Windows 101 & GPG4WIN

Henry Hertz Hobbit hhhobbit at
Tue May 21 20:53:23 CEST 2013


I assume anybody who has used Windows for a modicum of time
knows the following:

0. I take an extremely dim view of not setting your Windows
   system up to show the ENTIRE file name, including the
   extension.  I have thousands of malware ending in
   ".pdf.exe".  But it is appropriate for another reason
   which you will see shortly.

1. Using runas on Windows XP is only usefule for starting
   programs that will stay around.  Example, use this
   to start the cmd.exe window to type gpg2 in (GPG does NOT
   usually need elevated UAC privileges):  cmd.exe
   OTOH, if you mean runas in terms of the UAC, Windows 7
   doesn't even have a run command input box.  runas in that
   context means you are right clicking on the executable and
   perhaps giving the command higher privileges via the UAC.
   Actually that is more of a problem with Vista than Windows 7.
   Windows 7 usually just prompts you if you want to say,
   install Firefox in the %ProgramFiles% area.

2. Alternatively, cmd.exe can be started via Start, (All) Programs,
   Accessories, cmd (I think that is the name).  This brings
   up a cmd.exe window which will hang around until you close
   it.  THIS IS WHAT YOU SHOULD BE TYPING gpg2.exe and other
   commands in.

3. When you say batch and Windows to me, I filter out the --batch
   meaning of GnuPG.  I assume you are talking about a BAT file.
   (make this point explicit).  Here is an example:

   I leave at as an exercise to download this file (and hopefully
   you have set your browser to download it to the desktop).

   Change the name of the file to testsig.bat.  Now you know
   why I advised that you show the entire file name.  The
   added security when you notice the ".pdf.exe" on the end
   of a file is just a bonus.  But there are times you need
   to see the entire file name not to get all fouled up.
   This is one of those times.

   Right click on the testsig.bat file and from the GPG4Win
   menu make a detached signature file of the testsig.bat file.
   The detached signature file will be named testsig.bat.sig.

   Add this to your PATH (and then logout and back in):

	;C:\Program Files\GNU\GnuPG

   Double click on the testsig.bat file on XP (you may need to
   do a runas on Windows Vista (horrors) or Windows 7 (better).
   The "pause" in a BAT file prevents the cmd window that
   has just popped up from disappearing until you tap the
   enter key.  But you could also have typed the gpg2.exe
   command in a cmd.exe window.

4, With GPG4Win 2.x I have never needed anything but the GUI
   tools.  Given how brain damaged cmd.exe is compared to
   something like bash or ksh I much prefer doing it the
   Windows GUI way but it is your choice.

5. If you are talking about this with a second user and automating
   the verify with a batch (*.BAT) file they need their own
   separate key-pair.  Then they need to import your key onto
   their key-ring to verify.  Example using my public key:

   You would need my C83946F0 key on the key-servers added to
   yor key-ring and given some sort of trust (suggest only
   local trust), preferably in Kleopatra.

Gnome 3, Ubuntu Unity, Windows 8 - poor iPhone GUI on Desktop
Thinking has been suspended indefinitely
Anybody caught thinking will be immediately shot!

More information about the Gnupg-users mailing list