December 30, 2019

Guide: create a vanity .onion web address - learn how to import and export

Create a vanity .onion web address, how to import and export private keys, transferring your address to another server.

Following on from - Guide: host your own .onion site using nginx and Tor

This guide will be in 2 parts; first we learn how to create a vanity .onion address. Second we transfer this address to another server.

Unfamiliar with the inner workings of Tor? Read here

For demonstration purposes, we have two servers - WebonTor & NewTor.
Simple enough to differentiate.

First section - Over to the terminal

With Tor and nginx already configured. Let's proceed to create a vanity .onion address.

Install gcc, libsodium-dev, make, autoconf - the relevant packages required

apt install -y git gcc libsodium-dev make autoconf

Use mkp2240 (to produce v3 addresses) and eschalot (to produce v2 addresses)

Fun fact: After various tests, I found mkp2240 much quicker - with the contributors regularly releasing commits. Kudos to the contributors, show some love.

For demonstration purposes. we'll create a vanity v3 address, let's proceed installing mkp2240

cd ~ && git clone 

Now enter the directory. It's time to get stuck in

cd mkp224o 

Configure the script


Please read OPTIMISATION.txt  - No one likes wasted CPU cycles.

On our AMD processors  - ./configure --enable-amd64-51-30k --enable-intfilter
If you're unsure on system hardware, kernel capabilities, please proceed with default


Recompile and make this installation yours.. (oh, what a pun!)


Before proceeding, generating a .onion address can be CPU intensive. Please avoid running this on VPS infrastructure without dedicated CPU.

For demo purposes we're using top-notch AMD EPYC.

Important - keep keywords simple, aim for less than 6 letters to produce (without consuming too many biscuits, waiting..)



Usage: ./mkp224o filter [filter...] [options]
       ./mkp224o -f filterfile [options]
-h  - print help to stdout and quit
-f  - specify filter file which contains filters separated by newlines
-D  - deduplicate filters
-q  - do not print diagnostic output to stderr
-x  - do not print onion names
-v  - print more diagnostic data
-o filename  - output onion names to specified file (append)
-O filename  - output onion names to specified file (overwrite)
-F  - include directory names in onion names output
-d dirname  - output directory
-t numthreads  - specify number of threads to utilise 
-j numthreads  - same as -t
-n numkeys  - specify number of keys (default - 0 - unlimited)
-N numwords  - specify number of words per key (default - 1)
-z  - use faster key generation method; this is now default
-Z  - use slower key generation method
-B  - use batching key generation method (>10x faster than -z, experimental)
-s  - print statistics each 10 seconds
-S t  - print statistics every specified ammount of seconds
-T  - do not reset statistics counters when printing
-y  - output generated keys in YAML format instead of dumping them to filesystem
 -Y [filename [host.onion]]  - parse YAML encoded input and extract key(s) to filesystem
-p passphrase  - use passphrase to initialize the random seed with
-P  - same as -p, but takes passphrase from PASSPHRASE environment variable

We used: ./mkp224o chownio -t 40 -B -v -n 1 -d ~/onions

Filters for "chownio"
-t 40 - uses 40 threads
-B uses batching key generation (experimental)
-v shows diagonstic data
-n amount of keys produced (1)
-d directory to store

Take the time to understand. Generic, not so harsh version:

./mkp224o YOURPREFIX -t 4 -v -n 4 -d ~/onions

Flick the kettle on. While you wait, hop on our new Tor address for demo and fun (woo!)

That's a mouthful, however native to chown (enough puns!)

Once complete cd into ~/onions

cd ~/onions
ls -al

Here's an example of the contents

cd blahhblahhblah.onion && ls -al

We need to transfer the folder to NewTor -
Here's a visual showing SFTP

Second section - on NewTor configure Tor (damn, they're just coming to me!)
Here's a guide to host your own .onion site using nginx and Tor

Okay, now we're configured. Let's proceed to change the .onion web address

It's good practice to stop Tor communicating during the switch-over

service tor stop

Allow 30 seconds for Tor to softly close connections

ps aux | grep tor

Perfect! Great work. I'm curious, did you have a biscuit while you waited for your ideal vanity address? We're nearly at the end.. go grab another, once we've finished.

Let's transfer the contents of the blahhblahhblah.onion folder.
For purposes of demonstration we are placing files within:

cd /var/lib/tor/nginx

Check folder contents

ls -al

Rectify the permission issues. We need to chown and chmod.
If you enjoy learning - understand the difference in permissions using this clever calculator

chown debian-tor:debian-tor hostname hs_ed25519_public_key hs_ed25519_secret_key

Now -  chmod please! General rule for Tor - 700 for folders, 600 for files

chmod 600 hostname hs_ed25519_public_key hs_ed25519_secret_key

Confirm success:

ls -al

Now to configure, Tor - if you haven't already

nano /etc/tor/torrc

Add in, or modify your existing directory and ports

HiddenServiceDir /var/lib/tor/nginx/
HiddenServicePort 80

Exit and Save:  CTRL + x + y | ENTER

Start Tor

service tor start

To check success:

cat /var/lib/tor/nginx/hostname

Good work!

Buy me a brew?
Hire me

Related articles
Simple guide: Tor Middle Relay

Guide | Insight | Life | Linux | Tor