Discussion:
any reliable pgp/gpg solution for windows vista?
(too old to reply)
sobriquet
2009-09-04 06:55:16 UTC
Permalink
Hello.

On a 64bit vista system, I try to get gpg4win working, but the
programs (like GPA and Kleopatra)
included in the softwarebundle crash all the time.
I've also tried winPT, but that doesn't seem to work either (might be
a conflict with gpg4win).

Can't even verify a simple usenet msg (copied-pasted via
groups.google) via the CLI:
Loading Image...

So.. this pgp/gpg stuff has me a bit mystified.. it seems simple
enough in principle (I understand
the basic ideas about using the public/key pair and authentication via
OpenGPG or S/MIME, as outlined in the gpa4win documentation), but in
practice I can't seem to get it working.

Kind regards and thanks in advance for any suggestions, Niek
Bob Henson
2009-09-07 18:41:55 UTC
Permalink
Post by sobriquet
On a 64bit vista system, I try to get gpg4win working, but the
programs (like GPA and Kleopatra)
included in the softwarebundle crash all the time.
I've also tried winPT, but that doesn't seem to work either (might be
a conflict with gpg4win).
I've just switched back to using Outlook under 32bit Vista (so I can't
vouch for how things are under 64bit) but the only thing I can get to
run is GnuPG and WinPT. As in your case, just about every element of
GPG4Win crashes here, so I uninstalled it, rebooted, deleted the files
in the GNU/GnuPG directory and rebooted the system again. I then
installed GnuPG and checked it from the command line, then added WinPT,
and everything works OK. I don't know whether this would be all that you
want, but at least it works. There's also an installer version (GnuPT)
on the WinPT website that installs both GnuPG and WinPT in one go, so if
you're starting from scratch maybe that’s the way to go. Snags -
no English documentation in the file (even though the website says there
is) - the keyserver machanism is (I think) not yet finished in that it
won't allow new keyservers to be added, and the "refresh" function fails
here (although you can download the whole key again)

If you want to change e-mail programs Thunderbird/Enigmail
extension/GnuPG runs like clockwork. I've used it for years, but have
just given up Thunderbird after many years because there are a variety
of functions in Outlook that I need, and which I doubt will ever get
fixed in Thunderbird.

Regards,

Bob
Bob Henson
2009-09-07 18:46:48 UTC
Permalink
Hmmm , I'm getting a bad signature from my own message - a bit more work
may be needed. I suspect outlook did something to the message - I'll
have another try.

Regards,

Bob
David W. Hodgins
2009-09-07 18:59:51 UTC
Permalink
Post by Bob Henson
Hmmm , I'm getting a bad signature from my own message - a bit more work
On the article I'm replying to, I get

Good signature from:
Bob Henson (Newsgroup signing key) <***@galenx.co.uk>
Key ID: 72B44D7F5B550BBF
The signature is valid, but the key is untrusted

If you're getting an invalid sig on that article, it's
most likely the news reader.

Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
sobriquet
2009-09-07 19:18:34 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hmmm , I'm getting a bad signature from my own message - a bit more work
may be needed. I suspect outlook did something to the message - I'll
have another try.
Regards,
Bob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32) - WinPT 1.4.2
Charset: UTF-8
iQEcBAEBCAAGBQJKpVToAAoJEHK0TX9bVQu/30AIAJH5T+gyyj9sqZwCmvrrS9Xb
FZpqOMRWRlxTLSAll7BiB9/3GGa0OktVSrh8SJhelRqHTE6Zns/Bn3plXfWnG8Hf
EeD/tNS4QwW2WUfx5F5ourKsanmy9BXbie9cjXRUCtofvNjX1ZU9KQ+eVQwlHg6M
YuviF8K5d4AsZAGm1OAICr/KU0/KYt4ANKdprVAb+1Wc68b1vaRXQrLB63u8L7Y5
LBEYF2/2K5YCxHsafCn6HHcHChmJSRywQhU07WHU+CzqIBvyjSGbKhNooUnc+eQf
2ewpEU6ox2fzW0KtEK4QA2rR0fNs8zdVgKDb3v7+rFmsJWeuvQfxTXLsXzhFqJk=
=7BrK
-----END PGP SIGNATURE-----
I've managed to get gpg4win working effectively to some degree. The
programs in the bundle do crash a lot, but the sign/verify process
seems to work ok, even when I use groups.google (though you have to be
very carefull how text is formatted, because groups.google tends to
replace spaces by linebreaks in long lines).
In fact, I haven't tried it out with newsbin or alternative
newsreaders (using Motzarella or some equivalent free newsserver), but
if it works with groups.google, it's likely to work with such
newsreaders (or even outlook) as well.

