A couple of people onthe freenode.net IRC-network asked today the same question: How to get access to freenode using TOR according to their instructions. The real problem is not the methode, but the way how to get to that point. I decided to create a small step-by-step howto.
Overview
To gain access to Freenode using TOR the Freenode-staff wants TOR-users to use their hidden service which can only be accessed after creating an account there. To get an account you need to have a GPG keypair. I’ll describe step by step how to create a keypair.
I got one problem with this website: It is notoriously clipping all pictures to a certain width – if the screenshot isn’t clearly visible, vlick on it to see the complete screenshot. Sorry for that.
Step 1: Download GnuPG for Windows and install it
First, you need to grab the GnuPG software: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.5.exe
After downloading it, open the file and follow the installation instructions, clicking next, next next, peck, peck (“even a chicken can install Debian”). When asked for the path, accept the default or note down where you installed it:
Finish the installation through clicking “Next” mucho times. All should be set now.
Step 2: Create a GPG keypair on the Windows-commandline
Now we’re about to create a keypair. This is quite simple, but involves a bit of typing:
- Press Start
- Choose “Run”
- Type cmd
After pressing “OK”, the Windows commandline appears. There you have to change to the correct directory through typing "cd C:\Program Files\GNU\GnuPG"
. If you did it correctly, typing the command “cd” should yield the result "C:\Program Files\GNU\GnuPG"
:
Voilá! Now it’s time to create the keypair. To do this, you enter the command "gpg --gen-key"
and follow the instructions step-by-step, accepting the defaults, choosing a reasonably secure passphrase to encrypt your private key. Note note or better remember your passphrase, you’ll need it:
Now you created a keypair which is appropriate to use for the Freenode IRC-network. Do not close that window.
Step 3: Create a signed password hash inside the IRC-server
I assume that you already have access to the Freenode-network and that you just want to do “the real thing”. Now, inside your IRC-client, create a hash with the command "/quote makepass <password>"
where <password>
is your choosen password. I take "schwubbdiwupp"
as an example:
Note down the complete hash, whith all dollar- and slash-signs. Even better, copy it to the Windows Clipboard, you need it in the next step.
Step 4: Get Freenode’s key from the keyserver
Since you need to encrypt to the Freenode-staff and sign the message with your key, you need the GPG-key opf the freenode-staff. Just download it with the command: "gpg --keyserver pgpkeys.pca.dfn.de --recv-keys 035D6B1D"
Step 5: Sign your nickname with the hash
The next step signs the hash you just created and your nickname with the GPG private key you created in step 2. Go back to the window where GPG was and enter the following command, replacing my nickname "yalla"
and my has "$1$8HQdxmzs$MiTG6Spl1HPb5iB4iIdmb/"
with your hash:
echo "yalla $1$8HQdxmzs$MiTG6Spl1HPb5iB4iIdmb/" | gpg --gnupg -sea -r 035D6B1D"
It will first ask you for the passphrase you used in step 2 to create your keypair; enter it. Next it will tell you something like: “It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes.” – you can safely say “yes” here:
Step 6, prepare email to Freenode:
Copy everything starting from "-----BEGING PGP MESSAGE-----"
until "-----END PGP MESSAGE-----"
to a file and save it to a safe location. This is the encrypted message with your nickname and hash which you will be sending to Freenode; but you also have to include your public key. This is done by typing the command "gpg --armor --export your@email.address"
:
Copy and paste this output to a safe location.
Step 7, last step:
No write an email to the Freenode-staff including your public key and encrypted message you’ve created in step 5 and 6.
Conclusion:
OK, this is the hard way to do it, but it’s the prefered way. Hope that helps.
