Browser not prompting for client-auth when using system tor

I have my tor browser configured to use the linux system tor via socks proxy. It works for normal onion sites. When I visit my hidden service that uses client-auth it doesnt prompt for the secret key. I know the site is working because I can visit it using a different tor browser and I do get the key prompt.

What is the trick to entering the client-auth key manually? I tried adding a user.auth_private file to both the systems “onion_auth” dir, and to the browsers “ontion-auth” dir, without luck. Is there a way to add the key to the browser other than through the prompted dialog box?

Ubuntu 22 Linux
Tor Browser 12.0.4

Message in /vart/log/syslog when visiting the site: “Fail to decrypt descriptor for requested onion address. It is likely requiring client authorization.”

Any hints are appreciated.

I’m going to assume “/mysecretplace/” is a directory on your system that contains your private onion keys. I’m going to assume your private onion key is named “mysite.auth_private” (the “.auth_private” part of the name is important) and it’s in this directory. I’m also going to assume you run the service using the “tor” user. Change the paths and user in the following explanation accordingly.

/mysecretplace/ Should have the correct permissions. Safe assumption would be to have +read/+write/+execute for only the “tor” user. The “mmysite.auth_private” file should have +read/+write permissions only for the “tor” user.

Make sure the “torrc” file contains the correct entry: “ClientOnionAuthDir /mysecretplace

Make sure “mysite.auth_private” is in the correct format:

Where “xxx…” is the onion v3 website (without .onion), and “yyy…” is your private key.

Start the tor daemon as the “tor” user and watch the messages. There should be no complaints about loading the files from /mysecretplace/.