![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to pgp.1 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / doc|
Return to pgp.1 CVS log | Up to [PGP] / pgp / doc |
1.1.1.4 ! root 1: .TH PGP 1 "PGP Version 2.6" ! 2: .\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection ! 3: .\" other parms are allowed: see man(7), man(1) ! 4: .SH NAME ! 5: pgp \- Pretty Good Privacy encryption system ! 6: .\" denote multiple entry points thus; makewhatis(8) will catch them ! 7: .SH SYNOPSIS ! 8: .B pgp \fR[\fIoptions\fR] \fIpgpfile ! 9: .PP ! 10: .B pgp \-e \fR[\fIoptions\fR] \fIfile user\fR .\|.\|. ! 11: .PP ! 12: .SH DESCRIPTION ! 13: ! 14: .B PGP ! 15: (Pretty Good Privacy) is a public key encryption package to ! 16: protect E-mail and data files. It lets you communicate securely with ! 17: people you've never met, with no secure channels needed for prior ! 18: exchange of keys. It's well featured and fast, with sophisticated ! 19: key management, digital signatures, data compression, and good ! 20: ergonomic design. If you really want to learn how to use it ! 21: properly, it's best to read the full documentation that comes with ! 22: the system, which is very complete. This is a "quick start" guide ! 23: and reference manual; it is necessarily incomplete, and assumes you ! 24: are already familiar with most of the basic concepts, including the ! 25: concepts behind public key cryptography. ! 26: ! 27: .SS "Terminology" ! 28: ! 29: .B user id\fR: an ascii string used ! 30: to identify a user. User IDs tend to ! 31: look like "John Q. Public <[email protected]>"; please try sticking to ! 32: that format. When giving a user id to PGP, you may specify any unique ! 33: (case-insensitive) substring. E.g. john, or jqp@xyz. ! 34: ! 35: .B pass phrase\fR: the secret string used to conventionally encipher your ! 36: private key. It's important that this be kept secret. ! 37: ! 38: .B keyring\fR: a file containing a set of public or secret keys. Default ! 39: names for public and secret rings are "pubring.pgp" and "secring.pgp" ! 40: respectively. ! 41: ! 42: .B ascii armor\fR: the ascii radix 64 format PGP uses for transmitting ! 43: messages over channels like E-Mail; similar in concept to uuencoding. ! 44: ! 45: .SS "Command summary" ! 46: ! 47: To see a quick command usage summary for PGP, just type: ! 48: .br ! 49: .B pgp -h ! 50: ! 51: To encrypt a plaintext file with the recipient's public key: ! 52: .br ! 53: .B pgp -e \fItextfile her_userid \fR... ! 54: ! 55: To sign a plaintext file with your secret key: ! 56: .br ! 57: .B pgp -s \fItextfile \fR[\fB-u \fIyour_userid\fR] ! 58: ! 59: To sign a plaintext file with your secret key, and then encrypt it ! 60: with the recipient's public key: ! 61: .br ! 62: .B pgp -es \fItextfile her_userid \fR... ! 63: [\fB-u \fIyour_userid\fR] ! 64: ! 65: To create a signature certificate that is detached from the document: ! 66: .br ! 67: .B pgp -sb \fItextfile \fR[\fB-u \fIyour_userid\fR] ! 68: ! 69: To encrypt a plaintext file with just conventional cryptography, type: ! 70: .br ! 71: .B pgp -c \fItextfile ! 72: ! 73: To decrypt an encrypted file, or to check the signature integrity of a ! 74: signed file: ! 75: .br ! 76: .B pgp \fIciphertextfile \fR[\fB-o \fIplaintextfile\fR] ! 77: ! 78: To see a quick summary of PGP's key-management commands, just type: ! 79: .br ! 80: .B pgp -k ! 81: ! 82: To generate your own unique public/secret key pair: ! 83: .br ! 84: .B pgp -kg ! 85: ! 86: To add a public or secret key file's contents to your public or ! 87: secret key ring: ! 88: .br ! 89: .B pgp -ka \fIkeyfile \fR[\fIkeyring\fR] ! 90: ! 91: To remove a key from your public key ring: ! 92: .br ! 93: .B pgp -kr \fIuserid \fR[\fIkeyring\fR] ! 94: ! 95: To extract (copy) a key from your public or secret key ring: ! 96: .br ! 97: .B pgp -kx\fR[\fBa\fR] \fIuserid keyfile \fR[\fIkeyring\fR] ! 98: ! 99: To view the contents of your public key ring: ! 100: .br ! 