gnupg on USB drive

John A. Wallace jw72253 at verizon.net
Mon Oct 17 20:57:05 CEST 2011


I have looked at the instructions here
http://lists.gnupg.org/pipermail/gnupg-users/2008-March/032787.html for
installing GnuPG on a USB drive, and I have followed the instructions pretty
closely like so:

 

"if you . need to work from a public computer, and a usb, here are some
guidelines:

 

[1] generate a new gnupg key, with a comment, 'usb key',

and keep this in a separate keyring (not the the keyring with your 

'real' secret keys)

 

if you have any concern that this becomes compromised,

you can revoke it, without compromising your 'real' keys

 

[2] keep the keyrings and the entire gnupg program in a truecrypt 

container on the usb. This has two advantages:

(a) it protects your keyrings

(b) it allows you to pick a drive letter that will stay the same 

regardless of the hardware differences of the various public 

computers (i.e., you can mount the truecrypt container as drive Z,

and have all the entries in your gpg.conf refer to z:\gnupg,

and never have to change it). truecrypt can be run in traveller mode from a
usb, 

without having it installed on the host computer

 

[3]copy the entire gnupg directory from your home computer,

into the truecrypt container

 

[4] put these lines into your gpg.conf file:

no-default-keyring

keyring z:\gnupg\pubring.gpg

secret-keyring z:\gnupg\secring.gpg

(use your 'new' keyrings with the special 'usb key')

 

[5] open notepad and types these lines:

command com

z:

cd gnupg

 

save this as gusb.bat in your truecrypt container. 

whenever you want to run gnupg from the usb,

(and have already mounted the truecrypt container as drive z:)

double-clicking on gusb.bat

opens a dos command-line window

 

check it by typing gpg -h

if the gnupg version and guide appears, then you're ready"

----------------------------------

 

First I tried following these instructions exactly, but it would not work,

though not for reasons related to gpg itself. I am running WinXP Pro and
normally

I use gpg 2.0.x.  However, for this project, I downloaded and used gpg
1.4.11

on the USB drive, and I also used the latest version of truecrypt 7.1.

 

I installed gpg on the usb here U:\gnupg, and into it I also copied the
contents of

my pre-existing "%AppData%\gnupg" folder, which contained my keyrings and
gpg.conf, etc.

  I cleaned it up a bit and changed the references in gpg.conf from c:\path
to u:\gnupg,

like so:

 

###+++--- GPGConf ---+++###

utf8-strings

auto-key-locate local

verbose

###+++--- GPGConf ---+++### date and time data

# GPGConf edited this configuration file.

# It will disable options before this marked block, but it will

# never change anything below these lines.

no-default-keyring

homedir U:\gnupg

keyring U:\gnupg\pubring.gpg

secret-keyring U:\gnupg\secring.gpg

#list-options show-keyring

verify-options show-uid-validity

logger-file U:\gnupg\gnupg.log

keyserver hkp://keys.gnupg.net

load-extension U:\gnupg\idea.dll

ask-cert-level

------------------------------------

 

As for the aforementioned batch file qusb.bat, it was necessary to change

it because it would not complete as it stands (I had installed it in U:\).

What I mean is that when I clicked on the batch file, it would open a 

command shell window and begin issuing the batch of commands.  Since the 

first command was "command.com", it just opened another new command shell

window and stayed there at the new command prompt in the current root
directory:

 

U:\

 

I simply eliminated this command from the batch file and reran it; then

It worked as expected, opening a command shell and cd-ing to U:\gnupg.

 

At this point I entered "gpg -h" at the prompt.  It displayed the correct

Version gpg 1.4.11, but it failed to recognize homedir as U:\gnupg as I had

put in the file u:\gpg.conf.  Then I noticed in the manual that this command

would be recognized only from the command line; so I entered this at

the command prompt (from u:\gnupg):

 

gpg --homedir u:\gnupg

 

But after hitting <enter>, the program just hangs and fails to return

to the command prompt.  Consequently, I cannot seem to make it change

the homedir from the normal location on "%Appdata%\gnupg"

to the location U:\gnupg, and I cannot, therefore, "force" it to use 

the keyrings on my USB.  Any ideas would be welcome.

 

 

John A. Wallace

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20111017/42a6c13e/attachment-0001.htm>


More information about the Gnupg-doc mailing list