[[TOC(noheading, depth=3)]]
'''Written:''' 2018-05-19 (Jaruga)

= Gnu Privacy Guard / GnuPG
Several technical terms are used in the below instructions and information. They are identified by their '''bold''' text. To see the glossary explaining their definitions, see [#glossary this section].

GnuPG (or 'GPG' for short) is free and open-source software that allows users to generate and utilise '''asymmetric''' cryptographic '''key pairs''' (most commonly known as '''public and private keys''') to secure communications over the internet. The '''public key''' is used to encrypt messages directed towards the '''key pairs''' owner and can be distributed in a number of ways, such as '''keyservers'''. The '''private key''' is required for decryption, and is intended to be kept secret and secure. Using this method provides '''integrity''', '''authentication''', '''non-repudiation''' and '''confidentiality'''. For messages that are not private, the '''key pair''' can also be used to digitally 'sign' a message. While not encrypted, it allows the receiver to verify the contents are actually from the key owner and have not been tampered with in transit. This method ensures only '''integrity''', '''authentication''' and '''non-repudiation'''.

When a file or message is encrypted using an individuals '''public key''', GnuPG converts it to a long string of random characters (commonly known as 'cyphertext'). In order to decrypt and read the original contents, an individual must be in control of the associated '''private key''', as well as its password.

GPG also supports the generation and use of '''symmetric''' cryptographic keys.

Official site: [https://GnuPG.org]

=== Tor Documentation Referencing GnuPG ===
 * [https://www.torproject.org/docs/verifying-signatures.html Using GPG Signatures to verify Tor downloads]
 * [https://www.torproject.org/docs/signing-keys.html.en GPG Keys of the Tor Core Team] [[BR]]

== Torifying GnuPG ==
Below is instructions on Torifying GnuPG from the command line on GNU/Linux, MacOS as well as with GPG4Win / Kleopatra for Windows. 

=== Torifying GnuPG on GNU/Linux ===

It is very likely both Tor and GnuPG will be in your distributions repositories. If you do not already have them installed, please refer to the documentation for your OS for more information on the packages.

Torifying GnuPG from the command line is a relatively simple task. Since v2.1, GnuPG uses {{{dirmngr}}} to facilitate communication with '''keyservers'''. To quote the documentation directly:

 "The option {{{--use-tor}}} switches Dirmngr and thus GnuPG into “Tor mode” to route all network access via the Tor Network. Certain other features are disabled in this mode. The effect of {{{--use-tor}}} cannot be overridden by any other command or even be reloading gpg-agent. The use of {{{--no-use-tor}}} disables the use of Tor. The default is to use Tor if it is available on startup or after reloading dirmngr."

Another option is to insert {{{use-tor}}} into the {{{~/.gnupg/dirmngr.conf}}} file.

For further information on dirmngr options in GnuPG, see [https://www.gnupg.org/documentation/manuals/gnupg/Dirmngr-Options.html#index-use_002dtor this section] of their official documentation.

=== Torifying GnuPG on MacOS ===

Torifying GnuPG on MacOS is largely done in the same fashion as the GNU/Linux instructions; the primary difference is how to install both Tor and GnuPG. The most common method is installing Tor Browser and [https://gpgtools.org/ GPG Suite]. Users can also install both using brew by issuing the command {{{brew install gnupg tor}}}.

After installation, open up {{{~/.gnupg/dirmngr.conf}}} in your favourite text editor and add the line {{{use-tor}}}.

=== Torifying GnuPG on Windows ===
For Windows users, the internal Tor settings of individual software is often the advised method to use the Tor network with GnuPG, when available. For those who are not confident checking their connection for leaks, there is a higher probability that the maintainers have been able to upkeep a proper Tor routing option than a home-made method being successful. Regardless, please use caution and do proper research on the security posture of a particular program before attempting to use it.

There are a couple popular front-end options for using GnuPG on Windows. For these instructions we will cover GPG4Win / Kleopatra.

1. First and foremost, download and install [https://gpg4win.org/ GPG4Win].
 * The default installation configuration should be fine for most people.
2. After installation, check off the 'Run Kleopatra' option. Click OK.
3. When Kleopatra loads, hover over the 'Settings' option in the toolbar.
4. Select 'Configure Kleopatra...'
5. On the bottom of the left menu, select GnuPG Systems.
6. On the top is five tabs. Select the 'Network' tab.
7. Scroll down to the 'Options controlling the use of Tor' section.
8. Check the box beside 'Route all network traffic via Tor'. Click OK.
 * Note: Tor Browser MUST be running.
9. Refresh your keys to ensure Kleopatra is able to connect successfully

You should now be successfully using GnuPG via the Tor Network. It is important to remember that Tor Browser must be running first every time you wish refresh from '''keyservers''', otherwise the connection will timeout.
[=#glossary]
== Term Glossary ==
||= '''Term''' =||= '''Description''' =||
|| '''Key pair''' ||  A pair of of asymmetric keys, commonly known as public and private keys ||
|| '''Public key''' || The half of a key pair that is distributed publicly and used for encrypting ||
|| '''Private key''' || The half of a key pair that is kept secret, and is used for decryption ||
|| '''Keyserver''' || A server used for the distribution of public keys and assisting in the [https://en.wikipedia.org/wiki/Web_of_trust WoT] process ||
|| '''Integrity''' || A verification that the enclosed contents have not been tampered with in transit ||
|| '''Confidentiality''' || A verification that the enclosed contents are unreadable, except for the intended recipient ||
|| '''Authentication''' || A verification that the person who is sending / signing is who they say they are ||
|| '''Non-repudiation''' || Assurance that nobody, including the author, can dispute the origin of the message itself ||
|| '''Asymmetric keys''' || Commonly referred to as a 'keypair'. It is two separate keys, one public, one private ||
|| '''Symmetric keys''' || A older method of encryption. One key is used for both encryption and decryption ||

== Index of Keyservers ==

||= '''Hostname(s)''' =||= '''Ports / protocols''' =||= '''Onion link''' =||= '''Onion ports / protocols''' =||
||= pool.sks-keyservers.net =||= HKP (11371) =||= - =||= - =||
||= hkps.pool.sks-keyservers.net =||= HKP (11371), HKPS (443) =||= - =||= - =||
||= subkeys.pgp.net =||= HKP (11371) =||= - =||= - =||
||= pgp.mit.edu =||= HKP (11371) =||= - =||= - =||
||= keys.gnupg.net =||= HKP (11371) =||= - =||= - =||
||= sks.fidocon.de =||= HTTPS (443), HTTP (80) =||= - =||= - =|| 
||= zimmermann.mayfirst.org =||= HKP (11371), HKPS (443) =||= qdigse2yzvuglcix.onion =||= HTTPS (443), HTTP (80), HKP (11371) =||
||= keys.indymedia.org =||= HKP (11371), HTTPS (443), HKPS (443), HTTP (80) =||= qtt2yl5jocgrk7nu.onion[[br]]2eghzlv2wwcq7u7y.onion =||= HTTPS (443), HTTP (80), HKP (11371)[[br]]HKP (11371), HTTP (80) =||