New command line language parameter
Henry Hertz Hobbit
hhhobbit at securemecca.net
Thu Feb 8 21:37:29 CET 2007
Werner Koch said:
> On Mon, 5 Feb 2007 14:57, jmarugan at alumnos.upm.es said:
>>I tried the SET LANG=xx and as far as i read in the GPG documentation
>>and mailing list's posts, this is only for POSIX systems, not for
>>windows, at least in windows doesn't work in all the ways i tried.
> You are right. It works for GPA but not for GPG because with gpg we
> use a simplified version of gettext. This is easy to fix.
>>I'm afraid the only way to use a language file in windows is the
>>registry or a new command line parameter.
> No. A command line option won't work because how would you then print
> a localized message like "invalid option" or diagnostics printed even
> before any option has been parsed.
Now be patient here for a moment. All of the following IS related to
running GnuPG on Windows! To lead it all off, if you are running as
an Administrator user all the time on Windows you are doing the
equivalent of RUNNING AS root ALL THE TIME ON A UNIX SYSTEM! The
present Windows GnuPG 1.4.X installs assume people do this. Most
of them probably do run their Windows system this way, but that
doesn't make it the only way, and I believe it is NOT THE RIGHT
WAY! Microsoft isn't helping them do it properly either.
NOW HAVING SAID WHAT I JUST SAID, IF YOU ARE *NOT* A MICROSOFT
WINDOWS USER DELETE THIS MESSAGE AND MOVE ON! TRUST ME! You
are wasting your time reading unless you use Microsoft Windows
either ALL or a substantial amount of the time. You will just
get confused until you understand how Microsoft Windows works.
Even a lot of full-time Microsoft Windows users don't know how
it works. I should know. I help them all the time and am
apalled at how little they know about a system they have used
for years. Some of them I have given up on them EVER understanding
Where is the URL on setting these language settings in the HKCU
registry keys? I am getting ready to put a lot of this stuff up
on web pages. I already have a ZIP file with SOME of what is
needed in it. I will have a web page or a set of web pages that
will be devoted strictly to GnuPG (1.4.x) on Windows. I WILL
provide REG files for what some people think in this forum are
strange situations. I suppose this could be one of them. I
posted an actual REG file in this forum and somebody didn't even
see the REG4 at the top of it and said I should provide the actual
REG file. I DID provide the actual REG file! All they had to do
was to copy and paste, AND THEN ALTER SOME VARIABLES. You cannot
use ENVIRONMENT variables in a REG file since they are part of
the registry anyway. But this forum is NOT the right place to do
it. What I posted was partially wrong anyway.
It had the HKLM entries which I will either let the install do, or
provide an HKLM.reg file. What is needed for most people are the
HKCU keys for each Windows user that is running as a restricted
user. You can fix the code if you want to Werner, but the proper
way for a lot of this stuff on Windows is to put it into the
registry. Even the ENVIRONMENT variables are stored in, you
guessed it - THE REGISTRY! They are in the HKLM hive
for the ones in the lower everybody panel and in the HKCU area
for the ones in the uppger panel if you use the Control Panel
method to look at the environment variables.
There are several other things going along with this like the fact that
without using higher order registry editing tools (not regedit) you
can't normally dive into anybody else's HKCU hive. You normally only
see your own (the one belonging to who you logged in as). Reading and
adding or modifying somebody else's HKCU entries is possible but I
consider that more esoteric than just providing somebody with a REG
file and telling them to modify it. I am looking at writing a program
that will actually create the REG file for them (yes, overkill, but
it saves people from typing mistakes). What is being provided in the
GnuPG install is only suitable for idiots who run as an Administrator,
all the time with only one account on the system and that one is an
Administrator account (you need at least one). They can keep their
account as an Administrator and install the Drop My Rights program
(which I give to everybody because that is usually more than they
can do even if I provide them *.lnk files to paste onto the desktop
and in the Start folders which even then they seem to muck up):
That is unsuitable because likely or not somebody is going to message
the default browser which is running in admin space and can thus
modify the HKLM keys and all the files in the %WinDir% folder and all
sub-folders. Even if the browser is messaged into running with lower
privileges via DropMyRights.exe, a RealPlayer or Windows Media Player
is messaged into running as the logged in user. Windows dows NOT fork
off the App like Unix systems do. Nevertheless, that is what I used
for years on Administrator accounts for my logon type administrator
accounts. There IS a better Windows way of doing it - the LUA method.
I recommend this way of doing it in home situations:
That is a MUCH better way of doing it in home or other situations
where you control access to the computer. You are now protecting
your HKLM keys and your %WinDir% folder. That is the reason I was
arguing for putting the iconv.dll file over in the %WinDir% folder.
Now you CAN do an attrib +s on the file where it is at but I have
no guarantees that will keep it safe. You should do an attrib +s
on all your files in the %ProgramFiles% area anyway, unless you
don't consider GnuPG a security product. I just happen to believe
it is a security product. But it is only ONE piece of securing
One of the things that has occurred to me is to ask the question
"can I make GnuPG say a signed message is okay whether it is or
not?" By that I mean, can I by changing just the message strings
of GnuPG make all signed messages show up as okay? If you don't
think that if GnuPG takes off like mad on Windows and that you
don't have that situation covered that it won't happen, you better
think again. I spend a LOT of time finding out how people subvert
Windows systems. That is because it is done so much. That is
probably more of a flame against Windows users who run their
systems in a stupid manner than a slam against Microsoft, although
Microsoft doesn't help very much. They need to look very seriously
at making it possible for users to login as restricted users and
still have anti-virus programs do their updating, firewalls to
lock the network connections when they walk away, etc. That is
OUTSIDE THE SCOPE OF THIS NEWSGROUP. Doing a proper install of
GnuPG on Windows IS a part of this newsgroup.
If any of you have information of running GnuPG in a Windows
environment with some other way of doing it other than as always
one user with an Administrator account ship it to me. And do NOT
ask me to install CygWin. If I want to run a Nix I shift to
running Fedora Core Linux which I use over 85% of the time.
That does NOT mean I am not a very knowledgeable Windows user.
I am VERY good at understanding it.
On the other hand if you want to flame me and say I am stupid,
or that I need lessons in writing, or that all I am doing is
spamming like a University Computer Science Professor recently
said I was doing (I believe he was the department chair), then
HIT THE DELETE BUTTON instead. But please stop being arrogant
unless you really know more about Windows than I do. If you
have information for setting up GnuPG for WINDOWS users that
run their systems as safely as possible (GnuPG is only one
piece of that puzzle), then send it to me. But do it out of
group please. I don't think it is of much general interest.
>From now on I will just write a simple - check this page out
and paste the the URL in it, mostly OUT of newsgroup in
private email messages.
More information about the Gnupg-users