Getting Arti to connect to Restricted Discovery Onion Service (authenticated onion)

arti-onion-service.md

I couldn't find step by step instructions on how to do this, but after a bit of experimenting, this is how I got it working.

Please note: There is also a way to add keys generated in the ctor format (for that you'll need to look into arti.toml, specifically [[storage.keystore.ctor.clients]]), but I didn't manage to get this working.

1. Obtain arti's source code and cd into it
2. Generate a new client key

cargo run -p arti --all-features -- hsc key get --generate=if-needed --output - `
# the key gets stored on ~/data/keystore/client/<onion_address_without_TLD_OR_nickname>/ks_hsc_desc_enc.x25519_private

3. Place generated output in server's autorized_client
4. Start the proxy

cargo run -p arti -- proxy

5. In another terminal, connect to the onion address with:

curl —socks5-hostname localhost:9150 http://<onion_address>.onion 

References:

• Generating client onion keys (docs)
• Connecting to onion with arti (guide)

From the docs:

From C Tor to Arti

Partially works:

• Arti can use existing C Tor keys.
• Arti uses the SSH format.
• Migrating keys from C Tor to Arti's format is still not available, but
  needs to be implemented at some point, so Onion Service Operators can fully
  migrate their services to Arti.

Issue tracking progress on the conversion tooling is available at https://gitlab.torproject.org/tpo/core/arti/-/issues/860