Discussion:
Proxy for GPG Keyservers
(too old to reply)
Se7en
2016-09-30 11:15:51 UTC
Permalink
Is there a method to proxy GNUPG when uploading/downloading from
keyservers? When attempting to run it through torify or torsocks
something must be pre-programmed in it to take this as malicious, then I
get a tor error that it's going through the local host address.

Is there a method around this?
--
Se7en | ,= ,-_-. =. GNU 4 Life
***@firemail.cc | ((_/)o o(\_)) gnu.org/philosophy
http://se7en.ml | `-'(. .)`-' ``Screw the penguin.
0x257FD9D0DCB6B59 | \_/ The goat is sexier!''
invalid
2016-09-30 13:56:15 UTC
Permalink
Post by Se7en
Is there a method to proxy GNUPG when uploading/downloading from
keyservers? When attempting to run it through torify or torsocks
something must be pre-programmed in it to take this as malicious, then I
get a tor error that it's going through the local host address.
Is there a method around this?
You can email your keys or paste them through tor using the web
interface. There are a few keyservers that support email interface and a few
that support web pasting. It's usually good enough since they propagate to
other servers.
Se7en
2016-09-30 15:37:08 UTC
Permalink
Post by invalid
You can email your keys or paste them through tor using the web
interface. There are a few keyservers that support email interface and a
few that support web pasting. It's usually good enough since they
propagate to other servers.
I'd still rather use the automated method since it's easier (and faster)
than loading up the tor browser and posting the entirety of the key.
Also, downloading the key using the interface is also unproxied. I'd much
rather use a proxy. I already proxy so many other things on my home
computer, I'd like to proxy the GPG program.
--
Se7en | ,= ,-_-. =. GNU 4 Life
***@firemail.cc | ((_/)o o(\_)) gnu.org/philosophy
http://se7en.ml | `-'(. .)`-' ``Screw the penguin.
0x257FD9D0DCB6B59 | \_/ The goat is sexier!''
Anonymous
2016-10-01 14:13:35 UTC
Permalink
Post by Se7en
Post by invalid
You can email your keys or paste them through tor using the web
interface. There are a few keyservers that support email interface and a
few that support web pasting. It's usually good enough since they
propagate to other servers.
I'd still rather use the automated method since it's easier (and faster)
than loading up the tor browser and posting the entirety of the key.
Also, downloading the key using the interface is also unproxied. I'd much
rather use a proxy. I already proxy so many other things on my home
computer, I'd like to proxy the GPG program.
I routinely post new keys to key servers using their web
interfaces, I use Tor. And it's not tremendously time consuming to
do it that way. You have the choice of convenience that saves a
minute or so, or the security of having use Tor to do it. For me
there is no contest.
Se7en
2016-10-01 14:18:29 UTC
Permalink
I routinely post new keys to key servers using their web interfaces, I
use Tor. And it's not tremendously time consuming to do it that way. You
have the choice of convenience that saves a minute or so, or the
security of having use Tor to do it. For me there is no contest.
Still, it's easier when downloading, like `gpg --fetchkey 0xlong` or `gpg
--refresh-keys`, which I would like to proxy too.
--
Se7en | ,= ,-_-. =. GNU 4 Life
***@firemail.cc | ((_/)o o(\_)) gnu.org/philosophy
http://se7en.ml | `-'(. .)`-' ``Screw the penguin.
0x257FD9D0DCB6B59 | \_/ The goat is sexier!''
dunno
2016-10-06 15:22:37 UTC
Permalink
Post by Se7en
Post by invalid
You can email your keys or paste them through tor using the web
interface. There are a few keyservers that support email interface and a
few that support web pasting. It's usually good enough since they
propagate to other servers.
I'd still rather use the automated method since it's easier (and faster)
than loading up the tor browser and posting the entirety of the key.
Also, downloading the key using the interface is also unproxied. I'd much
rather use a proxy. I already proxy so many other things on my home
computer, I'd like to proxy the GPG program.
Why not just use Tor for all your traffic?
https://tails.boum.org
--
dunno
Nathan Hale
2016-10-01 14:03:44 UTC
Permalink
Post by invalid
Post by Se7en
Is there a method to proxy GNUPG when uploading/downloading from
keyservers? When attempting to run it through torify or torsocks
something must be pre-programmed in it to take this as malicious, then I
get a tor error that it's going through the local host address.
Is there a method around this?
You can email your keys or paste them through tor using the web
interface. There are a few keyservers that support email interface and a few
that support web pasting. It's usually good enough since they propagate to
other servers.
What key servers are you saying will accept submission of keys via
e-mail?

