Domain: gpg4win.org
Stories and comments across the archive that link to gpg4win.org.
Comments · 17
-
Re:How long has Podesta's email been compromised?
If it is a backup then you have at least a second copy. If it is an important document keep multiple copies. USB flash drive are cheap and there are good options for encryption available. So the solution is to just backup the stuff you don't want to loose and if bringing someplace else where others would have access just encrypt it. I have copies of my important data in several places on USB drive, one in my desk at home, one in my pocket, one in the fire chest at home, one in my desk at work. All of the data is encrypted with a strong password.
-
Re:Another bad omen for privacy and security
I don't use GPG to encrypt my email, for example, because nobody I know has anything installed capable of decrypting is or even verifying the signature.
I always sign my mail and follow a couple of mailing lists where gpg usage is not uncommon.
Sorry, I rambled on a bit there, but the point is, there's no real support or infrastructure for this kind of encryption.
Well, it's "some" better. The gpg4win download contains everything a windows user needs because it includes the windows version of claws mail, which has gpg support built in; the windows version of Kleopatra and GPA, two GUI's for gpg.
And the gpg4win documentation is "somewhat" better than it used to be. At least the PDF version is,
http://wald.intevation.org/frs...
the HTML version still has sucky navigation:
http://www.gpg4win.org/doc/en/...
It's not built into the applications that people already use, so they have to get multiple plugins, and then other supporting files for those plugins.
Thunderbird really needs gpg support built in by default, like claws mail does. Technically the gpg support in claws-mail is also a plugin, but the plugin is included by default.
It's just a mess before you even get to key management, and there's not really a good, iron-clad key management system.
I'm not sure what you mean by that? But yes, it's not optimal on Windows. For us Linux users it's much easier because gpg is usually installed by default and every thing we need is a "yum install" or "apt-get install" away
-
Re:Perhaps he should make his software easier to u
It's not that hard to use, there are GUI tools for gpg use on all platforms. Heck, I created my old key using GPA (gnu privacy assistant) a GUI interface to gnupg, since I couldn't get enough entropy on the command line. (As an aside, I created that key on a Playstation 2 Linux kit) I was/am no genius either. GPG4Win uses Kleopatra to interface with gpg, which is nice. Take a look at the PDF documentation on the gpg4win website
-
Re:usability
Remember that Werner's native language isn't English. I think the PDF version of the Documentation is fairly good. The HTML version...could use a bit more work on the navigation interface.
-
Time to use encryption.
http://www.whispersys.com/
http://www.cypherpunks.ca/otr/
http://www.gpg4win.org/Encrypt your text. Authenticate your text via digital signature. Avoid all contact with minors or strange individuals who cannot or will not encrypt or authenticate their communications.
-
Some software that you should look at
http://www.gnupg.org/ - The GNU Privacy Guard
http://getfiregpg.org/ - FireGPG, "encrypt, decrypt, sign or verify the signature of text in any web page using GnuPG" (untested by me).
https://addons.mozilla.org/en-US/firefox/addon/3424 - another Firefox extension, also untested.
https://addons.mozilla.org/en-US/firefox/addon/3208 - another one that may be useful (untested).http://www.gpg4win.org/ - something for MS Windows
Remember folks, even if you aren't in the UK, this still affects you! If you communicate with people in the UK, if you have email based in the UK (I have a Yahoo.co.uk email address, in addition to my 50 other email addresses...), etc.
...It is as simple as installing Firefox, installing GNUPG, and installing that extension that lets you encrypt text fields when you are emailing...
And don't forget TrueCrypt http://truecrypt.org/ though it isn't strictly relevant in this case, it is always relevant.
-
Time to Start Encrypting!
The only thing I can say, is I've started some major "learning" about encryption and various other personal privacy applications.
So far, what I've found and like are:
TrueCrypt - "On-The-Fly" Disk/Storage Encryption. Actually, I've been using this for 24 hours and love it. I've also seen great reviews of this, and some of its very interesting features, such as plausible deniability. Oh, and its Free Open Source Software. Available for Windows 2K/2K3/XP/Vista, Linux, and soon MacOS (v5.0, due in Jan 08)
KeePass - Encrypted Password Storage Database. I've been using this for years, and love it. Also good reviews. If you wish to try it, there are two versions, v1.x and v2.x. v1.x (1.10 being current) is the original independent version. Can be run standalone, no system requirements (.Net or the like). Can be run from a USB Key. v2.x (2.04 being current) is a total rewrite of the application based on the .Net libraries and are required. This version is ALPHA quality and does not yet meet the current functionality of the 1.x branch. This was started due to the fact of people requesting features that would require significant rewrites to implement. Also FOSS. Available for Windows 98/98SE/ME/NT/2K/XP/2K3/Vista 32 and 64 bit. Third party ports also available for PocketPC, Linux, MacOSX, J2ME, Blackberry, PalmOS.
Gnu Privacy Guard - An open source PGP implementation. I use a port of this, GPG for Windows. It seems a bit clunky, and am actively looking for something to replace it so suggest away if you do know something better. I will say though that it does work as advertised, and its FOSS. GPG is distributed mainly as source code I believe, where as G4W is as binaries.
