Re: GnuPG through Tor
FYI, polipo + gpg's HKP don't work together due to a bug in polipo. Basically polipo crashes when it encounters the expect 100 continue sent by gpg. For more info, see: http://thread.gmane.org/gmane.comp.web.polipo.user/2144 Note that this only happens when the server uses an obsolete protocol (RFC 2068). However, this is definitely a bug, and will be fixed in Polipo 1.0.5. Juliusz
Re: GnuPG through Tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21/10/08 05:24, scar wrote: HKP: yes, as that is just HTTP (or something). just define your http_proxy and https_proxy environment variables (e.g. if using polipo: export http_proxy=127.0.0.1:8123 export https_proxy=127.0.0.1:8123 ) FYI, polipo + gpg's HKP don't work together due to a bug in polipo. Basically polipo crashes when it encounters the expect 100 continue sent by gpg. For more info, see: http://thread.gmane.org/gmane.comp.web.polipo.user/2144 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkj9qZEACgkQp8EswdDmSVhwQgCdH5j/4xsJzlKkXkjtaJtZrX+e ar4AnRUOab01uhwSyjErYZ8N8TVwnbz8 =qHQI -END PGP SIGNATURE-
Re: GnuPG through Tor
misc wrote: Is there any way at all to get keys from LDAP server through Tor? LDAP uses TCP, so yes, it should be working if you configure GnuPG to use a proxy. Alex. signature.asc Description: OpenPGP digital signature
Re: GnuPG through Tor
On Tue, 21 Oct 2008 17:32:43 +0200, Alexander W. Janssen wrote: misc wrote: Is there any way at all to get keys from LDAP server through Tor? LDAP uses TCP, so yes, it should be working if you configure GnuPG to use a proxy. Alex. GnuPG only has options for HTTP proxy. But LDAP doesn't work through HTTP proxy. I would imagine for LDAP I would need to direct traffic from GnuPG directly into Tor (without Privoxy). But how can I do that? How can you run command-line applications (like GnuPG) under a sockifier like TorCap?
Re: GnuPG through Tor
On Mon, 2008-10-20 at 22:48 -0400, misc wrote: Is it possible to run GnuPG through Tor? (when connecting to LDAP and HKP servers to exchange keys)? The way I do it is: keyserver x-hkp://d3ettcpzlta6azsm.onion/ keyserver-options http_proxy=localhost:8118 keyserver-options auto-key-retrieve keyserver-options honor-http-proxy broken-http-proxy ...in my ~/.gnupg/gpg.conf. Note that the broken-http-proxy means (according to some documentation I found during a hell of a time getting Seahorse to work with this) that gnupg will not try to circumvent the http proxy. This has since disappeared from all manuals, so I'm not sure if it really means anything. In any event, I can get my keys from the noreply hidden service now. :) On a side note: is there any real reason to use gpg2 over gpg? All that it seems to do differently is have less public key ciphers. Is the fact that gpg2 uses libgcrypt any advantage? signature.asc Description: This is a digitally signed message part
Re: GnuPG through Tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 misc @ 2008/10/21 08:21: I have a real problem downloading public keys of Hushmail users. I don't want to install java, which is required to download their keys through the browser. They don't propagate their keys to public HKP servers (which I indeed could assess using Tor Privoxy). They have their own free LDAP server: ldap://keys.hush.com:389 Is there any way at all to get keys from LDAP server through Tor? i think if you are using Torbutton in Firefox and have the default options set, then it is OK to use java: Torbutton will block all malicious attempts by Java/Javascript to bypass your anonymity. is that a reasonable assumption? -BEGIN PGP SIGNATURE- iD4DBQFI/jADXhfCJNu98qARCEXXAKDJKfEK8vLIhkNE0Nk2LgXdDYxrtwCUCY11 vMsqoDxmi3hkooSN4KWz/Q== =noPJ -END PGP SIGNATURE-
Re: GnuPG through Tor
On Tue, 21 Oct 2008 12:39:48 -0700, scar wrote: i think if you are using Torbutton in Firefox and have the default options set, then it is OK to use java: Torbutton will block all malicious attempts by Java/Javascript to bypass your anonymity. is that a reasonable assumption? I really don't want to install java. It is a bloatware, it is a security risk, it's a buggy and useless mountain of code that I won't need for anything else other than downloading these Hushmail keys. I don't have a single other application that I'd need java for. No, I'm definitevely not going to install java.
Re: GnuPG through Tor
On Tue, 21 Oct 2008 23:07:14 -0400, [EMAIL PROTECTED] wrote: On Tue, Oct 21, 2008 at 09:28:04PM -0400, [EMAIL PROTECTED] wrote 0.6K bytes in 13 lines about: : i think if you are using Torbutton in Firefox and have the default : options set, then it is OK to use java: Torbutton will block all : malicious attempts by Java/Javascript to bypass your anonymity. java virtual machines can be made to directly connect to other hosts, regardless of the settings in the browser or the java proxy config. Absolutely! Do yourselves a favour guys and don't use java on your anonymous systems. If you have to have java at work, because your company requires it for something, that's another story. But putting java on your private system (where you're trying to do everything through Tor and be anonymous), that's like shooting yourself in the foot. So any solutions for LDAP key download issue?
GnuPG through Tor
Is it possible to run GnuPG through Tor? (when connecting to LDAP and HKP servers to exchange keys)?
Re: GnuPG through Tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 misc @ 2008/10/20 19:48: Is it possible to run GnuPG through Tor? (when connecting to LDAP and HKP servers to exchange keys)? LDAP: no, i don't think. HKP: yes, as that is just HTTP (or something). just define your http_proxy and https_proxy environment variables (e.g. if using polipo: export http_proxy=127.0.0.1:8123 export https_proxy=127.0.0.1:8123 ) now, there is something else in GPG's settings... yes, use this option: - --honor-http-proxy (for command line) or honor-http-proxy (in gpg.conf) -BEGIN PGP SIGNATURE- iD8DBQFI/UtfXhfCJNu98qARCN/7AJ4lmIODgC+a/HxW6wga1Q9KvZz1CQCfW1dR KMz+luCGwsUGXoLvrmPG8Mo= =vj65 -END PGP SIGNATURE-