Commit d538ab4f authored by Tails developers's avatar Tails developers
Browse files

Switch gpg to use keys.indymedia.org's hidden service, without SSL.

The keys.indymedia.org SSL certificate is now self-signed.
The hidden service gives a good enough way to authenticate the server and
encrypt the connection, and just removes the certificates management issue.
parent ca43e8cb
......@@ -6,7 +6,7 @@ user_pref("extensions.firegpg.enable_gpgapi", false);
user_pref("extensions.firegpg.gmail_enabled", false);
user_pref("extensions.firegpg.gmail_enabled", false);
user_pref("extensions.firegpg.gpg_version", "FIREGPG_VERSION");
user_pref("extensions.firegpg.keyserver", "hkps://keys.indymedia.org");
user_pref("extensions.firegpg.keyserver", "hkp://2eghzlv2wwcq7u7y.onion");
user_pref("extensions.firegpg.show_website", false);
// Block read and write access to the history in non-Tor mode
......
keyserver hkps://keys.indymedia.org
keyserver-options ca-cert-file=/etc/ssl/certs/cacert.org.pem
keyserver hkp://2eghzlv2wwcq7u7y.onion
keyserver-options http-proxy=http://127.0.0.1:8118/
personal-digest-preferences SHA512,SHA384,SHA256
......
KEYSERVER=hkps://keys.indymedia.org
KEYSERVER=hkp://2eghzlv2wwcq7u7y.onion
......@@ -7,7 +7,7 @@
<value>
<list type="string">
<value>
<string>hkp://keys.indymedia.org</string>
<string>hkp://2eghzlv2wwcq7u7y.onion</string>
</value>
</list>
</value>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment