You are here

A True Portable Implementation of GnuPG is Desperately Needed

12 posts / 0 new
Last post
AName
Offline
Last seen: 6 years 3 months ago
Joined: 2016-06-17 14:19
A True Portable Implementation of GnuPG is Desperately Needed

Having spent the last year newly encountering encryption, and of course GnuPG, and its various implementations as a portable user, I have to insist a true portable implementation is desperately needed. The base install for Gpg4Win touts itself as portable capable, and can be installed to USB using the mkportable.exe with the code. Without installing anything on the HDD, I cannot get this to work, nor is it a true, clean front end. Gpg4Win I loathed, found unnecessarily messy and disconnected. I also looked at a little package, woefully outdated, that someone made called Gpg-2-Go, and this fails to function from its .bat file unless the old Gpg v.1 files are used, and it is ensconced in the installation folder and encrypts files stored there. Finally, there is the Portable Apps version, the portable base code for GnuPG for use by Thunderbird and Seamonkey, which illustrates what in my view is one of the typical misassumptions being made, i.e. that an implementation of the software should be incorprated into other software, typically email clients. I also found Thunderbird/Enigmail depositing key files on the HDD while used portably, a disaster. I prefer to use GnuPG in its original form, via command line, which I have learned, but so far I have found this impossible without installing GnuPG on the HDD.

Technically, encryption software like GnuPG is similar to a compression codec, pointing at a file of any kind (and GnuPG can be used to encrypt files of all kinds, including compressed folders or media files, utterly overlooked by its email implementation) and transforming it into another kind of file, in this case via password or keys. Clean compression software has been around for ever, and in my view the ideal app would be something like WinRAR, or Portable App's own 7Zip Portable, a simple front end, ideally with an additional command line view allowing for typed commands and terminal feedback otherwise, with a simple explorer for selecting files and a minimal toolbar for creating, importing and listing keys (key management), signing, detached signing and encrypting, symmertical encrypting (via password only), cipher selection (dropdown list, perhaps), ascii toggle, and keyserver functions, with the full toolset handled within a single interface and including the power of command line operation. Like Thunderbird and Seamonkey portable such a front end would operate with the GnuPG base files. Keys would remain accessible to users, allowing them to be located, moved and imported for each use if desired.

What I find bizarre is that no one has approached the issue in this way, and that the implementations for what is now the most common form of encryption are so shakey and troubled, at least where portable usage is concerned. Portable implementation in some ways highlights many of the security issues with which encryption software is concerned, since it avoids permanent HDD installations or data by definition, though potentially exposing users to foreign computer systems, though this need not be the case if one elects to use encryption software from an external drive like a USB key even when using home computers or portable devices like netbooks.

As it is I tend to reserve GnuPG usage for a different OS, currently unable to use the software portably with Windows in a manner I find satisfactory (or in fact at all).

I would love it if someone would create the ideal GnuPG portable implementation, clean, command line capable, base file dependent, and completely host system independent. Please consider.

Any useful recommendations, meanwhile, would be appreciated.

Wm ...
Offline
Last seen: 5 years 9 months ago
Joined: 2010-07-17 12:37
CommonFiles/GPG has everything you need except gpa

It seems to me CommonFiles/GPG has everything you need except gpa.exe
I've just used mkportable --light and that includes gpa
My guess is that the only reason gpa isn't in CommonFiles/GPG is that CommonFiles are intended as resources for other PApps rather than as apps themselves.
My newly created GnuPGPortable seems to be working fine, it isn't in PA format, of course, but that doesn't bother me as much as some people.
I've also just tried it out on another system that hasn't had Gpg4Win on it and my quick test suggests the portability is OK

Wm

Wm ...
Offline
Last seen: 5 years 9 months ago
Joined: 2010-07-17 12:37
Would you retract or clarify, please

I've slept on this and I'm not sure if you're trolling, badly informed or simply not very bright.

Hopefully it is not the first and we can explain things to you. For that to work you have to say what the real issue is because it can't be what you wrote such a long message about.

Wm

AName
Offline
Last seen: 6 years 3 months ago
Joined: 2016-06-17 14:19
Absolutely Not

No, I am not trolling, but resorting to insulting new users posting genuine requests, whether you consider them misinformed or not, would be.

