-----BEGIN PGP SIGNED MESSAGE-----

Jul wrote:

| Hi,
|
| Some question about batch PGP running:
| For example I need to run command from the location C:\dir1 but PGP files
| and the result encrypted file(s) have to be at D:\dir2
|
| I can do something like it:
| C:\dir1> D:\dir2\pgpe ......
|
| It works fine but PUBRING & SECRING have to be located at C:\dir1
| Also if my file , which I am going to encrypt not located at C:\dir1 and I
| specify path to the file then inside incrypted file will be something
like:
| C_dir1_filename.txt
|
| How I can fix these problems?

@echo off
path %path%;c:\dir\pgp
set pgppath=c:\dir1\pgp
if not "tz"=="" set tz=EST5EDT
d:
cd dir2\pgpe
pgp -se %1 jul -u jul +batchmode

Something like that? Note that the path statement will keep adding the
location of pgp until it runs out of environment space.

There is also a config.txt in pgp 2.6.3i you could use.

| I also found in documentation that I can specify another name of the
public
| ring:
| pgpe -r file --pubring=~/fooring.pkr
|
| but I can not specify the another location to the public ring. Does exist
| such possibility?

Are you using pgp 5 by any chance? If you do, *don't*. It has some
serious flaws in it. Use PGP 2.6.2, 2.6.3i or GnuPG 1.2.5 instead.

Thomas
- --
Mean Guns, The Three Bears, Deedee: "So she is Goldilocks",
Lou: "Yeah, and you're a stupid",
Deedee: "I have just about had it with you Lou"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQB5AwUBQSZWTQEP2l8iXKAJAQHcfAMfZYSOVbFK/9qqMHJNdaqN9G+ip69P0s0l
5DH9r/8qEHACoDnsXEaYlU8rAEF/sxaeC3A2FEJBGERT6/wOzuXGBMD++j5mo7vB
FWQL/Zs0i28gDezYWZRqcZjkO2x4rQtS1A9xyA==
=EZnf
-----END PGP SIGNATURE-----

"Thomas J. Boschloo" wrote in
news:412657b5$0$771$3a628fcd@reader10.nntp.hccnet. nl:

>
> @echo off
> path %path%;c:\dir\pgp
> set pgppath=c:\dir1\pgp
> if not "tz"=="" set tz=EST5EDT
> d:
> cd dir2\pgpe
> pgp -se %1 jul -u jul +batchmode
>
> Something like that? Note that the path statement will keep
> adding the location of pgp until it runs out of environment
> space.
> -snip-
>

Something like this
if (%PGPPATH%) == () path %path%;c:\dir\pgp
might prevent running out of env. space.

J
--
Replies to: Njk04s_130_p(at)Ojuno(dot)Tcom

On Fri, 20 Aug 2004, Thomas J. Boschloo wrote:

> [trim]

> Are you using pgp 5 by any chance? If you do, *don't*. It has some
> serious flaws in it. Use PGP 2.6.2, 2.6.3i or GnuPG 1.2.5 instead.

Could you elaborate a little on this, please. At one point I was
thinking about setting up a (true) DOS system and was looking around
for a PGP to run on it. I never quite got things set up, but I did
find a port of version 5 that might run. What are the difficulties
with PGP 5? Thanks.

--
Paul Bartlett
bartlett "at" smart "dot" net
PGP key info in message headers

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Paul O. BARTLETT" writes:
>On Fri, 20 Aug 2004, Thomas J. Boschloo wrote:

>> Are you using pgp 5 by any chance? If you do, *don't*. It has some
>> serious flaws in it. Use PGP 2.6.2, 2.6.3i or GnuPG 1.2.5 instead.

> Could you elaborate a little on this, please. At one point I was
>thinking about setting up a (true) DOS system and was looking around
>for a PGP to run on it. I never quite got things set up, but I did
>find a port of version 5 that might run. What are the difficulties
>with PGP 5? Thanks.

