Welcome Guest.   Make a donation to an author on the site April 24, 2014, 05:26:40 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
View the new Member Awards and Badges page.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: SOVLED: Checking .asc files with GUI  (Read 2375 times)
bastik
Supporting Member
**
Posts: 12


View Profile Give some DonationCredits to this forum member
« on: February 27, 2012, 12:16:19 PM »

Problem: Checking .asc files under windows is painful.

There's certainly a need for it.

Background: Some developers sign theier software with PGP or GPG.
GPG is a command line tool and there fore requires some typing.

Normal work flow:
- Download software and signature file. (Lets asume to C:\Download)
- Open CMD
- type "C:\Program Files\Gnu\GnuPg\gpg.exe --verify C:\Download\Installer.exe.asc C:\Download\Installer.exe (note it's C:\Program Files (x86) for 64bit systems)

Technical background:
- gpg.exe require the public key of the signer
- gpg.exe checks the checksum of installer.exe and the signature, both have to be vaild
- gpg.exe returns:

gpg: Signature made TTT MMM YYYY hh:mm:ss AM/PM EDT using RSA key ID [ID]
gpg: Good signature from "[Name] <[email]>"
gpg:                 aka "[Name] <[email]>" {if any, can be more than one}
gpg: WARNING: This key is not certified with a trusted signature! {whenever it's a known key, but no trust level is set}
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: HXHX HXKX HXHX HXHX HXHX  HXHX HXHX HXHX HXHX HXHX {hex fingerprint}
when everything is OK.

A tool should make this easier.

The tool should allow selection of an .asc file (one at a time seems to be OK) and the corresponding  signed download (can be anything, and maybe is not named) and pass those information to gpg.exe and return the results to the user. It's a GUI for gpg.exe, I think. Well not a fully GUI, just for the verification function. The tool just passes everything to gpg.exe and does not do any cryptographically related work.

Requirements:
- Allow path selection for singature file (.asc)
- Allow path selection for signed file
- Return the results

Optional:
- Allow selection of the path where gpg.exe is installed
- Interpret the results and give user-friendly feedback*
- portable
- or a shell extension (right click menu)
- Whenever the tools parses/interprets the results it would be cool when it could remember the ID and the fingerprint and warn when both don't match on the next check.

* E.g.
"[Signed file] was signed at TT MM YYYY hh:mm:ss AM/PM with key [ID] by [Name] [email]! The signature is vaild! Key Fingerprint: [HXHX .....]. Details"
Where details is a button or link, that shows the full results.

"The key [ID] is not know." or "The key [ID] is not in your keyring. Please add it to your keyring." Whenever the public key of the signer is not know to gpg.exe
Logged
MilesAhead
Member
**
Posts: 4,468



View Profile Give some DonationCredits to this forum member
« Reply #1 on: February 27, 2012, 03:24:29 PM »

I don't use GPG so I can't tell how useful this utility is or isn't:

http://www.softpedia.com/...ity-Related/GPGView.shtml
Logged

"I don’t want to belong to any club that would have me as a member."
 - Groucho Marx

bastik
Supporting Member
**
Posts: 12


View Profile Give some DonationCredits to this forum member
« Reply #2 on: February 28, 2012, 01:57:46 PM »

@MilesAhead

GPGView is for opening encrypted .enc files. Apparently files containing text.

Your suggestion and my "idea" to call it GUI made me look into available GUIs. All sign, encrypt, decrypt and verify text messages.

Now the funniest thing. It's installed an my system. There's a bundle called GnuPT, which contains WinPT (Windows Privacy Tray), which I always look at as key management tool and remained unused as I used a different key-manager. Now it's the case that WinPT does what I looked for.

All the years of searching a tool with a graphical interface for checking signatures of files (with separate signature file), all the questions I ask if there isn't an easier way to do that. it's there. It's right there.

D*mn the internet for not helping me... and thanks to the internet for providing this forum. And the cool thing about this is that Google already indexed this thread. I searched and haven't found it. Now it's easier. (this thread is on top of the results)

I'm terribly sorry.  I might not have the right to move this thread to some place where it makes more sense, since this doesn't belong here.

Edit: This is a good example where even things/replies that don't help in the first place are still helpful. Whenever one comes up with something, please point to things that already work or just what's your point.

I feel like: "I got a need for something round that's rolling. It could be used to move heavy load. We shall call it wheel. Can anyone invent that?"
« Last Edit: February 28, 2012, 02:06:50 PM by bastik » Logged
MilesAhead
Member
**
Posts: 4,468



View Profile Give some DonationCredits to this forum member
« Reply #3 on: February 28, 2012, 02:36:41 PM »

Similar things have happened to me. I often point people in the right direction instead of hitting the solution dead on. I've been doing searches a long time. I guess hitting the oblique is second nature to me now. Nice that someone uses the result without chastising me for not getting it exact. I can't count how many times that has happened. "You should have pointed me here:" then they paste about 20 screens of copyrighted material into the forum. Heh heh

Glad you got it, whatever it is exactly. smiley
Logged

"I don’t want to belong to any club that would have me as a member."
 - Groucho Marx

skwire
Moderator
*****
Posts: 3,912



Another Coding Snack request? Om nom nom...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #4 on: February 28, 2012, 02:54:24 PM »

I'm terribly sorry.  I might not have the right to move this thread to some place where it makes more sense, since this doesn't belong here.

No need to apologise, bastik, as that's what these forums are for.  Welcome to the site as well.  I'll mark this thread as solved and move it for you.
Logged

Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.033s | Server load: 0.08 ]