GPG 1.4.x, 2.x, ECC, and portability

Tue May 15 16:50:46 CEST 2012

On Tue, May 15, 2012 at 5:33 AM, Werner Koch <wk at gnupg.org> wrote:
> On Mon, 14 May 2012 23:53, avi.wiki at gmail.com said:
>
>> anything to work, as I am not able to figure out how to us gpgconf to
>> switch sysconfdir to my stick's drive, and everything else is failing
>
> The directory is determined by looking at CSIDL_COMMON_APPDATA.  It
> seems you can change the value by changing the environment variable
> APPDATA.  However, I am not sure whether this is a documented feature.

Thank you; I didn't see this in the manual. I'm loathe to change it
though as that probably affects many programs on the hosting computer,
and may cause many other programs to go a bit haywire.

> A quick test shows that a wrong value for APPDATA returns an error and
> thus gnupg will use a value based on the actual modules directory.
>
> What do you think of an environment variable to explicitly force the use
> of the installation directory (i.e the USB stick).  Instead of an envvar
> we could also check the presence of a marker file in the installation
> directory, to disable all use of default locations.  Both things are
> easy to implement.

Speaking for myself, I think I would prefer the latter to the former,
as I would prefer to have a Windows installation that is (as much as
possible) completely divorced from the hosting computer and results in
a GnuPG installation that is as "portable" as possible between trusted
computers. This would mean minimizing or eliminating any reference to
environment variable OR having the launch of the program/GUI setting
them temporarily each time if necessary. Allowing an option to have
the home and other helper directories configured as a subfolder of the
install directory on the install should be helpful as well.  What I
have now with 1.4.x is the ability to plug my stick into any trusted
computer, fire up Truecrypt, mount the encrypted drive, and use a GUI
to sign, encrypt, and decrypt the clipboard or files, manage keys
(including signing, generating revoke certs, etc.) and pretty much
using a GUI to handle most command-line actions of gpg.

> I don't know how the USB stick approach works with the Outlook and
> Explorer plugins - they need to have registry entries.

Agreed. Having a portable installation would preclude integration with
other programs, so the Outlook and Explorer extensions would not be
installed in such a situation. In my current 1.4.12 install, for
example, I do not have shell integration or plugins to other programs,
which is fine, as who is to say that a program on trusted computer A
is installed on trusted computer B.

Once again, thank you.

--Avi

----
User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) <avi.wiki at gmail.com>
   Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9