[HowTo] use gpg2.1 with an onion service

Malte malte at wk3.org
Fri Sep 11 15:25:09 CEST 2015


With the upgrade to GnuPG 2.1 my GPG+Tor setup broke. This was due to the fact 
that GnuPG now relies on dirmngr to handle all its networking. Which is good, 
because it separates different parts of functionality, but it also cost me 
some time to figure out.

In the end, it’s very easy:

1. You create a 2 line script, which calls dirmngr with torify:

user at computer:~$ cat /home/user/bin/tordirmngr.sh 
#! /bin/sh
torify dirmngr --daemon --homedir /home/user/.gnupg

2. You write the keyserver, which preferably is an Onion Service, because as 
such you can be sure that you connect to it via Tor, with the just created 
script into your ~/.gnupg/gpg.conf:

dirmngr-program /home/user/bin/tordirmngr.sh
keyserver hkp://euggdcsexz2dqbwb.onion
keyserver-options no-honor-keyserver-url

2.b. For good measure I would also add:

keyid-format 0xlong

After you’re done, run "killall dirmngr" once, so that already existing, not 
torified, dirmngr processes are not used accidentally.

Please be aware that, while this adds a lot of anonymity and confidentiality 
to you GPG usage, if you were to refresh your whole keyring at once, the 
operator of the keyserver might very well figure out who you are.

And please be further aware that most Linux distribution still ship GnuPG 1 
and 2 in parallel, so make sure you invoke it with gpg2 (e.g. gpg2 --search 
glutenfree at vemail.nerd).

Feedback welcome (here or under the original post on Diaspora: 



More information about the Gnupg-users mailing list