Created
May 5, 2015 03:29
-
-
Save brianddk/7a1116c4eb485f155d90 to your computer and use it in GitHub Desktop.
Howto GPG SM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hybrid Install | |
| GnuPG 2.1.3 | |
| Make a folder to hold 3 files (the installer, signature, certificate), preferably named "GnuPG" under "Downloads" | |
| cert: https://www.gnupg.org/signature_key.html (save as signature_key.html) | |
| sig: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.3_20150413.exe.sig | |
| inst: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.3_20150413.exe | |
| Gpg4Win 2.2.4 | |
| Make a folder to hold 3 files (the installer, signature, certificate), preferably named "gpg4win" under "Downloads" | |
| cert: https://ssl.intevation.de/Intevation-Distribution-Key.asc | |
| sig: http://files.gpg4win.org/gpg4win-light-2.2.4.exe.sig | |
| inst: http://files.gpg4win.org/gpg4win-light-2.2.4.exe | |
| ActivePerl | |
| Make a folder to hold 3 files (the installer, signature, certificate), preferably named "ActivePerl" under "Downloads" | |
| inst: http://downloads.activestate.com/ActivePerl/releases/5.20.1.2000/ActivePerl-5.20.1.2000-MSWin32-x64-298557.msi | |
| OpenSSL 1.0.2a | |
| Make a folder to hold 3 files (the installer, signature, certificate), preferably named "OpenSSL" under "Downloads" | |
| inst: http://slproweb.com/download/Win64OpenSSL-1_0_2a.exe | |
| lib: http://www.microsoft.com/downloads/details.aspx?familyid=bd2a6171-e2d6-4230-b809-9a8d7548c1b6 | |
| 1) Launch an Administrator cmd shell | |
| 2) Install EXE from GnuPG directory, remember where it installs to. | |
| 3) Find the directory gpg.exe is in from the GnuPG install. | |
| 4) Make a "bin" directory in the GnuPG directory in Downloads and copy all files there. | |
| 5) Uninstall {2} and reboot if needed | |
| 6) Install EXE from gpg4win directory, remember where it installs to. | |
| 7) Find the directory gpg2.exe is in from the gpg4win install. | |
| 8) Stop dirmngr and quit gpg_agent if either are running | |
| 9) Copy all the files from {4} into the directory of {7} | |
| 10) In directory {7} copy gpg.exe -> gpg2.exe and gpgv.exe -> gpgv2.exe | |
| 11) Move dir %appdata%\gnupg\trusted-certs -> %AllUsersProfile%\GNU\etc\gnupg | |
| 12) Move dir %appdata%\gnupg\crl.d -> %AllUsersProfile%\GNU\etc\gnupg | |
| 13) Move file %appdata%\gnupg\trustlist.txt -> %AllUsersProfile%\GNU\etc\gnupg | |
| 14) Move file %appdata%\gnupg\dirmngr.conf -> %AllUsersProfile%\GNU\etc\gnupg | |
| 15) Move contents %AllUsersProfile%\GNU\etc\dirmngr\* -> %AllUsersProfile%\GNU\etc\gnupg | |
| 16) Change directory to {7} and run "gpgconf --apply-defaults" and find loose ends | |
| -Note: The pinentry.conf bug is a known issue since gpgconf can't talk to that version of it. | |
| 17) Install ActivePerl from the ActivePerl folder in Downloads | |
| 18) Install OpenSSL from the OpenSSL folder in Downloads, note where it installs to. | |
| 19) Install MSVC runtime from OpenSSL folder in Downloads and reboot if necessary | |
| 20) Verify that dirmngr and gpg_agent are running, start them (reboot) if required. | |
| 21) Launch an Administrator cmd shell | |
| 22) In the GnuPG directory in Downloads run "gpg --import signature_key.html" | |
| - Then run "gpg --verify gnupg-w32-2.1.3_20150413.exe.sig" look for the phrase "Good signature" | |
| 23) In the gpg4win directory in Downloads run "gpg --import Intevation-Distribution-Key.asc" | |
| - Then run "gpg --verify gpg4win-light-2.2.4.exe.sig" and look for the phrase "Good signature" | |
| 24) Change to the you installed openssl to {18} | |
| 25) path=%path%;%programfiles(x86)%\GNU\GnuPG | |
| mkdir demoCA | |
| perl CA.pl -newca | |
| perl CA.pl -newreq-nodes | |
| # any answers will do. | |
| gpgsm --gen-key > newreq.pem | |
| # answer no to "self-sign" | |
| # copy the long hex digit aka {keygrip} | |
| gpg-protect-tool --p12-export %appdata%\gnupg\private-keys-v1.d\{keygrip}.key > newkey.p12 | |
| openssl pkcs12 -in newkey.p12 -nocerts -out newkey.pem | |
| perl CA.pl -sign | |
| openssl ca -keyfile demoCA\private\cakey.pem -cert demoCA\cacert.pem -gencrl -out newcrl.pem | |
| openssl crl -in newcrl.pem -out newcrl.crt -outform der | |
| openssl x509 -in newcert.pem -out newcert.crt -outform der | |
| openssl x509 -in demoCA\cacert.pem -out cacert.crt -outform der -fingerprint | |
| # copy the fingerprint aka {fingerprint} | |
| move cacert.crt %AllUsersProfile%\GNU\etc\gnupg\trusted-certs\ | |
| echo {fingerprint} S>%AllUsersProfile%\GNU\etc\gnupg\trustlist.txt | |
| move newcrl.crt %AllUsersProfile%\GNU\etc\gnupg\crls.d\ | |
| # restart dirmngr service | |
| dirmngr-client --validate newcert.crt | |
| # should come back valid | |
| gpgsm --import newcert.crt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment