cryptography - How to verify a .Onion domain against a private key -


i working on project sell .onion (tor) domain names. process of generating domains similar mining bitcoins - rsa private keys generated en mass , if 1 randomly matches in wordlist - gets saved off somewhere , added database.

the problem here still slow process solo - in order me try , make collaborate exercise - want create online api / rest api allow people upload domains , private keys them sell on site.

the problem - don't quite know how verify domain name against private key.

eg: providing domain like

abcdabcdabcdabcd.onion

and key be: -----begin rsa private key----- miicxqibaakbgqcb+wlpxr8voujsycefspx+lfb3jorw9qlh1n38itqvms0rytcb +c7hfyqh2f8z67lobwvveyct51ykhb8n3alumyif3oxglmqjumifqmkfrylexzpj lepreb7+kmel9sx1sl4a2z0qjl4501ij0t5c3cdemovuqbpbttpuubj1rqieztiy aqkbgbwwdemoykaso17xjruf32cdyjcdktkj1glwrohxreo68j+74dqf55rnoyl/ 4okfjuma2wjjjasvrmvibd79vni3eb9mfnzdemoya6eiyo1vdemozenfrszkpgej vochbdig/flzscksademoeauauq3w8669du4fro9/al+1iudhakeay+kbk8hfso8z uttdlslt8//l+nbemmwf/i588egyywuupuvjd5xv6isadmdecjew/xf4wja5c91n lcfb/lxhsqjbampz2fzcupykhk6jretsyoq0ivqco5pn/0qwtwrubkrexnnvbyy+ uco2ocfrwsmvk4luwpgict5qw10bzfl8vducqatuv/s0znc+demow/7p5ojk5hwa +hrhcf5avw1aoqysgs0e9v+qdyijrbkg/bdemod00bttv9a9h3pofrm+demoqf2t lgqybgdemozbe+pgebfb6swkfx9px7+pnnsbk+mld6pryldfq2demor/cy4jqdya oyx51snwumjzkygemeucqqc8i6b3e06b9+++ngademo9f5khldr1wwsqqnnccdx5 n5vnlhj/0dgximm/bp1zpuk4/bmvkjnyd7d8zuz2cpor -----end rsa private key-----

could point me in direction of .net code can take private key, , verify domain provided authentic? https://github.com/lachesis/scallion github project (one of tools use - has code 'generate' domains , private keys - not sure how perform verification after fact)

never got answer this, did find way, using scallions on source code verify private key against onion address.

rsawrapper rsawrapper = new rsawrapper("d:\\pk.txt"); console.writeline(rsawrapper.onionhash);

not ideal - requires private key. inside rsawrapper - unsafe code 'something' public key determine der encoded value. important part of getting onion address.

public string onionhash         {             {                 return tobase32str(this.get_der_hash(),10);             }         }  private byte[] get_der_hash()         {             var sha1 = new system.security.cryptography.sha1managed();             return sha1.computehash(this.der);             //return tobase32str(hash);         }   public byte[] der {             {                 byte[] der;                 int buf_size = rsa.size + 100;                 int size = 0;                 unsafe // must better way this!                 {                     intptr hglob = marshal.allochglobal(buf_size);                     void* ptr = hglob.topointer();                     void** ptr2 = &ptr;                      size = native.i2d_rsapublickey(rsa.handle, (byte**)ptr2);                     if(size > buf_size)                         throw new indexoutofrangeexception("der large!");                      der = new byte[size];                     marshal.copy(hglob,der,0,size);                     marshal.freehglobal(hglob);                 }                 return der;             }         }

edit - woot : looks rsawrapper class cohesive , modular. able copy out - needs access openssl library, , has rsa.frompublickey(string s); method creating rsa.

so now, able do

    rsawrapper rsawrapper = new rsawrapper("d:\\pubkey.txt", true);     console.writeline(rsawrapper.onionhash);

took few months - got better answer set out get. can take public keys, , verify onion address matches public key. verify ownership of onion address, without risk of having send private key across network.


Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

node.js - Custom Model Validator SailsJS -

when using custom model validator checks record within model. return within spread doesn't seem end control flow. //post.js model /** * custom validator **/ types: { isuservalid: function(user_id) { var promise = require('bluebird'); promise.all([ user.findone({id: user_id}) ]) .spread(function(user) { console.log(user); if (user === null || user === undefined) { console.log('failed'); return false; }else{ console.log('passed'); return true; } }); } }, my response standard validation failed response. { "error": "e_validation", "status": 400, "summary": "1 attribute invalid", "model": "post", "invalidattributes": { "owner": [ { "rule": "isuservalid", ...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more