I've been studying how Tor works - including the great QA "Why can a Tor exit node decrypt data, but not the entry node?".
I understand the concept of onion routing and multiple layers of encryption. My question is specifically how are the keys exchanged securely so the circuits can be built? This is touched on in that question but not actually answered.
It seems that you wouldn't want a bridge node to pass back the public key for an exit node since it would be easy to fake and break the anonymity.
Can you just assume that the public keys and IPs are listed in a directory and that they are picked from there? When I get privacy related questions like this I really don't want to hand wave away the details.