TOR howto: Accessing Freenode Via Tor step-by-step for Windows

TOR logoA couple of people onthe freenode.net IRC-network asked today the same question: How to get access to freenode using TOR according to their instructions. The real problem is not the methode, but the way how to get to that point. I decided to create a small step-by-step howto.

Overview

To gain access to Freenode using TOR the Freenode-staff wants TOR-users to use their hidden service which can only be accessed after creating an account there. To get an account you need to have a GPG keypair. I’ll describe step by step how to create a keypair.

I got one problem with this website: It is notoriously clipping all pictures to a certain width – if the screenshot isn’t clearly visible, vlick on it to see the complete screenshot. Sorry for that.

Step 1: Download GnuPG for Windows and install it

First, you need to grab the GnuPG software: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.5.exe

After downloading it, open the file and follow the installation instructions, clicking next, next next, peck, peck (“even a chicken can install Debian”). When asked for the path, accept the default or note down where you installed it:

GPG Install Screenshot
Finish the installation through clicking “Next” mucho times. All should be set now.

Step 2: Create a GPG keypair on the Windows-commandline

Now we’re about to create a keypair. This is quite simple, but involves a bit of typing:

  1. Press Start
  2. Choose “Run”
  3. Type cmd

CMD Start
After pressing “OK”, the Windows commandline appears. There you have to change to the correct directory through typing "cd C:\Program Files\GNU\GnuPG". If you did it correctly, typing the command “cd” should yield the result "C:\Program Files\GNU\GnuPG":

CMD Screenshot

Voilá! Now it’s time to create the keypair. To do this, you enter the command "gpg --gen-key" and follow the instructions step-by-step, accepting the defaults, choosing a reasonably secure passphrase to encrypt your private key. Note note or better remember your passphrase, you’ll need it:

GPG Instructions

Now you created a keypair which is appropriate to use for the Freenode IRC-network. Do not close that window.

Step 3: Create a signed password hash inside the IRC-server

I assume that you already have access to the Freenode-network and that you just want to do “the real thing”. Now, inside your IRC-client, create a hash with the command "/quote makepass <password>" where <password> is your choosen password. I take "schwubbdiwupp" as an example:

IRC

Note down the complete hash, whith all dollar- and slash-signs. Even better, copy it to the Windows Clipboard, you need it in the next step.

Step 4: Get Freenode’s key from the keyserver

Since you need to encrypt to the Freenode-staff and sign the message with your key, you need the GPG-key opf the freenode-staff. Just download it with the command: "gpg --keyserver pgpkeys.pca.dfn.de --recv-keys 035D6B1D"

Import Freenode GPG key

Step 5: Sign your nickname with the hash

The next step signs the hash you just created and your nickname with the GPG private key you created in step 2. Go back to the window where GPG was and enter the following command, replacing my nickname "yalla" and my has "$1$8HQdxmzs$MiTG6Spl1HPb5iB4iIdmb/" with your hash:
echo "yalla $1$8HQdxmzs$MiTG6Spl1HPb5iB4iIdmb/" | gpg --gnupg -sea -r 035D6B1D"

It will first ask you for the passphrase you used in step 2 to create your keypair; enter it. Next it will tell you something like: “It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes.” – you can safely say “yes” here:

Sign nickname and hash, encrypt to freenode’s key

Step 6, prepare email to Freenode:

Copy everything starting from "-----BEGING PGP MESSAGE-----" until "-----END PGP MESSAGE-----" to a file and save it to a safe location. This is the encrypted message with your nickname and hash which you will be sending to Freenode; but you also have to include your public key. This is done by typing the command "gpg --armor --export your@email.address":

Public Key

Copy and paste this output to a safe location.

Step 7, last step:

No write an email to the Freenode-staff including your public key and encrypted message you’ve created in step 5 and 6.

Conclusion:

OK, this is the hard way to do it, but it’s the prefered way. Hope that helps.


Creative Commons License
This work is licensed under a Creative Commons Attribution 2.5 License.


