PGP location - PGP

This is a discussion on PGP location - PGP ; Hi, Some question about batch PGP running: For example I need to run command from the location C:\dir1 but PGP files and the result encrypted file(s) have to be at D:\dir2 I can do something like it: C:\dir1> D:\dir2\pgpe ...... ...

+ Reply to Thread
Results 1 to 18 of 18

Thread: PGP location

  1. PGP location

    Hi,

    Some question about batch PGP running:
    For example I need to run command from the location C:\dir1 but PGP files
    and the result encrypted file(s) have to be at D:\dir2

    I can do something like it:
    C:\dir1> D:\dir2\pgpe ......

    It works fine but PUBRING & SECRING have to be located at C:\dir1
    Also if my file , which I am going to encrypt not located at C:\dir1 and I
    specify path to the file then inside incrypted file will be something like:
    C_dir1_filename.txt

    How I can fix these problems?

    I also found in documentation that I can specify another name of the public
    ring:
    pgpe -r file --pubring=~/fooring.pkr

    but I can not specify the another location to the public ring. Does exist
    such possibility?

    Thanks
    Jul



  2. Re: PGP location

    -----BEGIN PGP SIGNED MESSAGE-----

    Jul wrote:

    | Hi,
    |
    | Some question about batch PGP running:
    | For example I need to run command from the location C:\dir1 but PGP files
    | and the result encrypted file(s) have to be at D:\dir2
    |
    | I can do something like it:
    | C:\dir1> D:\dir2\pgpe ......
    |
    | It works fine but PUBRING & SECRING have to be located at C:\dir1
    | Also if my file , which I am going to encrypt not located at C:\dir1 and I
    | specify path to the file then inside incrypted file will be something
    like:
    | C_dir1_filename.txt
    |
    | How I can fix these problems?

    @echo off
    path %path%;c:\dir\pgp
    set pgppath=c:\dir1\pgp
    if not "tz"=="" set tz=EST5EDT
    d:
    cd dir2\pgpe
    pgp -se %1 jul -u jul +batchmode

    Something like that? Note that the path statement will keep adding the
    location of pgp until it runs out of environment space.

    There is also a config.txt in pgp 2.6.3i you could use.

    | I also found in documentation that I can specify another name of the
    public
    | ring:
    | pgpe -r file --pubring=~/fooring.pkr
    |
    | but I can not specify the another location to the public ring. Does exist
    | such possibility?

    Are you using pgp 5 by any chance? If you do, *don't*. It has some
    serious flaws in it. Use PGP 2.6.2, 2.6.3i or GnuPG 1.2.5 instead.

    Thomas
    - --
    Mean Guns, The Three Bears, Deedee: "So she is Goldilocks",
    Lou: "Yeah, and you're a stupid",
    Deedee: "I have just about had it with you Lou"
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.5 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iQB5AwUBQSZWTQEP2l8iXKAJAQHcfAMfZYSOVbFK/9qqMHJNdaqN9G+ip69P0s0l
    5DH9r/8qEHACoDnsXEaYlU8rAEF/sxaeC3A2FEJBGERT6/wOzuXGBMD++j5mo7vB
    FWQL/Zs0i28gDezYWZRqcZjkO2x4rQtS1A9xyA==
    =EZnf
    -----END PGP SIGNATURE-----

  3. Re: PGP location

    "Thomas J. Boschloo" wrote in
    news:412657b5$0$771$3a628fcd@reader10.nntp.hccnet. nl:

    >
    > @echo off
    > path %path%;c:\dir\pgp
    > set pgppath=c:\dir1\pgp
    > if not "tz"=="" set tz=EST5EDT
    > d:
    > cd dir2\pgpe
    > pgp -se %1 jul -u jul +batchmode
    >
    > Something like that? Note that the path statement will keep
    > adding the location of pgp until it runs out of environment
    > space.
    > -snip-
    >


    Something like this
    if (%PGPPATH%) == () path %path%;c:\dir\pgp
    might prevent running out of env. space.

    J
    --
    Replies to: Njk04s_130_p(at)Ojuno(dot)Tcom

  4. Re: PGP location

    On Fri, 20 Aug 2004, Thomas J. Boschloo wrote:

    > [trim]


    > Are you using pgp 5 by any chance? If you do, *don't*. It has some
    > serious flaws in it. Use PGP 2.6.2, 2.6.3i or GnuPG 1.2.5 instead.


    Could you elaborate a little on this, please. At one point I was
    thinking about setting up a (true) DOS system and was looking around
    for a PGP to run on it. I never quite got things set up, but I did
    find a port of version 5 that might run. What are the difficulties
    with PGP 5? Thanks.

