![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to pgp.1 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp|
Return to pgp.1 CVS log | Up to [PGP] / pgp |
1.1 ! root 1: .TH PGP 1 ! 2: .\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection ! 3: .\" other parms are allowed: see man(7), man(1) ! 4: .SH NAME ! 5: pgp \- Pretty Good Privacy encryption system ! 6: .\" denote multiple entry points thus; makewhatis(8) will catch them ! 7: .SH SYNOPSIS ! 8: pgp [options] ! 9: .SH "DESCRIPTION" ! 10: ! 11: PGP (Pretty Good Privacy) is a public key encryption package to ! 12: protect E-mail and data files. It lets you communicate securely with ! 13: people you've never met, with no secure channels needed for prior ! 14: exchange of keys. It's well featured and fast, with sophisticated ! 15: key management, digital signatures, data compression, and good ! 16: ergonomic design. If you really want to learn how to use it ! 17: properly, it's best to read the full documentation that comes with ! 18: the system, which is very complete. This is a "quick start" guide ! 19: and reference manual; it is necessarily incomplete, and assumes you ! 20: are already familiar with most of the basic concepts, including the ! 21: concepts behind public key cryptography. ! 22: ! 23: .SS "Terminology" ! 24: ! 25: user id: an ascii string used to identify a user. User IDs tend to ! 26: look like "Robert M. Smith <[email protected]>"; please try sticking to ! 27: that format. ! 28: ! 29: pass phrase: the secret string used to conventionally encypher your ! 30: private key; it's important that this be kept secret. ! 31: ! 32: keyring: a file containing a set of public or secret keys. Default ! 33: names for public and secret rings are "pubring.pgp" and "secring.pgp" ! 34: respectively. ! 35: ! 36: ascii armor: the ascii radix 64 format PGP uses for transmitting ! 37: messages over channels like E-Mail; similar in concept to uuencoding. ! 38: ! 39: .SS "Command summary" ! 40: ! 41: To see a quick command usage summary for PGP, just type: ! 42: pgp -h ! 43: ! 44: To encrypt a plaintext file with the recipient's public key: ! 45: pgp -e textfile her_userid ! 46: ! 47: To sign a plaintext file with your secret key: ! 48: pgp -s textfile [-u your_userid] ! 49: ! 50: To sign a plaintext file with your secret key, and then encrypt it ! 51: with the recipient's public key: ! 52: pgp -es textfile her_userid [-u your_userid] ! 53: ! 54: To create a signature certificate that is detached from the document: ! 55: pgp -sb textfile [-u your_userid] ! 56: ! 57: To encrypt a plaintext file with just conventional cryptography, type: ! 58: pgp -c textfile ! 59: ! 60: To decrypt an encrypted file, or to check the signature integrity of a ! 61: signed file: ! 62: pgp ciphertextfile [-o plaintextfile] ! 63: ! 64: To generate your own unique public/secret key pair: ! 65: pgp -kg ! 66: ! 67: To add a public or secret key file's contents to your public or ! 68: secret key ring: ! 69: pgp -ka keyfile [keyring] ! 70: ! 71: To remove a key from your public key ring: ! 72: pgp -kr userid [keyring] ! 73: ! 74: To extract (copy) a key from your public or secret key ring: ! 75: pgp -kx userid keyfile [keyring] ! 76: or: pgp -kxa userid keyfile [keyring] ! 77: ! 78: To view the contents of your public key ring: ! 79: pgp -kv[v] [userid] [keyring] ! 80: ! 81: To view the contents and check the certifying signatures of your ! 82: public key ring: ! 83: pgp -kc [userid] [keyring] ! 84: ! 85: To edit the userid or pass phrase for your secret key: ! 86: pgp -ke userid [keyring] ! 87: ! 88: To edit the trust parameters for a public key: ! 89: pgp -ke userid [keyring] ! 90: ! 91: To remove a key or just a userid from your public key ring: ! 92: pgp -kr userid [keyring] ! 93: ! 94: To sign and certify someone else's public key on your public key ring: ! 95: pgp -ks her_userid [-u your_userid] [keyring] ! 96: ! 97: To remove selected signatures from a userid on a keyring: ! 98: pgp -krs userid [keyring] ! 99: ! 100: ! 101: Command options that can be used in combination with other command ! 102: options (sometimes even spelling interesting words!): ! 103: ! 104: To produce a ciphertext file in ASCII radix-64 format, just add the ! 105: -a option when encrypting or signing a message or extracting a key: ! 106: pgp -sea textfile her_userid ! 107: or: pgp -kxa userid keyfile [keyring] ! 108: ! 109: To wipe out the plaintext file after producing the ciphertext file, ! 