Tech Tags:

18 Responses to TOR howto: Accessing Freenode Via Tor step-by-step for Windows

  1. cp says:

    nice guide!
    there’s cool guide for irssi/unix — http://www.pthree.org/2006/08/11/anonymity-and-freenode/

  2. Rodrigo says:

    How do I delete the system ask (“It will first ask you for the passphrase you used in step 2 to create your keypair; enter it. Next it will tell you something like: “It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes”)?

    thanks

  3. Hi Rodrigo,

    have a loko at yesterday’s posting, https://itnomad.wordpress.com/2006/11/13/search-engine-term-roundup/ – your question will be answered there, see topic 2.

    HTH, Alex.

  4. Aaron says:

    Thank you for writing this. I had a hard time understanding what to do from the freenode website, as the instructions are incomplete.
    You can always tell when the people who write the help sections don’t really want to give you any help, but your article made it clear and easy.

  5. Someone says:

    Hi, great article, but I run into this error while fetching the GPG-key from irc.freenode:

    gpg: system error while calling external program: Invalid argument
    gpg: WARNING: unable to remove tempfile (out) `C:\Users\willyWoo\AppData\Local\T
    emp\gpg-57D9D6\tempout.txt’: No such file or directory
    gpg: no handler for keyserver scheme `hkp’
    gpg: keyserver receive failed: keyserver error

    Any ideas on how to solve this ?

    • naxa says:

      I had this error. I had another gpg.exe in the path. For me it was from msysgit. Silly me. So make sure GnuPG comes first. Also you may want to add the “GnuPG” dir to your path, not just “GnuPG\pub” which is the default. or you can try “gpg2.exe”.

  6. Hi Someone,

    you probably addressed a keyserver which doesn’t support the hkp-methode, but the http-methode.

    You probably ran gpg like this:

    gpg –keyserver hkp://some.key.server.net/ ….

    Use this instead:

    gpg –keyserver http://some.key.server.net/ ….

    See also http://lists.gnupg.org/pipermail/gnupg-users/2003-May/018289.html (same problem, just the other way round).

    Hope that helps,
    Alex.

  7. Jake says:

    Nice howto, however, I still have a question.

    After you send the e-mail to freenode, then what? Is it a automated process and you can log on right away, or do they send back a reply or something else?

    For the password, if you do /quote makepass password a few times, the hash is different each time?

    I ask since when I try to log in with password, I get the ‘Hmmm, that wasn’t the right password’ response, but I know the password is correct. I tried both the hash version of the password, and the normal version, and they both give the same error message.

    It has been 3 days now, so unsure what to do next?

  8. James says:

    I have the same query as Jake…

  9. Dear Jake and James,

    last time I checked it only took a couple of days. I’ll to check out how long it’ll take nowadays and eventually contact the Freenode-staff it it takes way to long.
    We keep in touch,

    Alex.

  10. bob says:

    if you don’t get a reply, it means your account has not been created.

  11. 13wiL6sic6 says:

    hope someone will help me i have problem i cannot solve. the one entering “gpg –gen-key” then it will ask me what kind of key i will use but the problem is here it will show only “RuL” when i press 1 or any command it will show gpg: fatal write console failed etc etc. how can i solve this one please email me thank you

    mad_liquid_wakizashi@yahoo.com

    • Sorry for the late reply. I took a blogging-hiatus for the past year.
      Is your problem still acute? It’s sounds pretty odd to be honest, more like a borked gnupg or a screwed up installation of itself.

      Alex.

  12. Frank says:

    Thanks for this guide, the info on free node was indeed not sufficient for someone with no experience like me.

  13. BLARG says:

    Bash users, at least, should use single quotes when creating the encrypted message (and there’s no final ” after the 035D6B1D):

    echo ‘yalla $1$8HQdxmzs$MiTG6Spl1HPb5iB4iIdmb/’ | gpg –gnupg -sea -r 035D6B1D

    I would also use `–output something.txt’

  14. otrov says:

    I just don’t get #3 + screenshot is not clear:
    – where do you pass “/quote makepass “?
    – what if I don’t use irssi?

    High hopes for old post, but thanks anyway

  15. otrov says:

    I just received reply from freenode:

    “freenode no longer offers a GPG authenticated tor service. Please see http://freenode.net/irc_servers.shtml#tor for its replacement.”

    Posting to save some others time, thou it’s interesting guide

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: