Very Newbie Questions

John Clizbe JPClizbe at
Wed Dec 20 01:12:27 CET 2006

I'll try to stick close to the original points.

Henry Hertz Hobbit wrote:
> John Clizbe <JPClizbe at> wrote:
>> Manual registry editing is not needed - the installer handles all
>> the entries GnuPG needs.
> First, what if you put your keys on one of the crypto cards, or on
> a USB stick?  What value are your automated HKEY_CURRENT_USER keys
> now?  

The values in HKCU are fine. Keyrings on removable media are easily handled by
editing gpg.conf. This allows portability across OSes by keeping OS-specific
path references in gpg.conf. The exact same PCMCIA card with keyrings works on
Windows, Linux, FreeBSD, Solaris, OSF1/Tru64, and VMS systems. I'd add OS X but
I don't have a Mac. The gpg.conf is practically the same in all cases,  the only
differences being the semantics pointing to the files. HomeDir and gpg.conf
don't move. The keyrings move.

If only portability on a single OS is required, all that is needed is to define
GNUPGHOME as a user environment variable.

> Your install does not handle my needs.

Then don't use it. You're 1 in a million. But, please don't extrapolate your
particular set of needs and preferences to the remaining 99.9999% of the user
base. The purpose of the installer is to produce a working installation of GnuPG
in a known valid configuration. Other than the ability and rights to run an
installer, there are no other system manglement skills called for or required.

The phrase "edit the Registry" will cause most Windows users without development
or system administration training to run in fear. We do not wish that result.
Asking them to add the GnuPG program directory to their PATH makes some overly

> But there are times
> the other accounts also need access to the keys on the key ring
> (verifying downloads, etc.).  For these special cases it is nice to
> specify where the key files are for ALL of the accounts that use the
> same key-ring if you CAN share them among multiple users.  In other
> words, you can't completely automate all of this.

But you could with GNUPGHOME at either the user of system level, and/or
primary-keyring, keyring, secret-keyring, and/or trustdb-name directives in
gpg.conf.  It is also an advanced configuration that is far outside the scope of
installing for and configuring a new user. This is the rare *exception* not the

>  I consider that more a matter of SHEER LUCK than any brilliance on my part.

I must say, I fully believe you are correct.

> it.  A crypto card or a USB stick is wonderful for that.

I concur. But there is still no need to edit the Registry. _None_.
You may, but it is not a requirement.

>> Likewise, there is no need to copy or do anything else with
>> iconv.dll. As a general rule of thumb, copying things into
>> %systemroot%\system32 is to be avoided. The iconv library is only
>> needed for NLS support. If gpg needs it and cannot find it, it will
>> issue a warning and continue executing.
> I wouldn't even make that statement.  The correct place for every
> piece of software I have used is for them to usually install their
> DLL files IN the the %SystemRoot%\system32 folder. 

I hear your ranting, but it still won't make what you are saying correct.
Application specific DLLs go in the program's directory hierarchy.
Redistributable system elements that are newer may go under %systemroot%. The
Visual C 7.1 C runtime library, msvcr71.dll, is a good example. It wasn't
expected to be found on older machines, so its redistribution was allowed.

Your example of printer drivers being proof of your assertion is specious. Print
driver software is supposed to go there. It is expected to be used by all
programs on the system. What you didn't mention, was that the
monitoring/dashboard type widgets from the printer maker go in a separate folder
under %ProgramFiles%. Example: "C:\Program Files\Hewlett-Packard\HP OfficeJet
Series 600" with directories: Bin, Coverpgs, Data, Docs, Faxes, Help.

Ditto device drivers.

Further, the behavior of other installers is not proof of their correctness.

I hope Vista will seriously limit the practices you describe.

>> Werner posted that the installer correctly handles iconv; ie if the DLL is found
>> in your path, the installer does nothing; if not found or too old, it places a
>> copy of iconv.dll into the GnuPG program directory. [GnuPG-Devel 2005-03-17]
> PLEASE!  I am just telling you the best way to do it according to the Microsoft way
> of doing things.  I don't make the rules - they do!  Okay, maybe it is
> only my take on it but please tell me where I am going wrong. 

No, you're telling me your understanding of the Windows-development way colored
by your beliefs of what is best. Please check the Microsoft Windows Software
Logo program,

You may also want to poke around on MSDN:

> In the *.exe code I would search first for the relevant file in the relevant 
> %ProgramFiles% folder, then look for it in %SystemRoot%\system32. Why? If you
> are dependent on something that is specific you get it.

Maybe. Maybe not.

The only way to be sure you get it is to place it in the same
directory as the program. Placing it in %SystemRoot%\system32 is *NO* guarantee.
If the DLL is not found locally, then a PATH search is started. An installer has
no way to determine what will or will not be found at program execution time.
Nor can it guarantee that directories in the PATH variable are ordered in a
certain manner.

How many ZLIB dlls of multiple version do you find under %ProgramFiles% (search
for *zlib*.dll)?

The only way to 100% guarantee that the application finds the correct DLL is to
place it in the application directory. Things are even more fun with the spread
of C++.

Finally, include by reference
<mailman.145.1166456811.22484.gnupg-users at>. This response was long
enough without duplicating what I agree with in another's response.

John P. Clizbe                      Inet:   John (a)
No Pseudonyms Required.             PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?"        / "two words: good decisions."
"what's the key to good decisions?" /  "one word: experience."
"how do i get experience?"          / "two words: bad decisions."

"Just how do the residents of Haiku, Hawai'i hold conversations?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 663 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20061219/1c93aef8/attachment.pgp 

More information about the Gnupg-users mailing list