110: just add the -w (wipe) option when encrypting or signing a message: ! 111: pgp -sew message.txt her_userid ! 112: ! 113: To specify that a plaintext file contains ASCII text, not binary, and ! 114: should be converted to recipient's local text line conventions, add ! 115: the -t (text) option to other options: ! 116: pgp -seat message.txt her_userid ! 117: ! 118: To view the decrypted plaintext output on your screen (like the ! 119: Unix-style "more" command), without writing it to a file, use ! 120: the -m (more) option while decrypting: ! 121: pgp -m ciphertextfile ! 122: ! 123: To specify that the recipient's decrypted plaintext will be shown ! 124: ONLY on her screen and cannot be saved to disk, add the -m option: ! 125: pgp -steam message.txt her_userid ! 126: ! 127: To recover the original plaintext filename while decrypting, add ! 128: the -p option: ! 129: pgp -p ciphertextfile ! 130: ! 131: To use a Unix-style filter mode, reading from standard input and ! 132: writing to standard output, add the -f option: ! 133: pgp -feast her_userid <inputfile >outputfile ! 134: ! 135: ! 136: .SS "The Config File" ! 137: ! 138: PGP uses a fairly complete configuration database that is stored in ! 139: the file "config.txt"; please see the manual for complete details. ! 140: Some highlights: ! 141: ! 142: MYNAME - Default User ID for Making Signatures ! 143: ! 144: Default setting: MYNAME = "" ! 145: ! 146: The configuration parameter MYNAME specifies the default user ID to ! 147: use to select the secret key for making signatures. If MYNAME is not ! 148: defined, the most recent secret key you installed on your secret key ! 149: ring is used. The user may also override this setting by ! 150: specifying a user ID on the PGP command line with the -u option. ! 151: ! 152: TEXTMODE - Assuming Plaintext is a Text File ! 153: ! 154: Default setting: TEXTMODE = off ! 155: ! 156: The configuration parameter TEXTMODE is equivalent to the -t command ! 157: line option. If enabled, it causes PGP to assume the plaintext is a ! 158: text file, not a binary file, and converts it to "canonical text" ! 159: before encrypting it. Canonical text has a carriage return and a ! 160: linefeed at the end of each line of text. ! 161: ! 162: This mode is automatically turned off if PGP detects that the ! 163: plaintext file contains 8-bit binary data. ! 164: ! 165: ARMOR - Enable ASCII Armor Output ! 166: ! 167: Default setting: ARMOR = off ! 168: ! 169: The configuration parameter ARMOR is equivalent to the -a command ! 170: line option. If enabled, it causes PGP to emit ciphertext or keys in ! 171: ASCII Radix-64 format suitable for transporting through E-mail ! 172: channels. Output files are named with the ".asc" extension. ! 173: ! 174: If you tend to use PGP mostly for E-mail, it may be a good idea to ! 175: enable this parameter. ! 176: ! 177: .SS "Key certification" ! 178: ! 179: PGP employs a system where users specify trusted users who may sign ! 180: other people's public keys. It is important that you understand how ! 181: this mechanism works; a full description is in the manual. ! 182: ! 183: IMPORTANT: The manual also describes how to generate and send a "key ! 184: compromise" certificate that tells readers that your private key has ! 185: been compromised. If your key has been compromised, please read the ! 186: manual section on key compromise certificates and how to create them; ! 187: the faster you send out a key compromise certificate, the smaller the ! 188: window of opportunity for "bad guys" to send forged messages. ! 189: ! 190: .SS "Important Hints" ! 191: ! 192: PGP automatically tries compressing your input file; there is no point ! 193: in precompressing input for transmission. ! 194: ! 195: PGP "ascii armor" is only needed on the outer transmitted message; as ! 196: an example, if you are, say, sending a public key to someone else and ! 197: you are for some reason signing it, simply armor the outer message; ! 198: it's better to sign the binary form of the key. ! 199: ! 200: .SS "Foreign Languages" ! 201: ! 202: PGP is easily customized for foreign language help and error ! 203: messages; it has been translated into 10 European languages. See the ! 204: manual for details on the file "language.txt". ! 205: ! 206: .SH ENVIRONMENT ! 207: ! 208: PGP uses several special files for its purposes, such as your standard ! 209: key ring files "pubring.pgp" and "secring.pgp", the random number seed ! 