On Fri 2015-09-11 09:25:09 -0400, Malte wrote: > With the upgrade to GnuPG 2.1 my GPG+Tor setup broke. This was due to the > fact > that GnuPG now relies on dirmngr to handle all its networking. Which is good, > because it separates different parts of functionality, but it also cost me > some time to figure out. > > In the end, it’s very easy: > > 1. You create a 2 line script, which calls dirmngr with torify: > > user@computer:~$ cat /home/user/bin/tordirmngr.sh > #! /bin/sh > torify dirmngr --daemon --homedir /home/user/.gnupg > > 2. You write the keyserver, which preferably is an Onion Service, because as > such you can be sure that you connect to it via Tor, with the just created > script into your ~/.gnupg/gpg.conf: > > dirmngr-program /home/user/bin/tordirmngr.sh > keyserver hkp://euggdcsexz2dqbwb.onion > keyserver-options no-honor-keyserver-url > > 2.b. For good measure I would also add: > > use-agent > keyid-format 0xlong > with-fingerprint
These are reasonable recommendations. thanks for documenting how to use dirmngr with tor. (use-agent isn't necessary for gpg 2.1, but it doesn't hurt) We may at some point get a --use-tor flag for dirmngr, which should simplify things further. > Please be aware that, while this adds a lot of anonymity and confidentiality > to you GPG usage, if you were to refresh your whole keyring at once, the > operator of the keyserver might very well figure out who you are. and if you don't use a .onion address, the exit node operator and anyone on the network path between the exit node and the keyserver could be able to figure it out as well. > And please be further aware that most Linux distribution still ship GnuPG 1 > and 2 in parallel, so make sure you invoke it with gpg2 (e.g. gpg2 --search > [email protected]). Right, though the plan within debian at least is to change that and ship 2.1 as /usr/bin/gpg, hopefully before we release stretch. All the best, --dkg _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
