anon-gpg-tweaks / gpg.conf enhancements / duraconf - A collection of hardened configuration files

See also:

1 Like

That would be a good addition for securing services that aren’t developed by TPO. I am searching for a more recently updated fork because this depends on staying on top of the most recent news on crypto.

1 Like

Could you please look through the above links and see what’s still useful?

For example duraconf/sshd-pfs_config at master · ioerror/duraconf · GitHub could be quoted and referenced from Secure Shell (SSH) even if it’s just a comment “stub, research this” something like that.

I would speculate no one took over that very duraconf project and continued it. Maybe someone reinvented such a project independently elsewhere.

GitHub - ioerror/duraconf: duraconf - A collection of hardened configuration files for SSL/TLS services had lots of issues and pull requests posted.

I would like to collaborate with the community on such a bigger effort since they keep oversighting and suggesting configs better than a single person can do alone. We have two similar packages:

anon-apps-config is a bad fit for general security settings. And quite likely Whonix specificness cannot be reduced to zero. We should limit it to anonymity related settings and Whonix specific settings.

Maybe the scope of security-misc is too broad currently? Maybe renaming that project / package name could make it the successor of duraconf?

Currently supported programs are:








The most relevant to us are: gpg, nginx and sshd. However I don’t see the problem with including all of them in case other people would be interested in stepping up and adopting them over time.

Good idea. I think getting the EFF to adopt is as an official project would be the best option. Getting the word out to drum up interest by others in the community is the next best thing.

+1 anon suggests relevance only to anonymity programs only.

I think security-misc is better being a meta-package with duraconf preserving its independent status and becomes a submodule of security-misc.

1 Like

Could you ask them please?

Done. CC’d whonix-devel

1 Like

Mozilla Certbot is the maintained successor to Duraconf according to the EFF’s Seth David Schoen.

One could either fork and package the upstream generator code or just ship the generated output and manually check/update it occasionally in the future. Let me know which one sounds better and I’ll add it to phabricator.

After a long discussion, we decided to defer to the Mozilla configuration

Redirecting to

which is based on

Security/Server Side TLS - MozillaWiki

which is, to my knowledge, still maintained by Mozilla staff (and subject
to updates based on new research or other guidance).

In that case we can just reference the config generator in our documentation.

Unless we start shipping nginx or something by default there is no need to package nginx config it since we would always lag behind and not provide any value. In Whonix nginx would also probably for most users not need a great ssl configuration but onion services configuration.

Also the ssl config generator by Mozilla is appreciated but it isn’t really a replacement for duraconf which also covers OpenSSL and gnupg.

Could you diff / meld / kdiff3 the following files please and see if we’re missing something?

Well, I didn’t mean the literal diff. Rather an analysis what config
instances we’re missing and should add for discussion or pull request.

I see. OK I’ll go thru it soon.

Present in Duraconf but not Whonix:

# List all keys (or the specified ones) along with their fingerprints

# When searching for a key with --search-keys, include keys that are marked on
# the keyserver as revoked
keyserver-options include-revoked

# list of personal digest preferences. When multiple digests are supported by
# all recipients, choose the strongest one
personal-cipher-preferences AES256 AES192 AES CAST5

In the case of –with-fingerprint I remember it changing in recent version but I can’t recall where I’ve listed the new commands. Perhaps phab.

Enabled in Duraconf but not Whonix:


Harmless differences where we do better:

Duraconf is configured to use a clearnet keyserver and so is configured to protect against DNS leaks.

1 Like referenced a few more gpg
configs. Could you have a look please?

1 Like

In Cooper but not Whonix

# Don't leak information by automatically trying to get keys.

# Never show photos, but show all notations and signature subpackets
list-options show-policy-urls no-show-photos show-notations show-keyserver-urls show-uid-validity show-sig-subpackets 
verify-options show-policy-urls no-show-photos show-notations show-keyserver-urls show-uid-validity no-pka-lookups no-pka-trust-increase

# Disable truncating DSA2 message hashes (yes, that's what this does)

# Some options to avoid stupid behaviors.
import-options no-repair-pks-subkey-bug import-clean
export-options export-clean

# Use a real encryption algorithm to protect the secret keyring, rather than CAST5.
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3

# This is the maximum iteration count. It's way too small. You should entomb or just
# scrypt your private keyring when not in use.
s2k-count 65011712

disable-cipher-algo CAST5 IDEA
# Regrettably, not supported by GnuPG
# disable-digest-algo MD5

PS. While we comment out photo showing, he explicitly disables it.
PS. The last four blocks express cipher/compression settings in unfamiliar notation which may be redundant with our choices. Feel free to disregard(?)

In Cooper and Whonix but not enabled in Whonix:

# Set the charset to UTF-8; you should make sure that your terminal correctly implements UTF-8 support.
# TODO(dlg): vttest?
charset utf-8


In Marwell but not Whonix:

# some cipher/encrypt related settings

# signature-related
#Key-signing/certification general settings for oneself's keys and others' keys.
#The level of trust to assign other people's keys
default-cert-level 2
completes-needed 2
marginals-needed 4
max-cert-depth 6

[Those go under “# Some options to avoid stupid behaviors”]


PS. He enables dsa2 which conflicts with Cooper’s settings above.

