[Gpg4win-users-en] How to do symmetric encryption in GPG4win through the GUI?

Juan Miguel Navarro Martínez juanmi.3000 at gmail.com
Tue Aug 16 20:49:00 CEST 2016


Windows 10, 1607.

Tested as well, it's not a hanging problem, but a pop-up position problem.

1) Right-click file from explorer
2) Select GpgEX > Encrypt
3) Uncheck all but "Encrypt with password. [...]"
4) A pinentry pop-up with "Enter passphrase", "Passphrase:" and a text
box to input the password will appear.
5) After inputting the password and clicking OK, an unfocused pinentry
pop-up will appear at the center which may be hidden by other windows.
The new pop-up differs in having "Please re-enter this passphrase".
6) After confirming the password and clicking OK, it should have succeeded.

On 2016-08-16 at 20:26, Frank Siebenlist wrote:
> We’ve been trying to test the symmetric key encryption in file system explorer with "gpg4win-3.0.0-beta181.exe” on windows 10,
> but it seems to hang after entering the password.
> (deselected Sign as, Encrypt for me, Encrypt for others - only selected Encrypt with password)
> 
> I do not want to spend too much time debugging and this may not be the right mailing list, but some trivial issues could be windows 10 support?
> 
> Thanks, Frank.
> 
> "Security at the expense of usability comes at the expense of security.” — Avi Douglen
> 
>> On Aug 16, 2016, at 9:01 AM, Frank Siebenlist <frank.siebenlist at 23andme.com> wrote:
>>
>> Hi Andre,
>>
>> Thanks very much for the quick and detailed response!
>>
>> I’ve added replies in-line.
>>
>>
>>> On Aug 15, 2016, at 11:53 PM, Andre Heinecke <aheinecke at intevation.de> wrote:
>>>
>>> Hi,
>>>
>>> On Monday 15 August 2016 16:34:11 Frank Siebenlist wrote:
>>>> We’re trying to exchange encrypted files between Macs and PCs, using
>>>> MacGPG/GPGTools and Gpg4Win.
>>>>
>>>> Encryption is through symmetric encryption with a passphrase.
>>>> (please refrain from telling me to use public key encryption ;-) )
>>>
>>> Could you roughly outline what your use case for this is?
>>> We had a bit of a discussion if / how we should add symmetric encryption to
>>> the UI and what the use cases for that could be.
>>
>>
>> We’re a personal genetics company and share encrypted PII/PHI/anonymized phenotype/genotype data with our research partners.
>> For the encryption, we (mostly) use PGP/GPG.
>>
>> The use of full-fledged PGP with public key certificates has been and remains a challenge for the non-security savvy researchers and even IT/Ops folks.
>> (only a few month ago we were sent data encrypted with a partner’s public key accompanied by the associated private key in the clear… those were engineers with a CS degree…)
>>
>> When we have a simple collaboration, we try to establish a single symmetric key shared between the parties, and use that to encrypt/decrypt the shared files.
>> It seems that the concept of a single shared secret is easier to comprehend by our users than public keys with certificates with trust levels with key servers with…
>> For one-on-one collaborations the shared symmetric keys seem manageable by our users without much hand-holding.
>>
>> The integration with the Mac’s file manager (Finder) for symmetric encryption is fairly easy and intuitive, and our users have no issues with it.
>> We now have a research partner that uses PCs, and I was hoping that a similar solution would exist… which brought me here ;-)
>> I really would prefer to stay with the GPG code base if we can.
>>
>> We use secret managers (1PasswordTeams) to generate and manage the passphrases/shared-secrets.
>>
>> Hopefully that explains our use cases and requirements.
>>
>>
>>>
>>>> On the Mac we have the option to symmetrically encrypt/decrypt through the
>>>> GUI, but on the PC, reading the docs, I cannot find that option in the GUI
>>>> of Gpg4Win. (unfortunately, I have only access to a Mac but have to support
>>>> PC users remotely…)
>>>
>>> The bad news is that currently Gpg4win-Stable does not have the option.
>>>
>>> The Good news is that our next major upgrade (3.0) will have that option:
>>>
>>> http://files.intevation.de/users/aheinecke/sigencfiles-new.png
>>>
>>> This is how the new Sign / Encrypt Files dialog looks like and there the
>>> "Encrypt with password" checkbox enables symmetric encryption. If you disable
>>> sign and "Encrypt for me" this results in Symmetric only encryption.
>>>
>>> The eta of that version is still a bit in the future (end of year) and
>>> especially that dialog is likely to see some more changes regarding layout and
>>> behavior.
>>>
>>> You can obtain the latest beta installers of gpg4win-3.0 from:
>>>
>>> https://wiki.gnupg.org/Gpg4win/Testversions
>>
>>
>> I’ll check out the beta version. The screen shot shows a dialog similar to the Mac. Looks good!
>>
>> If it is “stable" in the sense of not crashing and doing what it supposed to do… I will probably expose our users to it - unless you recommend otherwise (?).
>> (not so worried about changes in the dialog lay-out and such)
>>
>>
>>>> The following thread from 2012:
>>>> http://marc.info/?l=gpg4win-users-en&m=133614296410301
>>>> seems to hint that you can only do that through the command line and not
>>>> through the file-explorer integration.
>>>>
>>>> Is that still the case?
>>>
>>> For gpg4win-2.3.2 this is still the case. You could work around that if you
>>> write a batch file that sets up the command line call and then configure windows
>>> to associate .gpg files to be opened with that batch file as the passphrase
>>> entry will be GUI.
>>
>>
>> Understood.
>> Unfortunately that only solves the decryption of files through the file manager and the encryption would have to be done through the CLI still - right?
>>
>>
>> Regards, Frank.
>>
>> "The user's going to pick dancing pigs over security every time.”  — Bruce Schneier
> 
> 
> 
> _______________________________________________
> Gpg4win-users-en mailing list
> Gpg4win-users-en at wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en
> 

-- 
Juan Miguel Navarro Martínez

GPG Keyfingerprint:
5A91 90D4 CF27 9D52 D62A
BC58 88E2 947F 9BC6 B3CF

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20160816/33a42c72/attachment-0001.sig>


More information about the Gpg4win-users-en mailing list