AFAIK the main problem with pgp5, is that is improperly uses
"/dev/random", so that in some circumstances it may generate keys
based on insufficient entropy.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (SunOS)

iD8DBQFBJrtpvmGe70vHPUMRAgr2AKCnsZf7rkyfsXW9/384geAkGBD7xwCeNk3I
1/9DOPvIk6bzDsX8b5xF5d0=
=9DQ/
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Neil W Rickert wrote in
news:cg6e1d$bcr$1@usenet.cso.niu.edu:

> AFAIK the main problem with pgp5, is that is improperly uses
> "/dev/random", so that in some circumstances it may generate keys
> based on insufficient entropy.

"Under certain circumstances, PGP v5.0 generates keys that are not
sufficiently random, which may allow an attacker to predict keys and,
hence, recover information encrypted with that key." This affects
UNIX/Linux systems, but is not an issue for Windows users.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

iQEVAwUBQSc8CGDeI9apM77TAQK2oAf/UFcfgkCAW0W5A5yHvrFa0h/b2EOekmwS
IAHWyOWKNR2OJCN6lDrhbg90uZEso1xhcl5Ai0+npbJx9WBE5I uqjLKYri93x8GD
mxQdUbv6PraFcz4KdC8Oc3u+vIHJP4zWT6CehncNfVnYy4YuAg nI8QNqHw4Utmhk
i2HisnGu34Rulcfd619yozJdBWGFDEnKZbvi+oq3Hv1qIewIDS vnBQ5IaqUau6Y9
xJdcPhL9zA52yMY00gjhJzyFhDwZ++1vedQGZzu6698OV71Qi9 161QuWFDzTxoLe
e7q63aIocbhJXe3daWinWPDQOrOwhvx4QbyJ4MMPmTvEP0V4a6 fMqA==
=jukr
-----END PGP SIGNATURE-----

In comp.security.pgp.discuss Tom McCune wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Neil W Rickert wrote in
> news:cg6e1d$bcr$1@usenet.cso.niu.edu:
>
>> AFAIK the main problem with pgp5, is that is improperly uses
>> "/dev/random", so that in some circumstances it may generate keys
>> based on insufficient entropy.
>
> "Under certain circumstances, PGP v5.0 generates keys that are not
> sufficiently random, which may allow an attacker to predict keys and,
> hence, recover information encrypted with that key." This affects
> UNIX/Linux systems, but is not an issue for Windows users.

This is true, but there are literally dozens of other reasons not to
use PGP 5. There have been years of development between 5 and now.
There have been tens of thousands of changes and improvements to the
PGP code. PGP 5 doesn't even work properly with many common keys.

PGP 2 has better support than PGP 5.

David

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shaw wrote in
news:cg7r0j$43o$1@foobar.cs.jhu.edu:

>>> AFAIK the main problem with pgp5, is that is improperly uses
>>> "/dev/random", so that in some circumstances it may generate keys
>>> based on insufficient entropy.
>>
>> "Under certain circumstances, PGP v5.0 generates keys that are not
>> sufficiently random, which may allow an attacker to predict keys and,
>> hence, recover information encrypted with that key." This affects
>> UNIX/Linux systems, but is not an issue for Windows users.
>
> This is true, but there are literally dozens of other reasons not to
> use PGP 5. There have been years of development between 5 and now.
> There have been tens of thousands of changes and improvements to the
> PGP code. PGP 5 doesn't even work properly with many common keys.
>
> PGP 2 has better support than PGP 5.

