dirmngr vs. tor gateways

o. o at immerda.ch
Tue Feb 27 20:42:52 CET 2018


On 02/26/2018 09:23 AM, Werner Koch wrote:
> Dirmngr (actually Libassuan) always uses 127.0.0.1 and
> checks whether Tor is running on one of the two standard ports

That might be a bit of a problematic assumption, given there is at least
one distribution, where this is never true. Especially, if there is no
workaround whatsoever.

> If you want to specify a keyserver, please add it to dirmngr.conf.

The point is, that this does not work. dirmngr name resolution for
keyservers fails, if dirmngr connects through a whonix tor gateway. The
error message is:

    command 'KS_SEARCH' failed: Server indicated a failure <Unspecified
       source>

regardless, if the keyserver is specified through dirmngr.conf or the
command line.

> There you can also add a hkp-cacert option.

That does not help. Due to the above problem, we can only specify
keyservers by ip. The ip is most likely not mentioned in the cert.

> Support for onion addresses require that Tor runs locally.

Is that statement meant for gpg? Because in general, it *is* possible to
use .onion addresses with a tor gateway.

Best,
o.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180227/151318cd/attachment.sig>


More information about the Gnupg-devel mailing list