101: .B pgp -kv\fR[\fBv\fR] [\fIuserid\fR] [\fIkeyring\fR] ! 102: ! 103: To view the "fingerprint" of a public key, to help verify it over ! 104: the telephone with its owner: ! 105: .br ! 106: .B pgp -kvc \fR[\fIuserid\fR] [\fIkeyring\fR] ! 107: ! 108: To view the contents and check the certifying signatures of your ! 109: public key ring: ! 110: .br ! 111: .B pgp -kc \fR[\fIuserid\fR] [\fIkeyring\fR] ! 112: ! 113: To edit the pass phrase for or add a userid to your secret key: ! 114: .br ! 115: .B pgp -ke \fIuserid \fR[\fIkeyring\fR] ! 116: ! 117: To edit the trust parameters for a public key: ! 118: .br ! 119: .B pgp -ke \fIuserid \fR[\fIkeyring\fR] ! 120: ! 121: To remove a key or just a userid from your public key ring: ! 122: .br ! 123: .B pgp -kr \fIuserid \fR[\fIkeyring\fR] ! 124: ! 125: To sign and certify someone else's public key on your public key ring: ! 126: .br ! 127: .B pgp -ks \fIher_userid \fR[\fB-u \fIyour_userid\fR] [\fIkeyring\fR] ! 128: ! 129: To remove selected signatures from a userid on a keyring: ! 130: .br ! 131: .B pgp -krs \fIuserid \fR[\fIkeyring\fR] ! 132: ! 133: ! 134: Command options that can be used in combination with other command ! 135: options (sometimes even spelling interesting words): ! 136: ! 137: To produce a ciphertext file in ASCII radix-64 format, just add the ! 138: -a option when encrypting or signing a message or extracting a key: ! 139: .br ! 140: .B pgp -sea \fItextfile her_userid ! 141: .br ! 142: .B pgp -kxa \fIuserid keyfile \fR[\fIkeyring\fR] ! 143: ! 144: To wipe out the plaintext file after producing the ciphertext file, ! 145: just add the ! 146: .B -w ! 147: (wipe) option when encrypting or signing a message: ! 148: .br ! 149: .B pgp -sew \fImessage.txt her_userid ! 150: ! 151: To specify that a plaintext file contains ASCII text, not binary, and ! 152: should be converted to recipient's local text line conventions, add ! 153: the ! 154: .B -t ! 155: (text) option to other options: ! 156: .br ! 157: .B pgp -seat \fImessage.txt her_userid ! 158: ! 159: To view the decrypted plaintext output on your screen (like the ! 160: Unix-style "more" command), without writing it to a file, use ! 161: the ! 162: .B -m ! 163: (more) option while decrypting: ! 164: .br ! 165: .B pgp -m \fIciphertextfile ! 166: ! 167: To specify that the recipient's decrypted plaintext will be shown ! 168: .B only ! 169: on her screen and cannot be saved to disk, add the ! 170: .B -m ! 171: option: ! 172: .br ! 173: .B pgp -steam \fImessage.txt her_userid ! 174: ! 175: To recover the original plaintext filename while decrypting, add ! 176: the ! 177: .B -p ! 178: option: ! 179: .br ! 180: .B pgp -p \fIciphertextfile ! 181: ! 182: To use a Unix-style filter mode, reading from standard input and ! 183: writing to standard output, add the ! 184: .B -f ! 185: option: ! 186: .br ! 187: .B pgp -feast \fIher_userid \fB<\fIinputfile \fB>\fIoutputfile ! 188: ! 189: ! 190: .SS "The Config File" ! 191: ! 192: PGP uses a configuration database that is stored in the file ! 193: "config.txt"; please see the manual for complete details. ! 194: Blank lines and lines beginning with "#" are comments. ! 195: Options take string, numeric, or boolean values. The ! 196: boolean values are "on" and "off". ! 197: These options can also be specified on the command line, ! 198: using a syntax such as ! 199: .B +armor=on\fR. ! 200: Keywords can be abbreviated to unique prefixes. Keywords are not ! 201: case-sensitive. "=on" is assumed for boolean options if nothing ! 202: is specified. Some highlights: ! 203: ! 204: .B MYNAME - Default User ID for ! 205: .B Making Signatures ! 206: ! 207: Default setting: MYNAME = "" ! 208: ! 209: The configuration parameter MYNAME specifies the default user ID to ! 210: use to select the secret key for making signatures. If MYNAME is not ! 211: defined, the most recent secret key you installed on your secret key ! 212: ring is used. The user may also override this setting by ! 