Skip to content

ranchimall/PrivateKeyToTOR

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Tor Keys Generator

A client-side, browser-only tool that generates a FLO blockchain keypair and deterministically converts it into a Tor v3 (.onion) hidden-service address — plus the actual key files Tor needs to run that service. No server, no backend, no data ever leaves your browser.

Because the onion address is derived directly from your FLO private key, the same WIF key always reproduces the same onion address. That means your FLO private key doubles as a portable backup for your hidden service: lose your server, recover your .onion identity anywhere just by re-entering the key.

What it does

  1. Generate — creates a brand-new FLO private key (WIF) and address in the browser using floCrypto.js.
  2. Convert — deterministically derives a Tor v3 Ed25519 keypair from that FLO key, and computes the matching .onion address, following the Tor hidden-service key/address spec.
  3. Recover — already have a FLO WIF key? Paste it in and the same .onion address and key files are regenerated instantly — no need to store the Tor keys separately.
  4. Deploy — download an OS-specific setup script (Linux, macOS, Windows) that installs Tor, writes the generated keys into the correct Tor data directory, updates torrc with the HiddenServiceDir / HiddenServicePort config, and starts the hidden service — all in one run. Or skip the automation and just download the raw hs_ed25519_secret_key / hs_ed25519_public_key / hostname files to configure Tor yourself.

How the conversion works

  1. The FLO WIF key is Base58-decoded to recover the raw 32-byte private key seed.
  2. That seed is expanded with SHA-512 following the standard Ed25519 key-derivation process, and the resulting scalar is clamped per the Ed25519 spec.
  3. tweetnacl's nacl.sign.keyPair.fromSeed derives the Ed25519 public key from the same seed.
  4. The public key is checksummed with SHA3-256 (.onion checksum + pubkey
    • version byte, per the Tor spec) and Base32-encoded into the final xxxxxxxx....onion address.
  5. The secret and public keys are written out in Tor's actual on-disk hs_ed25519_secret_key / hs_ed25519_public_key file format (with Tor's expected header bytes), so they can be dropped straight into a Tor data directory.

All of this happens client-side with tweetnacl (Ed25519) and js-sha3 (SHA3-256) — see the <script> includes in index.html.

Project structure

.
├── index.html          # UI: Generate / Recover tabs, key display, script downloads
├── assets/             # Icons, illustrations
├── css/                # Stylesheet
└── scripts/
    ├── floCrypto.js    # FLO keypair generation, WIF handling, address validation
    ├── lib.min.js      # FLO/Bitcoin-style base58 + key utilities (minified)
    └── components.min.js  # UI web components (sm-input, sm-copy, sm-form, sm-notifications)

External dependencies (loaded via CDN in index.html):

  • tweetnacl — Ed25519 signing/keypair generation
  • js-sha3 — SHA3-256 for the onion checksum

Usage

Run it

This is a static site — no build step, no server required.

git clone <this-repo>
cd tor-keys-generator

Then just open index.html in a browser, or serve the folder with any static file server, e.g.:

python3 -m http.server 8000

Generate a new identity

  1. Open the Generate tab.
  2. Click Generate New Keys — a FLO address and WIF private key are created in your browser.
  3. Save the private key somewhere safe. It's the only way to recover both your FLO identity and your Tor hidden service — it is never sent anywhere and can't be recovered if lost.
  4. Click Generate Tor Configuration to derive the onion address and unlock the setup-script downloads.

Recover an existing identity

  1. Open the Recover tab.
  2. Paste your existing FLO WIF private key.
  3. Click Recover & Download Keys — the same onion address and key files are deterministically regenerated.

Deploy the hidden service

From the results section, either:

  • Download the setup script for your OS (Linux .sh, macOS .sh, or Windows .bat) and run it. It will:
    • Install Tor (via apt, Homebrew, or the Tor Expert Bundle on Windows)
    • Create the hidden-service directory with the correct permissions
    • Write in your deterministic hs_ed25519_secret_key, hs_ed25519_public_key, and hostname
    • Add the HiddenServiceDir / HiddenServicePort block to torrc
    • Restart/launch Tor so the service goes live immediately
  • Or click Download Backup Keys to get the raw hs_ed25519_secret_key, hs_ed25519_public_key, and hostname files and wire them into your own Tor configuration manually.

By default the generated scripts point HiddenServicePort 80 at 127.0.0.1:8765. Edit the downloaded script before running it if your service listens on a different local port.

Security notes

  • Everything — key generation, Ed25519 derivation, and file creation — happens entirely client-side in the browser. Nothing is transmitted to any server.
  • Your FLO private key is your Tor hidden-service identity. Anyone with it can reproduce your .onion address and impersonate your service. Treat it like any other private key: never share it, and store it offline if possible.
  • The setup scripts write your Tor secret key to disk with restrictive permissions (chmod 600), but you're still responsible for the security of the machine running the hidden service.

Credits

Built on RanchiMall's floCrypto / FLO blockchain tooling, with Tor v3 onion address derivation implemented per the Tor Rendezvous Specification (rend-spec-v3).

About

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors