blob: 4a1d94b85b8f9857307e7722e163de2765752bb6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
# Onion CSR
A tool that generates Certificate Signing Requests (CSRs) for v3 `.onion`
addresses, see Appendix B(2) in the [CA/Browser Forum Baseline Requirements][].
[CA/Browser Forum Baseline Requirements]: https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.7.4.pdf
## Status
Working prototype, please try it and report issues on IRC/Matrix or [GitLab][].
[GitLab]: https://gitlab.torproject.org/tpo/onion-services/sauteed-onions/onion-csr
## Quick start
You will need a Go compiler (version 1.18 or later). If it is not packaged as
part of your distribution, see [how to download and install Go][].
[how to download and install Go]: https://go.dev/doc/install
### Install
$ go install sauteed-onions.org/onion-csr@latest
### Usage
$ onion-csr -h
Usage:
onion-csr -h
onion-csr -d HS_DIR -n NONCE
Options:
-h, --help: Output usage message and exit
-d, --hs-dir: Path to hidden service directory
-n, --ca-nonce: Nonce provided by a certificate authority in hex
Note that the above UI is intentionally backwards-compatible with HARICA's
[onion-csr][] tool. The main difference is that HARICA's tool is in Ruby+C.
[onion-csr]: https://github.com/HARICA-official/onion-csr
### Example
Below is an example for the CA-provided nonce `0123456789` and an onion service
that has its `hs_ed25519_secret_key` file stored in `/var/lib/tor/mysite`.
$ onion-csr -n 0123456789 -d /var/lib/tor/mysite
-----BEGIN CERTIFICATE REQUEST-----
MIIBCDCBuwIBADAAMCowBQYDK2VwAyEABu7tFhSrDtml3vbLzXehfJVKOfyEae9e
mRMsUa+FMi2ggYcwWgYJKoZIhvcNAQkOMU0wSzBJBgNVHREEQjBAgj5hM3hvMmZx
dXZtaG50am82NjNmNDI1NWJwc2t1dW9wNHFydTY2eHV6Y213ZmRsNGZnaXd0M3Vp
ZC5vbmlvbjARBgRngQwpMQkwBwQFASNFZ4kwFgYEZ4EMKjEOMAwECswNE8rAq09k
Tv8wBQYDK2VwA0EAzTog3GjzGuzmlpDViTB35ZQiISpKfHWpTA4/F00FCrEapEu6
Eec4yJx9kNXOBxa1pZxKF6DchnmfWM3YsOqaDg==
-----END CERTIFICATE REQUEST-----
If you'd like to view the above in ASCII, save it as `csr.pem` and try:
$ openssl req -in csr.pem -noout -text
Certificate Request:
Data:
Version: 1 (0x0)
Subject:
Subject Public Key Info:
Public Key Algorithm: ED25519
ED25519 Public-Key:
pub:
06:ee:ed:16:14:ab:0e:d9:a5:de:f6:cb:cd:77:a1:
7c:95:4a:39:fc:84:69:ef:5e:99:13:2c:51:af:85:
32:2d
Attributes:
2.23.140.41 :unable to print attribute
2.23.140.42 :unable to print attribute
Requested Extensions:
X509v3 Subject Alternative Name:
DNS:a3xo2fquvmhntjo663f4255bpskuuop4qru66xuzcmwfdl4fgiwt3uid.onion
Signature Algorithm: ED25519
Signature Value:
99:dd:d4:0d:b5:27:0a:17:ab:73:45:a7:84:ff:cb:87:c1:33:
75:7d:a1:e2:7b:29:a9:d1:08:a8:5d:1c:91:26:01:e5:b7:92:
c0:1e:b5:14:32:85:53:b4:04:7c:6c:22:95:21:01:6d:3b:16:
48:23:c4:ca:80:7b:c3:c8:07:0d
## Contact
- GitLab: [issue board][]
- IRC: room #sauteed-onions at OFTC.net
- Matrix: room [#sauteed-onions][] (which is bridged with IRC)
[issue board]: https://gitlab.torproject.org/tpo/onion-services/sauteed-onions/onion-csr/-/issues
[#sauteed-onions]: https://app.element.io/#/room/#sauteed-onions:matrix.org
## Licence
BSD 2-Clause License
|