213: specifying a user ID on the PGP command line with the ! 214: .B -u ! 215: option. ! 216: ! 217: .B TEXTMODE - Assuming Plaintext is a ! 218: .B Text File ! 219: ! 220: Default setting: TEXTMODE = off ! 221: ! 222: The configuration parameter TEXTMODE is equivalent to the ! 223: .B -t ! 224: command line option. If enabled, it causes PGP to assume the plaintext ! 225: is a text file, not a binary file, and converts it to "canonical text" ! 226: before encrypting it. Canonical text has a carriage return and a ! 227: linefeed at the end of each line of text. ! 228: ! 229: This mode is automatically turned off if PGP detects that the plaintext ! 230: file contains 8-bit binary data. Thus, it is safe to leave enabled at ! 231: all times. ! 232: ! 233: .B ARMOR - Enable ASCII Armor Output ! 234: ! 235: Default setting: ARMOR = off ! 236: ! 237: The configuration parameter ARMOR is equivalent to the ! 238: .B -a ! 239: command line option. If enabled, it causes PGP to emit ciphertext or ! 240: keys in ASCII Radix-64 format suitable for transporting through E-mail ! 241: channels. Output files are named with the ".asc" extension. ! 242: ! 243: If you tend to use PGP mostly for E-mail, it may be a good idea to ! 244: enable this parameter. ! 245: ! 246: .B ARMORLINES - Size of ASCII Armor Multipart Files ! 247: ! 248: Default setting: ARMORLINES = 720 ! 249: ! 250: For large ASCII armor files, PGP splits them into files named ! 251: ".asc1", ".asc2", ".asc3", etc. so as not to ! 252: choke mailers, which typically starts to happen around 50,000 ! 253: bytes. This specifies the number of (64-byte) lines to place in ! 254: each file. If set to 0, PGP will not split ASCII armor files. ! 255: ! 256: .B CLEARSIG - Enable Clear-Signed Output ! 257: ! 258: Default setting: CLEARSIG = on ! 259: ! 260: Normally, a signed and ASCII-armored PGP message is gibberish, ! 261: even though the text is not encrypted. This prevents munging ! 262: by mailers, but requires PGP to simply read the message. ! 263: ! 264: If CLEARSIG is enabled, then when signing and ASCII-armoring a text ! 265: file, PGP uses a different format that includes the plaintext in ! 266: human-readable form. Lines beginning with "-" are quoted with "\-\ ". ! 267: To cope with some of the stupider mailers in the world, lines beginning ! 268: with "From" are also quoted, and trailing whitespace on lines is ! 269: stripped. PGP will remove the quoting if you use it to decrypt the ! 270: message, but the trailing whitespace is not recovered. This is still ! 271: useful enough to be enabled by default. ! 272: ! 273: .B ENCRYPTTOSELF - Add MYNAME to Recipients List ! 274: ! 275: Default setting: ENCRYPTTOSELF = off ! 276: ! 277: If this is emabled, MYNAME will be implcitly added to the list of ! 278: recipients for any message you encrypt with a public key. Since in ! 279: this case, MYNAME is looked up in the public keyring, it is important ! 280: that it unambiguously specify the right key. ! 281: ! 282: .B LANGUAGE - Language To Use ! 283: ! 284: Default setting: LANGUAGE = en ! 285: ! 286: If you want to use a different language, and translations are in the ! 287: language.txt file, setting this option will cause PGP's messages to ! 288: appear in a different language. If a translation for a message is ! 289: not available, it appears in english. ! 290: ! 291: If you look at the supplied language.txt file, the format should ! 292: be obvious. ! 293: ! 294: .B CHARSET - Character Set ! 295: ! 296: Default setting: CHARSET = noconv ! 297: ! 298: PGP tries to translate all text-mode messages into the ISO Latin-1 ! 299: alphabet, or the KOI-8 alphabet for cyrillic alphabets. This ! 300: setting indicates the native character set, so PGP can do the ! 301: translation. Options are noconv, latin1 or koi8, indicating that ! 302: no translation should be done; cp850, indicating that IBM PC code ! 