WKD - .onion redirects mapping
Phil Pennock
gnupg-users at spodhuis.org
Mon Jul 27 21:01:42 CEST 2020
Folks,
Is there any facility in GnuPG, or any neat hacks which can be applied
to current releases, to be able to remap WKD queries to go to specified
.onion hosts?
Eg, <https://onion.debian.org/> lists:
openpgpkey.debian.org: http://habaivdfcyamjhkk.onion/
and indeed if I use `gpg --list-keys --with-wkd-hash debian.org` and
pick someone vaguely at random, I can run:
curl -fSs http://habaivdfcyamjhkk.onion/.well-known/openpgpkey/debian.org/hu/ycp4ih1jtsdky6d6ufee9h3txmmaqgag | gpg --import
and it works.
My understanding is that for .onion hostname services they already have
security equivalent to TLS providing privacy in their direct links onto
Tor, so if I trust my access to my Tor gateway, this gives enough
privacy.
So I'd be looking for something morally equivalent to having
`~/.gnupg/onion-wkd-mappings.txt` containing lines like, well, the
snippet I pasted above from the onion.debian.org page (with comments etc
allowed too, so I can record the provenance of mappings), or some moral
equivalent (directory with entries to be remapped, etc).
Or am I looking at just a thin shell wrapper to do the mappings needed
to invoke `curl | gpg` as above? I'm thinking that with dirmngr already
having some Tor support, it's a better place to automatically do so.
-Phil
More information about the Gnupg-users
mailing list