## translation metadata
# Revision: $Revision$
# Translation-Priority: 3-low
#include "head.wmi" TITLE="Tor: Hidden Service Protocol" CHARSET="UTF-8"
<div id="content" class="clearfix">
<div id="breadcrumbs">
<a href="<page index>">Home » </a>
<a href="<page docs/documentation>">Documentation » </a>
<a href="<page docs/hidden-services>">Hidden Services</a>
</div>
<div id="maincol">
<h2>Tor: Hidden Service Protocol</h2>
<hr>
<p>
Tor makes it possible for users to hide their locations while offering
various kinds of services, such as web publishing or an instant
messaging server. Using Tor "rendezvous points," other Tor users can
connect to these hidden services, each without knowing the other's
network identity. This page describes the technical details of how
this rendezvous protocol works. For a more direct how-to, see our <a
href="<page docs/tor-hidden-service>">configuring hidden services</a>
page.
</p>
<p>
A hidden service needs to advertise its existence in the Tor network before
clients will be able to contact it. Therefore, the service randomly picks
some relays, builds circuits to them, and asks them to act as
<em>introduction points</em> by telling them its public key. Note
that in the following figures the green links are circuits rather
than direct connections. By using a full Tor circuit, it's hard for
anyone to associate an introduction point with the hidden server's IP
address. While the introduction points and others are told the hidden
service's identity (public key), we don't want them to learn about the
hidden server's location (IP address).
</p>
<img alt="Tor hidden service step one" src="$(IMGROOT)/THS-1.png">
# maybe add a speech bubble containing "PK" to Bob, because that's what
# Bob tells to his introduction points
<p>
Step two: the hidden service assembles a <em>hidden service
descriptor</em>, containing its public key and a summary of each
introduction point, and signs this descriptor with its private key.
It uploads that descriptor to a distributed hash table. The descriptor will be
found by clients requesting XYZ.onion where XYZ is a 16 character
name that can be uniquely derived from the service's public key. After
this step, the hidden service is set up.