![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to pgp.1 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / doc|
Return to pgp.1 CVS log | Up to [PGP] / pgp / doc |
1.1 root 1: .TH PGP 1
2: .\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection
3: .\" other parms are allowed: see man(7), man(1)
4: .SH NAME
5: pgp \- Pretty Good Privacy encryption system
6: .\" denote multiple entry points thus; makewhatis(8) will catch them
7: .SH SYNOPSIS
8: .B pgp
9: [options] pgpfile
10: .PP
11: .B PGP \-e
12: [options]
13: file user .\|.\|.
14: .SH "DESCRIPTION"
15:
16: PGP (Pretty Good Privacy) is a public key encryption package to
17: protect E-mail and data files. It lets you communicate securely with
18: people you've never met, with no secure channels needed for prior
19: exchange of keys. It's well featured and fast, with sophisticated
20: key management, digital signatures, data compression, and good
21: ergonomic design. If you really want to learn how to use it
22: properly, it's best to read the full documentation that comes with
23: the system, which is very complete. This is a "quick start" guide
24: and reference manual; it is necessarily incomplete, and assumes you
25: are already familiar with most of the basic concepts, including the
26: concepts behind public key cryptography.
27:
28: .SS "Terminology"
29:
30: user id: an ascii string used to identify a user. User IDs tend to
31: look like "John Q. Public <[email protected]>"; please try sticking to
32: that format. When giving a user id to PGP, you may specify any unique
33: (case-insensitive) substring. E.g. john, or jqp@xyz.
34:
35: pass phrase: the secret string used to conventionally encypher your
36: private key; it's important that this be kept secret.
37:
38: keyring: a file containing a set of public or secret keys. Default
39: names for public and secret rings are "pubring.pgp" and "secring.pgp"
40: respectively.
41:
42: ascii armor: the ascii radix 64 format PGP uses for transmitting
43: messages over channels like E-Mail; similar in concept to uuencoding.
44:
45: .SS "Command summary"
46:
47: To see a quick command usage summary for PGP, just type:
48: pgp -h
49:
50: To encrypt a plaintext file with the recipient's public key:
51: pgp -e textfile her_userid [his_userid .\|.\|.]
52:
53: To sign a plaintext file with your secret key:
54: pgp -s textfile [-u your_userid]
55:
56: To sign a plaintext file with your secret key, and then encrypt it
57: with the recipient's public key:
58: pgp -es textfile her_userid [his_userid .\|.\|.] [-u your_userid]
59:
60: To create a signature certificate that is detached from the document:
61: pgp -sb textfile [-u your_userid]
62:
63: To encrypt a plaintext file with just conventional cryptography, type:
64: pgp -c textfile
65:
66: To decrypt an encrypted file, or to check the signature integrity of a
67: signed file:
68: pgp ciphertextfile [-o plaintextfile]
69:
1.1.1.2 ! root 70: To see a quick summary of PGP's key-management commands, just type:
! 71: pgp -k
! 72:
1.1 root 73: To generate your own unique public/secret key pair:
74: pgp -kg
75:
76: To add a public or secret key file's contents to your public or
77: secret key ring:
78: pgp -ka keyfile [keyring]
79:
80: To remove a key from your public key ring:
81: pgp -kr userid [keyring]
82:
83: To extract (copy) a key from your public or secret key ring:
84: pgp -kx userid keyfile [keyring]
85: or: pgp -kxa userid keyfile [keyring]
86:
87: To view the contents of your public key ring:
88: pgp -kv[v] [userid] [keyring]
89:
90: To view the "fingerprint" of a public key, to help verify it over
91: the telephone with its owner:
92: pgp -kvc [userid] [keyring]
93:
94: To view the contents and check the certifying signatures of your
95: public key ring:
96: pgp -kc [userid] [keyring]
97:
98: To edit the userid or pass phrase for your secret key:
99: pgp -ke userid [keyring]
100:
101: To edit the trust parameters for a public key:
102: pgp -ke userid [keyring]
103:
104: To remove a key or just a userid from your public key ring:
105: pgp -kr userid [keyring]
106:
107: To sign and certify someone else's public key on your public key ring:
108: pgp -ks her_userid [-u your_userid] [keyring]
109:
110: To remove selected signatures from a userid on a keyring:
111: pgp -krs userid [keyring]
112:
113:
114: Command options that can be used in combination with other command
115: options (sometimes even spelling interesting words!):
116:
117: To produce a ciphertext file in ASCII radix-64 format, just add the
118: -a option when encrypting or signing a message or extracting a key:
119: pgp -sea textfile her_userid
120: or: pgp -kxa userid keyfile [keyring]
121:
122: To wipe out the plaintext file after producing the ciphertext file,
123: just add the -w (wipe) option when encrypting or signing a message:
124: pgp -sew message.txt her_userid
125:
126: To specify that a plaintext file contains ASCII text, not binary, and
127: should be converted to recipient's local text line conventions, add
128: the -t (text) option to other options:
129: pgp -seat message.txt her_userid
130:
131: To view the decrypted plaintext output on your screen (like the
132: Unix-style "more" command), without writing it to a file, use
133: the -m (more) option while decrypting:
134: pgp -m ciphertextfile
135:
136: To specify that the recipient's decrypted plaintext will be shown
137: ONLY on her screen and cannot be saved to disk, add the -m option:
138: pgp -steam message.txt her_userid
139:
140: To recover the original plaintext filename while decrypting, add
141: the -p option:
142: pgp -p ciphertextfile
143:
144: To use a Unix-style filter mode, reading from standard input and
145: writing to standard output, add the -f option:
146: pgp -feast her_userid <inputfile >outputfile
147:
148:
149: .SS "The Config File"
150:
151: PGP uses a fairly complete configuration database that is stored in
152: the file "config.txt"; please see the manual for complete details.
