--- pgp/doc/pgpdoc1.txt	2018/04/24 16:40:35	1.1.1.2
+++ pgp/doc/pgpdoc1.txt	2018/04/24 16:42:46	1.1.1.4
@@ -1,43 +1,47 @@
+
 		     Phil's Pretty Good Software
 			       Presents
 
-				 ===
-				 PGP
-				 ===
+                               =======
+                               PGP(tm)
+			       =======
 
-			 Pretty Good Privacy
+		       Pretty Good(tm) Privacy
 		 Public Key Encryption for the Masses
 
 
 		      --------------------------
-			   PGP User's Guide
+			 PGP(tm) User's Guide
 		      Volume I: Essential Topics
 		      --------------------------
 			 by Philip Zimmermann
-			  Revised 14 Jun 93
+			  Revised 22 May 94
 
 
-		     PGP Version 2.3a - 1 Jul 93
+		      PGP Version 2.6 - 22 May 94
 			     Software by
-			  Philip Zimmermann
-				 with
-	   Branko Lankester, Hal Finney, and Peter Gutmann
+		 Philip Zimmermann, and many others.
 
 
 
 
-Synopsis:  PGP uses public-key encryption to protect E-mail and data
-files.  Communicate securely with people you've never met, with no
-secure channels needed for prior exchange of keys.  PGP is well
+Synopsis:  PGP(tm) uses public-key encryption to protect E-mail and
+data files.  Communicate securely with people you've never met, with
+no secure channels needed for prior exchange of keys.  PGP is well
 featured and fast, with sophisticated key management, digital
 signatures, data compression, and good ergonomic design.
 
 
-Software and documentation (c) Copyright 1990-1992 Philip Zimmermann. 
-For information on PGP licensing, distribution, copyrights, patents,
-trademarks, liability limitations, and export controls, see the
-"Legal Issues" section in the "PGP User's Guide, Volume II: Special
-Topics".
+Software and documentation (c) Copyright 1990-1994 Philip Zimmermann.
+All rights reserved.  For information on PGP licensing, distribution,
+copyrights, patents, trademarks, liability limitations, and export
+controls, see the "Legal Issues" section in the "PGP User's Guide,
+Volume II: Special Topics".  Distributed by the Massachusetts
+Institute of Technology.
+
+
+"Whatever you do will be insignificant, but it is very important that
+you do it."  --Mahatma Gandhi
 
 
 Contents
@@ -79,7 +83,7 @@ About the Author
 
 
 Quick Overview
-=============
+==============
 
 Pretty Good(tm) Privacy (PGP), from Phil's Pretty Good Software, is a
 high security cryptographic software application for MSDOS, Unix,
@@ -166,8 +170,8 @@ with high capacity fiber optic data netw
 increasingly ubiquitous personal computers.  E-mail will be the norm
 for everyone, not the novelty it is today.  The Government will
 protect our E-mail with Government-designed encryption protocols. 
-Probably most people will trust that.  But perhaps some people will
-prefer their own protective measures.
+Probably most people will acquiesce to that.  But perhaps some people
+will prefer their own protective measures.
 
 Senate Bill 266, a 1991 omnibus anti-crime bill, had an unsettling
 measure buried in it.  If this non-binding resolution had become real
@@ -187,23 +191,24 @@ Congress.  It would require all manufact
 equipment to build in special remote wiretap ports that would enable
 the FBI to remotely wiretap all forms of electronic communication
 from FBI offices.  Although it never attracted any sponsors in
-Congress because of citizen opposition, it will be reintroduced in
-1993.  
+Congress in 1992 because of citizen opposition, it was reintroduced in
+1994.  
 
