[tor-bugs] #2846 [Torify]: Patch GPG to support SOCKS proxies

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Sep 25 01:45:18 UTC 2012 

#2846: Patch GPG to support SOCKS proxies
------------------------+---------------------------------------------------
    Reporter:  rransom  |       Owner:  mikeperry
        Type:  defect   |      Status:  reopened 
    Priority:  normal   |   Milestone:           
   Component:  Torify   |     Version:           
  Resolution:           |    Keywords:           
      Parent:           |      Points:           
Actualpoints:           |  
------------------------+---------------------------------------------------

Comment(by ioerror):

 On to some good news, I guess.

 The following examples don't leak DNS and properly use the HTTP proxy.

 x-hkp://
 {{{
 gpg --keyserver x-hkp://pool.sks-keyservers.net --keyserver-options no-
 auto-key-retrieve,no-try-dns-srv,http-
 proxy=http://127.0.0.1:8119,debug,verbose --recv-key 0x4193A197
 }}}

 x-broken-hkp://
 {{{
  gpg --keyserver x-broken-hkp://kpool.sks-keyservers.net --keyserver-
 options no-auto-key-retrieve,no-try-dns-srv,http-
 proxy=http://127.0.0.1:8119,debug,verbose --recv-key 0x4193A197
 }}}

 The 'broken-http-proxy' key server option:
 {{{
 pg --keyserver hkp://kpool.sks-keyservers.net --keyserver-options broken-
 http-proxy,no-auto-key-retrieve,no-try-dns-srv,http-
 proxy=http://127.0.0.1:8119,debug,verbose --recv-key 0x4193A197
 }}}

 An FTP key server:
 {{{
 gpg --keyserver ftp://keyserver.pgp.com --keyserver-options broken-http-
 proxy,no-auto-key-retrieve,no-try-dns-srv,http-
 proxy=http://127.0.0.1:8119,debug,verbose --recv-key 0x4193A197
 }}}

 A bullshit protocol name I just futzed up:
 {{{
 gpg --keyserver ///://keyserver.pgp.com --keyserver-options broken-http-
 proxy,no-auto-key-retrieve,no-try-dns-srv,http-
 proxy=http://127.0.0.1:8119,debug,verbose --recv-key 0x4193A197

 A special local host name (see line 359 of g10/keyserver.c):
 {{{
 gpg --keyserver x-hkp///keyserver.pgp.com --keyserver-options broken-http-
 proxy,no-auto-key-retrieve,no-try-dns-srv,http-
 proxy=http://127.0.0.1:8119,debug,verbose --recv-key 0x4193A197
 }}}

 That last one is funny and causes gpg to do something odd (looks like a
 bug to me...):
 {{{
 > GET
 http://x-hkp:11371///keyserver.pgp.com/pks/lookup?op=get&options=mr&search=0x4193A197
 HTTP/1.1
 }}}

 Lucky for us - the proxy support is respected in all of the above cases.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2846#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list