Message: 9
Date: Wed, 21 Sep 2011 22:44:26 -0500
From: John Clizbe j...@enigmail.net
To: gnupg-users@gnupg.org
Subject: Re: windows binary for gnupg 1.4.11 // compilation
instructions posted
Message-ID: 4e7aaf1a.1040...@enigmail.net
Content-Type: text/plain; charset=UTF-8
ved
ved...@nym.hush.com wrote:
Thanks,
I knew about the MSYS method, but not about the others,
but my point was about running gnupg from a flash drive.
I was under the impression that there is no portable way to do that
on a flashdrive that doesn't have these systems installed on the
host
On 9/22/2011 12:38 PM, John Clizbe wrote:
probably be good to include msvcrt.dll as MinGW targets it.
Also so that you're not depending on the host machine's MSVCRT.DLL.
That .DLL is often targeted by malware: it makes such a perfect place to
drop hook functions.
(Putting that .DLL on the stick
John Clizbe John at enigmail.net wrote on
Thu Sep 22 18:38:06 CEST 2011 :
It can be done, but it's nontrivial. I think it's more like
Sisyphean IMHO :-(.
OK, thought so, ;-)
You cannot secure everything necessary to securely run gpg (or
any other program) from a USB stick.
Please don't
ved...@nym.hush.com wrote:
So, if , for example, in a case where I don't have my laptop with me, (but I
do have a usb with gpg and keyrings, and a miniDVD with ubuntu),
then, assuming there is no keylogger on the borrowed laptop, what
is the problem with booting from the ubuntu miniDVD, and
John Clizbe John at enigmail.net wrote on
Thu Sep 22 21:20:16 CEST 2011 :
You're also assuming no BIOS or UEFI rootkits :-)
Whether that is or isn't a problem is up to you
Can these rootkits work when there is no mbr access?
I'm booting from a dvd ubuntu install disk.
No root information is
On 9/22/2011 3:59 PM, ved...@nym.hush.com wrote:
Can these rootkits work when there is no mbr access?
Yes. In fact, EFI/UEFI is more or less a replacement for MBRs.
EFI/UEFI is almost the first thing through the CPU's brain upon booting.
There's probably some on-chip microcode that executes
Robert J. Hansen rjh at sixdemonbag.org wrote on
Thu Sep 22 22:07:07 CEST 2011 :
The EFI/UEFI designers went to some lengths to harden the system
against malware -- unfortunately they could only harden it, not
immunize it.
I know only very limited stuff about this, but I thought that this
was
On 9/22/2011 4:51 PM, ved...@nym.hush.com wrote:
I know only very limited stuff about this, but I thought that this
was mainly to check that copies of windows were 'non-pirated', and
has come under some criticism that they might be able to exclude some
from running linux OS's ...
That's
On Tue, 20 Sep 2011 22:48, r...@sixdemonbag.org said:
If I determine that my work PC and my home PC are both trusted systems,
and I have a single USB stick containing my GnuPG installation and
keyrings that I want to use on both, then I don't see the risk so long
as that USB stick is never
ved...@nym.hush.com wrote:
BTW,
There is a unique advantage to running gnupg from cygwin on
windows, as it's the only way to make use of unix-like commands,
(cat, grep, printf, etc.) and pipe them to and from gnupg.
ONLY? How much effort did you expend looking?
The MinGW compiler folks
On 9/21/2011 11:44 PM, John Clizbe wrote:
ONLY? How much effort did you expend looking?
In addition to John's offerings, don't forget http://gnuwin32.sf.net.
Most of the GNU tools exist in native Win32 builds. Some of them are a
bit old (e.g., their flex is 2.5.4a, current is 2.5.34, their gawk
On Mon, 19 Sep 2011 23:28, jpcli...@tx.rr.com said:
Many tools such as autoconf have to be installed from the Interix community
site.
To build gnupg you don't need autoconf. A bare bones development system
is always sufficient. autoconf is only used to create the configure
script which is
ABAA 0D62 B019 F80E
29F9
From: Werner Koch w...@gnupg.org
To: Johan Wevers joh...@vulcan.xs4all.nl
Date: Sat, 17 Sep 2011 12:06:49 +0200
Subject: Re: windows binary for gnupg 1.4.11 // compilation instructions
posted
On Fri, 16 Sep 2011 21:42, joh...@vulcan.xs4all.nl said:
If they don't
On Tue, 20 Sep 2011 19:28, avi.w...@gmail.com said:
What about us windows users who do not have GPG installed on our
desktops, but our secure USB sticks. 1.4.11 works very nicely as
a stand-alone (or in my case, with GPGShell). I'm afraid that
2.+ would not work properly when installed to an
On Friday 16 September 2011, Robert J. Hansen wrote:
On 9/16/2011 2:49 PM, ved...@nym.hush.com wrote:
Because then who is to say that it wasn't tampered with?
