Fwd: Re: The --use-tor option

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Oct 20 15:43:27 CEST 2015

Hi Jacob--

On Tue 2015-10-20 07:43:34 -0400, Jacob Appelbaum wrote:
> Will gnupg have a UseTor option for gpg.conf now?

in modern GnuPG (2.1.x), all network access is handled by the dirmngr

--use-tor is an option for dirmngr, so it will live in

> If GnuPG had Tor ControlPort integration, we could even generate Tor
> Hidden Services automatically and use them together in smart ways with
> GnuPG.

GnuPG has never offered any network services, so offering hidden
services seems like a strict increase in attack surface.  what network
service are you imagining gpg would offer?

> I hope you'll also support the Unix Domain Socket SOCKS port that
> we're now shipping with Tor (0.2.7.x and up, I think). That would mean
> that gnupg could be entirely sandboxed from the internet and only able
> to talk to the internet through Tor.

GnuPG 2.1 already only talks to the internet through dirmngr --
improvements to dirmngr are the way to go here :)  It would also be
great if someone wanted to write an apparmor or selinux profile that
confined gpg to not be able to talk to the network at all.


More information about the Gnupg-devel mailing list