This work is licensed under a Creative Commons Attribution 2.5 License.
nice guide!
there’s cool guide for irssi/unix — http://www.pthree.org/2006/08/11/anonymity-and-freenode/
How do I delete the system ask (“It will first ask you for the passphrase you used in step 2 to create your keypair; enter it. Next it will tell you something like: “It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes”)?
thanks
Hi Rodrigo,
have a loko at yesterday’s posting, https://itnomad.wordpress.com/2006/11/13/search-engine-term-roundup/ – your question will be answered there, see topic 2.
HTH, Alex.
Thank you for writing this. I had a hard time understanding what to do from the freenode website, as the instructions are incomplete.
You can always tell when the people who write the help sections don’t really want to give you any help, but your article made it clear and easy.
Hi, great article, but I run into this error while fetching the GPG-key from irc.freenode:
gpg: system error while calling external program: Invalid argument
gpg: WARNING: unable to remove tempfile (out) `C:\Users\willyWoo\AppData\Local\T
emp\gpg-57D9D6\tempout.txt’: No such file or directory
gpg: no handler for keyserver scheme `hkp’
gpg: keyserver receive failed: keyserver error
Any ideas on how to solve this ?
I had this error. I had another gpg.exe in the path. For me it was from msysgit. Silly me. So make sure GnuPG comes first. Also you may want to add the “GnuPG” dir to your path, not just “GnuPG\pub” which is the default. or you can try “gpg2.exe”.
Hi Someone,
you probably addressed a keyserver which doesn’t support the hkp-methode, but the http-methode.
You probably ran gpg like this:
gpg –keyserver hkp://some.key.server.net/ ….
Use this instead:
gpg –keyserver http://some.key.server.net/ ….
See also http://lists.gnupg.org/pipermail/gnupg-users/2003-May/018289.html (same problem, just the other way round).
Hope that helps,
Alex.
Nice howto, however, I still have a question.
After you send the e-mail to freenode, then what? Is it a automated process and you can log on right away, or do they send back a reply or something else?
For the password, if you do /quote makepass password a few times, the hash is different each time?
I ask since when I try to log in with password, I get the ‘Hmmm, that wasn’t the right password’ response, but I know the password is correct. I tried both the hash version of the password, and the normal version, and they both give the same error message.
It has been 3 days now, so unsure what to do next?
I have the same query as Jake…
Dear Jake and James,
last time I checked it only took a couple of days. I’ll to check out how long it’ll take nowadays and eventually contact the Freenode-staff it it takes way to long.
We keep in touch,
Alex.
if you don’t get a reply, it means your account has not been created.
hope someone will help me i have problem i cannot solve. the one entering “gpg –gen-key” then it will ask me what kind of key i will use but the problem is here it will show only “RuL” when i press 1 or any command it will show gpg: fatal write console failed etc etc. how can i solve this one please email me thank you
mad_liquid_wakizashi@yahoo.com
Sorry for the late reply. I took a blogging-hiatus for the past year.
Is your problem still acute? It’s sounds pretty odd to be honest, more like a borked gnupg or a screwed up installation of itself.
Alex.
Thanks for this guide, the info on free node was indeed not sufficient for someone with no experience like me.
Bash users, at least, should use single quotes when creating the encrypted message (and there’s no final ” after the 035D6B1D):
echo ‘yalla $1$8HQdxmzs$MiTG6Spl1HPb5iB4iIdmb/’ | gpg –gnupg -sea -r 035D6B1D
I would also use `–output something.txt’
I just don’t get #3 + screenshot is not clear:
– where do you pass “/quote makepass “?
– what if I don’t use irssi?
High hopes for old post, but thanks anyway
OK, it can be made here: http://www.mkpasswd.net/?cat=crypt
I just received reply from freenode:
“freenode no longer offers a GPG authenticated tor service. Please see http://freenode.net/irc_servers.shtml#tor for its replacement.”
Posting to save some others time, thou it’s interesting guide
You actually make it seem really easy together with your presentation but I to find this matter to be really something that I
think I would never understand. It kind of feels too complicated and very vast for
me. I’m taking a look forward in your next publish, I’ll try to
get the cling of it!