I was clarifying the report on week key generation, as to it only
affecting Unix/Linux users - that is not a reason for Windows user to
avoid using PGP 5.0. I agree that there have been many improvements in
PGP since version 5.0, but there are no major security flaws in what is
there (when used in Windows). Actually, the lack of ADK support could be
seen as a reason for it being considered more secure than newer versions.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

iQEVAwUBQSemh2DeI9apM77TAQJQgAf/Vl81I034Fb7dN3Skjn+myauP62iQ0WU6
dCBK2MoC4dTCaCAGRtdaWZJ/E2F+QvN/woMEsLSqgmZt3rUjYubX+Hfz7ZcmhL82
Jdjeviql7ue9L8ipNS3JkcY91AssKwt0oay7hTgHtU8+tiaqIn VH3vFGGt0pi45k
cQj9mTAAUKxqvCVFQ3p8zCIs3dtKC5F/hHfRRnp4P5Y0AayAuM0fPxs6UimOcFoK
tBITpMFzd7bsr0YYeTyt3jaIC41H7+0lyu5e/dW/0Qk/HPXPoK7sN8IbqQKj8kni
umVFePRMKUFPzKlLSrG1/RYCXlmpbNJJPCY9zBx6Y7PiPj5IqedKdg==
=lNTj
-----END PGP SIGNATURE-----

In comp.security.pgp.discuss Tom McCune wrote:

> David Shaw wrote in
> news:cg7r0j$43o$1@foobar.cs.jhu.edu:
>
>>>> AFAIK the main problem with pgp5, is that is improperly uses
>>>> "/dev/random", so that in some circumstances it may generate keys
>>>> based on insufficient entropy.
>>>
>>> "Under certain circumstances, PGP v5.0 generates keys that are not
>>> sufficiently random, which may allow an attacker to predict keys and,
>>> hence, recover information encrypted with that key." This affects
>>> UNIX/Linux systems, but is not an issue for Windows users.
>>
>> This is true, but there are literally dozens of other reasons not to
>> use PGP 5. There have been years of development between 5 and now.
>> There have been tens of thousands of changes and improvements to the
>> PGP code. PGP 5 doesn't even work properly with many common keys.
>>
>> PGP 2 has better support than PGP 5.
>
> I was clarifying the report on week key generation, as to it only
> affecting Unix/Linux users - that is not a reason for Windows user to
> avoid using PGP 5.0. I agree that there have been many improvements in
> PGP since version 5.0, but there are no major security flaws in what is
> there (when used in Windows). Actually, the lack of ADK support could be
> seen as a reason for it being considered more secure than newer versions.

I'm talking about security improvements. PGP 5 hasn't had the benefit
of the past 4 or so years of work, including security improvements.
For example, it does not have MDC (and is thus vulnerable to a
chosen-ciphertext attack: http://www.schneier.com/paper-pgp.html)

David

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shaw wrote in
news:cg8h1u$m95$1@foobar.cs.jhu.edu:

>> I was clarifying the report on week key generation, as to it only
>> affecting Unix/Linux users - that is not a reason for Windows user to
>> avoid using PGP 5.0. I agree that there have been many improvements
>> in PGP since version 5.0, but there are no major security flaws in
>> what is there (when used in Windows). Actually, the lack of ADK
>> support could be seen as a reason for it being considered more secure
>> than newer versions.
>
> I'm talking about security improvements. PGP 5 hasn't had the benefit
> of the past 4 or so years of work, including security improvements.
> For example, it does not have MDC (and is thus vulnerable to a
> chosen-ciphertext attack: http://www.schneier.com/paper-pgp.html)

I am in agreement that newer versions have improvements and should be
used. However, at least for Windows users, PGP 5.0 does not have any
major weakness for what it does. The lack of MDC is not a major
weakness, and the described chosen-ciphertext attack is easily avoided:
http://www.mccune.cc/PGPpage2.htm#Chosen-Ciphertext

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

iQEVAwUBQSfkomDeI9apM77TAQKJwQgAmtYjIsTyCgYGm5iW5f LgvTCLRE8DOid0
5d/Jc2VDSldObCls46GZe3IlEnfy4nm9MxIX9azNnCmq2v9mueumr E/tFF4d2Wiz
YalbpannB9lM4j8hdHgSY35LIxGh9JUSEK8dEepZqkzdUklLr0 w6c0NtFDUkm7HA
v8wVf0sPZ+KjjmQe2Plo3QSHf8HuSveRVsMyN5gerAbqqeGyLd IuvrZ8GgnxRIum
4H6mZRrGUs0ObN8NnxEm3qsFzzZzheVxKdMJGl00w1rLZ9cQQW DmFv0zX/NjExbY
4uJgHEuy7RberGDGFh1OiRWCq3thhc0IBARSk+RDySef+Szgz3 NQ7A==
=qDiG
-----END PGP SIGNATURE-----

Tom McCune wrote:

>Actually, the lack of ADK support could be seen as a reason for it being
>considered more secure than newer versions.

