GnuPG openly states that is can be used portably, without OS installation. GnuPg itself is an encryption software backend to whatever front end is provided for it, Gpg4Win being just that. An inspection of the results of Gpg4Win’s portable installation shows the presence of the essential files and folders named by the GnuPG Manual.
Having experienced the various frontends for GnuPG under Windows, I prefer to operate the encryption software portably, and feel this is a more fundamental and clean use of the software. I have spent some time discovering how to operate GnuPG portably at all, without the depositing of files on host computers, etc., and wading through bad advice, like altering path variables, etc. However, without any OS installation, I am unable to have GnuPG, in any form, work.
Obviously simply opening a command terminal and expecting the system to recognise an application that has not been installed will not work. Neither will running any of the installed files after installing to portable repository (USB key, whatever). I am quite capable of using GnuPG from command where encryption and decryption are concerned; but if I cannot even run the software, I can’t do that. I would also like to be able to encrypt at command without file, ie. from and to STDIN, but have found this discussed only for Linux, and then assuming it is OS-installed, not running from an external device.
Incredibly, I have yet to find this problem discussed once anywhere. No manual, forum posts, FAQs or anything else actually say anything sensible about operating GnuPG from a portable device; those that claim to do so, without a GUI, are few, and no other packages should be required. Nor am I interested in being told this is ‘not recommended’ for security reasons: Linus Live installations operate from an external device for security reasons, not in spite of them, and it is in part this kind of usage I envisage.
If GnuPG is installed on a portable device using the mkportable.exe provision in Gpg4Win, how is it run from command?
Given this operability, how can text be encrypted at command line without importing or exporting a file?
I hope someone actually knows, because the functionality is supposed to be a basic property of GnuPG. Thanks.
If GnuPG is installed on a portable device using the mkportable.exe provision in Gpg4Win, how is it run from command?
\gpg2.exe
e.g.
E:\gpg4win\gpg2.exe if your USB stick is mounted under E: and the portable folder name is gpg4win.
Given this operability, how can text be encrypted at command line without importing or exporting a file?
Begin Example
C:\Users\aheinecke>“e:\gpg4win\gpg2.exe” -ae
You did not specify a user ID. (you may use “-r”)
Current recipients:
Enter the user ID. End with an empty line: foo@bar.baz
Current recipients:
1024R/5CB173A4 2016-07-04 “Foo bar foo@bar.baz”
Enter the user ID. End with an empty line:
Hello World
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2
hIwDZjQlI1yxc6QBBACmj7nBfhHBqQGuGy3Rbabbal66TAOZyEy0TdT4q+YDv9aA
nN2m8mqkKzSW2VicBLuitZnRQ/7PPvPnXt8FOVBQIxn4WxsAXxJnKmgbmrZ+9GFg
exivIqpMw7p+uIkejKq4PJTO9X/05hcTBufRiDAXfQfC/4Lz0bU+HK/LNYVtytJI
AeDhNz3WGN2uwyh/bmoSe7LX+R2hLu0w9d+vVx9rdLPHAxcFL5KpP2DCeQRdGtW+
SMPoWGcAfYksY6RqEKuheTzjr6jAi39/
=juZv
-----END PGP MESSAGE-----
^C
C:\Users\aheinecke>
End Example
where after typing “Hello world ” you would hit ctrl+c to send the Windows EOF maker. In this example the text “Hello world” is encrypted to the key for foo@bar.baz and you can copy the resulting encrypted PGP Message.
I see. I have tried what you advise, and it works but for a couple of things.
First, of course, I now have to add the full path to any command that must first call gpg2.exe if the target is outside the GnuPG folder; to import keys in a different folder, I would have to navigate to the GnuPG folder and then import keys with a full path name. Correct?
Second, importing keys in this manner and attempting to encrypt raises a problem I had already encountered; a passphrase is of course required, as it says: but no password window is opened, and I cannot type anything in response to the prompt.
Last, the text entry. I don’t know what you mean by “Windows EOF maker”. I see that Ctrl-C exits, of course.
Thanks for your help.
First, of course, I now have to add the full path to any command that must first call gpg2.exe if the target is outside the GnuPG folder; to import keys in a different folder, I would have to navigate to the GnuPG folder and then import keys with a full path name. Correct?
Yes that would work. You could also use the fullpath to gpg2 from a folder where your keys are. E.g.
c:\yourkeys >e:\gpg4win\gpg2.exe --import key1.asc
Second, importing keys in this manner and attempting to encrypt raises a problem I had already encountered; a passphrase is of course required, as it says: but no password window is opened, and I cannot type anything in response to the prompt.
You do not need a passphrase to encrypt. You only need a passphrase to decrypt or sign something.
Last, the text entry. I don’t know what you mean by “Windows EOF maker”. I see that Ctrl-C exits, of course.
EOF Marker means that with Ctrl+C you signal gnupg that you have finished entering your message and it then creates the PGP MESSAGE based on your input and exits afterwards.
This is slightly different to just “exit”
Yes, I intended a sign and encrypt action (-se). But the point stands: it is impossible to accomplish as I am informed a passphrase is required, but no means of entering one is presented. How do I sign and encrypt using this method?
I also have a further question that occurred to me upon importing keys, and being informed they were already present in the keyring. Is there a fast way to purge the keys in the keyring, ie. remove all keys rather than removing them one at a time? I could try deleting the keyring, and I assume Gpg4Win would recreate the keyring at next activation, allowing me to effectively purge all keys and reload them as I see fit?
Thanks again.
I have also tried the method you use to encrypt to terminal, and it doesn’t work. As far as I understand you, this involves entering the text to be encrypted (here “Hello world”) after the second recipient prompt, then pressing Ctrl-C when done. When I do this, it simple exits Gpg without outputting any encrypted text at all.
Example:
Path\GPGPortable\gpg2.exe -ae -r recipient@name.com
gpg: [Key ID] There is no assurance (etc.)…
[pub, etc.]
Use this key anyway? (y/N) y
Hello World^C
Path\GPGPortable>
This is all I get, with no output…
Ah, re: my last post. I have that working now. I had forgotten to hit return after the text entry, then Ctrl+c. That works okay. I just have the passphrase problem left now.
Does anyone know how to enter passwords as part of a sign action using command line? I am given a password prompt when I attempt to sign and encrypt (-se) but have no way to enter a password: no password field appears and I cannot enter a password using the keyboard.
?
Again, re: my last post. Now the password prompt appears for the sign and encrypt operation; apparently it was just much slower than I had anticipated.
However, I am puzzled as to why it is not possible to sign and encrypt an ascii armored output to terminal?
I have just tried this, comparing the result to those utilising specified input and output files for unsigned and signed armored encryption. Gpg will of course happily sign and encrypt, ascii or otherwise, to file. When I do the same thing without specifying input and output files (i.e. >gpg2.exe -se -a -r name@name.com), expecting to be able to output to terminal, I get nothing.
I would still like to know if it is possible to purge all keys from Gpg4win/home.
Kaiser,
Have you tried using Ctrl-Z as an end of file indicator? This works for me.
Regards,
Sean