[tor-bugs] #2846 [Archived/general]: Patch GPG to support SOCKS proxies
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 17 19:38:54 UTC 2016
#2846: Patch GPG to support SOCKS proxies
------------------------------+---------------------------
Reporter: rransom | Owner: mikeperry
Type: defect | Status: reopened
Priority: Medium | Milestone:
Component: Archived/general | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+---------------------------
Comment (by cypherpunks):
The GnuPG 2.1 branch uses `dirmngr` for key server communication.
According to [https://www.gnupg.org/documentation/manuals/gnupg/Dirmngr-
Options.html its documentation] it supports the `use-tor` option. To quote
the documentation
> This option switches Dirmngr and thus GnuPG into "Tor mode" to route all
network access via Tor (an anonymity network). WARNING: As of now this
still leaks the DNS queries; e.g. to lookup the hosts in a keyserver pool.
Certain other features are disabled if this mode is active.
The DNS leaks are probably caused by the dependence on SRV records to make
these pools work and Tor not supporting these types of resource records.
For key server pools people can visit the [https://sks-keyservers.net
/overview-of-pools.php SKS keyservers pool page]. This page also mentions
a [https://sks-keyservers.net/overview-of-pools.php#pool_tor hidden
service]. Using the hidden service bypasses the dependence on SRV records
so someone would expect no DNS leaks. I've tested this solution by adding
{{{
keyserver hkp://jirk5u4osbsr34t5.onion
use-tor
}}}
to my `~/.gnupg/dirmngr.conf` file. The subsequent packet capture showed
no DNS leaks during execution of `gnupg --search` and `gnupg --refresh-
keys`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2846#comment:51>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list