303: page 850 mappings should be used; ascii, indicating that a minimal ! 304: ASCII subset should be used; and alt_codes, indicating that the ! 305: IBM PC alt codes should be used for the cyrillic alphabet. ! 306: ! 307: .B KEEPBINARY - Preserve Intermediate .pgp File ! 308: ! 309: Default setting: KEEPBINARY = off ! 310: ! 311: If KEEPBINARY is enabled, then PGP will produce a .pgp file in addition ! 312: to a .asc file when ASCII armor is enabled. ! 313: ! 314: .B TMP - Temporary file directory ! 315: ! 316: Default setting: TMP = "" ! 317: ! 318: PGP produces temporary files while decrypting a message. ! 319: This is the directory they are stored in. If not specified in the config ! 320: file, the environment variable TMP is used, or the current directory. ! 321: It helps security somewhat if this is not a publicly-readable directory. ! 322: A local file system is also a good idea. ! 323: ! 324: .B COMPRESS - Compress Plaintext Before Encrypting ! 325: ! 326: Default setting: COMPRESS = on ! 327: ! 328: PGP usually compresses the plaintext before encrypting it, so it will ! 329: have less to encrypt and the file you send will be smaller. It also ! 330: makes cryptanalysis harder. This is usually only turned off for ! 331: debugging purposes. ! 332: ! 333: .B PAGER - Select Shell Command to Display Pager Output ! 334: ! 335: Default setting: PAGER = "" ! 336: ! 337: If set, PGP uses this program to view files when the ! 338: .B -m ! 339: option is specified. By default, PGP uses a simple builtin pager. ! 340: ! 341: .B SHOWPASS - Echo Pass Phrase During Entry ! 342: ! 343: Default setting: SHOWPASS = off ! 344: ! 345: If someone is unable to type a long pass phrase reliably without seeing it, ! 346: this can be turned on, at the cost of security. ! 347: ! 348: .B INTERACTIVE - Prompt Before Adding Each Key ! 349: ! 350: Default setting: INTERACTIVE = off ! 351: ! 352: By default, when given a file containing new keys, PGP asks if you would ! 353: like to add them to your public key ring. Since adding keys does not ! 354: imply that you trust them, adding more just wakes up space. If this ! 355: option is set, PGP asks about each key in a key file. ! 356: ! 357: .B VERBOSE - Level of Detail Printed ! 358: ! 359: Default setting: VERBOSE = 1 ! 360: ! 361: When set to 0, PGP only prints messages that are necessary or indicate an ! 362: error. When set to 2, PGP prints a significant amount of debugging ! 363: information describing what it's doing. Values above 2 have no effect. ! 364: ! 365: .B PUBRING - Public Key Ring Location ! 366: ! 367: Default setting: PUBRING = $PGPPATH/pubring.pgp ! 368: ! 369: This is the path name to the public key ring to use. ! 370: ! 371: .B SECRING - Secret Key Ring Location ! 372: ! 373: Default setting: SECRING = $PGPPATH/secring.pgp ! 374: ! 375: This is the path name to the secret key ring to use. ! 376: ! 377: .B BAKRING - Backup Secret Key Ring ! 378: ! 379: Default setting: BAKRING = "" ! 380: ! 381: If this is set, when checking your key ring (\fBpgp -kc\fR), PGP will ! 382: compare the normal secret key ring against the given backup ! 383: copy, usually kept on write-protected removable media. This ! 384: is to protect against wholesale modifications to your key rings ! 385: in a spoofing attack. ! 386: ! 387: .B RANDSEED - Random Number Seed File ! 388: ! 389: Default setting: RANDSEED = $PGPPATH/randseed.bin ! 390: ! 391: This is the path to a random seed file which is part of PGP's ! 392: random number generation algorithm, used to generate session keys. ! 393: While PGP goes to great lengths to use every available source of ! 394: randomness in generating session keys, this file is part of the ! 395: process and protecting it from disclosure is desirable. ! 396: ! 397: .B COMMENT - ASCII Armor Comment ! 398: ! 399: Default setting: COMMENT = "" ! 400: ! 401: If set to a non-empty string, the value of this variable is ! 402: printed in the header of ASCII armor files, preceded by "Comment: ". ! 