dirmngr vs. tor gateways

Werner Koch wk at gnupg.org
Mon Feb 26 09:23:11 CET 2018


On Sat, 24 Feb 2018 16:04, o at immerda.ch said:

> dirmngr assumes, that the tor daemon is run locally. But, you can also
> run tor as a gateway (see [0][1][2]).

That is right.  Dirmngr (actually Libassuan) always uses 127.0.0.1 and
checks whether Tor is running on one of the two standard ports (9050 or
9150 for the Tor browser).  There is no way to change the address of the
proxy.  Of course we could add such a feature but it is not trivial
because it complicates the test matrix a lot.

>     gpg --keyserver hkp://176.9.51.79 --search-keys xyz
>
> Unfortunately, with this workaround it's neither possible to use hkps
> (due to cert name mismatch), nor to use .onion keyservers (see

If you want to specify a keyserver, please add it to dirmngr.conf.
There you can also add a hkp-cacert option.  Support for onion addresses
require that Tor runs locally.


Salam-Shalom,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180226/bb4d324a/attachment.sig>


More information about the Gnupg-devel mailing list