 Most alarming of all is the White House's bold new encryption policy
-initiative, under development at NSA for four years, and unveiled
-April 16th, 1993.  The centerpiece of this initiative is a
-Government-built encryption device, called the "Clipper" chip,
-containing a new classified NSA encryption algorithm.  The Government
-is encouraging private industry to design it into all their secure
-communication products, like secure phones, secure FAX, etc.  AT&T is
-now putting the Clipper into all their secure voice products.  The
-catch:  At the time of manufacture, each Clipper chip will be loaded
-with its own unique key, and the Government gets to keep a copy,
-placed in escrow.  Not to worry, though-- the Government promises
-that they will use these keys to read your traffic only when duly
-authorized by law.  Of course, to make Clipper completely effective,
-the next logical step would be to outlaw other forms of cryptography.
+initiative, under development at NSA since the start of the Bush
+administration, and unveiled April 16th, 1993.  The centerpiece of
+this initiative is a Government-built encryption device, called the
+"Clipper" chip, containing a new classified NSA encryption
+algorithm.  The Government is encouraging private industry to design
+it into all their secure communication products, like secure phones,
+secure FAX, etc.  AT&T is now putting the Clipper into their secure
+voice products.  The catch:  At the time of manufacture, each Clipper
+chip will be loaded with its own unique key, and the Government gets
+to keep a copy, placed in escrow.  Not to worry, though-- the
+Government promises that they will use these keys to read your
+traffic only when duly authorized by law.  Of course, to make Clipper
+completely effective, the next logical step would be to outlaw other
+forms of cryptography.
 
 If privacy is outlawed, only outlaws will have privacy.  Intelligence
 agencies have access to good cryptographic technology.  So do the big
@@ -301,7 +306,7 @@ rings contain secret key certificates.
 The keys are also internally referenced by a "key ID", which is an 
 "abbreviation" of the public key (the least significant 64 bits of 
 the large public key).  When this key ID is displayed, only the lower
-24 bits are shown for further brevity.  While many keys may share the
+32 bits are shown for further brevity.  While many keys may share the
 same user ID, for all practical purposes no two keys share the same
 key ID.  
 
@@ -341,8 +346,8 @@ friend who will then add it to her key r
 Installing PGP
 ==============
 
-The MSDOS PGP 2.3 release comes in a compressed archive file called
-PGP23.ZIP (each new release will have a name in the form "PGPxy.ZIP"
+The MSDOS PGP 2.6 release comes in a compressed archive file called
+PGP26.ZIP (each new release will have a name in the form "PGPxy.ZIP"
 for PGP version number x.y).  The archive can be decompressed with
 the MSDOS shareware decompression utility PKUNZIP, or the Unix
 utility "unzip".  The PGP release package contains a README.DOC file
@@ -351,10 +356,8 @@ file contains late-breaking news on what
 PGP, as well as information on what's in all the other files included
 in the release.
 
-If you already have PGP version 1.0 for MSDOS, you should probably
-delete it, because no one else uses it anymore.  If you don't want to
-delete it, rename the old executable file to pgp1.exe, to avoid name
-conflicts with the new PGP.
+If you already have an earlier version of PGP, you should rename it
+or delete it, to avoid name conflicts with the new PGP.
 
 To install PGP on your MSDOS system, you just have to copy the
 compressed archive PGPxx.ZIP file into a suitable directory on your
@@ -455,13 +458,41 @@ example is:
 
 This searches your secret key ring file "secring.pgp" for any secret
 key certificates that contain the string "Bob" anywhere in the user
-ID field.  The search is not case-sensitive.  If it finds a matching
-secret key, it uses it to sign the plaintext file "letter.txt",
-producing a signature file called "letter.pgp". 
+ID field.  Your name is Bob, isn't it?  The search is not
+case-sensitive.  If it finds a matching secret key, it uses it to
+sign the plaintext file "letter.txt", producing a signature file
+called "letter.pgp". 
 
 If you leave off the user ID field, the first key on your secret
 key ring is used as the default secret key for your signature.
 
+PGP attempts to compress the message after signing it.  Thus the
+signed file will likely be smaller than the original file, which is
+useful for archival applications.  However, this renders the file
+unreadable to the casual human observer, even if the original message
+was ordinary ASCII text.  It would be nice if you could make a signed
+file that was still directly readable to a human.  This would be
+particularly useful if you want to send a signed message as E-mail.
+
+For signing E-mail messages, where you most likely do want the result
+to be human-readable, it is probably most convenient to use the
+CLEARSIG feature, explained later.  This allows the signature to be
+applied in printable form at the end of the text, and also disables
+compression of the text.  This means the text is still human-readable
+by the recipient even if the recipient doesn't use PGP to check the
+signature.  This is explained in detail in the section entitled
+"CLEARSIG - Enable Signed Messages to be Encapsulated as Clear Text",
+in the Special Topics volume.  If you can't wait to read that section
+of the manual, you can see how an E-mail message signed this way
+would look, with this example:
+
+     pgp -sta message.txt
+
+This would create a signed message in file "message.asc", comprised
+of the original text, still human-readable, appended with a printable
+ASCII signature certificate, ready to send through an E-mail system. 
+This example assumes that you are using the normal settings for
+enabling the CLEARSIG flag in the config file.
 
