GPG-TO-GO - Roll your own | |
HomeIntroductionDownloadsEmail use |
GnuPG-1.4.1 introduced an important change in the way the GPG home directory is determined on Windows machines, and the first choice is now an environment variable GNUPGHOME. This variable can be set on a removable drive and it allows command-line use of GPG on removable drives without the need to specify the home directory in each command. To set up GPG-TO-GO on a floppy or USB device using the official release binaries you will have to get these from an existing Windows installation. If you want to transfer these binaries to a floppy disk you will also need the file compression utility upx (http://www.upx.org). All you need from the upx zip file is the upx executable. Unzip this somewhere in your PATH - c:\windows (or winnt) should work in all cases. If you want just the essential, the only necessary executable is gpg.exe. The 1.4.x releases use an additional file, iconv.dll, for translations and conversion of foreign-language characters in user IDs. If a usable version of this file is already on your machine it will not be installed with the other GnuPG binaries, so you might have to to a search for it. The file is large; even compressed it is over 600Kb, which makes it difficult to accomodate on a floppy disk. The only time it is really necessary is when you are creating a new user ID with non-ascii characters from a non-Latin-1 code pages, so if you are using a floppy you can most likely omit it. In this case you will get warning messages that the .dll is missing but you can safely ignore them. In the 1.4.x branch all keyserver support is by separate binaries, and there are four different gpgkeys_xxx files. If your floppy is destined exclusively for use on a public machine it is unlikely that the keyserver functions will be permitted to pass a firewall and they can be omitted. The http and finger schemes are not really intended for command-line use. They are most useful for putting in preferred keyserver URLs for automatic key refreshing. If your removable medium is a USB drive, simply create a folder with some anonymous name. If you use "gnupg" this will appear in the registry "Open Save" entries - I call mine "Fred". Copy the files you need to this folder. For a floppy disk you will have to compress the binaries with upx. Copy the executables you need to a temporary folder, c:\temp, for example. Next, go to "Start" > "Run" and enter the command "command.com" (all Windows systems) or "cmd.exe" (w2k or XP). At the command prompt give the command: Some anti-virus programs will object to upx. Its action is to alter an executable file, which is a typical virus or trojan activity. Also, there is a known virus with the same name. In this case, shut down your AV until you have finished with upx. On your floppy create a folder "home" (or another name you prefer) and transfer all the compressed files there. If you use the keyserver binaries and you use a version of GnuPG prior to 1.4.2, you will have to create a sub-directory "lib" in the "home" folder and transfer the keyserver binaries there. To avoid leaving traces in the registry, GPG-TO-GO needs to run the Windows command processor, command.com (all Windows versions) or cmd.exe (2000 and XP), from the removable medium. Using a text editor, just type Save the file as "go.bat" in the "home" folder on your removable medium. [If you are working on a W2k or XP system you can replace command.com with cmd.exe.] When you run go.bat it will call your host machine's command processor which will start another instance of command.com or cmd.exe which acts as if it were on the floppy. If you are not familiar with GnuPG command-line use it is a good idea to include the file gpg.man. This file lists and explains all the GnuPG commands and options and is a valuable reference. If you already have a GnuPG installation you can copy your keyrings, trustdb and gpg.conf files to the floppy. You may have to edit you gpg.conf file to correct some entries, because when you are working from a removable medium the file paths are relative. For example, if you have a line in the configuration file to activate an extension in the "lib" subdirectory. This line will be: [Note: If you use extensions you must create a subfolder "lib" and place them in this.] If you are using a floppy disk, before (or after) transferring your public keyring it is a good idea to reduce it to only the keys that you will need on the removable medium. If you have a public keyring of 300k, for instance, it might look like you have enough space on the floppy for holding your message files, but if you import or edit a key GnuPG will write a backup file of your public keyring, and while doing this it will create a pubring.tmp file the same size. If there is not enough space for this you will get an error. Additionally, command.com and cmd.exe have limits to the number of keys they will display with the --list-keys and similar commands. If you are starting from scratch or migrating from PGP you will have to create empty keyrings and a configuration file on the floppy. On the Downloads page you will find a zip file which includes empty keyrings and a sample configuration file (heavily commented to explain the various entries). Simply unzip the file to the "home" folder of your removable medium. If you are migrating from PGP you can import your keyrings to GnuPG. Run go.bat and: If you are starting from scratch you should read the GnuPG manual (http://www.gnupg.org/(en)/documentation/guides.html). You will find detailed explanations there for creating your own keys and importing those of others.
|