403: ! 404: .B PKCS_COMPAT - PKCS compatibility ! 405: ! 406: Default setting: PKCS_COMPAT = 1 ! 407: ! 408: This flag is ignored by PGP 2.5; it is always taken as 1. If ! 409: set to 1, PGP pads message digests and session keys inside ! 410: RSA-encrypted integers according to RSA Data Security, Inc.'s ! 411: Public-Key Cryptography Standards. If set to 0, earlier versions ! 412: of PGP generated an old incompatible formats. Either was accepted. ! 413: ! 414: The RSAREF public-key encryption routines used by PGP 2.5 are unable to ! 415: decode the old formats. ! 416: ! 417: There are still many areas of incompatibility with the PKCS; ! 418: in future, higher values of this flag may enable more compatibility ! 419: features. ! 420: ! 421: ! 422: ! 423: .SS "Key certification" ! 424: ! 425: PGP employs a system where users specify trusted users who may sign ! 426: other people's public keys. It is important that you understand how ! 427: this mechanism works; a full description is in the manual. ! 428: ! 429: ! 430: .B Important\fR: The manual also describes how to generate and send a ! 431: "key compromise" certificate that tells readers that your private key ! 432: has been compromised. If your key has been compromised, please read ! 433: the manual section on key compromise certificates and how to create ! 434: them; the faster you send out a key compromise certificate, the smaller ! 435: the window of opportunity for "bad guys" to send forged messages. ! 436: ! 437: .SS "Important Hints" ! 438: ! 439: PGP automatically tries compressing your input file; there is little point ! 440: in precompressing input for transmission. ! 441: ! 442: PGP "ascii armor" is only needed on the outer transmitted message; as ! 443: an example, if you are, say, sending a public key to someone else and ! 444: you are for some reason signing it, simply armor the outer message; ! 445: it's better to sign the binary form of the key. ! 446: ! 447: .SS "Foreign Languages" ! 448: ! 449: PGP is easily customized for foreign language help and error ! 450: messages; it has been translated into a number of non-english languages. ! 451: See the manual for details on the file "language.txt". ! 452: ! 453: .SH ENVIRONMENT ! 454: ! 455: PGP uses several special files for its purposes, such as your standard ! 456: key ring files "pubring.pgp" and "secring.pgp", the random number seed ! 457: file "randseed.bin", the PGP configuration file "config.txt", and the ! 458: foreign language string translation file "language.txt". These ! 459: special files can be kept in any directory, by setting the environment ! 460: variable "PGPPATH" to the desired pathname. If PGPPATH remains ! 461: undefined, these special files are assumed to be in the current ! 462: directory. ! 463: ! 464: Normally, PGP prompts the user to type a pass phrase whenever PGP ! 465: needs a pass phrase to unlock a secret key. But it is possible to ! 466: store the pass phrase in an environment variable from your operating ! 467: system's command shell. The environment variable PGPPASS can be ! 468: used to hold the pass phrase that PGP attempts to use first. If ! 469: the pass phrase stored in PGPPASS is incorrect, PGP recovers by ! 470: prompting the user for the correct pass phrase. This dangerous ! 471: feature makes your life more convenient if you have to regularly deal ! 472: with a large number of incoming messages addressed to your secret key, ! 473: by eliminating the need for you to repeatedly type in your pass phrase ! 474: every time you run PGP. ! 475: .B This is a very dangerous feature\fR; on UNIX it ! 476: is trivial to read someone else's environment using the ps(1) command. ! 477: If you are contemplating using this feature, be sure to read the ! 478: sections "How to Protect Secret Keys from Disclosure" and "Exposure on ! 479: Multi-user Systems" in the full PGP manual. ! 480: ! 481: If the environment variable PGPPASSFD is defined, it must have a numeric ! 