--- pgp/doc/pgpdoc2.txt 2018/04/24 16:43:57 1.1.1.5 +++ pgp/doc/pgpdoc2.txt 2018/04/24 16:44:55 1.1.1.6 @@ -16,10 +16,10 @@ Volume II: Special Topics ------------------------- by Philip Zimmermann - Revised 31 August 94 + Revised 11 October 94 - PGP Version 2.6.1 - 30 Aug 94 + PGP Version 2.6.2 - 11 Oct 94 Software by Philip Zimmermann, and many others. @@ -49,6 +49,7 @@ Special Topics Separating Signatures from Messages Decrypting the Message and Leaving the Signature on it Sending ASCII Text Files Across Different Machine Environments + Using PGP as a Better Uuencode Leaving No Traces of Plaintext on the Disk Displaying Decrypted Plaintext on Your Screen Making a Message For Her Eyes Only @@ -63,7 +64,7 @@ Special Topics Force "Yes" Answer to Confirmation Questions: FORCE PGP Returns Exit Status to the Shell Environmental Variable for Pass Phrase - Setting Configuration Parameters: CONFIG.TXT + Setting Parameters in the PGP Configuration File TMP - Directory Pathname for Temporary Files LANGUAGE - Foreign Language Selector MYNAME - Default User ID for Making Signatures @@ -285,6 +286,9 @@ encrypting or signing a message, like so This mode is automatically turned off if PGP detects that the plaintext file contains what it thinks is non-text binary data. +If you need to use the -t option a lot, you can just turn on the +TEXTMODE flag in the PGP configuration file. That's what I do. + For PGP users that use non-English 8-bit character sets, when PGP converts text to canonical form, it may convert data from the local character set into the LATIN1 (ISO 8859-1 Latin Alphabet 1) character @@ -294,6 +298,54 @@ characters added for many European langu +Using PGP as a Better Uuencode +------------------------------ + +A lot of people in the Unix world send binary data files through +E-mail channels by using the Unix "uuencode" utility to convert the +file into printable ASCII characters that can be sent via email. No +encryption is involved, so neither the sender nor the recipient need +any special keys. The uuencode format was designed for a similar +purpose as PGP's radix-64 ASCII transport armor format described in +the "Sending Ciphertext Through E-mail Channels: Radix-64 Format" +section, but not as good. A different radix-64 character set is +used. Uuencode has its problems, such as 1) several slightly +incompatible character sets for different versions of uuencode in the +MSDOS and Unix worlds, and 2) the data can be corrupted by some +E-mail gateways that strip trailing blanks or do other modifications +to the character set used by uuencode. + +PGP may be used in a manner that offers the same general features as +uuencode, and then some. You can get PGP to just convert a file into +PGP's radix-64 ASCII transport armor format, but you don't have to +encrypt the file or sign it, so no keys are needed by either party. +Simply use the -a option alone. For example: + + pgp -a filename + +This would produce a radix-64 armored file called "filename.asc". + +If you read the "Sending Ciphertext Through E-mail Channels: Radix-64 +Format" section, you will see that PGP's approach offers several +important advantages over the uuencode approach: + + * PGP will break big files up into chunks small enough to E-mail. + * PGP will append a CRC error detection code to each chunk. + * PGP will attempt to compress the data before converting it to + radix-64 armor. + * PGP's radix-64 character set is more resilient to E-mail character + conversions than the one used by uuencode. + * Textfiles can be converted by the sender to canonical text + format, as explained in the "Sending ASCII Text Files Across + Different Machine Environments" section. + +The recipient can restore the sender's original filename by +unwrapping the message with PGP's -p option. You can use "pgp -a" in +any situation in which you could have used uuencode, if the recipient +also has PGP. PGP is a better uuencode than uuencode. + + + Leaving No Traces of Plaintext on the Disk ------------------------------------------ @@ -697,16 +749,24 @@ risks associated with using this approac described above for using the PGPPASS variable. -Setting Configuration Parameters: CONFIG.TXT -============================================ +Setting Parameters in the PGP Configuration File +================================================ PGP has a number of user-settable parameters that can be defined in a -special configuration text file called "config.txt", in the directory -pointed to by the shell environmental variable PGPPATH. Having a -configuration file enables the user to define various flags and -parameters for PGP without the burden of having to always define +special PGP configuration text file