Windows 101 & GPG4WIN
Henry Hertz Hobbit
hhhobbit at securemecca.net
Tue May 21 20:53:23 CEST 2013
I assume anybody who has used Windows for a modicum of time
knows the following:
0. I take an extremely dim view of not setting your Windows
system up to show the ENTIRE file name, including the
extension. I have thousands of malware ending in
".pdf.exe". But it is appropriate for another reason
which you will see shortly.
1. Using runas on Windows XP is only usefule for starting
programs that will stay around. Example, use this
to start the cmd.exe window to type gpg2 in (GPG does NOT
usually need elevated UAC privileges): cmd.exe
OTOH, if you mean runas in terms of the UAC, Windows 7
doesn't even have a run command input box. runas in that
context means you are right clicking on the executable and
perhaps giving the command higher privileges via the UAC.
Actually that is more of a problem with Vista than Windows 7.
Windows 7 usually just prompts you if you want to say,
install Firefox in the %ProgramFiles% area.
2. Alternatively, cmd.exe can be started via Start, (All) Programs,
Accessories, cmd (I think that is the name). This brings
up a cmd.exe window which will hang around until you close
it. THIS IS WHAT YOU SHOULD BE TYPING gpg2.exe and other
3. When you say batch and Windows to me, I filter out the --batch
meaning of GnuPG. I assume you are talking about a BAT file.
(make this point explicit). Here is an example:
I leave at as an exercise to download this file (and hopefully
you have set your browser to download it to the desktop).
Change the name of the file to testsig.bat. Now you know
why I advised that you show the entire file name. The
added security when you notice the ".pdf.exe" on the end
of a file is just a bonus. But there are times you need
to see the entire file name not to get all fouled up.
This is one of those times.
Right click on the testsig.bat file and from the GPG4Win
menu make a detached signature file of the testsig.bat file.
The detached signature file will be named testsig.bat.sig.
Add this to your PATH (and then logout and back in):
Double click on the testsig.bat file on XP (you may need to
do a runas on Windows Vista (horrors) or Windows 7 (better).
The "pause" in a BAT file prevents the cmd window that
has just popped up from disappearing until you tap the
enter key. But you could also have typed the gpg2.exe
command in a cmd.exe window.
4, With GPG4Win 2.x I have never needed anything but the GUI
tools. Given how brain damaged cmd.exe is compared to
something like bash or ksh I much prefer doing it the
Windows GUI way but it is your choice.
5. If you are talking about this with a second user and automating
the verify with a batch (*.BAT) file they need their own
separate key-pair. Then they need to import your key onto
their key-ring to verify. Example using my public key:
You would need my C83946F0 key on the key-servers added to
yor key-ring and given some sort of trust (suggest only
local trust), preferably in Kleopatra.
Gnome 3, Ubuntu Unity, Windows 8 - poor iPhone GUI on Desktop
Thinking has been suspended indefinitely
Anybody caught thinking will be immediately shot!
More information about the Gnupg-users