I meant exactly what I said, but your response forces me to repeat myself. Gpg4Win I found of poor design, and was not designed to operate portably; the GnuPG Portable implementation supplied by PA is designed to operate as an encryption base for the email clients (Thunderbird Portable and Seamonkey) for which I understood Enigmail was required; my experience with using Thunderbird Portable found it writing to HDD, though it was installed to and being used from a USB key; nor could I find any options in Thunderbird (which I loathe using) to prevent this happening; it is also an email client, and as I pointed out, I consider this a limited application of the encryption capabilities, which I have likened to a compression codec; the 'ancient' Gpg-2-Go I found online is just a few files intended to operate from floppy, no less, and is not concerned with the long since current Gpg2, though it does activate portably via its .bat file: all attempts I have made to alter the files position or edit the .bat show that it requires Gpg v. 1 (I have never had to mess around with .bat files before); in doing this it calls cmd.exe in sys32, on the host computer, which is perhaps less than ideal, and can only encrypt files deposited in its own folder, since navigating away from this leaved gpg requests answered with an unknown command response.

Your own suggestion I will have to check, though you have not answered for how encryption is operated portably. Simply running a command line interface leaves no means to point to and encrypt files that I can see, using the normal terminal commands ("gpg -se -a -r recipient file", etc.).

What I have (genuinely) suggested is that I would like to see a clean GUI for GnuPG portable use, not one associated with email clients whereby GnuPG becomes a plug-in for the likes of Thunderbird or Seamonkey, etc., a partial implementation, but a true front-end for the encryption software itself, which does all the same things anyway (just paste your encrypted ascii text into your email - TAILS already implements GnuPG in this manner...)

I might knock up a graphical example of what I mean, perhaps that would help; it seems to me that the core encryption functionality and its options would be well-suited to radio button and drop-down options similar to shader design in 3D graphics, attendant here to a file explorer (like I said, just like WinRar or 7Zip); further functions, like key management or a command line interface, or a text editor able to encrypt at the click of a button, could be tabbed. Seems clean and simple to me.

Please clarify your own post. I AM using the mkportable install of Gpg4Win, and cannot get it to operate from command. All that I have ever found possible like this is executing gpg2.exe, where I am told "go ahead and type your message". How would the items in common files be used to operate portably?

Wm ...
Offline
Last seen: 5 years 9 months ago
Joined: 2010-07-17 12:37
skip the e-mail clients

I am going to break what you say down
the e-mail client is not an issue, they use GPG not the other way around
the question should be are e-mail clients behaving safely

Wm

Wm ...
Offline
Last seen: 5 years 9 months ago
Joined: 2010-07-17 12:37
two bits of Gpg4Win are not portable and known to be

two bits of Gpg4Win are not portable and known to be

the web site at https://www.gpg4win.org/download.html
says
===
To create a portable Gpg4win version use the included tool mkportable.exe.
HOWTO: Install Gpg4win with all components and then run from the command line (cmd) in install directory: mkportable.exe [OPTIONS] TARGETDIR. Use mkportable.exe --help to get all options. The portable version does not include GpgOL and GpgEX! Your certificates and settings are saved in the directory 'home' of portable version.
Please note: Do not use portable applications - especially crypto applications - on potentially infected systems.
===
what are you missing?

Wm

Wm ...
Offline
Last seen: 5 years 9 months ago
Joined: 2010-07-17 12:37
loathe is a powerful word

loathe is a powerful word, I think [swearing removed by mod KH] is a better is expression if you are articulate.

I loathe your base attack on an internet standard.

I loathe your inability to do what you want and expect others to do for you.

I loathe your lack of personal responsibility and the fact that you think other people should pick up your incompetence.

I loathe the fact that you are bringing up long forgotten batch files rather than gpa which does work.

I am now officially angry, and if a mod is watching I haven't said a swearword yet.

Wm

Ken Herbert
Ken Herbert's picture
Offline
Last seen: 1 hour 18 min ago
DeveloperModerator
Joined: 2010-05-25 18:19
Once again....

As you have been told previously, the rudeness, swearing (which there certainly was in your post), attacks on other users, and general negative attitude you exhibit in these forums are not welcome.

If you cannot communicate within a given thread in a constructive and friendly manner without resorting to aggressiveness then please refrain from joining that thread.

ottosykora
Offline
Last seen: 1 day 9 hours ago
Joined: 2007-10-11 17:48
confusing

As a long yers user of pgp/gpg I think you are making some confusion here. You want something new, simply to suit your special needs. But consider: Portable Apps simply makes the original software portable as uch as it is possible. The software is not made by portable apps.

