SOCKS4A/SOCKS5 proxy support?
Jacob Appelbaum
jacob at appelbaum.net
Mon Sep 24 23:02:43 CEST 2012
David Shaw:
> On Sep 24, 2012, at 3:22 PM, Jacob Appelbaum wrote:
>
>> David Shaw:
>>> On Sep 24, 2012, at 6:11 AM, Werner Koch wrote:
>>>
>>>> On Mon, 24 Sep 2012 01:43, jacob at appelbaum.net said:
>>>>
>>>>> Are there any plans to add support to gpg for SOCKS5? Would such
>>>>> a thing be a welcome patch?
>>>>
>>>> Does Curl support SOCKS? Then GnuPG should benefit from it
>>>> directy. Well unless you are talking about Windows, where we don't
>>>> build with Curl support.
>>>
>>> If your curl is recent enough (7.21.7 and later), then you can set
>>> the proxy to something like "socks5://your-proxy-here.example.com"
>>> and it should do the right thing.
>>>
>>
>> That is great news.
>>
>> I guess we'd want a way to set the SOCKS proxy in GnuPG and then
>> properly set the SOCKS argument in the curl library usage. If that was
>> done, I guess we'd have SOCKS support on all platforms other than
>> Windows - which I think is a reasonable start.
>>
>> Is there anything I should consider before getting started on a patch?
>
> You shouldn't need to patch anything. Try this in your gpg.conf file:
So as a pointer to others with a recent gpg version and linked against
curl (with Debian or Ubuntu package gnupg-curl) - this should be safe
for use with Tor:
gpg --keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050
--search jacob at appelbaum.net
I haven't yet found a machine where it worked but in theory it should
work and not leak DNS.
I'd still think a patch to set --socks-proxy=127.0.0.1:9050 would be
useful as we could ensure SOCKS is actually in use or able to be used at
all.
All the best,
Jake
More information about the Gnupg-devel
mailing list