diff --git a/admin/requirements-ansible.in b/admin/requirements-ansible.in
index c0667262cf6..b51d9dd6295 100644
--- a/admin/requirements-ansible.in
+++ b/admin/requirements-ansible.in
@@ -1,3 +1,7 @@
 ansible>2.6<2.7
+# We need cryptography equal or higher than 2.5 to generate
+# v3 authentication key pairs, the `private_bytes` method was introduced
+# in 2.5 release.
+# https://cryptography.io/en/latest/hazmat/primitives/asymmetric/x25519/?highlight=x25519#cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.private_bytes
 cryptography>=2.5
 netaddr
diff --git a/install_files/ansible-base/roles/tor-hidden-services/files/generate-tor-v3-keypairs b/install_files/ansible-base/roles/tor-hidden-services/files/generate-tor-v3-keypairs
new file mode 100644
index 00000000000..48bb816b4a7
--- /dev/null
+++ b/install_files/ansible-base/roles/tor-hidden-services/files/generate-tor-v3-keypairs
@@ -0,0 +1,51 @@
+#!/usr/bin/env python3
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import x25519
+
+
+def generate_x25519_keypair():
+    """This function generate new keys and returns them as tuple.
+
+    :returns: Tuple(public_key, private_key)
+    """
+
+    private_key = x25519.X25519PrivateKey.generate()
+    private_bytes = private_key.private_bytes(
+        encoding=serialization.Encoding.Raw,
+        format=serialization.PrivateFormat.Raw,
+        encryption_algorithm=serialization.NoEncryption())
+    public_key = private_key.public_key()
+    public_bytes = public_key.public_bytes(
+        encoding=serialization.Encoding.Raw,
+        format=serialization.PublicFormat.Raw)
+
+    public = base64.b32encode(public_bytes)[:-4].decode("utf-8")
+    private = base64.b32encode(private_bytes)[:-4].decode("utf-8")
+    return public, private
+
+
+def generate_new_tor_v3_keypairs():
+    """
+    This method will either read the old keys or generate a new
+    public/private key pair.
+    """
+    # No old keys, generate and store them first
+    app_journalist_public_key, app_journalist_private_key = generate_x25519_keypair()
+    # For app ssh service
+    app_ssh_public_key, app_ssh_private_key = generate_x25519_keypair()
+    # For mon ssh service
+    mon_ssh_public_key, mon_ssh_private_key = generate_x25519_keypair()
+    tor_v3_service_info = {
+            "app_journalist_public_key": app_journalist_public_key,
+            "app_journalist_private_key": app_journalist_private_key,
+            "app_ssh_public_key": app_ssh_public_key,
+            "app_ssh_private_key": app_ssh_private_key,
+            "mon_ssh_public_key": mon_ssh_public_key,
+            "mon_ssh_private_key": mon_ssh_private_key,
+    }
+    # Send results to stdout
+    print(json.dumps(tor_v3_service_info))
+
+
+if __name__ == "__main__":
+    generate_new_tor_v3_keypairs()
\ No newline at end of file