called "config.txt", in the +directory pointed to by the shell environmental variable PGPPATH. +Having a configuration file enables the user to define various flags +and parameters for PGP without the burden of having to always define these parameters in the PGP command line. +The filename "config.txt" has been in use for a long time by PGP, but +some folks have pointed out that it may be at odds with naming +conventions for configuration files for specific operating systems. +Accordingly, PGP now tries to open this filename only after first +trying to open the file ".pgprc" on Unix platforms, and "pgp.ini" on +other platforms, in the same directory that PGP would look for +"config.txt". + Configuration parameters may be assigned integer values, character string values, or on/off values, depending on what kind of configuration parameter it is. A sample configuration file is @@ -1029,10 +1089,10 @@ PUBRING - Filename for Your Public Keyri Default setting: PUBRING = "$PGPPATH/pubring.pgp" You may want to keep your public keyring in a directory separate from -your config.txt file in the directory specified by your $PGPPATH -environmental variable. You may specify the full path and filename -for your public keyring by setting the PUBRING parameter. For -example, on an MSDOS system, you might want to keep your public +your PGP configuration file in the directory specified by your +$PGPPATH environmental variable. You may specify the full path and +filename for your public keyring by setting the PUBRING parameter. +For example, on an MSDOS system, you might want to keep your public keyring on a floppy disk by: PUBRING = "a:pubring.pgp" @@ -1047,13 +1107,13 @@ SECRING - Filename for Your Secret Keyri Default setting: SECRING = "$PGPPATH/secring.pgp" You may want to keep your secret keyring in a directory separate from -your config.txt file in the directory specified by your $PGPPATH -environmental variable. This comes in handy for putting your secret -keyring in a directory or device that is more protected than your -public keyring. You may specify the full path and filename for your -secret keyring by setting the SECRING parameter. For example, on an -MSDOS system, you might want to keep your secret keyring on a floppy -disk by: +your PGP configuration file in the directory specified by your +$PGPPATH environmental variable. This comes in handy for putting +your secret keyring in a directory or device that is more protected +than your public keyring. You may specify the full path and filename +for your secret keyring by setting the SECRING parameter. For +example, on an MSDOS system, you might want to keep your secret +keyring on a floppy disk by: SECRING = "a:secring.pgp" @@ -1064,8 +1124,8 @@ RANDSEED - Filename for Random Number Se Default setting: RANDSEED = "$PGPPATH/randseed.bin" You may want to keep your random number seed file (for generation of -session keys) in a directory separate from your config.txt file in -the directory specified by your $PGPPATH environmental variable. +session keys) in a directory separate from your PGP configuration file +in the directory specified by your $PGPPATH environmental variable. This comes in handy for putting your random number seed file in a directory or device that is more protected than your public keyring. You may specify the full path and filename for your random seed file @@ -1276,9 +1336,22 @@ generation, like so: The NOMANUAL flag can only be set on the command line, not in the config file. Since you must read this manual to learn how to enable -this override feature, I hope this will still be effective in +this simple override feature, I hope this will still be effective in discouraging the distribution of PGP without the manual. +Some people may object to PGP insisting on finding the manual +somewhere in the neighborhood to generate a key. They bristle +against this seemingly authoritarian attitude. Some people have even +modified PGP to defeat this feature, and redistributed their hotwired +version to others. That creates problems for me. Before I added +this feature, there were maimed versions of the PGP distribution +package floating around that lacked the manual. One of them was +uploaded to Compuserve, and was distributed to countless users who +called me on the phone to ask me why such a complicated program had +no manual. It spread out to BBS systems around the country. And a +freeware distributor got hold of the package from Compuserve and +enshrined it on CD-ROM, distributing thousands of copies without the +manual. What a mess. A Peek Under the Hood @@ -1567,17 +1640,17 @@ Compatibility with Previous and Future V PGP version 2.6 can read anything produced by versions 2.3 