Fwd: Re: The --use-tor option
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Oct 20 15:43:27 CEST 2015
Hi Jacob--
On Tue 2015-10-20 07:43:34 -0400, Jacob Appelbaum wrote:
> Will gnupg have a UseTor option for gpg.conf now?
in modern GnuPG (2.1.x), all network access is handled by the dirmngr
daemon.
--use-tor is an option for dirmngr, so it will live in
~/.gnupg/dirmngr.conf.
> If GnuPG had Tor ControlPort integration, we could even generate Tor
> Hidden Services automatically and use them together in smart ways with
> GnuPG.
GnuPG has never offered any network services, so offering hidden
services seems like a strict increase in attack surface. what network
service are you imagining gpg would offer?
> I hope you'll also support the Unix Domain Socket SOCKS port that
> we're now shipping with Tor (0.2.7.x and up, I think). That would mean
> that gnupg could be entirely sandboxed from the internet and only able
> to talk to the internet through Tor.
GnuPG 2.1 already only talks to the internet through dirmngr --
improvements to dirmngr are the way to go here :) It would also be
great if someone wanted to write an apparmor or selinux profile that
confined gpg to not be able to talk to the network at all.
--dkg
More information about the Gnupg-devel
mailing list