add-client-auth.py

#!/usr/bin/env python3

import nacl.public

import base64
from stem.control import Controller


def base_32(key):
    # bytes to base 32
    key_bytes = bytes(key)
    key_b32 = base64.b32encode(key_bytes)
    # strip trailing ====
    assert key_b32[-4:] == b'===='
    key_b32 = key_b32[:-4]
    # change from b'ASDF' to ASDF
    s = key_b32.decode('utf-8')
    return s

def base_64(key):
    # bytes to base 64
    key_bytes = bytes(key)
    key_b64 = base64.b64encode(key_bytes)

    return key_b64.decode('utf-8')


def main():

    service_id = '44ft7pohbwid4vbsz5k3ku2kiptd4ijaffjr5oxdnoer7k6bak4qjbid'

    priv_key = nacl.public.PrivateKey.generate()
    pub_key = priv_key.public_key

    print('public (store on the onion service side):  %s' % base_32(pub_key))
    print('private (store in the client if doing manually on filesystem): %s' % base_32(priv_key))

    print('private base64 (was added to tor controller by Stem): %s' % base_64(priv_key))
    
    # Connect to tor controller provided by Tor Browser
    c = Controller.from_port(port=9051)
    c.authenticate()

    c.add_onion_client_auth(service_id=service_id, private_key_blob=base_64(priv_key), key_type='x25519')

    res = c.view_onion_client_auth(service_id)

    print ('The credentials stored in the Control port are %s' % res.client_auth_credential)

    c.remove_onion_client_auth(service_id)

    res = c.view_onion_client_auth(service_id)
    if not res.client_auth_credential:
       print ('The credentials for %s were removed' % service_id)

if __name__ == '__main__':
  main()