Apologies, it was a thought based solely on usage of the Tor browser and Onion websites, I should have read the documentation before suggesting.
Regards, Darren On Fri, Sep 25, 2015 at 5:18 AM, Ken Cline <cl...@frii.com> wrote: > What are you trying to accomplish? > > First note that hidden servers already use RSA, the public key algorithm > at the heart of OpenPGP. The jumble of characters in the hidden service > name is actually the fingerprint (or equivalent) of the service's public > key. The service sends you its full public key and your Tor client > verifies its fingerprint, allowing you to authenticate the server's > identity and send it messages that imposters are unable to intercept. The > extra features of OpenPGP (the protocol behind PGP, GPG, etc) don't add > value here, at least not that I can see. > > All of this is on top of the strong encryption of the Tor circuit which > connects you to the server. > > Going in the other direction, why do you want to provide an OpenPGP key to > the server? If it is for authentication, > > Conversely, providing an OpenPGP across multiple session serves to > identify you to the server(s) involved. If this is what you want and you > are using TLS (e.g. https), then a client certificate might be the right > approach since it is already built into TLS. I say might, because I > haven't used client certs myself and don't know whether TorBrowser can be > easily configured to use them. > > > > On 24 Sep 2015, at 2:58 PM, Darren Allen <darreneal...@gmail.com> wrote: > > > > Once a user has joined an Onion web server, they download the servers PGP > > Public Key, and upload their own PGP Public Key. > > All HTML commication, .jpg images, etc are then encoded by the server > using > > the user's Public Key. > > > > The user has their private key attached the to Tor Browser, (The browser > > could generate a random PGP key set for each Onion site), which then > > decrypts the incoming communication back into HTML etc to be displayed in > > the browser. > > > > All new page requests, sent by the user, are likewise encrypted using the > > Onion sites Public Key, and decrypted by the server. > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