Why not use the win32 version of GnuPG is that's an issue? GnuPG silently
ignores ADK's. The OP wanted a commandline version, so that's a good match.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

johanw@vulcan.xs4all.nl (Johan Wevers) wrote in
news:I2tGMp.37n@vulcan.xs4all.nl:

>>Actually, the lack of ADK support could be seen as a reason for it
>>being considered more secure than newer versions.
>
> Why not use the win32 version of GnuPG is that's an issue? GnuPG
> silently ignores ADK's. The OP wanted a commandline version, so that's
> a good match.

Personally, if I was interested in command line usage, I would give GPG
serious consideration. My only hesitancies would be GPG's lack of memory
locking when run from Windows, a desire for GUI based key management, and
a likely desire to use one set of key rings for all PGP/GPG usage.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

iQEVAwUBQSiRRWDeI9apM77TAQIeWAgAgOvXZYv3CW9vSL3DHy D/CJIigRQtZU95
Agdf5CTMUD/ks72hB5Rxc/c0PmTjP9bhXiQECWR7ENGSmJkRrIT7VjM3vbAiWaL4
QkGDsqPXbkgwpHqB44nmC8PwxmLjiGcY0x4gXe4Uk/b6Up17sKBG8cPvlS4PB2o5
wyeYn/Kep8wBY5eHWRpFl0mzsiwZUXSo8lVYvB3ZokOjBJiaXYR/LtcMvd9o8ysN
GTj4bVEo+I/opdKdNGQr3V/hjUEVB45tE5He0K1mg+/sXLB52/oZzkO1cEiJriZ9
lDKxcZInoCAoJjd3Wap9GK+dEbyzFocEII/RufdOYFnu6gDCMqdLew==
=VrN4
-----END PGP SIGNATURE-----

In comp.security.pgp.discuss Tom McCune wrote:

> johanw@vulcan.xs4all.nl (Johan Wevers) wrote in
> news:I2tGMp.37n@vulcan.xs4all.nl:
>
>>>Actually, the lack of ADK support could be seen as a reason for it
>>>being considered more secure than newer versions.
>>
>> Why not use the win32 version of GnuPG is that's an issue? GnuPG
>> silently ignores ADK's. The OP wanted a commandline version, so that's
>> a good match.
>
> Personally, if I was interested in command line usage, I would give GPG
> serious consideration. My only hesitancies would be GPG's lack of memory
> locking when run from Windows, a desire for GUI based key management, and
> a likely desire to use one set of key rings for all PGP/GPG usage.

Does PGP 5 have memory locking on windows?

David

-----BEGIN PGP SIGNED MESSAGE-----

me@tadyatam.invalid wrote:
| "Thomas J. Boschloo" wrote in
| news:412657b5$0$771$3a628fcd@reader10.nntp.hccnet. nl:
|
|
|>@echo off
|>path %path%;c:\dir\pgp
|>set pgppath=c:\dir1\pgp
|>if not "tz"=="" set tz=EST5EDT
|>d:
|>cd dir2\pgpe
|>pgp -se %1 jul -u jul +batchmode
|>
|>Something like that? Note that the path statement will keep
|>adding the location of pgp until it runs out of environment
|>space.
|>-snip-
|>
|
|
| Something like this
| if (%PGPPATH%) == () path %path%;c:\dir\pgp
| might prevent running out of env. space.