210: file "randseed.bin", the PGP configuration file "config.txt", and the ! 211: foreign language string translation file "language.txt". These ! 212: special files can be kept in any directory, by setting the environment ! 213: variable "PGPPATH" to the desired pathname. If PGPPATH remains ! 214: undefined, these special files are assumed to be in the current ! 215: directory. ! 216: ! 217: Normally, PGP prompts the user to type a pass phrase whenever PGP ! 218: needs a pass phrase to unlock a secret key. But it is possible to ! 219: store the pass phrase in an environment variable from your operating ! 220: system's command shell. The environmental variable PGPPASS can be ! 221: used to hold the pass phrase that PGP attempts to use first. If ! 222: the pass phrase stored in PGPPASS is incorrect, PGP recovers by ! 223: prompting the user for the correct pass phrase. This dangerous ! 224: feature makes your life more convenient if you have to regularly deal ! 225: with a large number of incoming messages addressed to your secret key, ! 226: by eliminating the need for you to repeatedly type in your pass phrase ! 227: every time you run PGP. THIS IS A VERY DANGEROUS FEATURE; on UNIX it ! 228: is trivial to read someone else's environment using the ps(1) command. ! 229: If you are contemplating using this feature, be sure to read the ! 230: sections "How to Protect Secret Keys from Disclosure" and "Exposure on ! 231: Multi-user Systems" in the full PGP manual. ! 232: ! 233: .SH "RETURN VALUE" ! 234: ! 235: PGP returns a 0 to the shell on success, and a nonzero error code on ! 236: failure. See the source code for details on nonzero status return ! 237: values. ! 238: ! 239: .SH FILES ! 240: .br ! 241: .nf ! 242: .\" set tabstop to longest possible filename, plus a wee bit ! 243: .ta \w'/usr/lib/perl/getopts.pl 'u ! 244: *.pgp ciphertext, signature, or key file ! 245: *.asc ascii armor file ! 246: pubring.pgp public key ring ! 247: secring.pgp secret key ring ! 248: language.txt foreign language string translation file ! 249: config.txt configuration file ! 250: pgp.hlp online help text file ! 251: ! 252: .SH NOTE ! 253: The manual is really good, and it's really important in the long run ! 254: that you read it. It may not be important to read the fine print on ! 255: a box of breakfast cereal, but it may be crucial to read the label of ! 256: a prescription drug. Cryptography software is like pharmaceuticals-- ! 257: so read the manual! ! 258: ! 259: .SH CAVEATS ! 260: ! 261: It is impossible to overemphasize the importance of protecting your ! 262: secret key. Anyone gaining access to it can forge messages from you or ! 263: read mail addressed to you. Be EXTREMELY cautious in using PGP on any ! 264: multi-user unix system. ! 265: ! 266: PGP is believed by its authors to be secure when used as directed, but ! 267: then again everyone always claims their pet encryption system is ! 268: secure. Read the section in the manual on "Trusting Snake Oil" and the ! 269: section on "Vulnerabilities" for caveats. ! 270: ! 271: .SH DIAGNOSTICS ! 272: ! 273: Mostly self explanatory. ! 274: ! 275: .SH BUGS ! 276: ! 277: PGP was initially written for the PC, and behaves very PCish. In ! 278: particular, its automagic file selection, file extensions, and the ! 279: like all make it somewhat alien in the UNIX environment. ! 280: ! 281: .SH AUTHORS ! 282: ! 283: Originally written by Philip R. Zimmermann. Later augmented by a cast ! 284: of thousands, especially including Hal Finney, Branko Lankester, and ! 285: Peter Gutmann. ! 286: ! 287: .SH "LEGAL RESTRICTIONS" ! 288: ! 289: For detailed information on PGP licensing, distribution, copyrights, ! 290: patents, trademarks, liability limitations, and export controls, see ! 291: the "Legal Issues" section in the "PGP User's Guide, Volume II: ! 292: Special Topics". ! 293: ! 294: PGP uses a public key algorithm claimed by U.S. patent #4,405,829. ! 295: The exclusive rights to this patent are held by a California company ! 296: called Public Key Partners, and you may be infringing this patent if ! 297: you use PGP in the USA. This is explained in the PGP User's Guide, ! 298: Volume II. ! 299: ! 300: PGP is "guerrilla" freeware, and the authors don't mind if you ! 301: distribute it widely. Just don't ask Philip Zimmermann to send you a ! 302: copy. Instead, you can get it yourself from many BBS systems and a ! 303: number of Internet FTP sites. ! 304: ! 305:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.