mig5/gist:2e95a3fbe157e1f78764f7a718bf93b9

## gistfile1.txt
#!/usr/bin/env python3
import base64
import threading

from http.server import BaseHTTPRequestHandler, HTTPServer

from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography.hazmat.primitives import serialization

from stem.control import Controller

class RequestHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        # Send response status code
        self.send_response(200)

        # Send headers
        self.send_header('Content-type','text/html')
        self.end_headers()

        self.wfile.write(bytes("<html><head><title>Hello, world.</title></head><body><p>Hello, world.</p></html>","utf-8"))
        return


def start_http():
    print("http service: http://127.0.0.1:8080/")
    print("")
    httpd = HTTPServer(('127.0.0.1', 8080), RequestHandler)
    httpd.serve_forever()


def main():
    # Start the http server
    t = threading.Thread(target=start_http)
    t.start()

    # Connect to tor controller provided by Tor Browser
    c = Controller.from_port(port=9051)
    c.authenticate()

    key_type = "NEW"
    key_content = "ED25519-V3"

    print("starting onion service with: key_type='{}', key_content='{}'".format(key_type, key_content))
    res = c.create_ephemeral_hidden_service(
      { 80: 8080 },
      await_publication=True,
      key_type=key_type,
      key_content=key_content
    )
    print("http://{}.onion/".format(res.service_id))
    print("")

    priv_key = Ed25519PrivateKey.generate()
    pub_key = priv_key.public_key().public_bytes(
        encoding=serialization.Encoding.Raw,
        format=serialization.PublicFormat.Raw
    )

    keyblob = priv_key.private_bytes(
        encoding=serialization.Encoding.Raw,
        format=serialization.PrivateFormat.Raw,
        encryption_algorithm=serialization.NoEncryption()
    )
    base64_keyblob = base64.b64encode(keyblob).decode('utf-8')
    base32_keyblob = base64.b32encode(keyblob).decode('utf-8')
    base32_pubkeyblob = base64.b32encode(pub_key).decode('utf-8')

    print('private base64: %s' % base64_keyblob)

    # These would be stored client side (i.e in TB)
    print('public base32:  %s' % base32_pubkeyblob)
    print('private base32: %s' % base32_keyblob)

    # Commented out as Stem support for ONION_CLIENT_AUTH_ADD is in my own private Stem feature branch for now.
    # But the behaviour is the same (my feature to Stem is returning a 250 OK)
    #
    # Instead, connect to a control port with telnet and run ONION_CLIENT_AUTH_ADD $service_id $base64_keyblob
    # and you'll get a 250 OK, but the onion is still directly accessible in Tor Browser without the client auth
    # added
    #c.add_onion_client_auth(service_id=res.service_id, private_key_blob=base64_keyblob, key_type='x25519')

if __name__ == '__main__':
  main()
	#!/usr/bin/env python3
	import base64
	import threading

	from http.server import BaseHTTPRequestHandler, HTTPServer

	from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
	from cryptography.hazmat.primitives import serialization

	from stem.control import Controller

	class RequestHandler(BaseHTTPRequestHandler):
	def do_GET(self):
	# Send response status code
	self.send_response(200)

	# Send headers
	self.send_header('Content-type','text/html')
	self.end_headers()

	self.wfile.write(bytes("<html><head><title>Hello, world.</title></head><body><p>Hello, world.</p></html>","utf-8"))
	return


	def start_http():
	print("http service: http://127.0.0.1:8080/")
	print("")
	httpd = HTTPServer(('127.0.0.1', 8080), RequestHandler)
	httpd.serve_forever()


	def main():
	# Start the http server
	t = threading.Thread(target=start_http)
	t.start()

	# Connect to tor controller provided by Tor Browser
	c = Controller.from_port(port=9051)
	c.authenticate()

	key_type = "NEW"
	key_content = "ED25519-V3"

	print("starting onion service with: key_type='{}', key_content='{}'".format(key_type, key_content))
	res = c.create_ephemeral_hidden_service(
	{ 80: 8080 },
	await_publication=True,
	key_type=key_type,
	key_content=key_content
	)
	print("http://{}.onion/".format(res.service_id))
	print("")

	priv_key = Ed25519PrivateKey.generate()
	pub_key = priv_key.public_key().public_bytes(
	encoding=serialization.Encoding.Raw,
	format=serialization.PublicFormat.Raw
	)

	keyblob = priv_key.private_bytes(
	encoding=serialization.Encoding.Raw,
	format=serialization.PrivateFormat.Raw,
	encryption_algorithm=serialization.NoEncryption()
	)
	base64_keyblob = base64.b64encode(keyblob).decode('utf-8')
	base32_keyblob = base64.b32encode(keyblob).decode('utf-8')
	base32_pubkeyblob = base64.b32encode(pub_key).decode('utf-8')

	print('private base64: %s' % base64_keyblob)

	# These would be stored client side (i.e in TB)
	print('public base32: %s' % base32_pubkeyblob)
	print('private base32: %s' % base32_keyblob)

	# Commented out as Stem support for ONION_CLIENT_AUTH_ADD is in my own private Stem feature branch for now.
	# But the behaviour is the same (my feature to Stem is returning a 250 OK)
	#
	# Instead, connect to a control port with telnet and run ONION_CLIENT_AUTH_ADD $service_id $base64_keyblob
	# and you'll get a 250 OK, but the onion is still directly accessible in Tor Browser without the client auth
	# added
	#c.add_onion_client_auth(service_id=res.service_id, private_key_blob=base64_keyblob, key_type='x25519')

	if __name__ == '__main__':
	main()