withl + C tor. + "legacy-key" NL key NL [None or at most once per introduction point] |