153: Some highlights:
154:
155: MYNAME - Default User ID for Making Signatures
156:
157: Default setting: MYNAME = ""
158:
159: The configuration parameter MYNAME specifies the default user ID to
160: use to select the secret key for making signatures. If MYNAME is not
161: defined, the most recent secret key you installed on your secret key
162: ring is used. The user may also override this setting by
163: specifying a user ID on the PGP command line with the -u option.
164:
165: TEXTMODE - Assuming Plaintext is a Text File
166:
167: Default setting: TEXTMODE = off
168:
169: The configuration parameter TEXTMODE is equivalent to the -t command
170: line option. If enabled, it causes PGP to assume the plaintext is a
171: text file, not a binary file, and converts it to "canonical text"
172: before encrypting it. Canonical text has a carriage return and a
173: linefeed at the end of each line of text.
174:
175: This mode is automatically turned off if PGP detects that the
176: plaintext file contains 8-bit binary data.
177:
178: ARMOR - Enable ASCII Armor Output
179:
180: Default setting: ARMOR = off
181:
182: The configuration parameter ARMOR is equivalent to the -a command
183: line option. If enabled, it causes PGP to emit ciphertext or keys in
184: ASCII Radix-64 format suitable for transporting through E-mail
185: channels. Output files are named with the ".asc" extension.
186:
187: If you tend to use PGP mostly for E-mail, it may be a good idea to
188: enable this parameter.
189:
190: KEEPBINARY - Preserve Internediate .pgp File
191:
192: Default setting: KEEPBINARY = off
193:
194: If KEEPBINARY is enabled, then PGP will produce a .pgp file in addition
195: to a .asc file when ASCII armor is enabled.
196:
197: COMPRESS - Compress Plaintext Before Encrypting
198:
199: Default setting: COMPRESS = on
200:
201: PGP usually compresses the plaintext before encrypting it, so it will
202: have less to encrypt and the file you send will be smaller. This is
203: usually only turned off for debugging purposes.
204:
205: SHOWPASS - Echo Pass Phrase During Entry
206:
207: Default setting: SHOWPASS = off
208:
209: If someone is unable to type a long pass phrase reliably without seeing it,
210: this can be turned on, at the cost of security.
211:
212: INTERACTIVE - Prompt Before Adding Each Key
213:
214: Default setting: INTERACTIVE = off
215:
216: By default, when given a file containing new keys, PGP asks if you would
217: like to add them to your public key ring. Since adding keys does not
218: imply that you trust them, adding more just wakes up space. If this
219: option is set, PGP asks about each key in a key file.
220:
221: VERBOSE - Level of Detail Printed
222:
223: Default setting: VERBOSE = 1
224:
225: When set to 0, pgp only prints messages that are necessary or indicate an
226: error. When set to 2, PGP prints a significant amount of debugging
227: information describing what it's doing. Values above 2 have no effect.
228:
229: .SS "Key certification"
230:
231: PGP employs a system where users specify trusted users who may sign
232: other people's public keys. It is important that you understand how
233: this mechanism works; a full description is in the manual.
234:
235: IMPORTANT: The manual also describes how to generate and send a "key
236: compromise" certificate that tells readers that your private key has
237: been compromised. If your key has been compromised, please read the
238: manual section on key compromise certificates and how to create them;
239: the faster you send out a key compromise certificate, the smaller the
240: window of opportunity for "bad guys" to send forged messages.
241:
242: .SS "Important Hints"
243:
244: PGP automatically tries compressing your input file; there is no point
245: in precompressing input for transmission.
246:
247: PGP "ascii armor" is only needed on the outer transmitted message; as
248: an example, if you are, say, sending a public key to someone else and
249: you are for some reason signing it, simply armor the outer message;
250: it's better to sign the binary form of the key.
251:
252: .SS "Foreign Languages"
253:
254: PGP is easily customized for foreign language help and error
1.1.1.2 ! root 255: messages; it has been translated into a number of non-english languages.
