4

I've been studying how Tor works - including the great QA "Why can a Tor exit node decrypt data, but not the entry node?".

I understand the concept of onion routing and multiple layers of encryption. My question is specifically how are the keys exchanged securely so the circuits can be built? This is touched on in that question but not actually answered.

It seems that you wouldn't want a bridge node to pass back the public key for an exit node since it would be easy to fake and break the anonymity.

Can you just assume that the public keys and IPs are listed in a directory and that they are picked from there? When I get privacy related questions like this I really don't want to hand wave away the details.

Tim Brigham
  • 3,762
  • 3
  • 29
  • 35
  • **Union** routing. That's why US Postal Service goes postal. – Deer Hunter Aug 20 '13 at 16:10
  • OP, are you looking for detailed explaining how the whole process happens (building the circuit and exchanging the keys) and what makes it secure? If yes, I might put some time to write a big one. – Adi Aug 23 '13 at 08:12
  • @Adnan not the circuit building so much - the post I linked to does a good job with that - but some additional details on how the key exchange process works would be much appreciated. – Tim Brigham Aug 23 '13 at 13:02

1 Answers1

2

Per the Wiki (emphasis mine):

To create and transmit an onion, the following steps are taken:

  1. The originator picks nodes from a list provided by a special node called the directory node (traffic between the originator and the directory node may also be encrypted or otherwise anonymised or decentralised); the chosen nodes are ordered to provide a path through which the message may be transmitted; this ordering of the nodes is called a chain or a circuit. No node within the circuit, except for the exit node, can infer where in the chain it is located, and no node can tell whether the node before it is the originator or how many nodes are in the circuit.

  2. Using asymmetric key cryptography, the originator uses the public key (obtained from the directory) of the first node in the circuit, known as the entry node, to send it an encrypted message, called a create cell,

The rest of the article appears to omit how the public keys for relay nodes are obtained. However, since the selection of all nodes for a given chain is done from the directory node, I'm pretty sure all public keys are taken from the directory node. Therefore the directory node (and your connection to it) must be trusted if you are to trust the public keys of any of the nodes in your Tor chain.

Iszi
  • 27,027
  • 18
  • 99
  • 163