![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to pgp_vms.hlp CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / doc|
Return to pgp_vms.hlp CVS log | Up to [PGP] / pgp / doc |
1.1 root 1: ! .TH PGP 1 "PGP Version 2.6.3i"
2: ! .\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection
3: ! .\" other parms are allowed: see man(7), man(1)
4: 1 PGP
5: Pretty Good Privacy encryption system (PGP Version 2.6.3i).
6:
7: SYNOPSIS
8:
9: $ pgp [options] pgpfile
10:
11: $ pgp -e [options] file user
12:
13: DOCUMENTATION
14:
15: Full documentation path: PGP$LIBRARY:[DOC]
16: Read PGPDOC1.TXT and PGPDOC2.TXT before to start using this product.
17:
18: "THE BEGINNER'S GUIDE" and the "Frequently Asked Questions" can be found
19: in the same directory, the file names are: PGPBG11.ASC and PGP.FAQ
20: !
21: 2 Description
22: PGP (Pretty Good Privacy) is a public key encryption package to protect
23: E-mail and data files. It lets you communicate securely with people
24: you've never met, with no secure channels needed for prior exchange of
25: keys. It's well featured and fast, with sophisticated key management,
26: digital signatures, data compression, and good ergonomic design. If you
27: really want to learn how to use it properly, it's best to read the full
28: documentation that comes with the system, which is very complete. This
29: is a "quick start" guide and reference manual; it is necessarily
30: incomplete, and assumes you are already familiar with most of the basic
31: concepts, including the concepts behind public key cryptography.
32: !
33: 2 Terminology
34: user id: an ascii string used to identify a user.
35:
36: User IDs tend to look like "John Q. Public <[email protected]>"; please
37: try sticking to that format. When giving a user id to PGP, you may
38: specify any unique (case-insensitive) substring. E.g. john, or
39: jqp@xyz.
40:
41: pass phrase: the secret string used to conventionally encipher your
42: private key. It's important that this be kept secret.
43:
44: keyring: a file containing a set of public or secret keys.
45:
46: Default names for public and secret rings are "pubring.pgp" and
47: "secring.pgp" respectively.
48:
49: ascii armor: the ascii radix 64 format PGP uses for transmitting messages
50: over channels like E-Mail; similar in concept to uuencoding.
51: !
52: 2 Command_summary
53:
54: To see a quick command usage summary for PGP, just type:
55:
56: $ pgp -h
57:
58: To encrypt a plaintext file with the recipient's public key:
59:
60: $ pgp -e textfile her_userid [other userids]
61:
62: To sign a plaintext file with your secret key:
63:
64: $ pgp -s textfile [-u your_userid]
65:
66: To sign a plaintext file with your secret key, and then encrypt it with
67: the recipient's public key:
68:
69: $ pgp -es textfile her_userid [other userids] [-u your_userid]
70:
71: To create a signature certificate that is detached from the document:
72:
73: $ pgp -sb textfile [-u your_userid]
74:
75: To encrypt a plaintext file with just conventional cryptography, type:
76:
77: $ pgp -c textfile
78:
79: To decrypt an encrypted file, or to check the signature integrity of a
80: signed file:
81:
82: $ pgp ciphertextfile [-o plaintextfile]
83:
84: To see a quick summary of PGP's key-management commands, just type:
85:
86: $ pgp -k
87:
88: To generate your own unique public/secret key pair:
89:
90: $ pgp -kg
91:
92: To add a public or secret key file's contents to your public or secret
93: key ring:
94:
95: $ pgp -ka keyfile [keyring]
96:
97: To remove a key from your public key ring:
98:
99: $ pgp -kr userid [keyring]
100:
101: To extract (copy) a key from your public or secret key ring:
102:
103: $ pgp -kx[a] userid keyfile [keyring]
104:
105: To view the contents of your public key ring:
106:
107: $ pgp -kv[v] [userid] [keyring]
108:
109: To view the "fingerprint" of a public key, to help verify it over the
110: telephone with its owner:
111:
112: $ pgp -kvc [userid] [keyring]
113:
114: To view the contents and check the certifying signatures of your public
115: key ring:
116:
117: $ pgp -kc [userid] [keyring]
118:
119: To edit the pass phrase for or add a userid to your secret key:
120:
121: $ pgp -ke userid [keyring]
122:
123: To edit the trust parameters for a public key:
124:
125: $ pgp -ke userid [keyring]
126:
127: To remove a key or just a userid from your public key ring:
128:
129: $ pgp -kr userid [keyring]
130:
131: To sign and certify someone else's public key on your public key ring:
132:
133: $ pgp -ks her_userid [-u your_userid] [keyring]
134:
135: To remove selected signatures from a userid on a keyring:
136:
137: $ pgp -krs userid [keyring]
138:
139:
140: Command options that can be used in combination with other command
141: options (sometimes even spelling interesting words):
142:
143: To produce a ciphertext file in ASCII radix-64 format, just add the -a
144: option when encrypting or signing a message or extracting a key:
145:
146: $ pgp -sea textfile her_userid
147:
148: $ pgp -kxa userid keyfile [keyring]
149:
150: To wipe out the plaintext file after producing the ciphertext file, just
151: add the -w (wipe) option when encrypting or signing a message:
152:
153: $ pgp -sew message.txt her_userid
154:
155: To specify that a plaintext file contains ASCII text, not binary, and
156: should be converted to recipient's local text line conventions, add the
157: -t (text) option to other options:
158:
159: $ pgp -seat message.txt her_userid
160:
161: To view the decrypted plaintext output on your screen (like the
162: Unix-style "more" command), without writing it to a file, use the -m
163: (more) option while decrypting:
164:
165: $ pgp -m ciphertextfile
166:
167: To specify that the recipient's decrypted plaintext will be shown only on
168: her screen and cannot be saved to disk, add the -m option:
169:
170: $ pgp -steam message.txt her_userid
171:
172: To recover the original plaintext filename while decrypting, add the -p
173: option:
174:
175: $ pgp -p ciphertextfile
176:
177: To use a Unix-style filter mode, reading from standard input and writing
178: to standard output, add the -f option:
179:
180: $ pgp -feast her_userid <inputfile >outputfile
181: !
182: 2 The_Config_File
183: PGP uses a configuration database that is stored in the file
184: "config.txt"; please see the manual for complete details. Blank lines and
185: lines beginning with "#" are comments. Options take string, numeric, or
186: boolean values. The boolean values are "on" and "off". These options can
187: also be specified on the command line, using a syntax such as +armor=on.
188: Keywords can be abbreviated to unique prefixes. Keywords are not
189: case-sensitive. "=on" is assumed for boolean options if nothing is
190: specified. Some highlights:
191: 3 MYNAME
192: MYNAME - Default User ID for Making Signatures
193:
194: Default setting: MYNAME = ""
195:
196: The configuration parameter MYNAME specifies the default user ID to
197: use to select the secret key for making signatures. If MYNAME is not
198: defined, the most recent secret key you installed on your secret key
199: ring is used. The user may also override this setting by specifying a
200: user ID on the PGP command line with the -u option.
201: 3 TEXTMODE
202: TEXTMODE - Assuming Plaintext is a Text File
203:
204: Default setting: TEXTMODE = off
205:
206: The configuration parameter TEXTMODE is equivalent to the -t command
207: line option. If enabled, it causes PGP to assume the plaintext is a
208: text file, not a binary file, and converts it to "canonical text"
209: before encrypting it. Canonical text has a carriage return and a
210: linefeed at the end of each line of text.
211:
212: This mode is automatically turned off if PGP detects that the
213: plaintext file contains 8-bit binary data. Thus, it is safe to leave
214: enabled at all times.
215: 3 ARMOR
216: ARMOR - Enable ASCII Armor Output
217:
218: Default setting: ARMOR = off
219:
220: The configuration parameter ARMOR is equivalent to the -a command
221: line option. If enabled, it causes PGP to emit ciphertext or keys in
222: ASCII Radix-64 format suitable for transporting through E-mail
223: channels. Output files are named with the ".asc" extension.
224:
225: If you tend to use PGP mostly for E-mail, it may be a good idea to
226: enable this parameter.
