public key infrastructure – Trying to understand the encryption used at various steps of Tor


So I read up on “Diffie-Hellman” key exchange which to my knowledge is a way for two parties to create a “shared secret” but I don’t really know if this is a public key or a private key or something else entirely.

When I look up how Tor works, many videos use the analogy of the locked box. We establish an entry node, relay node, exit node (call them A, B, C). I send a locked box to A who unlocks it and inside is another locked box with a message included, “send this to B.” A sends this box to B, who unlocks it and sees another locked box with a note, “send this to C.” B sends the box to C, who unlocks it and sees a message, “Fetch the contents of somewebsite.com” (the final request).

I don’t know if this analogy makes sense or if it’s even accurate.

Is this key exchange something that is done with the client and each of the three nodes, and that is how I am able to encrypt the message several times? Or is there some other algorithm used instead? I see that Tor uses RSA but I’m still unclear on how it all works together.

Trying to understand what is going on. It would help to see a minimal example using the actual encryption techniques.