    --
    Paul Bartlett
    bartlett "at" smart "dot" net
    PGP key info in message headers

  5. Re: PGP location

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "Paul O. BARTLETT" writes:
    >On Fri, 20 Aug 2004, Thomas J. Boschloo wrote:


    >> Are you using pgp 5 by any chance? If you do, *don't*. It has some
    >> serious flaws in it. Use PGP 2.6.2, 2.6.3i or GnuPG 1.2.5 instead.


    > Could you elaborate a little on this, please. At one point I was
    >thinking about setting up a (true) DOS system and was looking around
    >for a PGP to run on it. I never quite got things set up, but I did
    >find a port of version 5 that might run. What are the difficulties
    >with PGP 5? Thanks.


    AFAIK the main problem with pgp5, is that is improperly uses
    "/dev/random", so that in some circumstances it may generate keys
    based on insufficient entropy.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.3.6 (SunOS)

    iD8DBQFBJrtpvmGe70vHPUMRAgr2AKCnsZf7rkyfsXW9/384geAkGBD7xwCeNk3I
    1/9DOPvIk6bzDsX8b5xF5d0=
    =9DQ/
    -----END PGP SIGNATURE-----


  6. Re: PGP location

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Neil W Rickert wrote in
    news:cg6e1d$bcr$1@usenet.cso.niu.edu:

    > AFAIK the main problem with pgp5, is that is improperly uses
    > "/dev/random", so that in some circumstances it may generate keys
    > based on insufficient entropy.


    "Under certain circumstances, PGP v5.0 generates keys that are not
    sufficiently random, which may allow an attacker to predict keys and,
    hence, recover information encrypted with that key." This affects
    UNIX/Linux systems, but is not an issue for Windows users.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    iQEVAwUBQSc8CGDeI9apM77TAQK2oAf/UFcfgkCAW0W5A5yHvrFa0h/b2EOekmwS
    IAHWyOWKNR2OJCN6lDrhbg90uZEso1xhcl5Ai0+npbJx9WBE5I uqjLKYri93x8GD
    mxQdUbv6PraFcz4KdC8Oc3u+vIHJP4zWT6CehncNfVnYy4YuAg nI8QNqHw4Utmhk
    i2HisnGu34Rulcfd619yozJdBWGFDEnKZbvi+oq3Hv1qIewIDS vnBQ5IaqUau6Y9
    xJdcPhL9zA52yMY00gjhJzyFhDwZ++1vedQGZzu6698OV71Qi9 161QuWFDzTxoLe
    e7q63aIocbhJXe3daWinWPDQOrOwhvx4QbyJ4MMPmTvEP0V4a6 fMqA==
    =jukr
    -----END PGP SIGNATURE-----

  7. Re: PGP location

    In comp.security.pgp.discuss Tom McCune wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Neil W Rickert wrote in
    > news:cg6e1d$bcr$1@usenet.cso.niu.edu:
    >
    >> AFAIK the main problem with pgp5, is that is improperly uses
    >> "/dev/random", so that in some circumstances it may generate keys
    >> based on insufficient entropy.

    >
    > "Under certain circumstances, PGP v5.0 generates keys that are not
    > sufficiently random, which may allow an attacker to predict keys and,
    > hence, recover information encrypted with that key." This affects
    > UNIX/Linux systems, but is not an issue for Windows users.


    This is true, but there are literally dozens of other reasons not to
    use PGP 5. There have been years of development between 5 and now.
    There have been tens of thousands of changes and improvements to the
    PGP code. PGP 5 doesn't even work properly with many common keys.

    PGP 2 has better support than PGP 5.

    David

  8. Re: PGP location

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    David Shaw wrote in
    news:cg7r0j$43o$1@foobar.cs.jhu.edu:

    >>> AFAIK the main problem with pgp5, is that is improperly uses
    >>> "/dev/random", so that in some circumstances it may generate keys
    >>> based on insufficient entropy.

    >>
    >> "Under certain circumstances, PGP v5.0 generates keys that are not
    >> sufficiently random, which may allow an attacker to predict keys and,
    >> hence, recover information encrypted with that key." This affects
    >> UNIX/Linux systems, but is not an issue for Windows users.

    >
    > This is true, but there are literally dozens of other reasons not to
    > use PGP 5. There have been years of development between 5 and now.
    > There have been tens of thousands of changes and improvements to the
    > PGP code. PGP 5 doesn't even work properly with many common keys.
    >
    > PGP 2 has better support than PGP 5.


