[quote]I would think the default action would be to just import it as text[/quote]
Ok, we'll see what we can do about this. Shouldn't be too hard to integrate. Right now, we're not quite sure, hot to best detect, if a file is a text file, but we've got to have a look, which posibilities are presented by Qt for this.

[quote]
Obviously, some will prefer auto-encrypt so maybe additional options in the menu to change the default import action.
[/quote]
Perhaps we put an appropriate setting in the settings, so that one can active this behaviour.

[quote]
Additionally, if what's being dragged into the program is already encrypted or signed, it would be nice to have the option to have the program automatically try decrypt/verify.
[/quote]
Agreed. We think, this won't be in the next release, but in 0.3.3.

[quote]
Ability to change default text editor font (for people with big monitors or bad eyesight)
[/quote]
We've also considered this. Unfortunately, we've got to change our textedit-widget for this, but it'll be integrated in one of the next releases.

[quote]
Ability to sign files
[/quote]
It's on the list, but not of our top point. But it's on the list.

[quote]
If you have multiple key pairs, how does the program know which key to use to sign? Other programs for example have a "default signing key" setting.
[/quote]
We thought about this, escecially, becasue we want to implement "encrypt and sign" action Right now, the message is signed with all private checked keys. Perhaps you could tell your thoughts here: http://lists.gzehn.de/pipermail/gpg4usb ... 00017.html

Thanks for the link to the tutorial. It's written really nice and simple.

Best Regards

>> I would think the default action would be to just import it as text
>Ok, we'll see what we can do about this. Shouldn't be too hard to integrate. Right now, we're not quite sure, hot to best detect, if a file is a text file, but we've got to have a look, which posibilities are presented by Qt for this.

>> some will prefer auto-encrypt
> Perhaps we put an appropriate setting in the settings, so that one can active this behaviour.

>> default text editor font
> We've also considered this. Unfortunately, we've got to change our textedit-widget for this, but it'll be integrated in one of the next releases.

>> if what's being dragged into the program is already encrypted or signed
> Agreed. We think, this won't be in the next release, but in 0.3.3.

>> Ability to sign files
> It's on the list, but not of our top point. But it's on the list.

All that sounds good.

>>how does the program know which key to use to sign
>We thought about this, escecially, becasue we want to implement "encrypt and sign" action Right now, the message is signed with all private checked keys. Perhaps you could tell your thoughts here: http://lists.gzehn.de/pipermail/gpg4usb ... 00017.html

That's a hard question, for sure. I would create a pop-up menu that asks "which key would you like to sign to" when someone clicks "Sign." Give a list of available private keys with checkboxes. Then, have a checkbox at the bottom "always use this setting / don't show this menu again". Then in options, give an option to allow this pop-up to return so the user is prompted every time.

If you'd like, I can mock up an idea of the interface I have in mind and post it.

> Thanks for the link to the tutorial. It's written really nice and simple.

Glad to hear it.

_________________
Supporting the Electronic Frontier Foundation | DuckDuckGo user | My GPG key | Projects donated to: VLC, CubicExplorer, Ditto, Greenshot, TrueCrypt, WinSplit

Encrypt and decrypt messages and files wherever you want - portable on windows and linux: http://gpg4usb.cpunk.de/

The new release comes with a first start wizard, an offline help system and a lot of bugfixes. Our translators worked hard on bringing you localized versions: 0.3.2 ships in with nine languages!

New features:

• First start wizard with posibility to create new key
• import config and keys from old version
• import from locally installed GnuPG
• Integrated offline help system
• Dialog with result of key import
• Key details dialog more user friendly
• Zoomable text area
• File operation toolbar
• Added Arabian translation

Minor changes:

• Build with Qt 4.8
• Strike out revoked keys in keylist and add warning to keydetails dialog
• Change default iconsize to 24x24
• Show selection for keyring files in import dialog
• Understandable message if no private key found for decryption
• Add button to copy fingerprint in key detail dialog and remove whitespaces on copy
• Automatically restart gpg4usb on language change
• Change file encryption to single dialogs for en- and decryption
• Disable tab related actions when no tab is shown

Bugfixes:

• Fix crash on canceling password dialog on Windows
• Clear password cache after signing, if password remember isn't enabled
• Handle uft8 encoding correctly for keys
• Fix random crash when searching key on key server

Thank you for this update gpg4usb !


Oh yes !


BTW, as visitor for a long time, i finally registred.
Hello TPFC community

@ gpg4usb: Thanks, and updated
@ procyon: Hello and welcome

0.3.2-1 generates safer gnupg-keys by default, with RSA and 1024bit minimum.
Including gpg binary was updated to version 1.4.12.

Bugfix:
Fix creation of empty Windows registry key on import from existing GnuPG

Have fun! http://gpg4usb.cpunk.de/

@ gpg4usb: Thanks, and updated

More a question than a reply:

https://securityinabox.org/en/gpg4usb_portable says:

"The first key is known as the private key. It is protected by a password or passphrase, guarded and never shared with anyone."

But that is not completely true. If I have GPG4USB on the USB stick, and someone is stealing or only "borrowing" the stick for a few minutes to copy it, then the private key will be compromised, since he or she don't need any passphrase to open GBG4USB or to export the private key to a text file.

Is there a way to protect GPG4USB itself?

For most users this really isn't an issue: with just a private key and no password, it's still very difficult to decrypt your communications. Although I don't have high security needs at the moment, I still keep my GPG4USB (and many other portable programs) inside an encrypted container such as Truecrypt (http://www.portablefreeware.com/index.php?id=199) or FreeOTFE (http://www.portablefreeware.com/index.php?id=698).

One nice thing is that GPG4USB handles this problem much better other programs, which save config files in weird places. So, if you didn't want to use a container program mentioned above, you could quickly encrypt the keydb folder (or the entire program) using 7-zip or a similar program.

Other precautions could include creating a key pair that expires in a year or less, keeping your USB drive on your person at all times, or buying one of those hardware encrypted hard drives.

_________________
Supporting the Electronic Frontier Foundation | DuckDuckGo user | My GPG key | Projects donated to: VLC, CubicExplorer, Ditto, Greenshot, TrueCrypt, WinSplit