![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to pgp.1 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / doc|
Return to pgp.1 CVS log | Up to [PGP] / pgp / doc |
1.1 ! root 1: .TH PGP 1 ! 2: .\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection ! 3: .\" other parms are allowed: see man(7), man(1) ! 4: .SH NAME ! 5: pgp \- Pretty Good Privacy encryption system ! 6: .\" denote multiple entry points thus; makewhatis(8) will catch them ! 7: .SH SYNOPSIS ! 8: .B pgp ! 9: [options] pgpfile ! 10: .PP ! 11: .B PGP \-e ! 12: [options] ! 13: file user .\|.\|. ! 14: .SH "DESCRIPTION" ! 15: ! 16: PGP (Pretty Good Privacy) is a public key encryption package to ! 17: protect E-mail and data files. It lets you communicate securely with ! 18: people you've never met, with no secure channels needed for prior ! 19: exchange of keys. It's well featured and fast, with sophisticated ! 20: key management, digital signatures, data compression, and good ! 21: ergonomic design. If you really want to learn how to use it ! 22: properly, it's best to read the full documentation that comes with ! 23: the system, which is very complete. This is a "quick start" guide ! 24: and reference manual; it is necessarily incomplete, and assumes you ! 25: are already familiar with most of the basic concepts, including the ! 26: concepts behind public key cryptography. ! 27: ! 28: .SS "Terminology" ! 29: ! 30: user id: an ascii string used to identify a user. User IDs tend to ! 31: look like "John Q. Public <[email protected]>"; please try sticking to ! 32: that format. When giving a user id to PGP, you may specify any unique ! 33: (case-insensitive) substring. E.g. john, or jqp@xyz. ! 34: ! 35: pass phrase: the secret string used to conventionally encypher your ! 36: private key; it's important that this be kept secret. ! 37: ! 38: keyring: a file containing a set of public or secret keys. Default ! 39: names for public and secret rings are "pubring.pgp" and "secring.pgp" ! 40: respectively. ! 41: ! 42: ascii armor: the ascii radix 64 format PGP uses for transmitting ! 43: messages over channels like E-Mail; similar in concept to uuencoding. ! 44: ! 45: .SS "Command summary" ! 46: ! 47: To see a quick command usage summary for PGP, just type: ! 48: pgp -h ! 49: ! 50: To encrypt a plaintext file with the recipient's public key: ! 51: pgp -e textfile her_userid [his_userid .\|.\|.] ! 52: ! 53: To sign a plaintext file with your secret key: ! 54: pgp -s textfile [-u your_userid] ! 55: ! 56: To sign a plaintext file with your secret key, and then encrypt it ! 57: with the recipient's public key: ! 58: pgp -es textfile her_userid [his_userid .\|.\|.] [-u your_userid] ! 59: ! 60: To create a signature certificate that is detached from the document: ! 61: pgp -sb textfile [-u your_userid] ! 62: ! 63: To encrypt a plaintext file with just conventional cryptography, type: ! 64: pgp -c textfile ! 65: ! 66: To decrypt an encrypted file, or to check the signature integrity of a ! 67: signed file: ! 68: pgp ciphertextfile [-o plaintextfile] ! 69: ! 70: To generate your own unique public/secret key pair: ! 71: pgp -kg ! 72: ! 73: To add a public or secret key file's contents to your public or ! 74: secret key ring: ! 75: pgp -ka keyfile [keyring] ! 76: ! 77: To remove a key from your public key ring: ! 78: pgp -kr userid [keyring] ! 79: ! 80: To extract (copy) a key from your public or secret key ring: ! 81: pgp -kx userid keyfile [keyring] ! 82: or: pgp -kxa userid keyfile [keyring] ! 83: ! 84: To view the contents of your public key ring: ! 85: pgp -kv[v] [userid] [keyring] ! 86: ! 87: To view the "fingerprint" of a public key, to help verify it over ! 88: the telephone with its owner: ! 89: pgp -kvc [userid] [keyring] ! 90: ! 91: To view the contents and check the certifying signatures of your ! 92: public key ring: ! 