    I was clarifying the report on week key generation, as to it only
    affecting Unix/Linux users - that is not a reason for Windows user to
    avoid using PGP 5.0. I agree that there have been many improvements in
    PGP since version 5.0, but there are no major security flaws in what is
    there (when used in Windows). Actually, the lack of ADK support could be
    seen as a reason for it being considered more secure than newer versions.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    iQEVAwUBQSemh2DeI9apM77TAQJQgAf/Vl81I034Fb7dN3Skjn+myauP62iQ0WU6
    dCBK2MoC4dTCaCAGRtdaWZJ/E2F+QvN/woMEsLSqgmZt3rUjYubX+Hfz7ZcmhL82
    Jdjeviql7ue9L8ipNS3JkcY91AssKwt0oay7hTgHtU8+tiaqIn VH3vFGGt0pi45k
    cQj9mTAAUKxqvCVFQ3p8zCIs3dtKC5F/hHfRRnp4P5Y0AayAuM0fPxs6UimOcFoK
    tBITpMFzd7bsr0YYeTyt3jaIC41H7+0lyu5e/dW/0Qk/HPXPoK7sN8IbqQKj8kni
    umVFePRMKUFPzKlLSrG1/RYCXlmpbNJJPCY9zBx6Y7PiPj5IqedKdg==
    =lNTj
    -----END PGP SIGNATURE-----

  9. Re: PGP location

    In comp.security.pgp.discuss Tom McCune wrote:

    > David Shaw wrote in
    > news:cg7r0j$43o$1@foobar.cs.jhu.edu:
    >
    >>>> AFAIK the main problem with pgp5, is that is improperly uses
    >>>> "/dev/random", so that in some circumstances it may generate keys
    >>>> based on insufficient entropy.
    >>>
    >>> "Under certain circumstances, PGP v5.0 generates keys that are not
    >>> sufficiently random, which may allow an attacker to predict keys and,
    >>> hence, recover information encrypted with that key." This affects
    >>> UNIX/Linux systems, but is not an issue for Windows users.

    >>
    >> This is true, but there are literally dozens of other reasons not to
    >> use PGP 5. There have been years of development between 5 and now.
    >> There have been tens of thousands of changes and improvements to the
    >> PGP code. PGP 5 doesn't even work properly with many common keys.
    >>
    >> PGP 2 has better support than PGP 5.

    >
    > I was clarifying the report on week key generation, as to it only
    > affecting Unix/Linux users - that is not a reason for Windows user to
    > avoid using PGP 5.0. I agree that there have been many improvements in
    > PGP since version 5.0, but there are no major security flaws in what is
    > there (when used in Windows). Actually, the lack of ADK support could be
    > seen as a reason for it being considered more secure than newer versions.


    I'm talking about security improvements. PGP 5 hasn't had the benefit
    of the past 4 or so years of work, including security improvements.
    For example, it does not have MDC (and is thus vulnerable to a
    chosen-ciphertext attack: http://www.schneier.com/paper-pgp.html)

    David

  10. Re: PGP location

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    David Shaw wrote in
    news:cg8h1u$m95$1@foobar.cs.jhu.edu:

    >> I was clarifying the report on week key generation, as to it only
    >> affecting Unix/Linux users - that is not a reason for Windows user to
    >> avoid using PGP 5.0. I agree that there have been many improvements
    >> in PGP since version 5.0, but there are no major security flaws in
    >> what is there (when used in Windows). Actually, the lack of ADK
    >> support could be seen as a reason for it being considered more secure
    >> than newer versions.

    >
    > I'm talking about security improvements. PGP 5 hasn't had the benefit
    > of the past 4 or so years of work, including security improvements.
    > For example, it does not have MDC (and is thus vulnerable to a
    > chosen-ciphertext attack: http://www.schneier.com/paper-pgp.html)


    I am in agreement that newer versions have improvements and should be
    used. However, at least for Windows users, PGP 5.0 does not have any
    major weakness for what it does. The lack of MDC is not a major
    weakness, and the described chosen-ciphertext attack is easily avoided:
    http://www.mccune.cc/PGPpage2.htm#Chosen-Ciphertext