Screenshot:
Loading Image...

You can see that I've managed to verify my own message, that was
signed and authenticated via the clipboard from GPA (though the public
key in the screenshot hasn't been distributed to any keyservers).

When the public key associated with a signature isn't available
locally, the verification process fails, but mentions the identity of
the public key (a short hexadecimal number), which allows one to fetch
it from the keyserver.
Once that has been done, you have to decide if you actually trust that
key (marking the key to be valid) and then the authentication process
of the signature succeeds.

I did need to read the manual of gpg4win carefully to figure out how
signatures have to be authenticated using certificates and a web of
trust, where the reliability is a kind of function of trusted
contributers to a newsgroup that mutually trust and acknowledge (sign)
each others signatures.

So in that sense, digital signatures and their authentication is a bit
more hairy conceptually compared to the process of encryption and
decryption of data that merely seems to rely on the concept of a
public/secret key combination.
sobriquet
2009-09-08 01:06:04 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hmmm , I'm getting a bad signature from my own message - a bit more work
may be needed. I suspect outlook did something to the message - I'll
have another try.
Regards,
Bob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32) - WinPT 1.4.2
Charset: UTF-8
iQEcBAEBCAAGBQJKpVToAAoJEHK0TX9bVQu/30AIAJH5T+gyyj9sqZwCmvrrS9Xb
FZpqOMRWRlxTLSAll7BiB9/3GGa0OktVSrh8SJhelRqHTE6Zns/Bn3plXfWnG8Hf
EeD/tNS4QwW2WUfx5F5ourKsanmy9BXbie9cjXRUCtofvNjX1ZU9KQ+eVQwlHg6M
YuviF8K5d4AsZAGm1OAICr/KU0/KYt4ANKdprVAb+1Wc68b1vaRXQrLB63u8L7Y5
LBEYF2/2K5YCxHsafCn6HHcHChmJSRywQhU07WHU+CzqIBvyjSGbKhNooUnc+eQf
2ewpEU6ox2fzW0KtEK4QA2rR0fNs8zdVgKDb3v7+rFmsJWeuvQfxTXLsXzhFqJk=
=7BrK
-----END PGP SIGNATURE-----
I think it's the newlines that outlook adds after the msg has already
been signed.
When I try to verify the above short msg, GPA reports a bad signature.
With a hexeditor I inspected the file and it had a few suspicious
linebreaks (following a space). After Eliminating the linebreaks, GPA
authenticated the signature.
Here is a screenshot of a hex editor with the version I got from
groups.google and the version where I eliminated the linebreaks that
outlook might have added:

Loading Image...
Bob Henson
2009-09-08 09:12:22 UTC
Permalink
Post by sobriquet
Post by Bob Henson
Hmmm , I'm getting a bad signature from my own message - a bit more work
may be needed. I suspect outlook did something to the message - I'll
have another try.
I think it's the newlines that outlook adds after the msg has already
been signed.
When I try to verify the above short msg, GPA reports a bad signature.
With a hexeditor I inspected the file and it had a few suspicious
linebreaks (following a space). After Eliminating the linebreaks, GPA
authenticated the signature.
Here is a screenshot of a hex editor with the version I got from
groups.google and the version where I eliminated the linebreaks that
Yes, I find that if I deliberately restrict the line length when
composing
by hitting enter at less characters than the value set in Outlook for it
to
wrap text (thus preventing it wrapping the text at all, presumably)
like this message, it works just fine. This used to be the big problem
with Thunderbird and PGP (as distinct from GPG) - it too inserts extra
characters after hitting the "send" button. As I use GPG/PGP rarely, I
can live with this - but I'd like to find an automatic way to fix it.
The
other annoying problem is that, writing like this, Outlook's
Autocorrect feature capitalises the beginning of each of my truncated
lines - and I particularly like Autocorrect and don't want to turn it
off.
Anyway, I would appear that we both are getting somewhere at last.
I'll sign this again to see what happens, anyway.

