re: GnuPG (win32) on a USB stick
Robert Earl Hazelett roberthazelett at gmail.com wrote on Wed Jul 2 10:29:18 CEST 2008 : >I ask if that later model of GPG2GO >is now available unfortunately, Maxine Brandt, the author of GPG2GO passed on ... i have copied and have been updating her site, here: http://www.angelfire.com/mb2/mbgpg2go/tp.html she originally planned for it to be used on a floppy, but it can easily be used on a usb stick i have kept her site as she left it, and put the updates in purple italic print, as additions read both her site and the updates, and you can easily run it from a usb as you have room on the USB, copy all the gnupg files, not just gpg.exe into whatever directory the site instructs you to put gpg.exe as you are using Disastry's PGP, copy the idea.dll also all the caveats about insecure public computers still apply all is completely FREE as per the FSF guidelines Thanks go to the gnupg development team (and remember Maxine in your Prayers/Thoughts/etc. ...) vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Stop foreclosure. Click here to stay in your home and rebuild credit. http://tagline.hushmail.com/fc/Ioyw6h4djyMiaYVDnvrHlxW45kFClmk5TEFrcFXK05t2FkswtsE3S3/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG (win32) on a USB stick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello John, I'm a 74 year old retired American writing to you from the island of Luzon in the Philippines. I live in a place called Baguio City. I blundered across an old message on the internet in which, among other things, you apparently said: > I shall Update the Binaries to 1.4.8 tonight and they should > be available by this time tomorrow. Based on the context of the message I infer that you were saying you planned to modify GPG v.1.4.8 in such a way as to make it usable on a USB stick. A kind of latter-day GPG2GO If I am right about that, I ask if that later model of GPG2GO is now available and if you will share a copy of it with me. I've been using the older version (1.4.1) but a few problems developed for me. If you require payment for that later version, and if you will tell me what it is, I will somehow manage to send the money to you. Be aware that I have a PGP package I'd be willing to trade. Using a number of additional programs and a few batch files, I cobbled together an encryption packet using PGP 2.6.3i multi 06 that works quite nicely. Using it from a hard drive is a snap, but it can also be used from a USB stick without leaving traces in the Windows registry. I'm doing essentially the same thing with GPG 1.4.1 except GPG will not securely WIPE a file as PGP will. Nothing is perfect, I guess. :^) Thanks, Bob Hazelett [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) - GPGshell v3.70 iQEcBAEBAgAGBQJIazveAAoJEGIbHB1h/JPLMRMH/3IX4kUQNmFuOc92D8Gj5DGP vs1uzp4+9tERXG20PJAoVzQJpXK9wHR7SNfcWO/E5RRLGQ8rocDbb2mCstHvuamj BdIhi/O6CX8sQa7sWfvZ0LvwBNBR4f79mjbsp01VR+kGQCMA8Bk44aAiFHvJ6vzg kyYmgWtLJsOWum3LQdg2u/STOzh++7OZeinD4fJx4RqCMyveHu798xwaVE6+AIfH VinoYQ+qMesIkqhxyvIfEHkDSGR5WQR3iaLNcz4vn8rs2gTqkVMVK9RSd/0C5Ps3 rx47YgQre+RQxnp92+bfKJplH4wV8wJoICizi5RiW8qJSOZi0pm/4J4TFBYN4w4= =d176 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG (win32) on a USB stick
John Clizbe wrote: Andrew Berg wrote: John Clizbe wrote: set GNUPGHOME=x:\location\you\want It would be inconvenient (and inconsiderate to the host machine's owner(s)) to set an environment variable on every machine encountered, wouldn't it? Sven's idea is much better, I think. And it shows a clear lack of understanding to think that a SET command at a Windows command prompt sets an environment variable permanently or globally. The variable exists in the process environment that invoked the command and those processes invoked from it. Actually, it shows that I wasn't thinking quite clearly. For some reason, I was thinking of something quite different. Sorry about that. