parcimonie(1p) [debian man page]

PARCIMONIE(1p)						User Contributed Perl Documentation					    PARCIMONIE(1p)

NAME

       parcimonie - privacy-friendly helper to refresh a GnuPG keyring

VERSION

       Version 0.7.1

SYNOPSIS

       parcimonie [options]

DESCRIPTION

       parcimonie is a daemon that slowly refreshes a GnuPG public keyring from a keyserver.

       Its refreshes one key at a time; between every key update, parcimonie sleeps a random amount of time, long enough for the previously used
       Tor circuit to expire.

       This process is meant to make it hard for an attacker to correlate the multiple performed key update operations.

       See the design.mdwn document to learn more about the threat and risk models parcimonie attempts to help coping with.

USAGE

       1. Configure GnuPG to be able to use a keyserver.

       You can skip this section if you already have configured a keyserver in ~/.gnupg/gpg.conf.

       Else, add to your gpg.conf something along these lines:

	       keyserver hkp://keys.indymedia.org

       You obviously can choose your preferred keyserver here; if using hkps:// (which would be our second choice behind hkpms://), your GnuPG
       installation should support HPKS; on Debian systems, enabling such support is done by installing the gnupg-curl package; see those web
       pages for help with GnuPG hkps:// configuration:

	       http://keys.mayfirst.org/
	       http://keys.indymedia.org/

       You may want parcimonie to use a different keyserver than the one your usual GnuPG invocations do. This can be achieved by passing to
       parcimonie a command-line option such as:

	       --gnupg-extra-arg "--keyserver=hkps://zimmermann.mayfirst.org"

       2. Run "parcimonie --verbose".

       3. Check the output for misconfiguration or bugs.

       4. Once happy, start the daemon without the --verbose option.
	  Note: the Debian package automatically starts the daemon with your X session.
	  For example, GNOME users can configure its startup from the
	  "System -> Preferences -> Startup Applications" menu.

OPTIONS

       The following command lists available options:

	   parcimonie --help

   Tor configuration vs. --minimum-lapse-time
       In case you set the Tor MaxCircuitDirtiness setting yourself, you probably want to pass parcimonie a matching --minimum-lapse-time option
       so that subsequent key fetches use different Tor circuits.

       Just make sure this remains true:

	       minimum-lapse-time >= Tor MaxCircuitDirtiness

   hkpms://
       We recommend using hkpms; see http://web.monkeysphere.info/ for details. When a hkpms:// keyserver is being used, one needs to do two
       additional steps since gpgkeys_hkpms does not work in the torsocks wrapped environment parcimonie uses by default to run gpg.

       Torify gpgkeys_hkpms

       Just add the following line to gpg.conf:

	   keyserver-options http-proxy=socks://127.0.0.1:9050

       Hey, parcimonie, gpg is already torified

       Pass the --gnupg-already-torified switch to the parcimonie daemon command-line. parcimonie will then rely on the keyserver-options
       previously added to gpg.conf, and won't attempt to torify gpg connections itself.

AUTHOR

       intrigeri <intrigeri@boum.org>

LICENSE AND COPYRIGHT

       Copyright (C) 2010-2011 intrigeri <intrigeri@boum.org>

       Licensed under the same terms as Perl itself.

BUGS

       Please report any bugs or feature requests to "intrigeri at boum.org".

SUPPORT

       You can find documentation for parcimonie with the man command.

	   man parcimonie

       You can also look for information at:

       o   parcimonie's homepage

	   <https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/>

perl v5.14.2							    2014-02-11							    PARCIMONIE(1p)