GPG has log story and many development stages over the years. The original gpg was just one exe file, similar to the original pgp. This version still exists and infact I use this one still. You download it from gpg site still.
This single exe gpg just works and what ever it does it does it the way it is designed. It can be started from a batch it has an simple trext based file to set switches etc. You can operate it from CMD too, just learn the commands.
I am using this still with portable apps and it works well.
Together with Enigmail and Thuderbird for mail (it needs older version of enigmail however).
I use it also with GpaPortable and WinPTportable. All works well, if there are bugs, then they are in the original software.
The gpg.exe file I have in the common files / gpg.

I use it also with gpg4usb, here I have the gpg.exe in its directory.

However, now many people use the latest version of gpg. This has advantages, but also disadvantages. It is made of numjber of files, the original needs to be well intergrated into the operating system. This was aim of the people who did write the program. It is not written by portable apps people, so do not blame this site if you are not happy with some functionality.
The gpg 2.1x , called 'modern' works via an so called agent , a service between the apps needing it and the gpg itself.
Thhis is fine , but little bit more complex for portable use. However poratbel apps has a version suitable.
However, it does not accept older RSAv3 keys, thus breaking web of trust. One reason I do not use it.
Again, this has nothing to do with portable apps, the original developers wamt have it so.

Therefore calm down, and if you have problems with the new 'modern' version of the gpg, the use the older one. Both are equaly safe.
And complain to the developers of the gpg2.1x rather then here.

The devs of gpg2.1 will answer you however similar as they did time ago to me. They have no plans to have full portable implementation of the gpg2.1x, they want have it a part of the operating system.

GPG 1.4.9 is absolutely equivalent to the 2.1x , there is nothing wrong with it because it has older version number. It is not old. It is just the 2.1x is completely rewritten and based on other way of using it.

Otto Sykora
Basel, Switzerland

AName
Offline
Last seen: 6 years 3 months ago
Joined: 2016-06-17 14:19
EMP

Wading past the personal abuse, tangential responses and non-sequiturs ('loathe' is a word of strength, and is also weirding word), I am simply saying I would like to see a simple, portable front-end for GnuPG, rather than (indeed) an email plugin, which I have described (correctly) as a specialized and partial implementation of the software. It is impossible to state this more plainly.

The text you have quoted from the Gpg4Win website I am familiar with, and it fails entirely to address the problem. Having installed the version described, I cannot get it to work from command line while installed to USB at all, and nothing I have read says how to why.

I have already described this issue, but again, it seems to me the forum users (like so much of the net these days) are unable to observe anything I am actually saying.
I have already encountered the same problem in researching security and anonymity software in general, including encryption, something I regard as quite a run-around; odd, because security software of any kind depends on accessibility and proliferation of users, rather than being the personal toys or closely guarded secrets of a few.

The .bat file execution is part of Gpg-2-Go, which I mentioned, and as I say is out of date, and has certain limitations.

A quick graphical mockup of an approximation can be found here, hopefully:

https://postimg.org/image/5utn5rhf5/

Anyway, such is my request. I will leave it up to programmers to assess the requirement, though it seems obvious to me.

vf2nsr
vf2nsr's picture
Offline
Last seen: 5 years 11 months ago
Developer
Joined: 2010-02-13 17:10
Hi

Here at PortableApps we do not generally Program or create software. We help to make it portable. The best thing would be for the developers to make the apps you desire and for one of our team or members to attempt to portablize it.

“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” Dr. Seuss

ottosykora
Offline
Last seen: 1 day 9 hours ago
Joined: 2007-10-11 17:48
gpg1.4

as mentioned, here software is only portabilized.
For features, ask the original authors of the software.

If you want use gpg easy portable, use versions 1.4
This not something old or obsolete, this is just different solution to same task. It does the same encryption etc, but internally it works different.
I am mostly using all frond ends which work with gpg1.4, this makes the portable use much more easy.
I have such front ends on my stick and all run fine and do the job.

All front ends designed for the gpg 2.1 can be used portably, but it is not designed to be done. Gpg2.1 is designed to be kind of part of the operating system and run there as an universal service for all apps.

While both gpg forks can be well used from CLI, the front ends need be different, as the commands are not all same.

We do read your message, but with your wishes for a software development, you have to approach the developers of the gpg or the front ends. They are definitely not here. You are simply in a wrong place here to complain abt functionality of some specific software.

You can also try the java based pgp:
http://ppgp.sourceforge.net/

I have that on my usb stick and use it under Windows and Linux

Otto Sykora
Basel, Switzerland

Log in or register to post comments