Simple tool to generate keypairs for onion service client auth (also known as
restricted discovery).
See Tor project doc.
Usage
❯ go run go.balki.me/onion-auth-gen@latest
private key : KPNW2PPM4EZRNUWYDXRYBUB2D5G73RLVQTELWBT7RDYELTOSBESA
public descriptor : descriptor:x25519:DBOQW4FQU6XFTELGIFTJCOK3S4NIV4H5LU64R2SJ3NF7VUEIOBHA
No go?
❯ docker run --rm golang go run go.balki.me/onion-auth-gen@latest
go: downloading go.balki.me/onion-auth-gen v0.1.0
private key : 2R7T75LJ2KRVNAXFDXJN4CNKSMAEQ22MDXWFPRL2TR2XUCV5LFMQ
public descriptor : descriptor:x25519:LXSR6HYCYJ7MDFY2AU2NQO4QQUSGJCHFEXZBIGYYZKPFMGZWPNVQ
Add public descriptor to the onion service server configuration and enter the
private key when prompted in the tor browser
FAQ
Why add client auth for onion service?
When you have an onion service for private use, adding client auth makes it
completely secure against DDOS even when the service's URL is leaked. Even if
you don't explicitly share the onion address, it can leak via HTTP Referrer
or Origin
headers or accidental copy paste.
The official way requires to install packages and run multiple long shell
command lines. This is a zero dependency pure go mini tool that is quick and
easy to use.