In Anonymous but not Whonix:

#Compression settings that override recipients' preferences and all other preferences in this file.
#Must change as needed and regularly to increase security.
compress-algo BZIP2
compress-level 9
bzip2-compress-level 9

#Key-signing/certification general settings for oneself's keys and others' keys.
#The level of trust to assign other people's keys
trust-model pgp
default-cert-level 0
min-cert-level 1
completes-needed 1
marginals-needed 2
max-cert-depth 5
#Signatures, by default, are set not to expire. This can now be changed for each individual signature. Use 0 as a policy.
#default-sig-expire 0
#default-cert-expire 0

#for-your-eyes-only overrides --set-filename and forces recipients to pick an output filename and extension.
#Use --set-filename fakeFilename.ext if needed.

#ignore-time-conflict overrides prompts regarding timing that occur due to manual time modifications.
#Manually give --faked-system-time 20070924T154812 to GnuPG if it allows. Remove the comment hashtag below to set a faked-system-time but keep changing it to evade identification.
#faked-system-time 20070924T154812


[Those go with no-photos settings above]

show-std-notations show-user-notations show-unusable-uids show-unusable-subkeys no-show-primary-uid-only show-sig-expire show-keyring

PS. A more conservative WoT policy compared to Marwell. I copied the comment to Marwell’s snippet above because its more descriptive.

PS. Different choices made in preferred ciphers but I don’t think its important

In Anonymous and Whonix but not enabled in Whonix:

#throw-keyids is similar to the --hidden-recipient option but works on all keyids at once. It blocks GnuPG from emitting the keyid on an encrypted packet.
#This makes it difficult but not impossible for someone to deduct the properties of the public-key being used to encrypt a file. Keep changing the public-key to guarantee high secrecy.
#The throw-keyids option does not work on signatures and GnuPG does not hide the keyid in a standalone signature.
#One can Encrypt and Sign together to hide the signature packet under the encryption packet.
#Use available options to specify the secret-key to decrypt with when receiving encrypted files without a keyid. Otherwise, wait for GnuPG to try all secret-keys.

Anonymous also supplies a conf for disabling accidental leaks through auto checking keys because some eccentric protocol support. This is the final file named “gpgsm.conf” pasted here in its entirety:

#This controls dirmngr and gpgsm, both of which are certificate managers connected to GnuPG-2.
#One may accidentally or purposefully connect to keyservers and leak data, so it is necessary to clean the connection as much as possible.
#Check for reasons behind errors via --debug-all --debug-level guru.

#Security precautions to neutralize protocols that can leak information.

#Proxy settings. Try to stay behind a system with blanket internet traffic Onion Routing.
#http-proxy host[:port]
#ldap-proxy host[:port]
#To manually use a keyserver with an Onion Routing SOCKS5 Proxy on Port 9050. Change the port number if needed. Blanket Onion Routing of the whole OS is better.
#The use of this option overrides the environment variable http_proxy regardless whether --honor-http-proxy has been set.

#Runtime preferences.

#Note about OSCP (Online Certificate Status Protocol) from inside the GnuPG manual.
#This option enables OCSP support if requested by the client.
#OCSP requests are rejected by default because they may violate the privacy of the user; for example it is possible to track the time when a user is reading a mail.

#Manually give --faked-system-time 20070924T154812 to GnuPG if it allows. Remove the comment-hastag below to set a constant faked-system-time but keep changing it to evade identification.
#This option is generally not necessary for use with GPGSM.
#faked-system-time 20070924T154812

OpenPGP Best Practices - is nice although they recommend 3072 RSA which I see no reason for if we can easily use maximum key length 4096 RSA.

Right.The absolute maximum GPG supports is 8KB keys for practical reasons as per Werner’s comments. Practical meaning it would be too big for keycards/HSMs and much slower with very little benefit and users might as well switch to the faster and smaller ECC.

1 Like

Anything changes that should be applied to ?

The config without comments:

cat etc/skel/.gnupg/gpg.conf | grep --invert-match # | grep --invert-match ‘^$’

display-charset utf-8
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
keyserver-options no-honor-keyserver-url
keyid-format 0xlong
verify-options show-uid-validity
list-options show-uid-validity

What about ?

cat etc/skel/.gnupg/dirmngr.conf | grep --invert-match # | grep --invert-match ‘^$’


Would it be appropriate to merge into GitHub - Whonix/anon-apps-config ? I want to reduce the number of Whonix packages, merge together where that makes sense.

The only thing not clear to me is how to make /etc/skel/.gnupg/gpg.conf available in Kicksecure?

No anon-gpg-tweaks are really anon-specific. Perhaps better move /etc/skel/.gnupg/gpg.conf to package security-misc?

Makes sense since it belongs on kicksecure too.

1 Like

Interesting feature in GPG 2.3 we could enable whenever it hits the stable release:

GnuPG 2.3 introduces a new experimental key database where the keys are stored in an SQLite database and allow for much faster key look-ups. This experimental key database can be enabled with the “use-keyboxd” option.

I’m also going to keep an eye on it for tpm2d which can work with TPMs to bind keys which could theoretically work with the emulated TPM in KVM and protect user secrets in case of compromise.

1 Like

What is gpg SQLite support good for? I haven’t seen use cases yet where someone was using such a massive amount of keys that key lookup times are non-instant even on slow hardware.

1 Like

I thought it sped up keyserver lookups, but seems I misunderstood.

1 Like