[Feature Request] Key management for client authorization #426
Description
First of all: I know this was already discussed in #37 and rejected as "not planned", but I feel like the discussion got heavily sidetracked by hosting onion services on a phone, which is not related at all.
So to clarify: This is not about hosting an onion service on a phone. This is about being able to access a remote onion service that requires client authorization by providing the necessary key.
I am aware of the workaround described in #37 (comment) by using the Backup & Restore functionality. But it's rather cumbersome to do this for every individual key.
Examples
This is how it looks like in the desktop Tor Browser:
(Image source: https://support.torproject.org/tor-browser/features/onion-services/)
This is how it looks like in Orbot:
What is needed
For detailed info see: https://community.torproject.org/onion-services/advanced/client-auth/#:~:text=Client%20side
Configuration
The Tor config (torrc, or tor.conf) needs to specify ClientOnionAuthDir, preferably like this:
ClientOnionAuthDir /data/user/0/pan.alexander.tordnscrypt/app_data/tor/onion_auth
Key management
We need some sort of UI that allows the user to manage pairs <56-char-onion-addr-without-.onion-part> : <x25519 private key in base32>. Each of these pairs should result in a new file <user>.auth_private (where the <user> part is irrelevant and can be randomly generated or derived from the onion address) inside the /data/user/0/pan.alexander.tordnscrypt/app_data/tor/onion_auth directory, containing following data:
<56-char-onion-addr-without-.onion-part>:descriptor:x25519:<x25519 private key in base32>
For example:
rh5d6reakhpvuxe2t3next6um6iiq4jf43m7gmdrphfhopfpnoglzcyd:descriptor:x25519:ZDUVQQ7IKBXSGR2WWOBNM3VP5ELNOYSSINDK7CAUN2WD7A3EKZWQ