93: pgp -kc [userid] [keyring] ! 94: ! 95: To edit the userid or pass phrase for your secret key: ! 96: pgp -ke userid [keyring] ! 97: ! 98: To edit the trust parameters for a public key: ! 99: pgp -ke userid [keyring] ! 100: ! 101: To remove a key or just a userid from your public key ring: ! 102: pgp -kr userid [keyring] ! 103: ! 104: To sign and certify someone else's public key on your public key ring: ! 105: pgp -ks her_userid [-u your_userid] [keyring] ! 106: ! 107: To remove selected signatures from a userid on a keyring: ! 108: pgp -krs userid [keyring] ! 109: ! 110: ! 111: Command options that can be used in combination with other command ! 112: options (sometimes even spelling interesting words!): ! 113: ! 114: To produce a ciphertext file in ASCII radix-64 format, just add the ! 115: -a option when encrypting or signing a message or extracting a key: ! 116: pgp -sea textfile her_userid ! 117: or: pgp -kxa userid keyfile [keyring] ! 118: ! 119: To wipe out the plaintext file after producing the ciphertext file, ! 120: just add the -w (wipe) option when encrypting or signing a message: ! 121: pgp -sew message.txt her_userid ! 122: ! 123: To specify that a plaintext file contains ASCII text, not binary, and ! 124: should be converted to recipient's local text line conventions, add ! 125: the -t (text) option to other options: ! 126: pgp -seat message.txt her_userid ! 127: ! 128: To view the decrypted plaintext output on your screen (like the ! 129: Unix-style "more" command), without writing it to a file, use ! 130: the -m (more) option while decrypting: ! 131: pgp -m ciphertextfile ! 132: ! 133: To specify that the recipient's decrypted plaintext will be shown ! 134: ONLY on her screen and cannot be saved to disk, add the -m option: ! 135: pgp -steam message.txt her_userid ! 136: ! 137: To recover the original plaintext filename while decrypting, add ! 138: the -p option: ! 139: pgp -p ciphertextfile ! 140: ! 141: To use a Unix-style filter mode, reading from standard input and ! 142: writing to standard output, add the -f option: ! 143: pgp -feast her_userid <inputfile >outputfile ! 144: ! 145: ! 146: .SS "The Config File" ! 147: ! 148: PGP uses a fairly complete configuration database that is stored in ! 149: the file "config.txt"; please see the manual for complete details. ! 150: Some highlights: ! 151: ! 152: MYNAME - Default User ID for Making Signatures ! 153: ! 154: Default setting: MYNAME = "" ! 155: ! 156: The configuration parameter MYNAME specifies the default user ID to ! 157: use to select the secret key for making signatures. If MYNAME is not ! 158: defined, the most recent secret key you installed on your secret key ! 159: ring is used. The user may also override this setting by ! 160: specifying a user ID on the PGP command line with the -u option. ! 161: ! 162: TEXTMODE - Assuming Plaintext is a Text File ! 163: ! 164: Default setting: TEXTMODE = off ! 165: ! 166: The configuration parameter TEXTMODE is equivalent to the -t command ! 167: line option. If enabled, it causes PGP to assume the plaintext is a ! 168: text file, not a binary file, and converts it to "canonical text" ! 169: before encrypting it. Canonical text has a carriage return and a ! 170: linefeed at the end of each line of text. ! 171: ! 172: This mode is automatically turned off if PGP detects that the ! 173: plaintext file contains 8-bit binary data. ! 174: ! 175: ARMOR - Enable ASCII Armor Output ! 176: ! 177: Default setting: ARMOR = off ! 178: ! 179: The configuration parameter ARMOR is equivalent to the -a command ! 180: line option. If enabled, it causes PGP to emit ciphertext or keys in ! 181: ASCII Radix-64 format suitable for transporting through E-mail ! 182: channels. Output files are named with the ".asc" extension. ! 183: ! 184: If you tend to use PGP mostly for E-mail, it may be a good idea to ! 