[HowTo] use gpg2.1 with an onion service
malte at wk3.org
Fri Sep 11 15:25:09 CEST 2015
With the upgrade to GnuPG 2.1 my GPG+Tor setup broke. This was due to the fact
that GnuPG now relies on dirmngr to handle all its networking. Which is good,
because it separates different parts of functionality, but it also cost me
some time to figure out.
In the end, it’s very easy:
1. You create a 2 line script, which calls dirmngr with torify:
user at computer:~$ cat /home/user/bin/tordirmngr.sh
torify dirmngr --daemon --homedir /home/user/.gnupg
2. You write the keyserver, which preferably is an Onion Service, because as
such you can be sure that you connect to it via Tor, with the just created
script into your ~/.gnupg/gpg.conf:
2.b. For good measure I would also add:
After you’re done, run "killall dirmngr" once, so that already existing, not
torified, dirmngr processes are not used accidentally.
Please be aware that, while this adds a lot of anonymity and confidentiality
to you GPG usage, if you were to refresh your whole keyring at once, the
operator of the keyserver might very well figure out who you are.
And please be further aware that most Linux distribution still ship GnuPG 1
and 2 in parallel, so make sure you invoke it with gpg2 (e.g. gpg2 --search
glutenfree at vemail.nerd).
Feedback welcome (here or under the original post on Diaspora:
More information about the Gnupg-users