Technical Details about EasyGPG

If the domain name in the address bar is anything other than
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/, or,
you have an insecure connection to this site through a portal, and the portal probably added JavaScript scripts. If you can not use Tor, I2P, or ZeroNet, you would do better to use

EasyGPG is free software distributed under the GNU General Public License, version 3.

Forking EasyGPG

As explained below, everything is in, but some of the things there are in the form of PGP messages. To see all of it, just drag and drop onto the EasyGPG Desktop file.

Here is the asciidoc source code for the built-in help. built-in-help.adoc

EasyGPG is

Everything that is done by EasyGPG is done by It is a shell script, compatible with both bash and dash. When the EasyGPG-Installer installs a new copy of EasyGPG, it simply puts into the new EasyGPG folder and executes it with --nn. This command creates all the other files and folders that you see in your new EasyGPG folder. Every time you use EasyGPG, you are executing with zero or more command-line arguments.

EasyGPG’s Command-Line Interface

In order to help others interoperate with EasyGPG, EasyGPG has a command-line interface. In a terminal window, type ./ --help to see all the options. You can see the output of this command here.

There are some command-line options not documented in the command-line help that you may want to use sometimes. --nn creates any missing files and folders in the EasyGPG folder. If one of the folders created is the easygpgkeyrings folder, an information window and the built-in Help window will be opened, so that users can read these the first time they use EasyGPG. If you want to build an EasyGPG folder without popping up these windows, use --ni instead of --nn.

EasyGPG Files and Folders

Whenever is executed, EasyGPG will check to see if certain files and folders are present, and create them if they are missing.

There will always be an EasyGPG-Actions folder for every EasyGPG folder. There will also always be an easygpgkeyrings folder, which will contain an egpgdesk folder, and an easygpg.png file, as well as a few other files documented below.

There will always be a Desktop file in the EasyGPG folder. Details about this are in the next section.

EasyGPG and Standard XDG ( Desktop Files

Since version 4.0, EasyGPG has been built around Desktop files. In every EasyGPG folder is a Desktop file for that copy of EasyGPG. Files and folders can be dragged and dropped onto this Desktop file. This Desktop file simply executes with the pathnames of the files and folders dropped upon it as arguments.

If the Desktop file is double-clicked, the EasyGPG Actions folder will be opened, unless text has been copied. If text has been copied, you will have the choice of reading the text. If the text contains one or more messages, the messages will be read. Likewise, if the text contains keys, the keys will be imported. Keys are always imported before messages are read.

All the files in your Actions folder are also Desktop files. Each one calls with a different command-line option. Some of the Actions pass the pathnames of files or folders dropped onto them as additional arguments after the option. If the Action does not act upon files or folders, nothing will happen when you drag and drop a file or folder onto the Action.

The file names of ordinary Actions are the same as the name that should be displayed in your graphical file manager, except that the file names end with .desktop.

Rebuild EasyGPG

You should double-click Rebuild EasyGPG whenever the full path name of the EasyGPG folder changes. This is necessary because all path names in Desktop files have to be full path names, beginning with / and containing no wild card characters. All the Desktop files created by EasyGPG are rebuilt. If custom Actions or the main Desktop file have been copied to the Desktop or Applications menu, these copies will also be rebuilt. As well as copies on the Desktop, copies in the folder that contains the EasyGPG folder will also be rebuilt.

If you have created a RAM disk, when you rebuild yor EasyGPG folders, you will have the option to rebuild all copies of EasyGPG on the RAM disk at the same time. The copy of in your EasyGPG folder is copied into these other EasyGPG folders on the RAM disk, ensuring that they are all the same version.

Rebuild EasyGPG is also a Desktop file, but it differs from other Desktop files in an important way.

Desktop files are UTF-8 text files. Here are the contents of Rebuild EasyGPG.

#!/usr/bin/env ./ --su

[Desktop Entry]
Name=Rebuild EasyGPG
Comment=Rebuild EasyGPG
Exec=sh -c '"$(dirname "$*")"/ --su || ([ ! -x "$(dirname "$*")"/ --su ] && "$(dirname "$*")"/rebuild)' dummy %k

Two of the lines of this Desktop file are unusual. The first line of a Desktop file is usually this.

#!/usr/bin/env xdg-open

The first line of Rebuild EasyGPG calls instead of xdg-open. xdg-open is used to ask the graphical file manager to open a file or folder using the appropriate software. For example, EasyGPG opens the Actions folder with xdg-open "${actionsdir}", where ${actionsdir} is the full pathname of the Actions folder.

Line 8 of Rebuild EasyGPG is even more unusual. What follows Exec= on this line is usually the full path name of the file to be executed, perhaps followed by command-line arguments.

The unusual design of Rebuild EasyGPG is meant to work around the problem that path names in Desktop files are required to be full path names, beginning with / and containing no wild card characters. Rebuild EasyGPG is based on the similar file used by the Tor Browser.