227: 3 ARMORLINES
228: ARMORLINES - Size of ASCII Armor Multipart Files
229:
230: Default setting: ARMORLINES = 720
231:
232: For large ASCII armor files, PGP splits them into files named
233: ".asc1", ".asc2", ".asc3", etc. so as not to choke mailers, which
234: typically starts to happen around 50,000 bytes. This specifies the
235: number of (64-byte) lines to place in each file. If set to 0, PGP
236: will not split ASCII armor files.
237: 3 CLEARSIG
238: CLEARSIG - Enable Clear-Signed Output
239:
240: Default setting: CLEARSIG = on
241:
242: Normally, a signed and ASCII-armored PGP message is gibberish, even
243: though the text is not encrypted. This prevents munging by mailers,
244: but requires PGP to simply read the message.
245:
246: If CLEARSIG is enabled, then when signing and ASCII-armoring a text
247: file, PGP uses a different format that includes the plaintext in
248: human-readable form. Lines beginning with "-" are quoted with "\-\ ".
249: To cope with some of the stupider mailers in the world, lines
250: beginning with "From" are also quoted, and trailing whitespace on
251: lines is stripped. PGP will remove the quoting if you use it to
252: decrypt the message, but the trailing whitespace is not recovered.
253: This is still useful enough to be enabled by default.
254: 3 ENCRYPTTOSELF
255: ENCRYPTTOSELF - Add MYNAME to Recipients List
256:
257: Default setting: ENCRYPTTOSELF = off
258:
259: If this is emabled, MYNAME will be implcitly added to the list of
260: recipients for any message you encrypt with a public key. Since in
261: this case, MYNAME is looked up in the public keyring, it is important
262: that it unambiguously specify the right key.
263: 3 LANGUAGE
264: LANGUAGE - Language To Use
265:
266: Default setting: LANGUAGE = en
267:
268: If you want to use a different language, and translations are in the
269: language.txt file, setting this option will cause PGP's messages to
270: appear in a different language. If a translation for a message is not
271: available, it appears in english.
272:
273: If you look at the supplied language.txt file, the format should be
274: obvious.
275: 3 CHARSET
276: CHARSET - Character Set
277:
278: Default setting: CHARSET = noconv
279:
280: PGP tries to translate all text-mode messages into the ISO Latin-1
281: alphabet, or the KOI-8 alphabet for cyrillic alphabets. This setting
282: indicates the native character set, so PGP can do the translation.
283: Options are noconv, latin1 or koi8, indicating that no translation
284: should be done; cp850, indicating that IBM PC code page 850 mappings
285: should be used; ascii, indicating that a minimal ASCII subset should
286: be used; and alt_codes, indicating that the IBM PC alt codes should
287: be used for the cyrillic alphabet.
288: 3 KEEPBINARY
289: KEEPBINARY - Preserve Intermediate .pgp File
290:
291: Default setting: KEEPBINARY = off
292:
293: If KEEPBINARY is enabled, then PGP will produce a .pgp file in
294: addition to a .asc file when ASCII armor is enabled.
295: 3 TMP
296: TMP - Temporary file directory
297:
298: Default setting: TMP = ""
299:
300: PGP produces temporary files while decrypting a message. This is the
301: directory they are stored in. If not specified in the config file,
302: the environment variable TMP is used, or the current directory. It
303: helps security somewhat if this is not a publicly-readable directory.
304: A local file system is also a good idea.
305: 3 COMPRESS
306: COMPRESS - Compress Plaintext Before Encrypting
307:
308: Default setting: COMPRESS = on
309:
310: PGP usually compresses the plaintext before encrypting it, so it will
311: have less to encrypt and the file you send will be smaller. It also
312: makes cryptanalysis harder. This is usually only turned off for
313: debugging purposes.
314: 3 PAGER
315: PAGER - Select Shell Command to Display Pager Output
316:
317: Default setting: PAGER = ""
318:
319: If set, PGP uses this program to view files when the -m option is
320: specified. By default, PGP uses a simple builtin pager.
