Bedouin
A few years ago cracks were seen in the foundations of one of the algorithms used in the GNU Privacy Guard. The affected algorithm, SHA-1, has been living on borrowed time ever since.
There is no cause for panic. While SHA-1’s long-term prospects are not good, for the time being it is still secure. However, it is strongly recommended that people begin migrating away from SHA-1 and towards other, better algorithms, like SHA-256.
Bedouin helps you do this. You can launch it by clicking the orange “Launch” button:
What It Does
For most people, migrating over is a daunting proposition. You have to find wherever it is your GnuPG configuration files are hidden, open them up with a text editor, read some manual pages to figure out what the proper options are, and so on.
Bedouin automates this process. When you run Bedouin it will do several tests to make sure that you’re ready to migrate — it will check that you have a recent version of GnuPG, that your installation is sane, that you’ve got the necessary registry entries and that you’ve got a configuration file, and so on. Migration then becomes very simple: click the “Migrate” button and you’re off to the races.
What It Doesn’t Do
Bedouin will not alter your keys. Those are your keys, that’s your very sensitive data, and we don’t want to do anything with them. There is not one line of code in Bedouin that touches your keys. There never will be.
Technical Details
Bedouin makes two checks before migrating. It checks:
- That a recent version of GnuPG is installed,
- That a GnuPG configuration file exists.
If the first test fails, Bedouin will prompt you to either install or upgrade GnuPG. If the second test fails, Bedouin will ask if you want it to create a configuration file for you. If so, the created file will already be set up to migrate you away from SHA-1. In either case, Bedouin will then exit.
If both tests pass, Bedouin will add the following lines to your gpg.conf file:
# begin Bedouin autoconfiguration
enable-dsa2
cert-digest-algo SHA256
personal-digest-preferences SHA256 RIPEMD160
default-preference-list SHA256 RIPEMD160 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP
# end Bedouin autoconfiguration
Frequently Asked Questions
Does Bedouin work on Windows?
Bedouin has been tested on Windows XP, Windows Vista and Windows 7, in both 32- and 64-bit versions. This doesn’t necessarily mean it will work on your Windows machine. However, it works well on all the Windows machines I’ve tested it on.Does Bedouin work on Mac OS X?
Bedouin has been tested on Mac OS X 10.6.0, 10.6.1 and 10.6.2, on a 64-bit MacBook Pro. This doesn’t necessarily mean it will work on your Mac OS X box. However, it works well on all the Mac OS X machines I’ve tested it on.Does Bedouin work on Linux or FreeBSD?
This one is impossible to say. There are literally hundreds of Linux distributions. It works well on Ubuntu 9.10 and Fedora 12, and it will probably work well on FreeBSD 8.0.Do you offer any guarantee or warranty?
No. This software is released with no guarantees or warranties. If it breaks you get to keep both parts.Is the source code available for review?
Yes. The source code for Bedouin is packaged inside the jarfile. Whenever you download the binary, you are also downloading the source code.Is Bedouin free software?
Bedouin is released under terms of the ISC License, the same as used by the OpenBSD project. If you consider OpenBSD to be free software, you will also probably think Bedouin is, too.Why is Bedouin written in Java?
The requirement list for Bedouin involved a cross-platform graphical user interface that looks and feels just like any other application on the user’s system. The obvious choices were wxWindows, Qt, GTK+ and Java. Qt was struck because it would require the user to download large libraries for an application which would hopefully only need to be run once. GTK+ was struck for the same reasons, plus the fact that it doesn’t quite look right on Windows. wxWindows and Java were the only two options left, and I’m more comfortable with Java.I don’t like the preference lists Bedouin uses. Can I change them?
If you’re knowledgable enough to have an opinion about preference lists, then you’re knowledgable enough to edit your configuration files by hand.I’ve found a bug.
Please email me and let me know.