Clever ;-)
Thomas
- --
Mean Guns, The Three Bears, Deedee: "So she is Goldilocks",
Lou: "Yeah, and you're a stupid",
Deedee: "I have just about had it with you Lou"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQB5AwUBQSi/EAEP2l8iXKAJAQHtcQMfdS521mcbHkvstiSAbzLf2aJpSOefTy ch
Rw6Cb5LIuNp4XeOf29oR3kyA2uAFuvDfPtyXtmHkqfHte0/1DgCw7snZGpwyAo7E
zmKVtuB+L9w66xmSC1U/7q8nf22n844WUIayeg==
=KBNF
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----

Paul O. BARTLETT wrote:

| On Fri, 20 Aug 2004, Thomas J. Boschloo wrote:
|
|
|>[trim]
|
|
|>Are you using pgp 5 by any chance? If you do, *don't*. It has some
|>serious flaws in it. Use PGP 2.6.2, 2.6.3i or GnuPG 1.2.5 instead.
|
|
| Could you elaborate a little on this, please. At one point I was
| thinking about setting up a (true) DOS system and was looking around
| for a PGP to run on it. I never quite got things set up, but I did
| find a port of version 5 that might run. What are the difficulties
| with PGP 5? Thanks.

http://www.kb.cert.org/vuls/id/JPLA-4PZR89
http://www.cert.org/advisories/CA-2000-09.html

Hi!
Thomas
- --
Mean Guns, The Three Bears, Deedee: "So she is Goldilocks",
Lou: "Yeah, and you're a stupid",
Deedee: "I have just about had it with you Lou"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQB5AwUBQSjBsQEP2l8iXKAJAQHvCQMdGcrY1NFDGUx2HNKhcy 8CsYeSChl5MRx1
OsEO1mgRSEHy+b7O2fzpSR5elkpBx4RSstIEw5zqmTH3hkSFWY PgmUhDE6yPkd63
4triWzVYEohkBrPedpxrncAIfq4fX64Z5TwdFw==
=3x5M
-----END PGP SIGNATURE-----

"Thomas J. Boschloo" wrote in
news:4128c212$0$146$3a628fcd@reader1.nntp.hccnet.n l:
>
> Clever ;-)
> Thomas
>
< blush >

Possibly more robust alternative:

echo %path% | find/I "\dir\PGP" > nul
if errorlevel 2 goto cantTell
if errorlevel 1 goto addToPath
goto isSet

J
--
Replies to: Njk04s_130_p(at)Ojuno(dot)Tcom

David Shaw wrote in news:cga6s1$ph6$1
@foobar.cs.jhu.edu:

> Does PGP 5 have memory locking on windows?

I don't know where to look, to find out for sure. I don't recall ever
seeing this in the included documentation for any version.

-----BEGIN PGP SIGNED MESSAGE-----

me@tadyatam.invalid wrote:
| "Thomas J. Boschloo" wrote in
| news:4128c212$0$146$3a628fcd@reader1.nntp.hccnet.n l:
|
|>Clever ;-)
|>Thomas
|>
|
| < blush >
|
| Possibly more robust alternative:
|
| echo %path% | find/I "\dir\PGP" > nul
| if errorlevel 2 goto cantTell
| if errorlevel 1 goto addToPath
| goto isSet
|
| J

#######
@echo off
:loop
if "%1"=="" goto end
echo %1
shift
goto loop
:end
#######

Call this batch file from another batch file with something like "call x
%path%" :-) This is about how extreme ms-dos gets I think ;-)

Thomas
- --
Mean Guns, The Three Bears, Deedee: "So she is Goldilocks",
Lou: "Yeah, and you're a stupid",
Deedee: "I have just about had it with you Lou"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQB5AwUBQSjdGgEP2l8iXKAJAQEw5AMfahSKGxTkIFY0jYwZlt mSNjWq10f8h6Ez
e0M4MLVXnv826+P36fp+T3ekL2dqMZUuEQrA0CuReyFNPQ8M4U cJunCN1WfJwuSl
8ZQMz6abFAChNoy8V3UVC4CVbgH+X3GnupQBgQ==
=xAan
-----END PGP SIGNATURE-----