As required by CABForum guidelines, CAs must include the hash of an ASN.1 
SubjectPublicKey of the .onion service. For example, 
https://crt.sh/?id=3526088262 shows the SHA256 of the public key of 
archivev3qli37bju4rlh27glh24lljyezwxf4pokmrdbpefjlcrp5id.onion is 

Since this a v3 address, it is not difficult to extract the public key from 
.onion domain. Below is the hexdump of hs_ed25519_public_key

3d 3d 20 65 64 32 35 35  31 39 76 31 2d 70 75 62
6c 69 63 3a 20 74 79 70  65 30 20 3d 3d 00 00 00
04 44 74 54 95 dc 16 8d  fc 29 a7 22 b3 eb e6 59
f5 c5 ad 38 26 6d 72 f1  ee 53 22 30 bc 85 4a c5

So the public key (32 bytes long) is just the last two lines of the hexdump, 
and we can generate the public_key.pem from it, which is

-----END PUBLIC KEY-----

We can also convert it to DER ($ openssl pkey -pubin -outform DER -out 
public_key.der), and here comes the problem: I tried to hash the DER file, and 
I got 141dcca6fea50f1c9f12c7150ca157a8e6e7bf7e79a6eb6f592a6235ab57ce23, which 
is different from what I see in DigiCert's certificate. Any ideas why this 

Also, since the support of v2 .onion address will be removed from the Tor code 
base on July 15th, 2021 and v3 .onion address contains the full public key, I 
think it is meaningless to have extension after that.

dev-security-policy mailing list

Reply via email to