GPG detection on Windows?

2013-07-18 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello Everyone,

I'm designing an application that will run on Windows and utilize
GNUPG. Right now, I'm detecting if GPG is installed by calling it then
parsing the output of the command to see if it succeeded or failed.
This is VERY messy and not my preferred way.

Does GPG4Win install anything to the registry that I could check for
to see if it's installed?

Thanks,
Anthony

- -- 
Anthony Papillion
Phone:   1.918.533.9699
SIP: sip:cajuntec...@iptel.org
XMPP:cypherp...@patts.us
Website: www.cajuntechie.org
PGP Key: 0x53B04B15


-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJR6CLAAAoJEAKK33RTsEsV+IQP+gKv6yIZuh1fx2zTA9/7+6RE
G6+8+35szeQ3zCkGsGgFkzeDlSlgffeUekmMnaEZk2K7i0L0SDh1ddAfkuXufJez
iw12drHrKqx4svwSKMPRFZJAlr7nL/a7Fl91cKCplOn90fodekB7O8caZGM4mskB
eRRZPBOs+f4Kx/zFZONEbjcxnIksuqD3W+hspPQaF+99xYMMS2B2WitPSMj3dzXg
DVo1eKwAbYvln5gmgLw0CAoSI6iVWC2hQeX+6mlVUPWrOZrA/yfGBhlKWz8JEIsS
h05UXXeDOa/bSUL8iuoqX0JqOs/MJrHyKabf9EDTSugIazfqCodC9ZKYYdFFTjZG
IhFH0kArOjhCU2FstkfqK9jYzASYa6/v29hhh17piu88rTlqAnGHYxQLMXHp0qLD
P7IhsUXp2FGoSeXJ5Igo/MpQ5E9J3O2fPniREK2PzZRUpRkItlnqjZP6W96xuHS8
E7AbrOZK4mzYupnWZhbW4zLIH/c2nHSFMRBK00e4EmIEovAUcTPJaWUlDFUeF7Dj
v44Ac6ipfmK4adSugkwqpz5royPal4QkgouueMabWlJbwSK2CzInswwmiMww7Lad
5yHerAIEDN7XSGNxW8KzDuR1lxoZwqs6pC1n4MRzVaJ0edMwe2BHh8Ydo0JyPRFZ
zSsS3Fv3fN6U0sJE3qRP
=6yl1
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: searching for keys: hkpms

2013-07-18 Thread kardan 
Hi,

I reuse the thread as this topic is quite related.

From the parcimonie [1] manual one sentence hit my brain: if using
hkps:// (which would be our second choice behind hkpms://). To be
honest, this is the first time I heard of hkpms, despite I am a reading
some lists and try to keep up with security topics.

As Wikipedia has no article [2] on this yet by this (eventually I find
time in some quite night hour) I try to summarize my finding in case
others find this useful or are keen to add something.

[1] https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/
[2] http://en.wikipedia.org/wiki/HKPMS

This the parcimonie manual does say:
hkpms://
We recommend using hkpms; see http://web.monkeysphere.info/
 for details. When a hkpms:// keyserver is being used, one needs to do
 two additional steps since gpgkeys_hkpms does not work in the
 torsocks wrapped environment parcimonie uses by default to run gpg.
 
Torify gpgkeys_hkpms
 
Just add the following line to gpg.conf:
 
keyserver-options http-proxy=socks://127.0.0.1:9050
 
Hey, parcimonie, gpg is already torified
 
Pass the --gnupg-already-torified switch to the parcimonie
 daemon command-line. parcimonie will then rely on the
 keyserver-options previously added to gpg.conf, and won't attempt to
 torify gpg connections itself.

 http://www.gossamer-threads.com/lists/gnupg/users/60543
in the nearer term, you could also use msva-perl with hkpms (if you want
to verify remote hosts via the OpenPGP web of trust).

 https://tails.boum.org/contribute/design/
Monkeysphere's hkpms:// support will be used as soon as possible in
place of the hierarchical X.509 certification model.
hkpms is available in Debian: msva-perl

 http://packages.debian.org/jessie/msva-perl
Cryptographic identity validation agent
 The Monkeysphere Validation Agent offers a local service for tools to
validate certificates (both X.509 and OpenPGP) and other public keys.
This package contains a perl implementation of a Monkeysphere

 http://web.monkeysphere.info/FAQ/
In addition, this project being what it is, there is now also a
Monkeysphere-enabled hkps (hkpms) module provided with the
Monkeysphere validation agent package (msva-perl in Debian). This uses
the users monkeysphere validation agent, if running, to confirm the
identify of the keyserver. The Monkeysphere developers have signed the
host key of keys.mayfirst.org¸ so if you have a trust path to the
Monkeysphere developers you can try using hkpms://keys.mayfirst.org.