Unfortunately, the tricks used by Rebuild EasyGPG do not work with LXLE. For that distro, EasyGPG provides a small shell script ( that can be executed using the graphical file manager (LXLE uses LXDE). That shell script looks like this.


"$(dirname "${0}")/" --su &
exit 0

Rebuild EasyGPG will also not work with Tails. If EasyGPG is installed on Tails or on a flash drive (which could be used with Tails) EasyGPG will also create a special Tails Set Up file just for use with Tails.

Be warned that double-clicking Rebuild EasyGPG will remove all Desktop files in the EasyGPG folder that were not put there by EasyGPG.

Custom Actions and the egpgdesk Folder

Custom Actions are created by EasyGPG whenever there are any files in the egpgdesk folder inside the easygpgkeyrings folder. The files in this folder are text files. The file names of the custom Actions created by EasyGPG will be the names of the files in egpgdesk, followed by .desktop.

If the second line of the text file is the filename of the text file preceded by two hyphens (--), the name of the Action displayed by the graphical file manager will be the first line of the text file. Otherwise, it will be the first line of the text file followed by one hyphen (-), followed by the name of the EasyGPG folder. This is so that, if you have multiple EasyGPG folders, you will be able to tell which copy of EasyGPG each custom Action belongs to.

The second line of the text file is the command-line option that will be passed to

If the second line of the text file is the filename of the text file preceded by two hyphens (--), the text file should have at least two more lines. The third line should be the long key ID of the key used to sign the message or file. The fourth line, and any lines that follow it, are the long key IDs of keys used to encrypt. If the custom Action was created with Create a custom encrypt and copy message Action, the key IDs of keys used to encrypt will be followed by the names and addresses of the recipients.

The file names include 10 random alphanumeric characters so that the file names of the custom Actions will be unique. This is important so that the custom Actions can be reliably found in the Applications menu and on the Desktop. This is also why only custom Actions can be copied to the Desktop or put into the Applications menu using the Actions Drag and drop a custom Action here to copy it to the Desktop and Drag and drop a custom Action here to put it in the menu.

The file names of custom Actions created with Create a custom encrypt and copy message Action begin with emc, and the file names of custom Actions created with Create a custom encrypt file or folder Action begin with sfc.

The egpgfile File

In the easygpgkeyrings folder, there should be a file named egpgfile. The file name of EasyGPG’s Desktop file will be the contents of this file (one line of text) followed by .desktop. This file name contains 10 random alphanumeric characters so that the file name will be unique. This is so that, if the Desktop file is copied to the Desktop or put in the Applications menu, it can be reliably found.

The egpgv, egpgpub.gpg, and egpgsec.gpg Files

Whenever keys are imported, created, or deleted by EasyGPG, they are backed up in egpgpub.gpg and egpgsec.gpg, in the easygpgkeyrings folder.

There is also a file named egpgv in the easygpgkeyrings folder. This file contains the version of gpg that was used the last time EasyGPG was used. This is stored so that, if your EasyGPG folder is used with a different computer, running a different version of gpg, the keys backed up in egpgpub.gpg and egpgsec.gpg can be restored.

Different versions of gpg have stored keys in different files. When keys were imported, created, or deleted with a different version of gpg, we want to be certain that these changes are noticed by the current version of gpg. This is why the keys are backed up and restored.

The RAM Disk

The main purpose of the RAM disk is to make it possible to keep your public and secret keys from being written to a physical medium unencrypted.

If an attacker has a copy of your secret key, that attacker can use software to automate the search for the passphrase that unlocks it. Once the attacker has that passphrase, the attacker can impersonate you.

Even the public keys you have imported reveal whom you may be communicating with.

EasyGPG creates its RAM disk with this command.

pkexec env DISPLAY="${DISPLAY}" XAUTHORITY="${XAUTHORITY}" mount -t tmpfs -o size=$(expr $(free -b | grep "^Mem" | grep -o "[0-9]\+$") / 10) -o mode=700 -o uid="${userid}" -o gid="${groupid}" tmpfs "${ramdiskpath}"

${ramdiskpath} is the path name of the folder where the RAM disk will be mounted, and ${userid} and ${groupid} are your user and group IDs. mount requires root privilege, so pkexec is used, along with env to execute mount. The expression after size= sets the size of the RAM disk to one tenth of the memory available to launch a new process, without having to copy memory to the swap.

A tmpfs RAM disk can use no more than the amount of memory specified with the size= option, but, at any given time, it uses only enough memory to hold the present contents of the RAM disk, making your RAM disk look smaller than it really is. However, when you remove the RAM disk, EasyGPG will erase it first by filling it with a file the size of the RAM disk as reported by df. For this reason, there must be enough memory for a full RAM disk of the specified size. This is why the RAM disk must not be too large.

EasyGPG Makes More Secure Choices

Unlike other software that uses gpg to encrypt, EasyGPG does not, automatically, encrypt for the sender as well as the recipient of a message. Many users will want to encrypt for themselves so that they can save copies of sent messages and review them later. However, should you be coerced into decrypting all your sent messages by an attacker, the attacker will learn more than you would wish. EasyGPG allows you to encrypt for the sender as well as the recipient, but it does not do so by default.

