Onion address components

How exactly is the onion adress created? i mean what are its components?
I know, that the adress is derived from the public key of the server or is the domain the key, but this would not make any sense 2 me.

onion_address = base32(PUBKEY | CHECKSUM | VERSION) + ".onion"
CHECKSUM = H(".onion checksum" | PUBKEY | VERSION)[:2]

       - PUBKEY is the 32 bytes ed25519 master pubkey of the hidden service.
       - VERSION is a one byte version field (default value '\x03')
       - ".onion checksum" is a constant string
       - CHECKSUM is truncated to two bytes before inserting it in onion_address



If you want to understand how onion services work, read this page: Tor Project | How do onion services work?

thx, i didnt now about this page.

" The onion service upload that signed descriptor to a distributed hash table , which is part of the Tor network, so that clients can also get it. It uses an anonymized Tor circuit to do this upload so that it does not reveal its location."
The hash table is hold by the HSDirs, right? And the client then gets the descriptor from the HSDirs?

Yes… but it’s a distributed hash table, so one HSDir can’t see all onion addresses. And, actually, nowaways, with v3 onion services, they don’t even know which onion services clients are requesting. Read this blog post section about Privacy improvements in V3.

1 Like