185: enable this parameter. ! 186: ! 187: KEEPBINARY - Preserve Internediate .pgp File ! 188: ! 189: Default setting: KEEPBINARY = off ! 190: ! 191: If KEEPBINARY is enabled, then PGP will produce a .pgp file in addition ! 192: to a .asc file when ASCII armor is enabled. ! 193: ! 194: COMPRESS - Compress Plaintext Before Encrypting ! 195: ! 196: Default setting: COMPRESS = on ! 197: ! 198: PGP usually compresses the plaintext before encrypting it, so it will ! 199: have less to encrypt and the file you send will be smaller. This is ! 200: usually only turned off for debugging purposes. ! 201: ! 202: SHOWPASS - Echo Pass Phrase During Entry ! 203: ! 204: Default setting: SHOWPASS = off ! 205: ! 206: If someone is unable to type a long pass phrase reliably without seeing it, ! 207: this can be turned on, at the cost of security. ! 208: ! 209: INTERACTIVE - Prompt Before Adding Each Key ! 210: ! 211: Default setting: INTERACTIVE = off ! 212: ! 213: By default, when given a file containing new keys, PGP asks if you would ! 214: like to add them to your public key ring. Since adding keys does not ! 215: imply that you trust them, adding more just wakes up space. If this ! 216: option is set, PGP asks about each key in a key file. ! 217: ! 218: VERBOSE - Level of Detail Printed ! 219: ! 220: Default setting: VERBOSE = 1 ! 221: ! 222: When set to 0, pgp only prints messages that are necessary or indicate an ! 223: error. When set to 2, PGP prints a significant amount of debugging ! 224: information describing what it's doing. Values above 2 have no effect. ! 225: ! 226: .SS "Key certification" ! 227: ! 228: PGP employs a system where users specify trusted users who may sign ! 229: other people's public keys. It is important that you understand how ! 230: this mechanism works; a full description is in the manual. ! 231: ! 232: IMPORTANT: The manual also describes how to generate and send a "key ! 233: compromise" certificate that tells readers that your private key has ! 234: been compromised. If your key has been compromised, please read the ! 235: manual section on key compromise certificates and how to create them; ! 236: the faster you send out a key compromise certificate, the smaller the ! 237: window of opportunity for "bad guys" to send forged messages. ! 238: ! 239: .SS "Important Hints" ! 240: ! 241: PGP automatically tries compressing your input file; there is no point ! 242: in precompressing input for transmission. ! 243: ! 244: PGP "ascii armor" is only needed on the outer transmitted message; as ! 245: an example, if you are, say, sending a public key to someone else and ! 246: you are for some reason signing it, simply armor the outer message; ! 247: it's better to sign the binary form of the key. ! 248: ! 249: .SS "Foreign Languages" ! 250: ! 251: PGP is easily customized for foreign language help and error ! 252: messages; it has been translated into 10 European languages. See the ! 253: manual for details on the file "language.txt". ! 254: ! 255: .SH ENVIRONMENT ! 256: ! 257: PGP uses several special files for its purposes, such as your standard ! 258: key ring files "pubring.pgp" and "secring.pgp", the random number seed ! 259: file "randseed.bin", the PGP configuration file "config.txt", and the ! 260: foreign language string translation file "language.txt". These ! 261: special files can be kept in any directory, by setting the environment ! 262: variable "PGPPATH" to the desired pathname. If PGPPATH remains ! 263: undefined, these special files are assumed to be in the current ! 264: directory. ! 265: ! 266: Normally, PGP prompts the user to type a pass phrase whenever PGP ! 267: needs a pass phrase to unlock a secret key. But it is possible to ! 268: store the pass phrase in an environment variable from your operating ! 269: system's command shell. The environmental variable PGPPASS can be ! 