I have seen the question asked on one of these groups about being
able to do that, and apparently it was possible in the past but not
any more. That was the answer I saw posted, and no one contradicted
that answer. So if you know of a key server that will accept a key
posting by mail please let us know.
invalid
2016-10-01 19:33:05 UTC
Permalink
Post by Nathan Hale
Post by invalid
Post by Se7en
Is there a method to proxy GNUPG when uploading/downloading from
keyservers? When attempting to run it through torify or torsocks
something must be pre-programmed in it to take this as malicious, then I
get a tor error that it's going through the local host address.
Is there a method around this?
You can email your keys or paste them through tor using the web
interface. There are a few keyservers that support email interface and a few
that support web pasting. It's usually good enough since they propagate to
other servers.
What key servers are you saying will accept submission of keys via
e-mail?
I have seen the question asked on one of these groups about being
able to do that, and apparently it was possible in the past but not
any more. That was the answer I saw posted, and no one contradicted
that answer. So if you know of a key server that will accept a key
posting by mail please let us know.
I haven't done it recently. How long ago I couldn't tell you. It may be
indeed it's no longer possible but it may be you just have to look a little
harder. If I could remember the keyserver(s) I would certainly post them
here. At the moment all I can remember is doing this in the past.
invalid
2016-10-01 19:40:59 UTC
Permalink
Post by invalid
Post by Nathan Hale
Post by invalid
Post by Se7en
Is there a method to proxy GNUPG when uploading/downloading from
keyservers? When attempting to run it through torify or torsocks
something must be pre-programmed in it to take this as malicious, then I
get a tor error that it's going through the local host address.
Is there a method around this?
You can email your keys or paste them through tor using the web
interface. There are a few keyservers that support email interface and a few
that support web pasting. It's usually good enough since they propagate to
other servers.
What key servers are you saying will accept submission of keys via
e-mail?
I have seen the question asked on one of these groups about being
able to do that, and apparently it was possible in the past but not
any more. That was the answer I saw posted, and no one contradicted
that answer. So if you know of a key server that will accept a key
posting by mail please let us know.
I haven't done it recently. How long ago I couldn't tell you. It may be
indeed it's no longer possible but it may be you just have to look a little
harder. If I could remember the keyserver(s) I would certainly post them
here. At the moment all I can remember is doing this in the past.
Futhermore this seems a popular option so somebody should post a request on
whatever dev lists are available for keyservers that may still be in
development. For reasons unknown PGP and GPG are dying and there hasn't been
much interest in reviving them. In the meantime, web key management over TOR
is the best option but that's only really helpful for nyms and email IDs
that were never accessed except over TOR. Any other email is traceable so
what's the point of all the smoke and mirrors uploading a key when they can
easily find the guy who own's the email? Nyms are no longer safe since
Mixmaster itself is mostly compromised or on the way to being compromised.
Basically at this point you can communicate securely if you know what you're
doing but not anonymously. Not many guys know how to handroll nyms and most
of the nymservers are dead. Not a good environment for the privacy
connoiseurs amongst us. I myself got out of the habit when the nteenth
remailer was raided. No point in painting a bullseye on yourself just to be
able to post usenet articles anonymously.

If anybody knows how to sign up for yahoo, msn or screwgle over TOR and
without coughing up a real phone number this would be a good place to
discuss it.
Loading...