Also, unlike other software that uses gpg to encrypt, EasyGPG does not store the key ID of the recipient in the message such that someone who can not decrypt the message can read it. Some of you may not realize that it is even possible to store this ID, unencrypted, in the encrypted message, but it is, and it is quite common.

When new key pairs are created, some versions of gpg default to RSA keys with fewer than 4096 bits. EasyGPG always creates 4096-bit keys.

When you enter your passphrase to unlock your key, that passphrase is first hashed, recursively, many times, and the result is used. This slows down dictionary attacks on your passphrase. The default number of recursive hashes for keys created by some versions of gpg is 65536. For keys created with EasyGPG, the number of hashes is always 32000000.

Updating and Installing EasyGPG

Only two files are used for installing and updating EasyGPG. version.txt is the current version of EasyGPG, and easygpg.asc is a signed (but unencrypted) PGP message, in text form, that contains a tar archive. That tar archive contains



Both the installer and EasyGPG, itself, contain a copy of the public key needed to verify the signature in easygpg.asc, and both use it to verify easygpg.asc after it is downloaded.

To unpack easygpg.asc manually, the command is gpg -d easygpg.asc | tar -x. You might prefer to use gpg easygpg.asc. You could then unpack the resulting tar file called easygpg using tar or GUI software such as engrampa.

EasyGPG on the Internet

EasyGPG is in the FSF Free Software Directory at

Its repositories are at and

It also has repositories
in Onionland at http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/
on I2P at http://easygpg2.i2p/
and on ZeroNet at

About “deniable authentication”

Deniable authentication is usually defined as a way that Bob can prove to himself that the message he received was, in fact, encrypted by Alice, but he is unable to prove this to anyone else. In this way, Bob is able to protect Alice. Because he is unable to prove to others that Alice is the author, he can’t be forced to do so. If no one can prove that Alice is the owner of the account from which the message was sent, no one can prove that the message came from Alice. This is especially true if Bob’s email address and public key are well known.

Ordinary cryptographic signatures are not deniable. They are intended to be undeniable. Using ordinary signatures allows Bob to prove to others that Alice is the author as easily as he proves it to himself.

Deniable authentication might be useful if Bob is a journalist and Alice is a potential source. Bob already has a reputation as an investigative journalist, and he’s published his email address and public key. Alice somehow manages to communicate unobserved for a few minutes with Bob. She tells him that she wants to send him information later. Bob and Alice agree on a shared secret (a memorizable phrase) to use for authentication.

Later, Alice starts her Tor Browser and creates a free email account on ProtonMail or a similar service. She creates this account with Tor and only uses it with Tor. She creates email attachments with EasyGPG’s Save a file or folder as an encrypted, unsigned tar archive Action, and composes her message to Bob with Encrypt a message with deniable authentication and copy it. She uses the shared secret she and Bob agreed to in their brief communication.

When Bob receives the message, he doesn’t recognize the email address it’s sent from, but he suspects it may be from Alice. When he decrypts the message with EasyGPG, he’s prompted for the shared secret. He tries the secret he and Alice shared. The message is authenticated, so Bob believes the message came from Alice, but, as noted above, he can’t prove it to anyone else because he can’t prove that the address is Alice’s or that the secret that authenticated it was agreed to by Alice.

Here’s how EasyGPG implements deniable authentication. When Alice enters the shared secret, EasyGPG prepends it to the unencrypted message and calculates the SHA512 hash of the combination. It then prepends this hash (and not the shared secret) to the unencrypted message and encrypts it without signing it. When Bob gets the message he decrypts it. EasyGPG notices that the message is unsigned, and that it begins with the hash. It prompts Bob for the secret, and tests it by hashing it along with the message. If the hash matches, the message is authenticated.

If Alice wants to be as cautious as she can, she should create a new EasyGPG folder in the RAM disk to use to communicate with Bob. She should not create a personal key pair, but she should import Bob’s public key. If she gets his key as a file, she should save it to the RAM disk before she imports it. Any files she wishes to send to Bob should also be saved in the RAM disk. Alice will encrypt her message with Encrypt a message with deniable authentication and copy it, and she will encrypt any attachment with Save a file or folder as an unsigned, encrypted tar archive. Because Alice has no personal key pair, she will be unable to use any of the encryption Actions that would compromise her security with an undeniable cryptographic signature.

It may be useful for Bob and Alice to agree on an extra shared secret to use if Alice is forced to send a message to Bob. This will tell Bob not to trust the message from Alice, and thereby implicate himself in Alice’s whistle-blowing. Bob could report that he received an unsigned, unauthenticated message from an unknown source.

It is possible for someone to send messages to Bob using random secrets, in the hope she might hit upon a secret that Bob has agreed to with a potential source. However, a flurry of messages he can’t authenticate is going to tell Bob that this is happening.

My Public Key



Last updated 2021-01-30 00:00:51 UTC