 
 Signing and then Encrypting
@@ -575,10 +606,10 @@ size, type:
 
     pgp -kg
 
-PGP shows you a menu of recommended key sizes (casual grade,
-commercial grade, or military grade) and prompts you for what size
-key you want, up to around a thousand bits.  The bigger the key, the
-more security you get, but you pay a price in speed.  
+PGP shows you a menu of recommended key sizes (low commercial grade,
+high commercial grade, or "military" grade) and prompts you for what
+size key you want, up to more than a thousand bits.  The bigger the
+key, the more security you get, but you pay a price in speed.  
 
 It also asks for a user ID, which means your name.  It's a good idea
 to use your full name as your user ID, because then there is less
@@ -618,7 +649,8 @@ type.  So don't just type repeated seque
 
 Note that RSA key generation is a lengthy process.  It may take a few
 seconds for a small key on a fast processor, or quite a few minutes
-for a large key on an old IBM PC/XT.
+for a large key on an old IBM PC/XT.  PGP will visually indicate its
+progress during key generation.
 
 The generated key pair will be placed on your public and secret key
 rings.  You can later use the -kx command option to extract (copy)
@@ -636,11 +668,18 @@ pair.  Always keep physical control of y
 exposing it by storing it on a remote timesharing computer.  Keep it
 on your own personal computer.
 
+If PGP complains about not being able to find the PGP User's Guide on
+your computer, and refuses to generate a key pair without it, read
+the explanation of the NOMANUAL parameter in the section "Setting
+Configuration Parameters" in the Special Topics volume.
 
 
 Adding a Key to Your Key Ring
 -----------------------------
 
+Sometimes you will want to add to your keyring a key provided to you
+by someone else, in the form of a keyfile.
+
 To add a public or secret key file's contents to your public or
 secret key ring (note that [brackets] denote an optional field):
 
@@ -654,11 +693,18 @@ different key ring file name, with the e
 
 If the key is already on your key ring, PGP will not add it again. 
 All of the keys in the keyfile are added to the keyring, except for
-duplicates.  If the key being added has attached signatures
+duplicates.
+
+Later in the manual, we will explain the concept of certifying keys
+with signatures.  If the key being added has attached signatures
 certifying it, the signatures are added with the key.  If the key is
 already on your key ring, PGP just merges in any new certifying
 signatures for that key that you don't already have on your key ring.
 
+PGP was originally designed for handling small personal keyrings.  If
+you want to handle really big keyrings, see the section on "Handling
+Large Public Keyrings" in the Special Topics volume.
+
 
 
 Removing a Key or User ID from Your Key Ring
@@ -717,8 +763,9 @@ if you want to list secret keys.  If you
 key ring file name, you can.  The default key ring extension is
 ".pgp".  
 
-To see all the certifying signatures attached to each key, use the
--kvv option:
+Later in the manual, we will explain the concept of certifying keys
+with signatures.  To see all the certifying signatures attached to
+each key, use the -kvv option:
 
     pgp -kvv [userid] [keyring] 
 
@@ -811,7 +858,7 @@ for key management.
 
 This whole business of protecting public keys from tampering is the
 single most difficult problem in practical public key applications. 
-It is the "Achilles heel" of public key cryptography, and a lot of
+It is the Achilles' heel of public key cryptography, and a lot of
 software complexity is tied up in solving this one problem.  
 