321: 3 SHOWPASS
322: SHOWPASS - Echo Pass Phrase During Entry
323:
324: Default setting: SHOWPASS = off
325:
326: If someone is unable to type a long pass phrase reliably without
327: seeing it, this can be turned on, at the cost of security.
328: 3 INTERACTIVE
329: INTERACTIVE - Prompt Before Adding Each Key
330:
331: Default setting: INTERACTIVE = off
332:
333: By default, when given a file containing new keys, PGP asks if you
334: would like to add them to your public key ring. Since adding keys
335: does not imply that you trust them, adding more just wakes up space.
336: If this option is set, PGP asks about each key in a key file.
337: 3 VERBOSE
338: VERBOSE - Level of Detail Printed
339:
340: Default setting: VERBOSE = 1
341:
342: When set to 0, PGP only prints messages that are necessary or
343: indicate an error. When set to 2, PGP prints a significant amount of
344: debugging information describing what it's doing. Values above 2 have
345: no effect.
346: 3 PUBRING
347: PUBRING - Public Key Ring Location
348:
349: Default setting: PUBRING = $PGPPATH/pubring.pgp
350:
351: This is the path name to the public key ring to use.
352: 3 SECRING
353: SECRING - Secret Key Ring Location
354:
355: Default setting: SECRING = $PGPPATH/secring.pgp
356:
357: This is the path name to the secret key ring to use.
358: 3 BAKRING
359: BAKRING - Backup Secret Key Ring
360:
361: Default setting: BAKRING = ""
362:
363: If this is set, when checking your key ring (pgp -kc), PGP will
364: compare the normal secret key ring against the given backup copy,
365: usually kept on write-protected removable media. This is to protect
366: against wholesale modifications to your key rings in a spoofing
367: attack.
368: 3 RANDSEED
369: RANDSEED - Random Number Seed File
370:
371: Default setting: RANDSEED = $PGPPATH/randseed.bin
372:
373: This is the path to a random seed file which is part of PGP's random
374: number generation algorithm, used to generate session keys. While PGP
375: goes to great lengths to use every available source of randomness in
376: generating session keys, this file is part of the process and
377: protecting it from disclosure is desirable.
378: 3 COMMENT
379: COMMENT - ASCII Armor Comment
380:
381: Default setting: COMMENT = ""
382:
383: If set to a non-empty string, the value of this variable is printed
384: in the header of ASCII armor files, preceded by "Comment: ".
385: 3 LEGAL_KLUDGE
386: LEGAL_KLUDGE - Incompatibility with PGP versions prior to 2.6
387:
388: Default setting: LEGAL_KLUDGE = on
389:
390: If set, PGP will generate keys and messages in a new format that
391: cannot be read by PGP 2.5 and earlier versions.
392: !
393: 2 Key_certification
394: PGP employs a system where users specify trusted users who may sign other
395: people's public keys. It is important that you understand how this
396: mechanism works; a full description is in the manual.
397:
398: Important: The manual also describes how to generate and send a "key
399: compromise" certificate that tells readers that your private
400: key has been compromised. If your key has been compromised,
401: please read the manual section on key compromise certificates
402: and how to create them; the faster you send out a key
403: compromise certificate, the smaller the window of opportunity
404: for "bad guys" to send forged messages.
405: !
406: 2 Important_Hints
407: PGP automatically tries compressing your input file; there is little
408: point in precompressing input for transmission.
409:
410: PGP "ascii armor" is only needed on the outer transmitted message; as an
411: example, if you are, say, sending a public key to someone else and you
412: are for some reason signing it, simply armor the outer message; it's
413: better to sign the binary form of the key.
414: !
415: 2 Foreign_Languages
416: PGP is easily customized for foreign language help and error messages;
417: it has been translated into a number of non-english languages. See the
418: manual for details on the file "language.txt".
419: !
420: 2 Environment
421: PGP uses several special files for its purposes, such as your standard
422: key ring files "pubring.pgp" and "secring.pgp", the random number seed
423: file "randseed.bin", the PGP configuration file "config.txt", and the
424: foreign language string translation file "language.txt". These special
425: files can be kept in any directory, by setting the environment variable
426: "PGPPATH" to the desired pathname. If PGPPATH remains undefined, these
427: special files are assumed to be in the current directory.
