halo

package module
v0.0.0-...-d35f926 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 25, 2025 License: MIT Imports: 10 Imported by: 0

README

Halo

minimal forgiving key recovery, in python or go.

you and a friend agree on a public file, and a codeword.

you can then reliably generate the onion address (that either of you can host or visit).

for reliability sake you should have two codewords (and possibly two files):

  • theirs, that they run and you visit
  • yours, that you run and they visit

or you just want to know their site that they run.

Problem: the python implementation doesn't match the go one. tried pynacl, pycryptography, & pycryptodome.

algorithm:

  • seed = PBKDF2(file,codeword,1_000_000,HMAC_SHA3_256)
  • hmac512 & clamp bits
  • write out as onion private key

using

# installing go 1.24:
wget https://go.dev/dl/go1.24.4.linux-arm64.tar.gz
sudo tar -C /usr/local -xzf go1.24.4.linux-arm64.tar.gz
echo "export PATH=\$PATH:/usr/local/bin/go:~/go/bin" >> .bashrc
bash
# installing tor, and caddy (optional)
sudo apt install tor caddy -y

# installing halo:
go install codeberg.org/risottobias/halo@latest

# generating a site:
halo -sourcefile YOURFILE -codeword "yourcodeword" -destination site

# moving the files so tor can use them:
sudo su root
mv site/* /var/lib/tor/hello
chown -R debian-tor:debian-tor /var/lib/tor/hello
chmod 700 /var/lib/tor/hello
echo "HiddenServiceDir /var/lib/tor/hello" >> /etc/tor/torrc
echo "HiddenServicePort 80 127.0.0.1:80" >> /etc/tor/torrc
service tor restart

# running some kind of site
# in this example, a static server.
sudo su root
# a starter /etc/caddy/Caddyfile is:
cat << EOF > /etc/caddy/Caddyfile
:80 {
	root * /usr/share/caddy
	file_server
}
EOF
service caddy restart

Problem:

for a brief second I had python and go generating the same seed + public key (for some weird reason), and NOT generating the same private key. so, it was making the same .onion folder but not the right secret_key file.

like... it was only writing out the first bits to the private one for py, and for go it was a little longer.

trying to get it so the two implementations create the same hidden dir.

example data:

./halo -dest data/go -source LICENSE -codeword "867-5309"
2b6c0ae69d79e47ea200a8d3c2276753e9e0d6c6f6aa92c81a6f924966653074
7gql4didvmbrop2ay7s7i5izd7n6auivbpukfpdexq6fzhackifwrrad.onion
f9a0be0d03ab03173f40c7e5f475191fdbe051150be8a2bc64bc3c5c9c02520b
b02b235b151138542a796d1d24031592b284589bfc74f1865456c5a44b04a0433cb8398655e9c28e0037f8d4627ca5fd0f0028505c7648d15a7008ac764d2bb8

python3 main.py -source LICENSE -codeword "867-5309" -dest data/py
2b6c0ae69d79e47ea200a8d3c2276753e9e0d6c6f6aa92c81a6f924966653074
pmhjmgerh5klroovoxtdibbjd3ffofj2fk3eqvxymb3tfrachg4phcid.onion
7b0e9618913f54b8b9d575e63404291eca57153a2ab64856f8607732c40239b8
b02b235b151138542a796d1d24031592b284589bfc74f1865456c5a44b04a043

testing:

go build; ./halo -destination data/go -sourcefile LICENSE -codeword "867-5309"
python3 main.py -destination data/py -sourcefile LICENSE -codeword "867-5309"

you're on the right track if they make the same .onion folder.

you're defininitely done if the keys match.

diff data/go/*/hs_ed25519_secret_key data/py/*/hs_ed25519_secret_key

visiting a site:

ls dest/go
# visit that URL if your friend is running that site

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Full 

func Full(sourcefile, destination, codeword string) ([]byte, string, bineed.PrivateKey, bineed.PublicKey)

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.