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG (win32) on a USB stick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 nunzky wrote: > The last version of GPG2Go I could find is 1.4.1, which seems pretty > outdated. My Bad. I shall Update the Binaries to 1.4.8 tonight and they should be available by this time tomorrow. I admit that I am abysmally slow as a Maintainer. :-[ If Your USB Drive is large enough I could send You the requisite Files direct for GPG2GO and I won't UPX then which will make for slightly faster access function. GPG2GO was originally designed for use from a 3.5 Floppy Drive. :) JOHN ;) Timestamp: Monday 03 Mar 2008, 20:47 --500 (Eastern Standard Time) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9-svn4691: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJHzKpiAAoJEBCGy9eAtCsPr9UH/RfywFsaJStYSMgLUcLPx81h hepNlNb3k0WP8y4JgVhfYJaTroqyyxuL4uD7ZsQk2j6P46i6k+Y1LtdAt18/mDIi HEjEyXcI0FhltuvIqd6QvC4dqyCRoFilr8QMWQrlkl7mrpLxHVnB9zfTtsMV+4jZ h7iBbxyfLOzc1i6zHQa2IVKjWPWolhKsCrmdAe0Mli6MBwk6y75RPWupD636bbqa EIM34GYyq6RP6f6zVPjedPURB1nqtyFHCp3wcyPhxk1UB8fns6X93zNF/38xtdl8 NH0FmPfmZ1tg0ShJkgJh45k+JlOzI/3umct90l5DLUDoE9zrGAPfdOb+IKDoF74= =VRzq -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: GnuPG (win32) on a USB stick
nunzky (funkdude at gmail.com) wrote on Tue Mar 4 00:02:02 CET 2008 : >However, for convenience, >I'd like to maybe use a batch file to set it and >open a command prompt. >This would require me to be able to set it to a relative path >(ie, not have to specify a drive letter, as it will change). >Is this possible? easily [1] make a directory called GNUPG on your usb, and copy all the gnupg files into it [2] make the following batch file: set GNUPGHOME=gnupg command.com [3] save this .bat file in the GNUPG directory in your usb double-clicking on the .bat file gets you to a command prompt within gnupg, ready for all gpg commands vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG (win32) on a USB stick
Thanks everyone of you, you have greatly enlightened me concerning the security risks associated with my endeavor. I will have to rethink my plans, but for now, I think John's idea of setting GNUPGHOME seems like the best idea to me. However, for convenience, I'd like to maybe use a batch file to set it and open a command prompt. This would require me to be able to set it to a relative path (ie, not have to specify a drive letter, as it will change). Is this possible? As for GPGShell, it seems pretty good, but I'd prefer to just keep my old command line if I can. The last version of GPG2Go I could find is 1.4.1, which seems pretty outdated. Also, the author says it is the exact same thing as the official gnupg except repackaged as a zip. Which doesn't solve the problem of gpg writing to local disks by default. -- View this message in context: http://www.nabble.com/GnuPG-%28win32%29-on-a-USB-stick-tp15796380p15816320.html Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG (win32) on a USB stick
Andrew Berg wrote: > John Clizbe wrote: >> set GNUPGHOME=x:\location\you\want >> > > It would be inconvenient (and inconsiderate to the host machine's > owner(s)) to set an environment variable on every machine encountered, > wouldn't it? Sven's idea is much better, I think. And it shows a clear lack of understanding to think that a SET command at a Windows command prompt sets an environment variable permanently or globally. The variable exists in the process environment that invoked the command and those processes invoked from it. "Changes made using the SET command are NOT permanent, they apply to the current CMD prompt only and remain only until the CMD window is closed." - http://www.ss64.com/nt/set.html Setting GNUPGHOME is the equivalent of specifying "--homedir U:\path\to\your\keyrings", but without the need to type (and possibly mistype) it every time GnuPG is invoked. -- John P. Clizbe Inet: JPClizbe (a) tx DAWT rr DAHT con Ginger Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG (win32) on a USB stick
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Personally, I am using GPGShell, which, once installed, has a small app called Copy2USB that mounts a completely self- contained GnuPG and GPGShell system on the stick, which I take with me. See http://www.jumaros.de/rsoft/index.html Thanks, - --Avi -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) - GPGshell v3.64 iEYEAREDAAYFAkfMLSoACgkQy6A/RnheoilMIQCdFAq1i1ALaLYrmz8VDG0jwjc2 KNEAn3LMcbkmiMMh8ycp0v/Lsi6kgxrw =6wUh -END PGP SIGNATURE- -- en:User:Avraham pub 1024D/785EA229 3/6/2007 Avi (Wikipedia-related) <[EMAIL PROTECTED]> Primary key fingerprint: D233 20E7 0697 C3BC 4445 7D45 CBA0 3F46 785E A229 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: GnuPG (win32) on a USB stick // forgot a line, sorry // ;-((