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    iQEVAwUBQSfkomDeI9apM77TAQKJwQgAmtYjIsTyCgYGm5iW5f LgvTCLRE8DOid0
    5d/Jc2VDSldObCls46GZe3IlEnfy4nm9MxIX9azNnCmq2v9mueumr E/tFF4d2Wiz
    YalbpannB9lM4j8hdHgSY35LIxGh9JUSEK8dEepZqkzdUklLr0 w6c0NtFDUkm7HA
    v8wVf0sPZ+KjjmQe2Plo3QSHf8HuSveRVsMyN5gerAbqqeGyLd IuvrZ8GgnxRIum
    4H6mZRrGUs0ObN8NnxEm3qsFzzZzheVxKdMJGl00w1rLZ9cQQW DmFv0zX/NjExbY
    4uJgHEuy7RberGDGFh1OiRWCq3thhc0IBARSk+RDySef+Szgz3 NQ7A==
    =qDiG
    -----END PGP SIGNATURE-----

  11. Re: PGP location

    Tom McCune wrote:

    >Actually, the lack of ADK support could be seen as a reason for it being
    >considered more secure than newer versions.


    Why not use the win32 version of GnuPG is that's an issue? GnuPG silently
    ignores ADK's. The OP wanted a commandline version, so that's a good match.

    --
    ir. J.C.A. Wevers // Physics and science fiction site:
    johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
    PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

  12. Re: PGP location

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    johanw@vulcan.xs4all.nl (Johan Wevers) wrote in
    news:I2tGMp.37n@vulcan.xs4all.nl:

    >>Actually, the lack of ADK support could be seen as a reason for it
    >>being considered more secure than newer versions.

    >
    > Why not use the win32 version of GnuPG is that's an issue? GnuPG
    > silently ignores ADK's. The OP wanted a commandline version, so that's
    > a good match.


    Personally, if I was interested in command line usage, I would give GPG
    serious consideration. My only hesitancies would be GPG's lack of memory
    locking when run from Windows, a desire for GUI based key management, and
    a likely desire to use one set of key rings for all PGP/GPG usage.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    iQEVAwUBQSiRRWDeI9apM77TAQIeWAgAgOvXZYv3CW9vSL3DHy D/CJIigRQtZU95
    Agdf5CTMUD/ks72hB5Rxc/c0PmTjP9bhXiQECWR7ENGSmJkRrIT7VjM3vbAiWaL4
    QkGDsqPXbkgwpHqB44nmC8PwxmLjiGcY0x4gXe4Uk/b6Up17sKBG8cPvlS4PB2o5
    wyeYn/Kep8wBY5eHWRpFl0mzsiwZUXSo8lVYvB3ZokOjBJiaXYR/LtcMvd9o8ysN
    GTj4bVEo+I/opdKdNGQr3V/hjUEVB45tE5He0K1mg+/sXLB52/oZzkO1cEiJriZ9
    lDKxcZInoCAoJjd3Wap9GK+dEbyzFocEII/RufdOYFnu6gDCMqdLew==
    =VrN4
    -----END PGP SIGNATURE-----

  13. Re: PGP location

    In comp.security.pgp.discuss Tom McCune wrote:

    > johanw@vulcan.xs4all.nl (Johan Wevers) wrote in
    > news:I2tGMp.37n@vulcan.xs4all.nl:
    >
    >>>Actually, the lack of ADK support could be seen as a reason for it
    >>>being considered more secure than newer versions.

    >>
    >> Why not use the win32 version of GnuPG is that's an issue? GnuPG
    >> silently ignores ADK's. The OP wanted a commandline version, so that's
    >> a good match.

    >
    > Personally, if I was interested in command line usage, I would give GPG
    > serious consideration. My only hesitancies would be GPG's lack of memory
    > locking when run from Windows, a desire for GUI based key management, and
    > a likely desire to use one set of key rings for all PGP/GPG usage.


    Does PGP 5 have memory locking on windows?

    David

  14. Re: PGP location

    -----BEGIN PGP SIGNED MESSAGE-----

    me@tadyatam.invalid wrote:
    | "Thomas J. Boschloo" wrote in
    | news:412657b5$0$771$3a628fcd@reader10.nntp.hccnet. nl:
    |
    |
    |>@echo off
    |>path %path%;c:\dir\pgp
    |>set pgppath=c:\dir1\pgp
    |>if not "tz"=="" set tz=EST5EDT
    |>d:
    |>cd dir2\pgpe
    |>pgp -se %1 jul -u jul +batchmode
    |>
    |>Something like that? Note that the path statement will keep
    |>adding the location of pgp until it runs out of environment
    |>space.
    |>-snip-
    |>
    |
    |
    | Something like this
    | if (%PGPPATH%) == () path %path%;c:\dir\pgp
    | might prevent running out of env. space.

