Comments (18)
You've filed this issue for whenever Tor implements a control-protocol method of setting private keys for hidden services? Or does such an option already exist? Presumably this could be done with a new option like HiddenServicePrivateKey or something that contained the key data.
Would a workaround not be to put the tor config -- or at least the hidden service dir -- in a ramdisk (encrypted, even)? Or in a file wrapped by a FUSE encrypted filesystem?
from txtorcon.
Hi Meejah,
yes, this ticket is for future reminder about all the projects that will require actions when the Tor ticket will get implemented.
The workaround you refer can work only with:
a) administrative privilege access (require kernel loading privileges)
b) touching kernel (require FUSE kernel module)
c) with high implementation complexity for cross-platform uses (a lot of different code from different platform)
The concept was to implement a generic method to load keys via Tor CP into Tor.
The pain is that it's required to make a TorCP change proposal, submit it, have review, then implement it., then have it reviewed.
from txtorcon.
Wait, i got an idea.
What if we make Txtorconn:
- generate TorHS key
- save them into an encrypted db (sqlite/sqlcipher)
- create a FIFO (or named pipe on windows) where TorHS key and "hostname" files should be
- when tor goes for reading it, it return the content extract from the db (sqlite/sqlcipher)
That way txtorconn would be able to provide an abstraction layer over the weak handling of TorHS keys, basically using mkfifo (fifo / named pipes) as a filesystem I/O bridge between txtorconn application logic (providing the TorHS key) and Tor binary.
So the TorHS private key will never be written to the filesystem in unencrypted format, like tor currently does.
What do you think, it's worth experimenting it?
from txtorcon.
On unix the standard os module os.mkfifo already does provide the facility to create FIFO:
http://docs.python.org/library/os.html
On windows is it possible to use python to create named pipes (windows equivalent of unix fifo):
http://stackoverflow.com/questions/2922185/python-os-mkfifo-for-windows/2922849#2922849
Additionally on Windows named pipes can be created with gnuwin32 utils mkfifo create named pipes: http://gnuwin32.sourceforge.net/packages/coreutils.htm
from txtorcon.
Example in using Named Pipes on Windows with Python for Wireshark captures http://wiki.wireshark.org/CaptureSetup/Pipes
from txtorcon.
Named pipes using Twisted http://twistedmatrix.com/pipermail/twisted-python/2003-May/004111.html
There's also txnamedpipes (for windows only, it looks like).
from txtorcon.
That ticket is blocked by defect https://trac.torproject.org/projects/tor/ticket/6044 as reported by meejah
from txtorcon.
what's going on is that file_status() returns FN_ERROR on FIFOs, and (even if it didn't) read_file_to_str() uses fstat() to figure out the size beforehand, which for FIFOs is 0. I am working on a patch for this, although I don't have a windows machine so don't know how to make it work there (or maybe it already will!).
The "no such file or directory" stuff from the pad is a red herring as that's leftover from other stat or open calls as tor starts up.
from txtorcon.
Will provide a windows machine to test integration with Windows Named Pipes both of Tor and Txtorcon patchset
from txtorcon.
On Tor there's someone that recently pushed a patch to be reviewed doing that feature for handling TorHs via TorCP: https://trac.torproject.org/projects/tor/ticket/6411#comment:6
from txtorcon.
I think this Tor Project ticket is related to this github issue:
https://trac.torproject.org/projects/tor/ticket/1949
Maybe we can together work on the little-t tor code changes... like we did last time!
from txtorcon.
Actually, see https://trac.torproject.org/projects/tor/ticket/6411 it seems there is other interest in this, and a patch in-progress to add controller commands to allow applications to directly add hidden-service keys they manage themselves.
There would be txtorcon work when 6411 is done: augmenting TorConfig to generate keys and use the new commands to add/remove these hidden services.
One open question would be whether it makes sense to have TorConfig.hiddenservices contain both "permanent" and "ephemeral" hidden services, or to have two lists...
from txtorcon.
@meejah I think that once the Tor-code to load with Tor CP is Ephemeral itself, TxTorCon shall provide ephemeral support for key too, leaving to the application logic the handling of the key material.
What would be useful, for sure, is the support for the key generation in a "safe enough" way, so the application can just ask TxTorCon to generate a new key or to load an existing one previously generated.
from txtorcon.
@fpietrosanti Hopefully generating RSA keys is well understood by this point. The format the WIP code expects is just a Base64 string containing the PKCS#1 style DER encoded private key, which is fairly ubiquitous (It's the text that appears between "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----" with the newlines stripped). As I noted in the bug, there's sample code at https://github.com/yawning/orkey that does this correctly (though Go provides both RSA key generation and an ASN.1 DER encoder as part of the runtime).
Open design questions (some mirrored from the tor side bug, though if people are talking here, I might as well ask again):
- "250 OK" is a bit terse as far as responses go. Should the onion service address be provided as well? (I'm somewhat inclined to think that this is an application problem, since the onion address is trivially derived from the private key).
- Should the ephemeral services disapear on config reload (Eg: SIGHUP?). The code in my branch will tear them all down, because that was the easiest thing to implement, but persisting them isn't much harder.
- (Long term) Authenticated HSes should be supported, but won't be in the initial revision. Someone should come up with a sane design for this (Tor bug 1949 indicates that people thought about this more than I have).
There's no particular rush from my side, since this missed the 0.2.6.x feature freeze date, and it will be a while before 0.2.7.x.
from txtorcon.
See branch https://github.com/meejah/txtorcon/tree/yawning-feature-6411 (yawning-feature-6411) which can be used along with @Yawning's branch for Tor's #6411 (https://trac.torproject.org/projects/tor/ticket/6411) to try all this out.
from txtorcon.
I am so happy! :-) we started looking at this issue in august 2012, with this branch released under Tor 0.2.7 it will finally become a reality!
Tnx @meejah and @Yawning !
from txtorcon.
@meejah has this feature been merged in txtorcon? As we're now finally considering using it in GlobaLeaks /cc @evilaliv3
from txtorcon.
Yes, you can pass keys directly to a new enough Tor with the ADD_ONION
command via EphemeralHiddenService
https://github.com/meejah/txtorcon/blob/master/txtorcon/torconfig.py#L906
The API will likely change slightly in 1.0 as I've unified all the various hidden-service options in that branch. But, nothing drastic.
from txtorcon.
Related Issues (20)
- attribute-error on python 3.9
- All of test.test_util is skipped HOT 1
- All of test.test_web skipped
- Many tests in test.test_endpoints.EndpointTests fail when calling `_tor_launcher` with incompatible arguments
- Hosting onion service log says .onion twice
- Three tests errors (test_attribute_access, test_other_bootstrap, and ProtocolIntegrationTests.test_with_arg) HOT 3
- v2 onion in repo metadata HOT 1
- update CI
- use unittest.mock instead of mock HOT 3
- Unable to install txsocksx with python 3 HOT 1
- There is a lingering ipaddress dependency declaration HOT 1
- 1 test fails: AttributeError: [...] does not have the attribute 'pwd'
- twisted.web Agent created by txtorcon should accept other Agent options
- Add support for Python 3.10 and 3.11
- Three unit tests are failing on Python 3.12
- When tor process exits unexpectedly tor.protocol.get_info hangs HOT 5
- Handle limits better HOT 1
- debian sid bug: 1060955
- cant gpg verefy 23.11.0 HOT 6
- Drop or declare dependency on six HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from txtorcon.