Output private/public keys to .der or .pem format

[nathancrawford]

I am not sure how difficult it is, but it would be great to implement this feature. Now, the output is 3 files hs_ed25519_public_key, hs_ed25519_secret_key and hostname. Is it possible also to add corresponding public/private keys in .der and/or pem format?

[cathugger]

Why would you want that? What would you use it for?

[nathancrawford]

@cathugger I would use it in other libraries/ programs (like openssl). Right now, they are in a format only Tor can understand.

[cathugger]

Can't openssl generate ed25519 keys on its own? Or you want them to have vanity fingerprint?

[nathancrawford]

That's right. I want to generate a private/public key pair with a nice name verycoolname***.onion and use those keys in openssl.

[cathugger]

But how would that even work? I mean, *.onion vanities only make sense in context of Tor Hidden Services... are you doing something like tor reimplementation? But even then it wouldn't make much sense, because private key format tor uses is fundamentally different than one specified in RFC8410 section 7.. so one just can't throw it into DER and call it a day.

[nathancrawford]

@cathugger Thank you very much for your clarification. So, it is impossible to do, right? Another working case I could think of is Sing/verify messages with public/private keys. So, an owner of someaddress***.onion can sign a message with his private key, and others can verify it with corresponding public key with some other program. This process is not really tor related but might be useful to verify that someone possess the private key of the address.

[cathugger]

Thanks for clarifying why you wanted it.
It is possible to encode public key in DER/PEM, and it IS possible to use tor' private key format if library support is provided (though it's sorta hard to find ready-to-use libraries for python for example. tor' test suite may have it working I think..).
So it's theoretically possible to have something like what you're thinking working but is isn't very obvious.
However I have feeling it would be easier to quickly make something in golang what could convert public keys from tor' format to DER/PEM. DER handling is pain in C.
If message signing is desired, golang' ed25519 package doesn't provide possibility to use format tor uses so would need to fork that...

[cathugger]

Edit: below message is a lie.

It would make sense to shill something like this to onionbalance v3 peeps, because right now they use stuff incompatible with mkp224o so one can't generate v3 vanity key easily if using onionbalance.

[cathugger]

Previous message is sorta lie I guess, as apparently (at least now) onionbalance supports v3 private keys just fine.
From documentation:

If you need to migrate an already existing Tor onion service to Onionbalance, you can use the key directive of the Onionbalance YAML config file to point to the onion service’s private key (hs_ed25519_secret_key). You can then use your existing onion service’s address as your frontend’s address.

[brig371]

As this topic is more active than my with question and it is kinda related, may I ask it here also?

I run mkp224o with -y parameter, which shows hostname and keys in terminal and do not create files in folder.

To use my vanity onion I need those files in my tor hidden service folder.

I look in default hs_ed25519_public_key and hs_ed25519_secret_key files and there are some strange characters, not like in terminal output with mkp224o.

I tried to paste there public and private key from terminal, but it do not work.

How do I convert terminal output of keys to create files?