 You should use a public key only after you are sure that it is a good
@@ -1142,13 +1189,14 @@ Many electronic mail systems only allow
 not the 8-bit raw binary data that ciphertext is made of.  To get
 around this problem, PGP supports ASCII radix-64 format for
 ciphertext messages, similar to the Internet Privacy-Enhanced Mail
-(PEM) format.  This special format represents binary data by using
-only printable ASCII characters, so it is useful for transmitting
-binary encrypted data through 7-bit channels or for sending binary
-encrypted data as normal E-mail text.  This format acts as a form of
-"transport armor", protecting it against corruption as it travels
-through intersystem gateways on Internet.  It also appends a CRC to 
-detect transmission errors.
+(PEM) format, as well as the Internet MIME format.  This special
+format represents binary data by using only printable ASCII
+characters, so it is useful for transmitting binary encrypted data
+through 7-bit channels or for sending binary encrypted data as normal
+E-mail text.  This format acts as a form of "transport armor",
+protecting it against corruption as it travels through intersystem
+gateways on Internet.  PGP also appends a CRC to detect transmission
+errors.
 
 Radix-64 format converts the plaintext by expanding groups of 3
 binary 8-bit bytes into 4 printable ASCII characters, so the file
@@ -1199,18 +1247,20 @@ extracted a key, you may still directly
 radix-64 format by simply using the -a option alone, without any
 encryption specified.  PGP converts it to a ".asc" file.
 
-If you want to send through an E-mail channel a plaintext file that
-is signed but not encrypted, PGP will normally convert it all into
-radix-64 armor, rendering it unreadable to the casual human observer. 
-If the original plaintext message is in text (not binary) form, there
-is a way to send it through an E-mail channel in such a way that the
-ASCII armor is applied only to the binary signature certificate, but
-not to the plaintext message.  This makes it possible for the
-recipient to read the signed message with human eyes, without the aid
-of PGP.  Of course, PGP is still needed to actually check the
-signature.  For further information on this feature, see the
-explanation of the CLEARSIG parameter in the section "Setting
-Configuration Parameters: CONFIG.TXT" in the Special Topics volume.
+If you sign a plaintext file without encrypting it, PGP will normally
+compress it after signing it, rendering it unreadable to the casual
+human observer.  This is a suitable way of storing signed files in
+archival applications.  But if you want to send the signed message as
+E-mail, and the the original plaintext message is in text (not
+binary) form, there is a way to send it through an E-mail channel in
+such a way that the plaintext does not get compressed, and the ASCII
+armor is applied only to the binary signature certificate, but not to
+the plaintext message.  This makes it possible for the recipient to
+read the signed message with human eyes, without the aid of PGP.  Of
+course, PGP is still needed to actually check the signature.  For
+further information on this feature, see the explanation of the
+CLEARSIG parameter in the section "Setting Configuration Parameters:
+CONFIG.TXT" in the Special Topics volume.
 
 
 Environmental Variable for Path Name
@@ -1396,7 +1446,7 @@ prevent the initial publication of the R
 they have squashed essentially all commercial efforts to develop
 effective secure telephones for the general public. 
 
-The principle job of the US Government's National Security Agency is
+The principal job of the US Government's National Security Agency is
 to gather intelligence, principally by covertly tapping into people's
 private communications (see James Bamford's book, "The Puzzle
 Palace").  The NSA has amassed considerable skill and resources for
@@ -1440,6 +1490,10 @@ To encrypt a plaintext file with the rec
 To sign a plaintext file with your secret key:
      pgp -s textfile [-u your_userid]
 
+To sign a plaintext ASCII text file with your secret key, producing a
+signed plaintext message suitable for sending via E-mail:
+     pgp -sta textfile [-u your_userid]
+
 To sign a plaintext file with your secret key, and then encrypt it 
 with the recipient's public key:
      pgp -es textfile her_userid [-u your_userid]
@@ -1550,25 +1604,50 @@ writing to standard output, add the -f o
 Legal Issues
 ============
 
-For detailed information on PGP licensing, distribution, copyrights,
-patents, trademarks, liability limitations, and export controls, see
-the "Legal Issues" section in the "PGP User's Guide, Volume II: 
-Special Topics".
+For detailed information on PGP(tm) licensing, distribution,
+copyrights, patents, trademarks, liability limitations, and export
+controls, see the "Legal Issues" section in the "PGP User's Guide,
+Volume II: Special Topics".
 
