[Gpg4win-users-en] question on Kleopatra

[Bernhard Reiter]

Randall,

Am Freitag, 5. Oktober 2012 19:03:37 schrieb Randall:
> why does Kleopatra
> have to run when I am simply trying to run simple gpg on just a file?

Kleopatra is a Gnupg user interface service (as is GPA for instance)
and a graphical user interface to a number of Gnupg backend functions.

You can use the crypto backend on the command line itself, 
like calling gpg2.exe directly. Then you don't need Kleopatra or any other 
gnupg user interface server. So they do not need to run.
If I remember correctly, the default installation may start this service
once you've installed Gpg4win, because most users will benefit from Kleopatra.

Note that even if you run gpg2.exe or gpgsm.exe on the command line,
you still would need to have a way to enter or possibly remember your 
passphrases. The default and standard service for this is an agent service 
and the running service is the gpg-agent. This agent can open a graphical
passphrase entry dialog on screen, but you can also configure it to
use a terminal character only passphrase entry dialog.
You could let gpg2.exe or gpgsm.exe start a gpg-agent on the fly
for just one operation. Usually is it useful to have one running per user, 
though.

> I am concerned about security risks, so I am assuming that Kleopatra is
> fully trusted?

The short answer: Yes.

The slightly longer answer: 
Any software has defects - so does Kleopatra and GnuPG. The components of the 
Gnupg package are designed to be smaller and can allow themselfs to not deal 
with complex graphical user interfaces. Because of this, the chance they have
security problems is significantly lower than for Kleopatra (or GPA).
Kleopatra draws in a lot of dependencies, because it deals with graphical user 
interfaces and utilised libraries like the KDE Plattform 4 and Qt. So it is 
bigger and has a higher chance of defects. The situation with GPA is 
similiar. On the other hand, if you make mistakes as a user when handling the 
certificates and their trust level, this will also lower your level of 
safety. A good interface can help avoiding these mistakes. Kleopatra and GPA
are attempts to build good graphical interfaces. If done well the increase of 
usability outweight the drawbacks of the size.

The long answer:
Trust is a complex topic in terms of security. You would need to secure the 
weakest link first. If you think about what else you are running with the 
same level of proviledges on your operating system and the operating system 
itself, you'll have a lot to discuss. Of course all components of the stack, 
including Kleopatra and Gnupg need regular maintenance. Okay, I cannot manage 
to really answer this here. Probably a more general security or crypto 
mailinglist would be a better place. There are also a larger number of books 
on the topic. First define your security goals, then analyse your threads and 
how they are migitated. Then think about the full stack, including the 
hardware and procedures. In the end you know if you can fully trust one of 
the components like Kleopatra to fully meet your security needs. If differs 
from setting to setting of course.

> Please let me know, since I and one other party are probably going to
> work with Gpg4win.

I've attempted three answers above, hope it was helpful. :)

Best Regards,
Bernhard

-- 
www.intevation.de/~bernhard (CEO)    www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20121010/32841997/attachment.sig>