Skip to content

Move onion authentication key management to the browser level

Currently the tor process handles the persistent storage of onion authentication keys. These are saved under Browser/TorBrowser/Data/Tor/onion-auth/.

Eventually, we will want Tor Browser to switch between tor providers, which will require the saved onion keys being accessible to the browser.

Therefore, we should:

  1. Create an in-browser manager for onion keys, which can pass on session-only keys to the tor provider during initialisation. This manager can also be used as an interface for android integration in #31672 (moved).
  2. Perform a one-off migration: extract the current onion authentication keys from the tor process, or onion-auth/, and save them to browser storage instead.

/cc @pierov @morgan

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information