 PGP uses a public key algorithm claimed by U.S. patent #4,405,829. 
-The exclusive rights to this patent are held by a California company
-called Public Key Partners, and you may be infringing this patent if
-you use PGP in the USA.  This is explained in the Volume II manual.
+The exclusive licensing rights to this patent are held by a
+California company called Public Key Partners, and you may be
+infringing the patent if you use PGP in the USA without a license. 
+These issues are detailed in the Volume II manual, and in the RSAREF
+license that comes with the freeware version of PGP.  PKP has licensed
+others to practice the patent, including a company known as ViaCrypt,
+in Phoenix, Arizona.  ViaCrypt sells a fully licensed version of PGP.
+ViaCrypt may be reached at 602-944-0773.
 
 PGP is "guerrilla" freeware, and I don't mind if you distribute it
-widely.  Just don't ask me to send you a copy.  Instead, you can get
-it yourself from many BBS systems and a number of Internet FTP sites.  
+widely.  Just don't ask me to send you a copy.  Instead, you can look
+for it yourself on many BBS systems and a number of Internet FTP
+sites.  But before you distribute PGP, it is essential that you
+understand the U.S. export controls on encryption software.
 
 
 
 Acknowledgments
 ================
 
+Formidable obstacles and powerful forces have been arrayed to stop
+PGP.  Dedicated people are helping to overcome these obstacles.  PGP
+has achieved notoriety as "underground software", and bringing PGP
+"above ground" as fully licensed freeware has required patience and
+persistence.  I'd especially like to thank Hal Abelson, Jeff
+Schiller, Brian LaMacchia, and Derek Atkins at MIT for their
+determined efforts.  I'd also like to thank Jim Bruce and David
+Litster in the MIT administration and Bob Prior and Terry Ehling at
+the MIT Press.  And I'd like to thank my entire legal defense team,
+whose job is not over yet.  I used to tell a lot of lawyer jokes,
+before I encountered so many positive examples of lawyers in my legal
+defense team, most of whom work pro bono.
+
+The development of PGP has turned into a remarkable social
+phenomenon, whose unique political appeal has inspired the collective
+efforts of an ever-growing number of volunteer programmers.  Remember
+that children's story called "Stone Soup"?
+
 I'd like to thank the following people for their contributions to the
 creation of Pretty Good Privacy.  Although I was the author of PGP
 version 1.0, major parts of later versions of PGP were implemented by
@@ -1577,9 +1656,7 @@ contributors, under my design guidance.
 
 Branko Lankester, Hal Finney and Peter Gutmann all contributed a huge
 amount of time in adding features for PGP 2.0, and ported it to Unix
-variants.  Hal and Branko made Herculean efforts in implementing my
-new key management protocols.  Branko has spent more time on it than
-any other contributor to PGP.
+variants.
 
 Hugh Kennedy ported it to VAX/VMS, Lutz Frank ported it to the Atari
 ST, and Cor Bosman and Colin Plumb ported it to the Commodore Amiga.
@@ -1614,19 +1691,15 @@ Various contributions of coding effort a
 Derek Atkins, and Castor Fu.  Other contributions of effort, coding
 or otherwise, have come from Hugh Miller, Eric Hughes, Tim May,
 Stephan Neuhaus, and too many others for me to remember right now. 
-Two Macintosh porting projects have been underway, headed by Zbigniew
-Fiedorwicz and Blair Weiss.
+Zbigniew Fiedorwicz did a Macintosh port.
 
 Since the release of PGP 2.0, many other programmers have sent in
 patches and bug fixes and porting adjustments for other computers.
 There are too many to individually thank here.
 
-The development of PGP has turned into a remarkable social
-phenomenon, whose unique political appeal has inspired the collective
-efforts of an ever-growing number of volunteer programmers.  Remember
-that children's story called "Stone Soup"?  It is getting harder to
-peer through the thick soup to see the stone at the bottom of the pot
-that I dropped in to start it all off.
+Just as in the "Stone Soup" story, it is getting harder to peer
+through the thick soup to see the stone at the bottom of the pot that
+I dropped in to start it all off.
 
 
 
@@ -1649,6 +1722,7 @@ consulting firm's address is:
 Boulder Software Engineering
 3021 Eleventh Street
 Boulder, Colorado 80304  USA
-Phone 303-541-0140 (voice or FAX)  (10:00am - 7:00pm Mountain Time)
+Phone: 303-541-0140 (10:00am - 7:00pm Mountain Time)
+Fax: arrange by phone
 Internet:  prz@acm.org