Fwd: Re: The --use-tor option

Jacob Appelbaum jacob at appelbaum.net
Tue Oct 20 13:43:34 CEST 2015


On 10/20/15, Werner Koch <wk at gnupg.org> wrote:
> On Tue, 20 Oct 2015 11:32, twim at riseup.net said:
>
>> Why not just use torsocks [1]? There are any cons that I'm missing?
>
> Because it is hack for ELF based systems and does not work under
> Windows.  Anyway it does not solve the real problem of leaking DNS.
> Recall that we need more than just AAAA records.

torsocks is great, needed and useful but it is a hack around native
Tor integration as much as anything.

Will gnupg have a UseTor option for gpg.conf now?

I could imagine:

UseTor /path/to/unixsocket
UseTor 127.0.0.1:9050

If GnuPG had Tor ControlPort integration, we could even generate Tor
Hidden Services automatically and use them together in smart ways with
GnuPG.

>
> Meanwhile I hacked ADNS and I am now able to send DNS queries to a
> public server via TOR.  Works nice and would be sufficient for Dirmngr.
> While doing that I realized that the TCP mode in ADNS has the problem
> that it does a non-blocking connect but does not really handle
> EINPROGRESS.

I hope you'll also support the Unix Domain Socket SOCKS port that
we're now shipping with Tor (0.2.7.x and up, I think). That would mean
that gnupg could be entirely sandboxed from the internet and only able
to talk to the internet through Tor.

What else isn't proxy friendly in GnuPG?

All the best,
Jacob



More information about the Gnupg-devel mailing list