Regards,

Bob
sobriquet
2009-09-08 15:18:31 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Post by sobriquet
Post by Bob Henson
Hmmm , I'm getting a bad signature from my own message - a bit more work
may be needed. I suspect outlook did something to the message - I'll
have another try.
I think it's the newlines that outlook adds after the msg has already
been signed.
When I try to verify the above short msg, GPA reports a bad signature.
With a hexeditor I inspected the file and it had a few suspicious
linebreaks (following a space). After Eliminating the linebreaks, GPA
authenticated the signature.
Here is a screenshot of a hex editor with the version I got from
groups.google and the version where I eliminated the linebreaks that
Yes, I find that if I deliberately restrict the line length when
composing
by hitting enter at less characters than the value set in Outlook for it
to
wrap text (thus preventing it wrapping the text at all, presumably)
like this message, it works just fine. This used to be the big problem
with Thunderbird and PGP (as distinct from GPG) - it too inserts extra
characters after hitting the "send" button. As I use GPG/PGP rarely, I
can live with this - but I'd like to find an automatic way to fix it.
The
other annoying problem is that, writing like this, Outlook's
Autocorrect feature capitalises the beginning of each of my truncated
lines - and I particularly like Autocorrect and don't want to turn it
off.
Anyway, I would appear that we both are getting somewhere at last.
I'll sign this again to see what happens, anyway.
 Regards,
Bob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32) - WinPT 1.4.2
Charset: UTF-8
iQEcBAEBCAAGBQJKph/iAAoJEHK0TX9bVQu/+4kIAMPiPP8F9/GZDsgnJPdw+Vnh
S8a7g3rXTBlpM0GpzFnxSB/unZ8LhpOvdzQVxL+pdoSFKm3I7lnKo8/jHHxnak70
+OD3XcxiSbInws+6n2qbSIK64K3VW23Vm32Cgw50fXPIRROzDesYO3rKd5va7QqM
VouL3hIIucQJ2hcLRMwuCSzmYC1M17HlSUAjMFAM2NisP+UP6RIfZ41bGANvAXjF
QgE/3sHpi3lawgbKKcXv9Ge57Kh5vlz9g3FaS3jERaWvsJLB5NKsTQPhtezrIWIb
PgXS4AGz2IqT/3rMXCmsMqQlQwLnt7hSFJCmgFmfgOelm4WZw9STg/oRXNkey2A=
=ep6a
-----END PGP SIGNATURE-----
Again, I had to remove a few linebreaks manually to authenticate the
msg with GPA.
I think the key is to use a different text editor, with a maximum line-
length of 78 or
80 characters. Composing the msg in there, and then transferring it to
the newsreader
you use (by means of select-copy-paste), to sign it and send it off.

Perhaps an editor like notepad++ has features like being able to
ensure lines never
exceed 80 characters in length.
The process of signing the message itself, doesn't increase the length
of any lines.
wanna_use_pgp_again
2009-09-09 00:23:39 UTC
Permalink
On Tue, 8 Sep 2009 08:18:31 -0700 (PDT), sobriquet
Post by sobriquet
....
Perhaps an editor like notepad++ has features like being able to
ensure lines never
exceed 80 characters in length.
You can get Notepad++ to rewrap text but only after it's been written.
You go to textfx|textfxedit|rewrap text to (clipboard or 72) length.

When quoting previous E-mails I've found that putting "66" in to the
clipboard ensures that quoted E-mail stays in a proper line and
Thunderbird doesn't clip it or anything. This used to work when I was
using PGP and needed to not have the text amended by the E-mail
client.

I've gone from Win98SE to Vista. I see that folks are saying that my
trusted old PGP 6.x isn't going to work on this OS. I'm casting about
for a good, free, open source solution. Just started looking,
actually.

David W. Hodgins
2009-09-08 15:24:46 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain; charset=utf-8; format=flowed
Post by sobriquet
With a hexeditor I inspected the file and it had a few suspicious
linebreaks (following a space). After Eliminating the linebreaks, GPA
authenticated the signature.
It's outlook "fixing" up the lines with trailing spaces for the
format=flowed format. Same thing happens with most news readers
that handle it.

The only way to avoid the problem, is to avoid leaving any trailing
spaces, and keep the lines short enough to avoid wrapping.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqmdu8ACgkQObhOpZiwE+D+owCeIGetuugzemrJQkTTs1NqMAjc
glwAoPQ3Dd/iaJlQKDBKdlAaz4nJW6NM
=ToMe
-----END PGP SIGNATURE-----

I'll be surprised if the above verifies.

Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Loading...