Who's to say the one on ftp.gnupg.org wasn't tampered with? It would
be fairly easy to make a version of GnuPG that always reported
On 9/20/2011 3:23 PM, Werner Koch wrote:
There is no such thing as a secure USB stick to run programs from.
If I determine that my work PC and my home PC are both trusted systems,
and I have a single USB stick containing my GnuPG installation and
keyrings that I want to use on both, then I don't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Fair enough, I was not precise, my apologies.
I run GnuPG off a Truecrypt encrypted partition on a USB stick,
so I can access it places where I do not wish to load my
keyring, and cannot install a card reader. I find that version
1.4.11 with
Message: 8
Date: Tue, 20 Sep 2011 13:28:34 -0400
From: Avi avi.w...@gmail.com
To: gnupg-users@gnupg.org
What about us windows users who do not have GPG installed on our
desktops, but our secure USB sticks. 1.4.11 works very nicely as
a stand-alone (or in my case, with GPGShell).
However, I am
Hi,
there is a thing for Windows called System Services for Unix (SFU). It
is a modern POSIX implementation on top of the NT kernel but very
different to the old we-need-to-be-compliant-to-gov-ITBs Posix
subsystem. Did anyone ever tried to build a GnuPG on it?
AFAICS this would use MSC but on
Werner Koch wrote:
Hi,
there is a thing for Windows called System Services for Unix (SFU). It
is a modern POSIX implementation on top of the NT kernel but very
different to the old we-need-to-be-compliant-to-gov-ITBs Posix
subsystem. Did anyone ever tried to build a GnuPG on it?
AFAICS
Johan Wevers wrote:
On 16-09-2011 21:30, Simone Cianfriglia wrote:
To achieve your desired result, it's required to run the exactly same
compiler, including the version, with the same options targeting the
correct architecture. Also a minor tweak in architecture settings
could change the
On Fri, 16 Sep 2011 21:42, joh...@vulcan.xs4all.nl said:
OK, then what about a direct link to the version of the installer still
present on ftp.gnupg.org?
It was removed on purpose. We - and this includes Enigmail developers -
want users to use the modern version. Those how have a valid
Compiling your own windows binary on windows
(for people who never used a compiler):
Reviewed the instructions, and tested them on windows 64 bit
systems, and no modifications are necessary.
Posted the 'How To' on Maxine Brandt's restored site, here:
On 16-09-2011 17:17, ved...@nym.hush.com wrote:
Posted the 'How To' on Maxine Brandt's restored site, here:
http://www.angelfire.com/mb2/mbgpg2go/cyowb.html
Why not also host a copy of the existing binary?
--
Met vriendelijke groet,
Johan Wevers
Johan Wevers johanw at vulcan.xs4all.nl
Fri Sep 16 20:28:52 CEST 2011 wrote:
Why not also host a copy of the existing binary?
Because then who is to say that it wasn't tampered with?
The whole point is to start with gnupg.org signed and verified
material, and then let the user take it from
On 16-09-2011 20:49, ved...@nym.hush.com wrote:
Why not also host a copy of the existing binary?
Because then who is to say that it wasn't tampered with?
OK, then what about a direct link to the version of the installer still
present on ftp.gnupg.org?
Although,
[and am over my head here,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello veidaal and gnupg-users list.
My understanding, (which may be outdated),
is that there are too many variations in individual user systems,
so that the compiled files would never have 'exactly' the same
hash independent of where they are
Thanks,
Simone, Johan and Robert,
well, there goes that idea ...
(but it's nice to know, that it's *possible* if there ever were
some extreme need for it) ;-)
Johan,
as per your excellent suggestion, the link to the ftp is hosted:
http://www.angelfire.com/mb2/mbgpg2go/download.html
(I'm
On 16-09-2011 21:30, Simone Cianfriglia wrote:
To achieve your desired result, it's required to run the exactly same
compiler, including the version, with the same options targeting the
correct architecture. Also a minor tweak in architecture settings
could change the result, see for example
30 matches
Mail list logo