vedaal at hush.com (vedaal at hush.com) wrote on Mon Mar 3 17:11:46 CET 2008 : >[5] open notepad and types these lines: >command com >z: >cd gnupg sorry, forgot a line ;-(( it should be: set GNUPGHOME=z:\gnupg command com z: cd gnupg vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Make them pay. If you've been a victim of medical malpractice, click here to contact a lawyer. http://tagline.hushmail.com/fc/Ioyw6h4fOjquaOZyScN9vIuKxVUXKTzlkiXjBy0q0gNJkwzZZsLUpp/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: GnuPG (win32) on a USB stick
nunzky (funkdude at gmail.com) wrote on Mon Mar 3 02:57:20 CET 2008 : >Is it possible to avoid this behavior >and have GnuPG write those files, say, >in its own dir on my usb stick? ... >this would probably have to involve >me keeping my private key on the usb stick, >protected only by a passphrase. >How secure is this? >Are there any better ways to do it? in general, the simplest, most secure way, is to keep gnupg on your laptop, and use the usb to transfer files from the public computer to your laptop and back again encrypting and decrypting while directly connected to a public computer, runs a very real risk of having the plaintext stored in some recoverable form on that computer (i would recommend a Toshiba Libretto, that you can literally have physical control over, at all times) http://www.pcmag.com/article2/0,2817,1788012,00.asp if you don't have a laptop, and need to work from a public computer, and a usb, here are some guidelines: [1] generate a new gnupg key, with a comment, 'usb key', and keep this in a separate keyring (not the the keyring with your 'real' secret keys) if you have any concern that this becomes compromised, you can revoke it, without compromising your 'real' keys (this is also a common courtesy to people who send encrypted mail to you they are entrusting their secret/personal correspondence to you, and need to know how much they can 'trust' you 'trust' is this context, refers to 'skill and judgment', not 'integrity' [ you can 'trust' someone with your life and money, but not to drive your BMW, if you don't think they have enough experience with a stickshift ] ) [2] keep the keyrings and the entire gnupg program in a truecrypt container on the usb this has two advantages: (a) it protects your keyrings (b) it allows you to pick a drive letter that will stay the same regardless of the hardware differences of the various public computers (i.e., you can mount the truecrypt container as drive Z, and have all the entries in your gpg.conf refer to z:\gnupg, and never have to change it) truecrypt can be run in traveller mode from a usb, without having it installed on the host computer [3]copy the entire gnupg directory from your home computer, into the truecrypt container [4] put these lines into your gpg.conf file: no-default-keyring keyring z:\gnupg\pubring.gpg secret-keyring z:\gnupg\secring.gpg (use your 'new' keyrings with the special 'usb key') [5] open notepad and types these lines: command com z: cd gnupg save this as gusb.bat in your truecrypt container whenever you want to run gnupg from the usb, (and have already mounted the truecrypt container as drive z:) double-clicking on gusb.bat opens a dos commandline window check it by typing gpg -h if the gnupg version and guide appears, then you're ready [6] minor recommendation, (i don't know how much it would help) get (free) editpad lite: http://www.editpadpro.com/editpadlite.html it can be run from the usb by just copying the file EditPadLite.exe you can compose any correspondence from editpadlite, without using any of the host computers software (e.g. word, wordpad, notepad, etc.), and there 'might' be less chance of the plaintext being saved on the host computer by some file journaling system) vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Click here for free information on how to reduce your debt by filing for bankruptcy. http://tagline.hushmail.com/fc/Ioyw6h4elLy0MGS8ZpnSGLSkChVTeOgJgP9vCEPIVuo6a1yK8Ibamr/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG (win32) on a USB stick
John Clizbe wrote: set GNUPGHOME=x:\location\you\want It would be inconvenient (and inconsiderate to the host machine's owner(s)) to set an environment variable on every machine encountered, wouldn't it? Sven's idea is much better, I think. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG (win32) on a USB stick
