Hang on a sec... how can public key cryptography be in place if the first node can't know where a request is going to be traveling? Unless the first node encrypts it so only the last node can decrypt it, all the nodes in between will have access to the data (otherwise, why randomize the path if node 1 knows where the last node is?)
From the tut :

This path is encrypted over virtual tunnels between the onion routers. Every onion router only sees the source ip of the router it got data from, meaning no onion-router ever knows the whole path.
I've looked up that part for you on the tor-site to confirm what i'd explained.

The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through.
Cheers,