.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "PARCIMONIE 1p"
.TH PARCIMONIE 1p "2020-04-25" "perl v5.30.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
parcimonie \- privacy\-friendly helper to refresh a GnuPG keyring
.SH "VERSION"
.IX Header "VERSION"
Version 0.12.0
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBparcimonie\fR [options]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
parcimonie is a daemon that slowly refreshes a GnuPG public keyring
from a keyserver.
.PP
Its refreshes one key at a time; between every key update, parcimonie
sleeps a random amount of time, long enough for the previously used Tor
circuit to expire.
.PP
This process is meant to make it hard for an attacker to correlate the
multiple performed key update operations.
.PP
See the design.md document to learn more about the threat and risk
models parcimonie attempts to help coping with.
.SH "USAGE"
.IX Header "USAGE"
1. Configure GnuPG to be able to use a keyserver with Tor.
.PP
If you already have configured a keyserver and you run Tor
0.3.0.3\-alpha\-1 or newer from Debian, then parcimonie will probably
work fine and you can skip this step. Otherwise, you will probably
need to replace your keyserver with the one documented below, or to
enable IPv6 traffic in your Tor client (by enabling the IPv6Traffic
flag for your SocksPort).
.PP
Add to ~/.gnupg/dirmngr.conf something like:
.PP
.Vb 1
\&        keyserver hkp://jirk5u4osbsr34t5.onion
.Ve
.PP
2. Run \*(L"parcimonie \-\-verbose\*(R".
.PP
3. Check the output for misconfiguration or bugs.
.PP
4. Once happy, start the daemon without the \-\-verbose option.
   Note: the Debian package automatically starts the daemon with your X session.
.SH "OPTIONS"
.IX Header "OPTIONS"
The following command lists available options:
.PP
.Vb 1
\&    parcimonie \-\-help
.Ve
.SS "Tor configuration vs. \-\-minimum\-lapse\-time"
.IX Subsection "Tor configuration vs. --minimum-lapse-time"
In case you set the Tor MaxCircuitDirtiness setting yourself, you
probably want to pass parcimonie a matching \-\-minimum\-lapse\-time
option so that subsequent key fetches use different Tor circuits.
.PP
Just make sure this remains true:
.PP
.Vb 1
\&        minimum\-lapse\-time >= Tor MaxCircuitDirtiness
.Ve
.SS "hkpms://"
.IX Subsection "hkpms://"
We recommend using hkpms; see http://web.monkeysphere.info/ for
details. When a hkpms:// keyserver is being used, one needs to do two
additional steps since gpgkeys_hkpms does not work in the torsocks
wrapped environment parcimonie uses by default to run gpg.
.PP
\fITorify gpgkeys_hkpms\fR
.IX Subsection "Torify gpgkeys_hkpms"
.PP
Just add the following line to gpg.conf:
.PP
.Vb 1
\&    keyserver\-options http\-proxy=socks://127.0.0.1:9050
.Ve
.PP
\fIHey, parcimonie, gpg is already torified\fR
.IX Subsection "Hey, parcimonie, gpg is already torified"
.PP
Pass the \-\-gnupg\-already\-torified switch to the parcimonie daemon
command-line. parcimonie will then rely on the keyserver-options
previously added to gpg.conf, and won't attempt to torify gpg
connections itself.
.SH "AUTHOR"
.IX Header "AUTHOR"
intrigeri <intrigeri@boum.org>
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright (C) 2010\-2020 intrigeri <intrigeri@boum.org>
.SH "LICENSE"
.IX Header "LICENSE"
Licensed under the same terms as Perl itself.
.SH "BUGS"
.IX Header "BUGS"
Please report any bugs or feature requests to
<https://salsa.debian.org/intrigeri/parcimonie/\-/issues>.
.SH "SUPPORT"
.IX Header "SUPPORT"
You can find documentation for parcimonie with the man command.
.PP
.Vb 1
\&    man parcimonie
.Ve
.PP
You can also look for information at:
.IP "\(bu" 4
parcimonie's homepage
.Sp
<https://salsa.debian.org/intrigeri/parcimonie>