GPG-TO-GO - GnuPG on a floppy or USB drive | |
HomeDownloadsRoll your ownEmail use |
GPG-TO-GO is a portable version of GnuPG which can be used from a removable medium (floppy disk, USB drive, etc) on Windows machines without leaving a trace in the registry that encryption has taken place. GPG-TO-GO was originally conceived as a more modern and versatile alternative to the various versions of PGP 2, which is still highly regarded and used by some people because it is free, source code is available and, especially, it is portable; it fits on a floppy disk and needs no installation on a host machine - valuable assets for those who operate in high-risk environments. But GPG-TO-GO has also found an enthusiastic response from many people who want to use GnuPG on Windows work machines on which they have no rights to install programs, or who simply want the possibility of using encrypted messaging from public computers while traveling for work or pleasure, which led us to provide specially compiled versions of GnuPG for this use. Important changes introduced in GnuPG-1.4.1 make this no longer necessary, at least for those who have the possibility to install GnuPG on a Windows machine. The Windows binaries can be used "as is" on a USB device or compressed with upx for a floppy disk to create GPG-TO-GO. But the Windows version of GnuPG now comes as an installer executable and the individual binaries are no longer available except from an installed version, which poses a problem for those who do not have their own machine, or who use a different OS than Windows, or have reasons for not wanting to install an encryption program on their machine. To overcome this we are still offering a package on the Downloads page. Those using a USB device may be more interested in John Urbanek's version of Portable Thunderbird, which includes Enigmail and all the GnuPG files, and which now makes no use of the Windows registry. It does not solve the problem of getting past a firewall on a public or work machine, but it simplifies the preparation of mail and the transfers to and from a webmail interface, and Enigmail includes the basic key management functions. You can add full command-line GPG capability by including in the "gpg" folder the "go.bat" file described in "Roll your own". -- site maintainer's note : Maxine Brandt has passed on and could no longer maintain her site, and as no one else had access to her original site and could not update it, it was decided to recreate her site, here, and update it as necessary. All of her original work is reproduced here as it appeared on her site and in her preferred format. All of our additions are in this italic font in this shade of purple ( a color of which she was particularly fond ). There have been several GnuPG vulnerabilities found and corrected since Maxine developed GPG-TO-GO. The earliest vulnerability after her original version was in the GnuPG signature process. All versions of GnuPG up to and including 1.4.2 were affected. See: Announcement by Werner Koch and Signature types affected and for the latest vulnerabilities, Acoustic Side-Channel Attack (all versions up to and including 1.4.15 Recursion Denial of Service Attack (all versions up to and including 1.4.14) Cache Side-Channel Attack (all versions up to and including 1.4.13) All these have been corrected in GnuPG 1.4.16 and a link to the official signed GnuPG windows binary is listed on the GPG-2-GO download site. The latest stable version of GnuPG is 1.4.16 More about this on the download site itself. ) As a further precaution to M.B.'s setup, once the usb drive with GPG-TO-GO is prepared, it would be advisable to use it only after using static media (i.e. an Ubuntu install disk in 'trial' mode, or a UPR disk, Ubuntu Privacy Remix ) to boot to a computer where one is reasonably sure that there is no hardware keylogger, and then launch GPG-TO-GO. -- / site maintainter o o O o o Copyright � 2004-5 Maxine Brandt and John W. Moore III. |
