prop224: Implement offline keys for v3 onion services
Prop224 is designed to support offline master keys for v3 onion services, a great functionality that has many advantages and becomes more and more discussed in threat models. Logging this ticket now to keep track of it, even if it's not urgent at the moment.
This is what seams to be needed at first look (might end up as child tickets to this one):
Implement temporary keys + certificates signed by master onion service key with limited validity for v3 onion services.
Implement a small utility tool in Tor so that users can create such onion service keys offline, similar to
tor --keygenfor relays, with a secondary argument of
--keylifetimewhich defaults to 30 days but can be changed to any value user prefers.
Implement torrc option
HiddenServiceOfflineKey 0|1(that defaults to 0) so Tor will know it must not try to generate the onion service master key if missing from disk, or even look for it.
Most of the logic and behavior from ed25519 offline master key for relays should be applied at these first 3 points as well.
- Implement mnemonic seed backup for onion service master key, so the same private key can be restored using a string of words that produce the same parameters for the curve. This is simple and widely tested/implemented for secp256k1, and implementing for our needs and threat model is simple and totally worth it from user experience perspective.