gnupg on USB drive
John A. Wallace
jw72253 at verizon.net
Mon Oct 17 20:57:05 CEST 2011
I have looked at the instructions here
installing GnuPG on a USB drive, and I have followed the instructions pretty
closely like so:
"if you . need to work from a public computer, and a usb, here are some
 generate a new gnupg key, with a comment, 'usb key',
and keep this in a separate keyring (not the the keyring with your
'real' secret keys)
if you have any concern that this becomes compromised,
you can revoke it, without compromising your 'real' keys
 keep the keyrings and the entire gnupg program in a truecrypt
container on the usb. This has two advantages:
(a) it protects your keyrings
(b) it allows you to pick a drive letter that will stay the same
regardless of the hardware differences of the various public
computers (i.e., you can mount the truecrypt container as drive Z,
and have all the entries in your gpg.conf refer to z:\gnupg,
and never have to change it). truecrypt can be run in traveller mode from a
without having it installed on the host computer
copy the entire gnupg directory from your home computer,
into the truecrypt container
 put these lines into your gpg.conf file:
(use your 'new' keyrings with the special 'usb key')
 open notepad and types these lines:
save this as gusb.bat in your truecrypt container.
whenever you want to run gnupg from the usb,
(and have already mounted the truecrypt container as drive z:)
double-clicking on gusb.bat
opens a dos command-line window
check it by typing gpg -h
if the gnupg version and guide appears, then you're ready"
First I tried following these instructions exactly, but it would not work,
though not for reasons related to gpg itself. I am running WinXP Pro and
I use gpg 2.0.x. However, for this project, I downloaded and used gpg
on the USB drive, and I also used the latest version of truecrypt 7.1.
I installed gpg on the usb here U:\gnupg, and into it I also copied the
my pre-existing "%AppData%\gnupg" folder, which contained my keyrings and
I cleaned it up a bit and changed the references in gpg.conf from c:\path
###+++--- GPGConf ---+++###
###+++--- GPGConf ---+++### date and time data
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.
As for the aforementioned batch file qusb.bat, it was necessary to change
it because it would not complete as it stands (I had installed it in U:\).
What I mean is that when I clicked on the batch file, it would open a
command shell window and begin issuing the batch of commands. Since the
first command was "command.com", it just opened another new command shell
window and stayed there at the new command prompt in the current root
I simply eliminated this command from the batch file and reran it; then
It worked as expected, opening a command shell and cd-ing to U:\gnupg.
At this point I entered "gpg -h" at the prompt. It displayed the correct
Version gpg 1.4.11, but it failed to recognize homedir as U:\gnupg as I had
put in the file u:\gpg.conf. Then I noticed in the manual that this command
would be recognized only from the command line; so I entered this at
the command prompt (from u:\gnupg):
gpg --homedir u:\gnupg
But after hitting <enter>, the program just hangs and fails to return
to the command prompt. Consequently, I cannot seem to make it change
the homedir from the normal location on "%Appdata%\gnupg"
to the location U:\gnupg, and I cannot, therefore, "force" it to use
the keyrings on my USB. Any ideas would be welcome.
John A. Wallace
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-doc