482: value, which PGP uses as a file descriptor number to read a pass phrase ! 483: from. This is done before anything else, so it can be combined with ! 484: an input file on standard input. This is mainly for use by shell scripts, ! 485: since under Unix it is difficult to read the contents of other people's ! 486: pipes. ! 487: ! 488: .SH "RETURN VALUE" ! 489: ! 490: PGP returns a 0 to the shell on success, and a nonzero error code on ! 491: failure. See the source code for details on nonzero status return ! 492: values. ! 493: ! 494: .SH FILES ! 495: .br ! 496: .nf ! 497: .\" set tabstop to longest possible filename ! 498: .ta \w'/usr/local/lib/pgp/language.txt'u ! 499: *.pgp ciphertext, signature, or key file ! 500: *.asc ascii armor file ! 501: /usr/local/lib/config.txt system-wide configuration file ! 502: $PGPPATH/config.txt per-user configuration file ! 503: $PGPPATH/pubring.pgp public key ring ! 504: $PGPPATH/secring.pgp secret key ring ! 505: $PGPPATH/randseed.bin random number seed file ! 506: /usr/local/lib/pgp/language.txt ! 507: $PGPPATH/language.txt foreign language translation file ! 508: /usr/local/lib/pgp/pgp.hlp ! 509: $PGPPATH/pgp/pgp.hlp online help text file ! 510: /usr/local/lib/pgp/pgpkey.hlp ! 511: $PGPPATH/pgp/pgpkey.hlp online key-management help text file ! 512: ! 513: .SH NOTE ! 514: ! 515: The manual is really good, and it's really important in the long run ! 516: that you read it. PGP may be an unpickable lock, but you have to ! 517: put in in the door properly to keep out intruders. So read the manual ! 518: and find out how! ! 519: ! 520: .SH CAVEATS ! 521: ! 522: It is impossible to overemphasize the importance of protecting your ! 523: secret key. Anyone gaining access to it can forge messages from you or ! 524: read mail addressed to you. Be very cautious in using PGP on any ! 525: multi-user unix system. ! 526: ! 527: PGP is believed by its authors to be the most secure cryptographic ! 528: software available to the public when used as directed, but then again ! 529: everyone always claims their pet encryption system is secure. Read the ! 530: section in the manual on "Trusting Snake Oil" and the section on ! 531: "Vulnerabilities" for caveats. ! 532: ! 533: .SH DIAGNOSTICS ! 534: ! 535: Mostly self explanatory. ! 536: ! 537: .SH BUGS ! 538: ! 539: PGP was initially written for the PC, and behaves very PCish. In ! 540: particular, its automagic file selection, file extensions, and the ! 541: like all make it somewhat alien in the UNIX environment. ! 542: ! 543: This man page needs to be updated to reflect all the latest features. ! 544: ! 545: .SH AUTHORS ! 546: ! 547: Originally written by Philip R. Zimmermann. Later augmented by a cast ! 548: of thousands. ! 549: ! 550: .SH "LEGAL RESTRICTIONS" ! 551: ! 552: For detailed information on PGP licensing, distribution, copyrights, ! 553: patents, trademarks, liability limitations, and export controls, see ! 554: the "Legal Issues" section in the "PGP User's Guide, Volume II: ! 555: Special Topics". In particular, PGP is export restricted by the Offices ! 556: of Defense Trade Controls and Munitions Control, U.S. Department of ! 557: State, and shall not be exported or reexported from the United States, ! 558: directly or indirectly, without obtaining a U.S. Department of State ! 559: License. ! 560: ! 561: PGP uses a public key algorithm claimed by U.S. patent #4,405,829. The ! 562: exclusive rights to this patent are held by a California company called ! 563: Public Key Partners. This is explained in the PGP User's Guide, Volume II. ! 564: ! 565: PGP itself is freeware, but it inherits certain encumbrances from its ! 566: use of RSAREF to perform public-key encryption. ! 567: ! 568: Another fully licensed commercial PGP is available from ViaCrypt, 2104 West ! 569: Peoria Avenue, Phoenix, Arizona 85029, (602) 944-0773.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.