Total n00b asking for help

Henry Hertz Hobbit hhhobbit7 at
Sat Mar 26 06:14:16 CET 2005

>Message: 1
>Date: Mon, 21 Mar 2005 12:02:10 -0700
>From: "S. Stacey Hansen" <emilynelf at>
>Subject: Total n00b asking for help
>To: Gnupg-users at
>Message-ID: <423F1A32.8070205 at>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>I am trying to install GnuPG to use with Thunderbird 0.9.   I read the 
>instructions at, but 
>honestly, I am lost.  I am no coder, but am  intermediate "user". 
>Basically, I know enough to know what I don't know.
>Any help would be greatly appreciated, though I ask you don't assume I 
>have too much of a clue.
>I am most confused about what exactly I need to download as several 
>files are mentioned at
>I thank you in advance for your assistance.
>aka Emily Nelfnoffen

Okay, here are the instructions:

First, this web page MAY be a little bit outdated.  I will
note any deviations for 1.4.1 if I see them.

I am assuming you are from an English speaking area, and worse
yet, that you are in the United States.  If not, go back to the
starting web page:

and pick your language.  Then go to the mirrors and get ready
to download.  For English & the United States:

The United States:

Go into the binary directory:

Download the following files:


and optionally these:


Once GnuPG is installed and working, and you have added
Werner Koch's public key to your key ring, you could verify
that all of the above are okay by typing (IN a Command Prompt
INSIDE a folder where both the gnupg-w32cli-1.4.1.exe and the
gnupg-w32cli-1.4.1.exe.sig files are) for the installer of

gpg  --verify  gnupg-w32cli-1.4.1.exe.sig

I just checked all of them this way, and every one of them
are okay, but you can't do that right now (chicken versus the
egg problem), so they have kindly provided a sha1sum check
sum program that you can check the integrity:

sha1sum sha1sum.exe
4a578ecd09a2d0c8431bdd8cf3d5c5f3ddcddfc9  sha1sum.exe

sha1sum gnupg-w32cli-1.4.1.exe
db573a6c3707f65797b569efda7e0905c4c4469c  gnupg-w32cli-1.4.1.exe

The SHA1 check sums can be found here:

I am going to make another assumption, and that is that you
are using Home XP with the default C: system disk.  For Windows
2000 / NT / XP Pro, substitute C:\WINNT for C:\Windows.  If
you have a different SYSTEM drive, substitute accordingly.

[1] Double click on the gnupg-w32cli-1.4.1.exe file and take
the defaults for the install.  The web page is wrong on steps
3 and 4.  The install does all of it for you now.

[1a] (optional) I copy the *.exe and *.dll files from the
C:\Program Files\GNU\GnuPG to C:\Windows.  If you do this
just remember that each time you reinstall do the same thing
each time.  If not, then add GnuPG to your PATH environment
variable as the Mozilla page outlines in step 5.

[2] If you don't have it already, create the folder:
C:\Documents and Settings\YOURNAME\Application Data\GnuPG
Actually, GnuPG should create it for you.  You should 
substitute YOUR user name for "YOURNAME."

[3] Edit the attached gnupg_bob.reg file.  Every place it
says "bob", replace it with YOUR user name.  Then double
click on the file to enter the registry entries.  I just
automated step 6 somewhat, but REALIZE THAT THE PATH TO

[4] To create your keys, Start a Command Prompt, and in it
type "gpg --gen-key".  Take the default key size, BUT MAKE
YOUR KEY EXPIRE IN ONE YEAR!  The keys should be in the folder
you created in Step 2.  You can find more on doing this some
place OTHER than this short instruction list.  PICK YOUR PASS
PHRASE CAREFULLY!  It should be easy for you to remember, and
hard for others to guess.

[5] Since you may forget your pass phrase, you need to
generate a revocation key.  To do this type:

gpg --list-keys
REM Find your KEYID, or use your mail account name.
gpg -a --gen-revoke > YOURNAME_rev.asc

[6] If GnuPG didn't create a gpg.conf file for you, then
do it per the instructions on the Mozilla web instruction

[7] copy the secring.gpg and pubring.gpg files and your
REVOKE key off and store them some place safe.  If you
need to revoke your public key at a later date, you will
need to --import the revocation, and submit that to a

There are some good tips on the web page.  I just provided
a bridge to the new way of doing things with GPG 1.4.1,
since they bundled everything into one install package,
and you don't have to do anything except verify, then point
and double click - mostly.

Integrating GnuPG into ThunderBird:
Just follow the steps at:

It seems fairly easy for me to do.  It is a lot easier
than the struggling I did to get it shoehorned into
Outlook Express.  It works much better as well.  Now
somebody else is going to have to tell you how to make
Norton Anti-Virus to stop marking encrypted messages
as SPAM just because it can't make sense out of them.
I don't mind Norton scanning for viruses / worms, but
it is the responsibility of them to look for the PGP
and GnuPG and other OpenPGP compliant messages to
realize what they are without me saying ANYTHING.

Key Name:  "Henry Hertz Hobbit"  <hhhobbit at>
pub   1024D/1CC23BC0 2005-03-08 [expires: 2006-03-08]
Key fingerprint = 9CD0 839E 79C9 5E20 B97A 15A6 9AB7 484D 1CC2 3BC0

Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnupg_bob.reg
Type: application/octet-stream
Size: 707 bytes
Desc: gnupg_bob.reg
Url : /pipermail/attachments/20050326/1b9c3835/gnupg_bob-0001.obj

More information about the Gnupg-users mailing list