Add how to configure encrypted lease sets

[mashdragon]

I want to host a hidden site so only I can connect to it. I read the blog post on encrypted lease sets which describes that you need them to do this. How can I generate the PSKs (or private Diffie-Hellman) for a client to use (I think it is i2cp.leaseSetPrivKey), and for the server to whitelist in i2cp.leaseSetClient.psk.<number>? It would be nice if a short tutorial could be added to the docs too.

I see a user figured one way out here: PurpleI2P/i2pd#2104 But I would rather configure individual client access instead if possible. Also, that user was using a key format i2pd complained about.

[orignal]

Use https://github.com/PurpleI2P/i2pd-tools/blob/master/x25519.cpp for DH keygen.
PSK can be any random 32 bytes in base64.
But before creating authentication try to run encrypted LeaseSet without it and access through B33.

[mashdragon]

Thank you. I never saw this before... for others: You have to click on I2P tunnels, then click your tunnel's name, and click the text which says "Encrypted B33 address:" to see your B33 address which is also known as the Extended base32 name. The "Encrypted B33 address:" tag unfortunately was not intuitive to me, just by looking at it you think it is empty because nothing follows the colon.

Thank you so much for this reply! As I take it the B33 address should be basically the same in terms of security/hiding the lease set as a PSK, right? And the client only has to use the B33 address, no need to configure anything else special in the tunnel settings?