I found that Kristian's key is signed for hkpms too, while the manual
also recommends to use a different pool server for parcimonie than
for daily requests.
You may want parcimonie to use a different keyserver than the
 one your usual GnuPG invocations do. This can be achieved by passing
 to parcimonie a command-line option such as:
 
--gnupg-extra-arg
--keyserver=hkps://zimmermann.mayfirst.org

 pub  4096R/40F3D015 2012-10-06 hkps://keys.kfwebs.net
hkpms://keys.kfwebs.net
https://keys.kfwebs.net
hkps://hkps.pool.sks-keyservers.net
hkpms://hkps.pool.sks-keyservers.net
https://hkps.pool.sks-keyservers.net
 Fingerprint=29D2 ED98 74EE 2B60 3CE3  648E 8BF5 AD41 40F3 D015 

To use hkpms with the above I add to ~/.gnupg/gpg.conf
keyserver hkpms://hkps.pool.sks-keyservers.net
keyserver-options http-proxy=socks://127.0.0.1:9050

$ gpg --search cia
gpg: searching for cia from hkpms server hkps.pool.sks-keyservers.net
gpgkeys: protocol `hkpms' not supported
gpg: no handler for keyserver scheme `hkpms'
gpg: keyserver search failed: keyserver error

Of course! How should gpg know how to handle monkeysphere requests if
it is not installed. So we need to install msva-perl.

$ gpg --search cia
Requesting a socks proxy for hkpms, but LWP::Protocol::socks is not
installed. This will likely fail.
Received
'ca-cert-file=/etc/ssl/certs/sks-keyservers.netca.pem' as an
option, but gpgkeys_hkpms does not implement it. Ignoring... HTTPS
error: 501 Protocol scheme 'socks' is not supported

Currently msva-perl recommends liblwp-protocol-socks-perl but I usually
drop recommendations by config due to limited disk space. So I also
installed liblwp-protocol-socks-perl (maybe it should become a
dependency of msva-perl in future versions).

$ gpg --search cia
gpg: searching for cia from hkpms server hkps.pool.sks-keyservers.net
gpg: error reading key: public key not found
Monkeysphere HKPMS Certificate validation failed:
  Failed to validate https://hkps.pool.sks-keyservers.net; through the
OpenPGP Web of Trust. HTTPS error: 500 Can't call method
http_configure on an undefined value gpg: key cia not found on
keyserver

This often puzzles me with gnupg. Gpg tells 'public key not found' which
in the first place confuses me to think that no key CAN

Re: GPG detection on Windows?

2013-07-18 Thread Jerry 
On Thu, 18 Jul 2013 12:15:51 -0500
Anthony Papillion articulated:

 I'm designing an application that will run on Windows and utilize
 GNUPG. Right now, I'm detecting if GPG is installed by calling it then
 parsing the output of the command to see if it succeeded or failed.
 This is VERY messy and not my preferred way.
 
 Does GPG4Win install anything to the registry that I could check for
 to see if it's installed?

The software details installed in a PC is found in the registry in the
location HEKY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall 
.
You can use the following code to get the list of software programs
installed in the system. You can determine whether it is latest using
the InstallDate key in the registry.

 

/// summary
  /// Gets a list of installed software and, if known, the software's install 
path.
  /// /summary
  /// returns/returns
  private string Getinstalledsoftware()
  {
   //Declare the string to hold the list:
   string Software = null;

   //The registry key:
   string SoftwareKey = @SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall;
   using (RegistryKey rk = Registry.LocalMachine.OpenSubKey(SoftwareKey))
   {
//Let's go through the registry keys and get the info we need:
foreach (string skName in rk.GetSubKeyNames())
{
 using (RegistryKey sk = rk.OpenSubKey(skName))
 {
  try
  {
   //If the key has value, continue, if not, skip it:
   if (!(sk.GetValue(DisplayName) == null))
   {
//Is the install location known?
if (sk.GetValue(InstallLocation) == null)
 Software += sk.GetValue(DisplayName) +  - Install path not 
known\n; //Nope, not here.
else
 Software += sk.GetValue(DisplayName) +  -  + 
sk.GetValue(InstallLocation) + \n; //Yes, here it is...
   }
  }
  catch (Exception ex)
  {
   //No, that exception is not getting away... :P
  }
 }
}
   }

   return Software;
  }


//EXAMPLE USAGE:
private void get_software_list_button__Click(object sender, EventArgs e)
  {
   MessageBox.Show(Getinstalledsoftware());
  }

-- 
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG detection on Windows?

2013-07-18 Thread Henry Hertz Hobbit 
On 07/18/2013 05:15 PM, Anthony Papillion wrote:
 Hello Everyone,
 
 I'm designing an application that will run on Windows and utilize 
 GNUPG. Right now, I'm detecting if GPG is installed by calling it
 then parsing the output of the command to see if it succeeded or
 failed. This is VERY messy and not my preferred way.
 
 Does GPG4Win install anything to the registry that I could check
 for to see if it's installed?

Yes.  Just fire up regedit and search for gnupg (or maybe just gnu).
There are also the folder / files in:

%ProgramFiles%\GNU\GnuPG

You probably just want to test whether either of these files
are there since them or one of the others is what you are using:

%ProgramFiles%\GNU\GnuPG\pub\gpg.exe
%ProgramFiles%\GNU\GnuPG\pub\gpg2.exe


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG detection on Windows?

2013-07-18 Thread Josef Schneider 
On Thu, Jul 18, 2013 at 10:23 PM, Henry Hertz Hobbit
hhhob...@securemecca.net wrote:
 You probably just want to test whether either of these files
 are there since them or one of the others is what you are using:

 %ProgramFiles%\GNU\GnuPG\pub\gpg.exe
 %ProgramFiles%\GNU\GnuPG\pub\gpg2.exe

Protip: you can change the install location!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users