! 256: See the manual for details on the file "language.txt".
1.1 root 257:
258: .SH ENVIRONMENT
259:
260: PGP uses several special files for its purposes, such as your standard
261: key ring files "pubring.pgp" and "secring.pgp", the random number seed
262: file "randseed.bin", the PGP configuration file "config.txt", and the
263: foreign language string translation file "language.txt". These
264: special files can be kept in any directory, by setting the environment
265: variable "PGPPATH" to the desired pathname. If PGPPATH remains
266: undefined, these special files are assumed to be in the current
267: directory.
268:
269: Normally, PGP prompts the user to type a pass phrase whenever PGP
270: needs a pass phrase to unlock a secret key. But it is possible to
271: store the pass phrase in an environment variable from your operating
1.1.1.2 ! root 272: system's command shell. The environment variable PGPPASS can be
1.1 root 273: used to hold the pass phrase that PGP attempts to use first. If
274: the pass phrase stored in PGPPASS is incorrect, PGP recovers by
275: prompting the user for the correct pass phrase. This dangerous
276: feature makes your life more convenient if you have to regularly deal
277: with a large number of incoming messages addressed to your secret key,
278: by eliminating the need for you to repeatedly type in your pass phrase
279: every time you run PGP. THIS IS A VERY DANGEROUS FEATURE; on UNIX it
280: is trivial to read someone else's environment using the ps(1) command.
281: If you are contemplating using this feature, be sure to read the
282: sections "How to Protect Secret Keys from Disclosure" and "Exposure on
283: Multi-user Systems" in the full PGP manual.
284:
1.1.1.2 ! root 285: If the environment variable PGPPASSFD is defined, it must have a numeric
! 286: value, which PGP uses as a file descriptor number to read a pass phrase
! 287: from. This is done before anything else, so it can be combined with
! 288: an input file on standard input. This is mainly for use by shell scripts,
! 289: since under Unix it is difficult to read the contents of other people's
! 290: pipes.
! 291:
1.1 root 292: .SH "RETURN VALUE"
293:
294: PGP returns a 0 to the shell on success, and a nonzero error code on
295: failure. See the source code for details on nonzero status return
296: values.
297:
298: .SH FILES
299: .br
300: .nf
301: .\" set tabstop to longest possible filename, plus a wee bit
302: .ta \w'/usr/lib/perl/getopts.pl 'u
303: *.pgp ciphertext, signature, or key file
304: *.asc ascii armor file
305: pubring.pgp public key ring
306: secring.pgp secret key ring
307: language.txt foreign language string translation file
308: config.txt configuration file
309: pgp.hlp online help text file
310:
311: .SH NOTE
1.1.1.2 ! root 312:
1.1 root 313: The manual is really good, and it's really important in the long run
314: that you read it. It may not be important to read the fine print on
315: a box of breakfast cereal, but it may be crucial to read the label of
316: a prescription drug. Cryptography software is like pharmaceuticals--
317: so read the manual!
318:
319: .SH CAVEATS
320:
321: It is impossible to overemphasize the importance of protecting your
322: secret key. Anyone gaining access to it can forge messages from you or
323: read mail addressed to you. Be EXTREMELY cautious in using PGP on any
324: multi-user unix system.
325:
326: PGP is believed by its authors to be secure when used as directed, but
327: then again everyone always claims their pet encryption system is
328: secure. Read the section in the manual on "Trusting Snake Oil" and the
329: section on "Vulnerabilities" for caveats.
330:
331: .SH DIAGNOSTICS
332:
333: Mostly self explanatory.
334:
335: .SH BUGS
336:
337: PGP was initially written for the PC, and behaves very PCish. In
338: particular, its automagic file selection, file extensions, and the
339: like all make it somewhat alien in the UNIX environment.
340:
1.1.1.2 ! root 341: This man page needs to be updated to reflect all the latest features.
! 342:
1.1 root 343: .SH AUTHORS
344:
345: Originally written by Philip R. Zimmermann. Later augmented by a cast
346: of thousands, especially including Hal Finney, Branko Lankester, and
347: Peter Gutmann.
348:
349: .SH "LEGAL RESTRICTIONS"
350:
351: For detailed information on PGP licensing, distribution, copyrights,
352: patents, trademarks, liability limitations, and export controls, see
353: the "Legal Issues" section in the "PGP User's Guide, Volume II:
354: Special Topics".
355:
356: PGP uses a public key algorithm claimed by U.S. patent #4,405,829.
357: The exclusive rights to this patent are held by a California company
358: called Public Key Partners, and you may be infringing this patent if
359: you use PGP in the USA. This is explained in the PGP User's Guide,
360: Volume II.
361:
362: PGP is "guerrilla" freeware, and the authors don't mind if you
363: distribute it widely. Just don't ask Philip Zimmermann to send you a
364: copy. Instead, you can get it yourself from many BBS systems and a
365: number of Internet FTP sites.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.