Hi! nunzky schrieb: However, GPG, when run, creates the keyrings and conf files on the HDD (documents and settings\appdata). Is it possible to avoid this behavior and have GnuPG write those files, say, in its own dir on my usb stick? How would I do this? Try using "--homedir U:\path\to\your\keyrings" as an option to every call to gpg, where U: is the drive letter of your USB stick. How secure is this? Are there any better ways to do it? The OpenPGP smartcard might be an idea if you can get it to work on the computers where you want to use GnuPG. While this is better than relying on keyfiles with passphrases (which might easily be sniffed by a keylogger), it still is not 100% secure on a wholly untrustworthy system. Another option would be to boot into a dedicated system from CD. Knoppix or the like. The risk here is a hardware keylogger. Furthermore, depending on the (W)LAN setup, you won't easily have network connectivity and, of course, it is inconvenient. This is the general tradeoff: Security vs. convenience. HTH, Sven ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG (win32) on a USB stick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 nunzky wrote: > I want to keep GnuPG on a USB stick to use at school and on other people's > computers (all windows). However, GPG, when run, creates the keyrings and > conf files on the HDD (documents and settings\appdata). Is it possible to > avoid this behavior and have GnuPG write those files, say, in its own dir on > my usb stick? How would I do this? 2 ways are easily available depending upon the size of Your Flash Drive. You could use GPG2GO and do everything from the Command Line or You could simply Copy Your GnuPG Directory/Folder to the Flash Drive and then use the GPGshell Portable Utility [located at the bottom of the Start Menu list] and then run with a GUI. http://www.jumaros.de/rsoft/index.html > Also, this would probably have to involve me keeping my private key on the > usb stick, protected only by a passphrase. How secure is this? Are there any > better ways to do it? How secure is Your passphrase? Robert already covered the issues involved in using an untrusted PC. Also keep in mind that not having control over the PC also means no Control over the Swap File, whether or not any Keyloggers are present, etc. Another consideration is that many Public PC's have the ability to launch any .exe File blocked. This is particularly true in Library's and other places where there is a concern that Students will attempt to install malware, etc. If You are just going to be using the USB Drive for Email then there are Applications like Mobility Email & Portable Thunderbird w/Enigmail + GnuPG. JOHN ;) Timestamp: Sunday 02 Mar 2008, 23:38 --500 (Eastern Standard Time) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9-svn4691: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJHy4D9AAoJEBCGy9eAtCsPh7gH/0P/dn8rAjzuaExpi5M7sOuQ /uB8A+zJAefcVmWKTWxhY9d27s/PK7hmbYAN8Z2o5adIwgms40Z7qUhK1u0nA9iT ZPD+vZekLVkoRJri3akcQiG6AfaIxqsU5rsDyEX3FWLpHItbONnGZjRSK0qDQUcc LF9Sm99qoDwuKQh2x45Qf8S0cVQTwya6eKTaji1wglTpMnXXLopY8zTItRPw+eL4 EBRdWNkTrxvatqVVRUiHuHSFTERQHVKRSbSl2yqHZUW/BK42XkHiUdbRrVf36rtj G0LC243nwRO0FJf9Re3ETwdgm4Z9H9F5bGHrXit0fhFeVbvTgnVR+DfUKMiwKRU= =Hr+D -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG (win32) on a USB stick
nunzky wrote: > Hi, > > I want to keep GnuPG on a USB stick to use at school and on other people's > computers (all windows). However, GPG, when run, creates the keyrings and > conf files on the HDD (documents and settings\appdata). Is it possible to > avoid this behavior and have GnuPG write those files, say, in its own dir on > my usb stick? How would I do this? > set GNUPGHOME=x:\location\you\want -- John P. Clizbe Inet: JPClizbe (a)tx DAWT rr DAHT con Ginger Bear Networks hkp:\\keyserver.gingerbear.net or Send email with subject help to [EMAIL PROTECTED] "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG (win32) on a USB stick
nunzky wrote: Also, this would probably have to involve me keeping my private key on the usb stick, protected only by a passphrase. How secure is this? Are there any better ways to do it? As a rule of thumb, never do any sensitive computer operations on a computer you don't completely trust. If you think the computers in your campus's IT kiosks are safe and pristine, then this idea is probably reasonably good. If you think the computers in the kiosks are exposed to a host of unsafe web browsing habits, malware and stupid users 24/7, you may want to rethink this plan. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
