Press "Enter" to skip to content

Tag: windows10

Getting Mailvelope working on Brave Browser

For the last few years, I’ve been using Brave as my primary web browser due to its advert and tracking blocking abilities – extremely useful on YouTube! It’s based on Chromium (like Google Chrome and Microsoft Edge), but more privacy/anti-ad orientated.

I’ve also been wanting to GPG/PGP sign some emails using my web based email clients so I’ve installed the Mailvelope plugin from the Google Chrome store and in conjunction with GPG4Win it means I should have access to all the PGP and GPG keys stored on my Windows 10 machine… Except it doesn’t work – it fails to list any installed keys… Why?

Well, it all comes down to a Chrome based protocol called NativeMessaging which requires software (such as GPG4Win) to registered their “acknowledgement” of browser plugins such as Mailvelope by adding (in the case of Windows) various registry settings for the browser to read and interlink.

In the case of Brave, it appears the others of GPG4Win aren’t (currently) aware of it and so don’t set the various registry settings for it to work correctly – and Brave, unlike Microsoft Edge, has no “fall back” facilities to check other browsers for their Native messaging setup. I have reported this to both the Brave Community and to GnuPG (the maintainers of GPG4Win) on their bug tracker – including suggested fixes for both organisations, but it may be some time before this is fixed. So what can you do in the meantime?

Easiest way:

If trust running random commands on your computer, run the following two commands in an escalated permissions (“Run as Administrator”) Windows Command Prompt to copy the existing settings from Chrome over:

REG COPY "HKCU\Software\Google\Chrome\NativeMessagingHosts\gpgmejson" "HKCU\Software\BraveSoftware\Brave-Browser\NativeMessagingHosts\gpgmejson" /s
REG COPY "HKLM\Software\Google\Chrome\NativeMessagingHosts\gpgmejson" "HKLM\Software\BraveSoftware\Brave-Browser\NativeMessagingHosts\gpgmejson" /s

Restart Brave and all should be working.

Manual way

Add/Set the following registry key:

Path: HKEY_CURRENT_USER\Software\BraveSoftware\Brave-Browser\NativeMessagingHosts\gpgmejson
Type: Reg_SZ
Data: C:\Program Files (x86)\Gpg4win\bin\gpgme-chrome.json

(updating the “Data” path to where you’ve installed Gpg4Win as appropriate)

Restart Brave and all should be working.

Windows 10 OpenSSH – Configuring Windows Git

This article is the last of a series I’ve written about migrating from using PuTTy on Windows to using the native OpenSSH client now available on Windows 10: you can read the rest of the articles via:

  1. Installation
  2. Storing keys using the SSH Agent
  3. Importing existing keys
  4. Creating a new public/private key pair
  5. Other useful OpenSSH commands
  6. Configuring Windows Git < You are here

If you are using Git for Windows and had previously been using PuTTy, you need to make a small tweak to the configuration for Git to use Windows 10’s OpenSSH client.

If you’ve been getting an error like:

FATAL ERROR: Disconnected: No supported authentication methods available (server sent: publickey)
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

when running git clone, but a test such as ssh git@github.com works, then you need to do the following steps.

  1. (Perhaps optional): Uninstall Git if you already have it installed. In theory, this can be done from Window’s “Add or Remove Programs”, but this was playing up for me. If you go into C:\Program Files\Git there should be a unins000.exe executable which will remove Git for you
  2. Install the latest version of Git (I actually uninstalled version 2.21.0.windows.1 and installed 2.23.0.windows.1) and during the setup, you’ll be prompt “Choosing the SSH executable”.
  3. Select “Use (Tortoise)Plink“, but enter in the path to Window’s OpenSSH SSH client: “c:\windows\system32\openssh\ssh.exeSelect (Tortoise)Plink and provide the path c:\windows\system32\openssh\ssh.exe to the Git setup
  4. Open a fresh PowerShell window and cloning should work!
    You might get a warning such as “warning: agent returned different signature type ssh-rsa (expected rsa-sha2-512)”, but that’s caused by a mismatch of keys and key types probably from the conversion from PuTTy keys. Generating a new public/private key pair and uploading that public key to Github/Bitbucket will fix that.

