croc .onion relay for GnuPG encrypted documents or files.

Stefan Claas sac at
Thu Sep 3 16:54:15 CEST 2020

Hi all,

email might sometimes not be ideal for GnuPG encrypted data transfer,
due to attachment file size limits or that users do not like to show
to third parties the communication paths used, revealing the sender
and receiver.

Some of you may know Micah's OnionShare or Magic Wormhole etc.

The disadvantage of OnionShare is IMHO that you always must tell your
communications partner the .onion URL in advance and that it can
not be used with an Android smart phone, AFAIR.

Magic Wormhole I found to difficult to install under Windows, for the
average user, if he does not know how to fix erros, which may occur
when installing.

So I looked a while ago a bit around and found croc,

which is easy to use and written in Golang (yay :-)), thus allowing
one also to use it under Android, with Termux, for example.

While there is no information available to use it with socat (which
is also available as Windows .exe) via Tor, I noodled a bit around
and found a solution to use croc via a Tor Hidden Service Onion

The good thing is that setting up an .onion relay does only require
a cheap VPS server, without registering an own domain.

croc does not store files nor does it keep logs and only 'glues'
together both endpoints, in order to perform the transfer.

A croc operator can set a pass phrase for his relay and users can
also use pre-defined codes, which they share in advance.

Ok. here is the set-up I used:

1. Open ports 9009, 9010, 9011, 9012 and 9013 in your firewall,
on your VPS server.

Once you have set-up your Tor Hidden Service add the following lines
to your torrc:

HiddenServicePort 9009
HiddenServicePort 9010
HiddenServicePort 9011
HiddenServicePort 9012
HiddenServicePort 9013

restart Tor.

Follow the instructions on GitHub on how to use croc.

As relay operator you can start your relay like this:

$ croc relay --pass="yourrelaypassphrase"

In order that you can send GnuPG encrypted documents, files or folders
via the Tor relay you and your communication partner needs of course Tor
and socat installed and the following socat onliner:

echo -n 9009 9010 9011 9012 9013 | xargs -d ' ' -I% bash -c 'socat tcp4-listen:5870,fork

What I have not figured out yet is to run this onliner properly under cmd.exe,
due to the xargs command. If you have a Windows solution for this please post
it here.

Hope you find this info useful. And if you know a better and easier way to transfer
GnuPG encrypted documents or files (cross-platform and mobile), please let me/us know.


More information about the Gnupg-users mailing list