270: used to hold the pass phrase that PGP attempts to use first. If ! 271: the pass phrase stored in PGPPASS is incorrect, PGP recovers by ! 272: prompting the user for the correct pass phrase. This dangerous ! 273: feature makes your life more convenient if you have to regularly deal ! 274: with a large number of incoming messages addressed to your secret key, ! 275: by eliminating the need for you to repeatedly type in your pass phrase ! 276: every time you run PGP. THIS IS A VERY DANGEROUS FEATURE; on UNIX it ! 277: is trivial to read someone else's environment using the ps(1) command. ! 278: If you are contemplating using this feature, be sure to read the ! 279: sections "How to Protect Secret Keys from Disclosure" and "Exposure on ! 280: Multi-user Systems" in the full PGP manual. ! 281: ! 282: .SH "RETURN VALUE" ! 283: ! 284: PGP returns a 0 to the shell on success, and a nonzero error code on ! 285: failure. See the source code for details on nonzero status return ! 286: values. ! 287: ! 288: .SH FILES ! 289: .br ! 290: .nf ! 291: .\" set tabstop to longest possible filename, plus a wee bit ! 292: .ta \w'/usr/lib/perl/getopts.pl 'u ! 293: *.pgp ciphertext, signature, or key file ! 294: *.asc ascii armor file ! 295: pubring.pgp public key ring ! 296: secring.pgp secret key ring ! 297: language.txt foreign language string translation file ! 298: config.txt configuration file ! 299: pgp.hlp online help text file ! 300: ! 301: .SH NOTE ! 302: The manual is really good, and it's really important in the long run ! 303: that you read it. It may not be important to read the fine print on ! 304: a box of breakfast cereal, but it may be crucial to read the label of ! 305: a prescription drug. Cryptography software is like pharmaceuticals-- ! 306: so read the manual! ! 307: ! 308: .SH CAVEATS ! 309: ! 310: It is impossible to overemphasize the importance of protecting your ! 311: secret key. Anyone gaining access to it can forge messages from you or ! 312: read mail addressed to you. Be EXTREMELY cautious in using PGP on any ! 313: multi-user unix system. ! 314: ! 315: PGP is believed by its authors to be secure when used as directed, but ! 316: then again everyone always claims their pet encryption system is ! 317: secure. Read the section in the manual on "Trusting Snake Oil" and the ! 318: section on "Vulnerabilities" for caveats. ! 319: ! 320: .SH DIAGNOSTICS ! 321: ! 322: Mostly self explanatory. ! 323: ! 324: .SH BUGS ! 325: ! 326: PGP was initially written for the PC, and behaves very PCish. In ! 327: particular, its automagic file selection, file extensions, and the ! 328: like all make it somewhat alien in the UNIX environment. ! 329: ! 330: .SH AUTHORS ! 331: ! 332: Originally written by Philip R. Zimmermann. Later augmented by a cast ! 333: of thousands, especially including Hal Finney, Branko Lankester, and ! 334: Peter Gutmann. ! 335: ! 336: .SH "LEGAL RESTRICTIONS" ! 337: ! 338: For detailed information on PGP licensing, distribution, copyrights, ! 339: patents, trademarks, liability limitations, and export controls, see ! 340: the "Legal Issues" section in the "PGP User's Guide, Volume II: ! 341: Special Topics". ! 342: ! 343: PGP uses a public key algorithm claimed by U.S. patent #4,405,829. ! 344: The exclusive rights to this patent are held by a California company ! 345: called Public Key Partners, and you may be infringing this patent if ! 346: you use PGP in the USA. This is explained in the PGP User's Guide, ! 347: Volume II. ! 348: ! 349: PGP is "guerrilla" freeware, and the authors don't mind if you ! 350: distribute it widely. Just don't ask Philip Zimmermann to send you a ! 351: copy. Instead, you can get it yourself from many BBS systems and a ! 352: number of Internet FTP sites. ! 353: ! 354:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.