People have looked at some of us who use PGP/GPG, and other encryption/digital signatures for a few years with the look of "why do I need that, I have nothing to hide." I keep waiting for people to finally wake up and realize that the concept of "inherent privacy" (meaning anything not actively publicly published is not publicly known) is gone. We have entered the age of "explicit privacy." If you want something to be private, you must make explicitly so, especially on your computer, with these recent news articles of laptops being fair searching territories at Customs, or the reports that the NSA has feeds from AT&Ts offices to intercept everything. -
Re:Let them read... my headers.
It so happens that this package (http://www.gpg4win.org/) has an Outlook plugin for those so inclined.
-
Re:Secure your email
wtf? GPG works just fine with Outlook. See http://www.gpg4win.org/
-
Re:Try Claws Mail
According to the features list it has full GPG support. In fact, the windows port is actually bundled with the Gpg4win project.
I'm considering moving "my people" to Claws -- Thunderbird at its best is an elegant and powerful creation, but it still hasn't really hit the sweet spot for us because of its various quirks, including difficult address book file format, awkward search interface, lousy wrapping, and reliance on the mbox format for mail storage (which results in the occasional quarantined inbox.) And now with this repeated organization reshuffling and loss of key personnel, I don't believe things will be getting better anytime soon. (Prove me wrong, folks!)
-
Re:Sylpheed Claws
Sure it's available for windows. It even comes packages with GPG. What more could anyone want?
-
Re:Useless if GMail accessed only via POP3
-
ridiculous
This won't solve a thing. It is trivial to fake headers; apparently the author did not do his homework. I could easily set up a spam spew to send phishing email from say, www.bankofamerica.safe or the like. A better, more practical solution is to use email signing like OpenPGP or GNUPGP. This is much, much harder to fake. See the Wikipedia article subsection Security quality. Bank customers simply obtain the PGP public key from the bank's website and use it to validate any email received. This will put the phishers to bed (at least for a long while) as it will be virtually impossible to fake the PGP signature. The next thing you do is educate the public about email signing and verification. It is not terribly difficult to use and deploy as there are freely available PGP plugins for popular email clients. GPG4Win is a complete installer that contains plugins for Mozilla Thunderbird, Outlook 2003, and Outlook Express. Read about it at http://www.gpg4win.org/.
-
Re:Speaking of PGP...
Enigmail for Thunderbird has others have mentioned
And also, Gpg4Win as no one else has mentioned. Very nice package...with a tray icon for encrypting/decrypting. Installs a shell extension for explorer too. Fantastic setup. -
Getting Started with PGP and GPG
Uncanny timing on this article for me -- I just this morning set up both PGP and GPG clients on my Windows machine. I found some inspiration in this tutorial on PGP:
http://www.haltabuse.org/pgp/win/index.shtml
The tutorial talks about version 7 or 8 of the software when it was still freeware. Version 9 it appears still offers the basic functionality for free, but I have to admit that I was a bit put off by the fact that it's presented as a 30 day trial with a EULA that includes passages like this:
You hereby expressly consent to PGP Corp's processing of personal data you provide to PGP Corp (which may be collected by PGP Corp or its distributors) according to PGP Corp's current privacy policy which is incorporated into this Agreement by reference (see ). If "you" are an organization, you will ensure that each member of your organization (including employees and contractors) about whom personal data may be provided to PGP Corp has given his or her express consent to PGP Corp's processing of such personal data. Personal data will be processed by PGP Corp or its distributors in the country where it was collected, or in the location of PGP Corp or its distributors; United States laws regarding processing of personal data may be less stringent than the laws in your jurisdiction.
Standard EULA boilerplate perhaps, but I found it unnerving in a product that's supposed to protect your privacy.
I also downloaded GPG4Win from
http://www.gpg4win.org/
and got it running. I just succeeded in encrypting a message with the one and decrypting it with the other, so I think I'll go with GPG.
Amazing that such tools aren't de rigueur by now. -
Re:Outlook plugin?
Well, it doesn't do absolutely everything on your list but it's a pretty good start: http://www.gpg4win.org/.
It does the first two, and the third - it does cache passphrases for short periods of time. I don't know off the top of my head how to change the cache duration, but there should be a config option somewhere.
Sending encrypted or signed email is just a matter of two toggles in a toolbar on every email - you should be able to change a setting somewhere so they always default to on (right now they default to off unless I'm replying to a PGP-encrypted/signed email).
It is GPL.
As for this:
* Attach the pubkey to all outgoing mails where the address isn't in my keyring.
Seems like it would be a pretty easy addition to the existing GPG4Win codebase.
* Automatically (just ask for password confirmation or something) addition of incoming pubkeys to my keyring.
Not sure about this since I don't think I ever get such emails, but I believe you can just double click on a pubkey attachment in the correct format and it will open it in WinPT, the key management software packaged with GPG4Win.
* The people who got the pubkey would also get a link to where to download the plugin.
This is trivial if you are already attaching the pubkey, just stick a link in your sig.
The one thing GPG4Win needs is some English documentation - it's got decent documentation, but in German only. A bit more professional looking web design would be nice too. And some parts of the software feel a touch rough around the edges, but overall it "just works" most of the time. -
GPG4WIN
http://www.gpg4win.org/
.. supports Outlook 2003!