    Clever ;-)
    Thomas
    - --
    Mean Guns, The Three Bears, Deedee: "So she is Goldilocks",
    Lou: "Yeah, and you're a stupid",
    Deedee: "I have just about had it with you Lou"
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.5 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iQB5AwUBQSi/EAEP2l8iXKAJAQHtcQMfdS521mcbHkvstiSAbzLf2aJpSOefTy ch
    Rw6Cb5LIuNp4XeOf29oR3kyA2uAFuvDfPtyXtmHkqfHte0/1DgCw7snZGpwyAo7E
    zmKVtuB+L9w66xmSC1U/7q8nf22n844WUIayeg==
    =KBNF
    -----END PGP SIGNATURE-----

  15. Re: PGP location

    -----BEGIN PGP SIGNED MESSAGE-----

    Paul O. BARTLETT wrote:

    | On Fri, 20 Aug 2004, Thomas J. Boschloo wrote:
    |
    |
    |>[trim]
    |
    |
    |>Are you using pgp 5 by any chance? If you do, *don't*. It has some
    |>serious flaws in it. Use PGP 2.6.2, 2.6.3i or GnuPG 1.2.5 instead.
    |
    |
    | Could you elaborate a little on this, please. At one point I was
    | thinking about setting up a (true) DOS system and was looking around
    | for a PGP to run on it. I never quite got things set up, but I did
    | find a port of version 5 that might run. What are the difficulties
    | with PGP 5? Thanks.

    http://www.kb.cert.org/vuls/id/JPLA-4PZR89
    http://www.cert.org/advisories/CA-2000-09.html

    Hi!
    Thomas
    - --
    Mean Guns, The Three Bears, Deedee: "So she is Goldilocks",
    Lou: "Yeah, and you're a stupid",
    Deedee: "I have just about had it with you Lou"
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.5 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iQB5AwUBQSjBsQEP2l8iXKAJAQHvCQMdGcrY1NFDGUx2HNKhcy 8CsYeSChl5MRx1
    OsEO1mgRSEHy+b7O2fzpSR5elkpBx4RSstIEw5zqmTH3hkSFWY PgmUhDE6yPkd63
    4triWzVYEohkBrPedpxrncAIfq4fX64Z5TwdFw==
    =3x5M
    -----END PGP SIGNATURE-----

  16. Re: PGP location

    "Thomas J. Boschloo" wrote in
    news:4128c212$0$146$3a628fcd@reader1.nntp.hccnet.n l:
    >
    > Clever ;-)
    > Thomas
    >

    < blush >

    Possibly more robust alternative:

    echo %path% | find/I "\dir\PGP" > nul
    if errorlevel 2 goto cantTell
    if errorlevel 1 goto addToPath
    goto isSet

    J
    --
    Replies to: Njk04s_130_p(at)Ojuno(dot)Tcom

  17. Re: PGP location

    David Shaw wrote in news:cga6s1$ph6$1
    @foobar.cs.jhu.edu:

    > Does PGP 5 have memory locking on windows?


    I don't know where to look, to find out for sure. I don't recall ever
    seeing this in the included documentation for any version.

  18. Re: PGP location

    -----BEGIN PGP SIGNED MESSAGE-----

    me@tadyatam.invalid wrote:
    | "Thomas J. Boschloo" wrote in
    | news:4128c212$0$146$3a628fcd@reader1.nntp.hccnet.n l:
    |
    |>Clever ;-)
    |>Thomas
    |>
    |
    | < blush >
    |
    | Possibly more robust alternative:
    |
    | echo %path% | find/I "\dir\PGP" > nul
    | if errorlevel 2 goto cantTell
    | if errorlevel 1 goto addToPath
    | goto isSet
    |
    | J

    #######
    @echo off
    :loop
    if "%1"=="" goto end
    echo %1
    shift
    goto loop
    :end
    #######

    Call this batch file from another batch file with something like "call x
    %path%" :-) This is about how extreme ms-dos gets I think ;-)

    Thomas
    - --
    Mean Guns, The Three Bears, Deedee: "So she is Goldilocks",
    Lou: "Yeah, and you're a stupid",
    Deedee: "I have just about had it with you Lou"
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.5 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iQB5AwUBQSjdGgEP2l8iXKAJAQEw5AMfahSKGxTkIFY0jYwZlt mSNjWq10f8h6Ez
    e0M4MLVXnv826+P36fp+T3ekL2dqMZUuEQrA0CuReyFNPQ8M4U cJunCN1WfJwuSl
    8ZQMz6abFAChNoy8V3UVC4CVbgH+X3GnupQBgQ==
    =xAan
    -----END PGP SIGNATURE-----

+ Reply to Thread