GPG keyservers from within Whonix workstation

I notice that within Workstation, the application KGPG works perfectly fine, both for managing keys and also for dealing with external keyservers… uploading own public keys and searching/importing public listed keys of others.

I also have Icedove with Enigmail installed in Workstation, and while Enigmail can create keys and access all of the ones on the keyring for encrypting/decrypting messages etc, it is not able to reach any keyservers either to export or search/import keys. It fails to contact and connect all servers, no matter which ones are tried (including default .onion one.)

Is there some additional known config change needed to get Enigmail to reach keyservers from within Workstation. It’s not too big a deal to do all management from KGPG instead, but just wondering whether it’s easy to enable Enigmail keyserver functionality too.

Thanks.

Just now added to documentation:

[quote=“Patrick, post:2, topic:1573”]Just now added to documentation:

Great, thanks. Might also want to add as a third option, the KGPG graphical interface works perfectly well for communicating with keyservers to search/import/export/manage keys. For anyone who doesn’t want to deal with the command line and prefers a visual menu, and also wants to avoid editing Enigmail settings every single time it starts.

Good idea. Done.

Although that was already covered above. So there is now some redundancy in that chapter. Could use a rewrite.

[quote=“Patrick, post:4, topic:1573”]Good idea. Done.

Although that was already covered above. So there is now some redundancy in that chapter. Could use a rewrite.[/quote]

Oh… true enough. I didn’t notice that other paragraph up above the graphic, due to the section title and its being nestled amidst other installation instructions. Still, for now better to have some extra redundancy than not enough information in the second section.

It’s too bad there is no easy way to configure Icedove so that the:

--keyserver-options http-proxy=http://127.0.0.1:8118

…line can be removed permanently, instead of manually upon reach restart. For even more convenient operation.

[quote=“Otto Kratik, post:5, topic:1573”]It’s too bad there is no easy way to configure Icedove so that the:

…line can be removed permanently, instead of manually upon reach restart. For even more convenient operation.[/quote]
There might be. Two paths of investigation:

1. /etc/xul-ext/torbirdy.js

2. http://kb.mozillazine.org/User.js_file

here is a quick and dirty hack i have used in torbirdy 1.4 to make the removal of the http-proxy persistent. so far, it has worked without issue and don’t foresee why it would cause any problems. absent any hiccups, i’ll likely take screenshots and add it to the guide i work on, as it makes key management in icedove significantly easier.

1. install torbirdy as you usually would and close icedove
2. open terminal
3. type “cd .icedove/[your profile name]/extensions”
4. type “7z x castironthunderbirdclub@torproject.org.xpi components”
5. type “nano components/torbirdy.js”
6. find the following code, starting at line 216:

“–display-charset utf-8 " +
// We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
”–keyserver-options http-proxy=http://127.0.0.1:8118 ",

modify line 216 to replace the trailing “+” with a “,” and add “//” before the text in line 218 to comment it out.it should look like the code below (changes are in bold):

"–display-charset utf-8 ",
// We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
// "–keyserver-options http-proxy=http://127.0.0.1:8118 ",

7. save the file and exit out of nano (or whatever editor you use)
8. type “7z u castironthunderbirdclub@torproject.org.xpi *”
9. type “rm -rf components”

from now on, every time you start icedove, you will not have to manually edit the “advanced options” in enigmail to communicate with a keyserver from inside icedove.