How does Tor's encryption mechanism work？

Harbeter · November 11, 2025, 12:47pm

I have read some information in https://spec.torproject.org/ and learned that, Tor has two main concepts: Channel and Circuit.

When a client creates a circuit for the first time, the Tor client first establishes a TLS Channel, and then builds one or more circuits within it.

So, that’s like

Inside the channel, the Tor client uses the node’s RSA public key to encrypt an AES session key, completing a Diffie–Hellman key exchange. The building of circuits do not use TLS.

A channel is one layer of TLS encryption between each pair of nodes — like the gray part in the diagram — and a single channel can carry multiple circuits.

A circuit consists of three layers of AES encryption, represented by the red, green, and blue parts in the diagram. It does not rely on TLS.

Therefore, it can be said that Tor employs four layers of encryption in total: one TLS layer for the channel, and three AES layers for the circuit.So it can say that, tor has four layers for encryption?

I want to know if my understanding is correct.

Felix · November 12, 2025, 10:41am

Probably yes, correct.

I am not clear about the channel1 part in the upper left corner. The application before the Tor client builds the TLS connection through the whole Tor chain to the destination (Google).

The Tor chain starts with the client. The TLS to destination with an app.

The end node usually calls itself exit.

Harbeter · November 12, 2025, 12:52pm

well, the channel1 is used for the tor client to communication with Directory Servers. I forgot to sign it. Does it have some problem?