428:
429: Normally, PGP prompts the user to type a pass phrase whenever PGP needs a
430: pass phrase to unlock a secret key. But it is possible to store the pass
431: phrase in an environment variable from your operating system's command
432: shell. The environment variable PGPPASS can be used to hold the pass
433: phrase that PGP attempts to use first. If the pass phrase stored in
434: PGPPASS is incorrect, PGP recovers by prompting the user for the correct
435: pass phrase. This dangerous feature makes your life more convenient if
436: you have to regularly deal with a large number of incoming messages
437: addressed to your secret key, by eliminating the need for you to
438: repeatedly type in your pass phrase every time you run PGP.
439: This is a very dangerous feature; on UNIX it is trivial to read someone
440: else's environment using the ps(1) command. If you are contemplating
441: using this feature, be sure to read the sections "How to Protect Secret
442: Keys from Disclosure" and "Exposure on Multi-user Systems" in the full
443: PGP manual.
444:
445: If the environment variable PGPPASSFD is defined, it must have a numeric
446: value, which PGP uses as a file descriptor number to read a pass phrase
447: from. This is done before anything else, so it can be combined with an
448: input file on standard input. This is mainly for use by shell scripts,
449: since under Unix it is difficult to read the contents of other people's
450: pipes.
451: !
452: 2 Return_Value
453: PGP returns a 0 to the shell on success, and a nonzero error code on
454: failure. See the source code for details on nonzero status return values.
455: !
456: 2 Files
457: *.pgp ciphertext, signature, or key file
458: *.asc ascii armor file
459: /usr/local/lib/config.txt system-wide configuration file
460: $PGPPATH/config.txt per-user configuration file
461: $PGPPATH/pubring.pgp public key ring
462: $PGPPATH/secring.pgp secret key ring
463: $PGPPATH/randseed.bin random number seed file
464: /usr/local/lib/pgp/language.txt
465: $PGPPATH/language.txt foreign language translation file
466: /usr/local/lib/pgp/pgp.hlp
467: $PGPPATH/pgp/pgp.hlp online help text file
468: /usr/local/lib/pgp/pgpkey.hlp
469: $PGPPATH/pgp/pgpkey.hlp online key-management help text file
470: !
471: 2 Note
472: The manual is really good, and it's really important in the long run that
473: you read it. PGP may be an unpickable lock, but you have to put in in the
474: door properly to keep out intruders. So read the manual and find out how!
475: !
476: 2 Caveats
477: It is impossible to overemphasize the importance of protecting your
478: secret key. Anyone gaining access to it can forge messages from you or
479: read mail addressed to you. Be very cautious in using PGP on any
480: multi-user unix system.
481:
482: PGP is believed by its authors to be the most secure cryptographic
483: software available to the public when used as directed, but then again
484: everyone always claims their pet encryption system is secure. Read the
485: section in the manual on "Trusting Snake Oil" and the section on
486: "Vulnerabilities" for caveats.
487: !
488: 2 Diagnostics
489:
490: Mostly self explanatory.
491: !
492: 2 Bugs
493: PGP was initially written for the PC, and behaves very PCish. In
494: particular, its automagic file selection, file extensions, and the like
495: all make it somewhat alien in the UNIX environment.
496:
497: This man page needs to be updated to reflect all the latest features.
498: !
499: 2 Authors
500: Originally written by Philip R. Zimmermann. Later augmented by a cast of
501: thousands.
502: !
503: 2 Legal_Restrictions
504: PGP 2.6.3i is freeware, and may be used for non-commercial purposes only.
505: This version of PGP is illegal to use within the USA but is fine
506: elsewhere in the world. US users should get a copy of MIT PGP 2.6.2
507: instead, or purchase the commercial version 2.7.1 from ViaCrypt.
508:
509: For detailed information on PGP licensing, distribution, copyrights,
510: patents, trademarks, liability limitations, and export controls, see the
511: "Legal Issues" section in the "PGP User's Guide, Volume II: Special
512: Topics".
513:
514:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.