through 2.7. However, because of a negotiated agreement between MIT and RSA -Data Security, PGP 2.6 will change its behavior slightly on 1 -September 1994, triggered by a built-in software timer. On that -date, version 2.6 will start producing a new and slightly different -data format for messages, signatures and keys. PGP 2.6 will still be -able to read and process messages, signatures, and keys produced -under the old format, but it will generate the new format. This -change is intended to discourage people from continuing to use the -older (2.3a and earlier) versions of PGP, which Public Key Partners -contends infringes its RSA patent (see the section on Legal Issues). -ViaCrypt PGP (see the section Where to Get a Commercial Version of -PGP), versions 2.4 and 2.7, avoids questions of infringement through +Data Security, PGP 2.6 was programmed to change its behavior slightly +on 1 September 1994, triggered by a built-in software timer. On that +date, version 2.6 started producing a new and slightly different data +format for messages, signatures and keys. PGP 2.6 will still be able +to read and process messages, signatures, and keys produced under the +old format, but it will generate the new format. This change is +intended to discourage people from continuing to use the older (2.3a +and earlier) versions of PGP, which Public Key Partners contends +infringes its RSA patent (see the section on Legal Issues). ViaCrypt +PGP (see the section Where to Get a Commercial Version of PGP), +versions 2.4 and 2.7, avoids questions of infringement through Viacrypt's license arrangement with Public Key Partners. PGP 2.5 and 2.6 avoid questions of infringement by using the RSAREF(TM) Cryptographic Toolkit, under license from RSA Data Security, Inc. @@ -1586,7 +1659,7 @@ Outside the United States, the RSA paten users there are free to use implementations of PGP that do not rely on RSAREF and its restrictions. See the notes on foreign versions in the Legal Issues section later in this manual. It seems likely that -any versions of PGP prepared outside the US will follow the new +any versions of PGP prepared outside the US will accept the new format, whose detailed description is available from MIT. If everyone upgrades before September 1994, or soon thereafter, there will be little interoperability problems. @@ -2060,6 +2133,10 @@ commercial license to sell and sub-licen cryptosystem. MIT distributes a freeware version of PGP under the terms of the RSAREF license from RSA Data Security, Inc. (RSADSI). +At the time of this writing (September 1994), it appears that PKP may +be breaking up soon, in which case the patents they hold may fall +into other hands. The RSA patent may end up with RSADSI. + Non-US users of earlier versions of PGP should note that the RSA patent does not apply outside the US, and at least at the time of this writing, the author is not aware of any RSA patent in any other @@ -2309,12 +2386,12 @@ from me personally. You can get the off many other distribution sites "downstream" from MIT. Hopefully, all these other sites are adhering to US export controls. -The PGP version 2.6.1 executable object release package for MSDOS +The PGP version 2.6.2 executable object release package for MSDOS contains the PGP executable software, documentation, RSAREF license, sample key rings including my own public key, and signatures for the software and this manual, all in one PKZIP compressed file called -pgp261.zip. The PGP source release package for MSDOS contains all -the C source files in one PKZIP compressed file called pgp261s.zip. +pgp262.zip. The PGP source release package for MSDOS contains all +the C source files in one PKZIP compressed file called pgp262s.zip. The filename for the release package is derived from the version number of the release. @@ -2748,13 +2825,13 @@ mode at both ends. There are two compressed archive files in the standard release, with the file name derived from the release version number. For PGP -version 2.6.1, you must get pgp261.zip which contains the MSDOS +version 2.6.2, you must get pgp262.zip which contains the MSDOS binary executable and the PGP User's Guide, and you can optionally -get pgp261s.zip which contains all the source code. These files can +get pgp262s.zip which contains all the source code. These files can be decompressed with the MSDOS shareware archive decompression utility PKUNZIP.EXE, version 1.10 or later. For Unix users who lack an implementation of UNZIP, the source code can also be found in the -compressed tar file pgp261s.tar.Z. +compressed tar file pgp262s.tar.Z. If you don't have any local BBS phone numbers handy, here is a BBS you might try. The Catacombs BBS, operated by Mike Johnson in