dirmngr vs. tor gateways
o.
o at immerda.ch
Tue Feb 27 20:42:52 CET 2018
On 02/26/2018 09:23 AM, Werner Koch wrote:
> Dirmngr (actually Libassuan) always uses 127.0.0.1 and
> checks whether Tor is running on one of the two standard ports
That might be a bit of a problematic assumption, given there is at least
one distribution, where this is never true. Especially, if there is no
workaround whatsoever.
> If you want to specify a keyserver, please add it to dirmngr.conf.
The point is, that this does not work. dirmngr name resolution for
keyservers fails, if dirmngr connects through a whonix tor gateway. The
error message is:
command 'KS_SEARCH' failed: Server indicated a failure <Unspecified
source>
regardless, if the keyserver is specified through dirmngr.conf or the
command line.
> There you can also add a hkp-cacert option.
That does not help. Due to the above problem, we can only specify
keyservers by ip. The ip is most likely not mentioned in the cert.
> Support for onion addresses require that Tor runs locally.
Is that statement meant for gpg? Because in general, it *is* possible to
use .onion addresses with a tor gateway.
Best,
o.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180227/151318cd/attachment.sig>
More information about the Gnupg-devel
mailing list