Windows 10 OpenSSH – Useful commands

This article is the fifth of a series I’ve written about migrating from using PuTTy on Windows to using the native OpenSSH client now available on Windows 10: you can read the rest of the articles via:

  1. Installation
  2. Storing keys using the SSH Agent
  3. Importing existing keys
  4. Creating a new public/private key pair
  5. Other useful OpenSSH commands < You are here
  6. Configuring Windows Git
Check the keys have been imported to the SSH agent
ssh-add -l

2048 SHA256:9hLEuBRdTBGDmAWxaDXhSwvqYLGVxDVtGiMumz9NUak C:\Users\userName/.ssh/id_rsa (RSA)
Show the public keys in the ssh-agent
ssh-add -L

ssh-rsa AAAAB3Nza...1F53nyTYMlmtcrZZp C:\Users\userName/.ssh/id_rsa
Delete all keys from the ssh-agent
ssh-add -D : hope you kept a backup!
Delete a specific key from the ssh-agent
ssh-add -d C:\Users\userName/.ssh/id_rsa

Windows 10 OpenSSH – Creating a new private/public key pair

This article is the fourth of a series I’ve written about migrating from using PuTTy on Windows to using the native OpenSSH client now available on Windows 10: you can read the rest of the articles via:

  1. Installation
  2. Storing keys using the SSH Agent
  3. Importing existing keys
  4. Creating a new public/private key pair < You are here
  5. Other useful OpenSSH commands
  6. Configuring Windows Git

If you need a new SSH key pair for Github, Bitbucket, AWS, your own SSH server etc, then the easiest way to generate one is from your user’s PowerShell using the command:
ssh-keygen -o
(the -o argument indicates to use the newer OpenSSH format rather than the pre-2014 older PEM format)

This will produce output such as:

ssh-keygen -o
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\userName/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\userName/.ssh/id_rsa.
Your public key has been saved in C:\Users\userName/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:9hLEuBRdTBGDmAWxaDXhSwvqYLGVxDVtGiMumz9NUak userName@machineName
The key's randomart image is:
+---[RSA 2048]----+
|  ...oOOo=*o     |
|  .o.*+@o ..     |
| ..o= & o        |
| .++ E =         |
|.o=   = S        |
|.=   . . o       |
|  o o   . .      |
|   o .   .       |
|    .            |
+----[SHA256]-----+

Don’t forget to add it to the ssh-agent: if you generated this in the default location ending .ssh/id_rsa(.pub) you can use just ssh-add without any parameters to add it

You’ll need to add the public key to whichever remote service you are using – this can be found using either ssh-add -L (if you’ve added it to the Windows10 OpenSSH ssh-agent) or by cat ~/.ssh/id_rsa.pub (the .pub files are “safe for distribution” – but keep the ones without the .pub extension safe!)

OpenSSH Key-gen additional settings

There are plenty of of pages on the internet detailing the various settings the normal Linux/Unix/MacOS ssh-keygen command takes (and the Windows10 Open SSH variant will take most of them), but a quick reference is:

ssh-keygen -o -c
To add a comment (helps identify keys
ssh-keygen -o -b 4096
To generate a 4096 bit key in the default format (currently rsa)
ssh-keygen -o -t ed25519 -a 100 – recommended!
To generate with the ed25519 complexity with 100 rounds of key derivations (may not be supported by all servers).
The key will end in .ssh/id_ed25519, but you can just add it with “ssh-add” as above as it takes into account all the endings.
ssh-keygen -o -t rsa -b 4096 -a 100
To generate an rsa (default) key with 4096 bits and 100 rounds of key derivations
Windows does supports key generation types of “dsa” which is insecure and “esdsa” which has known weaknesses )

Windows 10 OpenSSH: Migrating from PuTTy: Importing existing keys

This article is the third of a series I’ve written about migrating from using PuTTy on Windows to using the native OpenSSH client now available on Windows 10: you can read the rest of the articles via:

  1. Installation
  2. Storing keys using the SSH Agent
  3. Importing existing keys < You are here
  4. Creating a new public/private key pair
  5. Other useful OpenSSH commands
  6. Configuring Windows Git

If you’ve been using SSH for a while, you’ve probably got a variety of private keys in either PuTTy’s own “PPK” format or OpenSSH format. Windows OpenSSH only has support for OpenSSH keys (go figure from the name! 😉 ) and so any PuTTY keys will need converting first.

Converting PuTTy PPK Private Keys to OpenSSH format

  1. Open PuTTyGen
  2. Select “Load an existing private key file” and select your .ppk private key
  3. Select from the menu “Conversions->Export OpenSSH key”
  4. Save the file.
  5. Repeat the previous three steps as necessary for all .ppk files

Adding OpenSSH private keys

In a normal PowerShell window (i.e. not as administrator), just run:
ssh-add C:\Users\userName\.ssh\private_key
Of course, changing the path of the key appropriately!

Windows appears to accept standard private keys and .pem private keys