![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to pgp.1 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp|
Return to pgp.1 CVS log | Up to [PGP] / pgp |
1.1 root 1: .TH PGP 1
2: .\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection
3: .\" other parms are allowed: see man(7), man(1)
4: .SH NAME
5: pgp \- Pretty Good Privacy encryption system
6: .\" denote multiple entry points thus; makewhatis(8) will catch them
7: .SH SYNOPSIS
8: pgp [options]
9: .SH "DESCRIPTION"
10:
11: PGP (Pretty Good Privacy) is a public key encryption package to
12: protect E-mail and data files. It lets you communicate securely with
13: people you've never met, with no secure channels needed for prior
14: exchange of keys. It's well featured and fast, with sophisticated
15: key management, digital signatures, data compression, and good
16: ergonomic design. If you really want to learn how to use it
17: properly, it's best to read the full documentation that comes with
18: the system, which is very complete. This is a "quick start" guide
19: and reference manual; it is necessarily incomplete, and assumes you
20: are already familiar with most of the basic concepts, including the
21: concepts behind public key cryptography.
22:
23: .SS "Terminology"
24:
25: user id: an ascii string used to identify a user. User IDs tend to
26: look like "Robert M. Smith <[email protected]>"; please try sticking to
27: that format.
28:
29: pass phrase: the secret string used to conventionally encypher your
30: private key; it's important that this be kept secret.
31:
32: keyring: a file containing a set of public or secret keys. Default
33: names for public and secret rings are "pubring.pgp" and "secring.pgp"
34: respectively.
35:
36: ascii armor: the ascii radix 64 format PGP uses for transmitting
37: messages over channels like E-Mail; similar in concept to uuencoding.
38:
39: .SS "Command summary"
40:
41: To see a quick command usage summary for PGP, just type:
42: pgp -h
43:
44: To encrypt a plaintext file with the recipient's public key:
45: pgp -e textfile her_userid
46:
47: To sign a plaintext file with your secret key:
48: pgp -s textfile [-u your_userid]
49:
50: To sign a plaintext file with your secret key, and then encrypt it
51: with the recipient's public key:
52: pgp -es textfile her_userid [-u your_userid]
53:
54: To create a signature certificate that is detached from the document:
55: pgp -sb textfile [-u your_userid]
56:
57: To encrypt a plaintext file with just conventional cryptography, type:
58: pgp -c textfile
59:
60: To decrypt an encrypted file, or to check the signature integrity of a
61: signed file:
62: pgp ciphertextfile [-o plaintextfile]
63:
64: To generate your own unique public/secret key pair:
65: pgp -kg
66:
67: To add a public or secret key file's contents to your public or
68: secret key ring:
69: pgp -ka keyfile [keyring]
70:
71: To remove a key from your public key ring:
72: pgp -kr userid [keyring]
73:
74: To extract (copy) a key from your public or secret key ring:
75: pgp -kx userid keyfile [keyring]
76: or: pgp -kxa userid keyfile [keyring]
77:
78: To view the contents of your public key ring:
79: pgp -kv[v] [userid] [keyring]
80:
81: To view the contents and check the certifying signatures of your
82: public key ring:
83: pgp -kc [userid] [keyring]
84:
85: To edit the userid or pass phrase for your secret key:
86: pgp -ke userid [keyring]
87:
88: To edit the trust parameters for a public key:
89: pgp -ke userid [keyring]
90:
91: To remove a key or just a userid from your public key ring:
92: pgp -kr userid [keyring]
93:
94: To sign and certify someone else's public key on your public key ring:
95: pgp -ks her_userid [-u your_userid] [keyring]
96:
97: To remove selected signatures from a userid on a keyring:
98: pgp -krs userid [keyring]
99:
100:
101: Command options that can be used in combination with other command
102: options (sometimes even spelling interesting words!):
103:
104: To produce a ciphertext file in ASCII radix-64 format, just add the
105: -a option when encrypting or signing a message or extracting a key:
106: pgp -sea textfile her_userid
107: or: pgp -kxa userid keyfile [keyring]
108:
109: To wipe out the plaintext file after producing the ciphertext file,
110: just add the -w (wipe) option when encrypting or signing a message:
111: pgp -sew message.txt her_userid
112:
113: To specify that a plaintext file contains ASCII text, not binary, and
114: should be converted to recipient's local text line conventions, add
115: the -t (text) option to other options:
116: pgp -seat message.txt her_userid
117:
118: To view the decrypted plaintext output on your screen (like the
119: Unix-style "more" command), without writing it to a file, use
120: the -m (more) option while decrypting:
121: pgp -m ciphertextfile
122:
123: To specify that the recipient's decrypted plaintext will be shown
124: ONLY on her screen and cannot be saved to disk, add the -m option:
125: pgp -steam message.txt her_userid
126:
127: To recover the original plaintext filename while decrypting, add
128: the -p option:
129: pgp -p ciphertextfile
130:
131: To use a Unix-style filter mode, reading from standard input and
132: writing to standard output, add the -f option:
133: pgp -feast her_userid <inputfile >outputfile
134:
135:
136: .SS "The Config File"
137:
138: PGP uses a fairly complete configuration database that is stored in
139: the file "config.txt"; please see the manual for complete details.
140: Some highlights:
141:
142: MYNAME - Default User ID for Making Signatures
143:
144: Default setting: MYNAME = ""
145:
146: The configuration parameter MYNAME specifies the default user ID to
147: use to select the secret key for making signatures. If MYNAME is not
148: defined, the most recent secret key you installed on your secret key
149: ring is used. The user may also override this setting by
150: specifying a user ID on the PGP command line with the -u option.
151:
152: TEXTMODE - Assuming Plaintext is a Text File
153:
154: Default setting: TEXTMODE = off
155:
156: The configuration parameter TEXTMODE is equivalent to the -t command
157: line option. If enabled, it causes PGP to assume the plaintext is a
158: text file, not a binary file, and converts it to "canonical text"
159: before encrypting it. Canonical text has a carriage return and a
160: linefeed at the end of each line of text.
161:
162: This mode is automatically turned off if PGP detects that the
163: plaintext file contains 8-bit binary data.
164:
165: ARMOR - Enable ASCII Armor Output
166:
167: Default setting: ARMOR = off
168:
169: The configuration parameter ARMOR is equivalent to the -a command
170: line option. If enabled, it causes PGP to emit ciphertext or keys in
171: ASCII Radix-64 format suitable for transporting through E-mail
172: channels. Output files are named with the ".asc" extension.
173:
174: If you tend to use PGP mostly for E-mail, it may be a good idea to
175: enable this parameter.
176:
177: .SS "Key certification"
178:
179: PGP employs a system where users specify trusted users who may sign
180: other people's public keys. It is important that you understand how
181: this mechanism works; a full description is in the manual.
182:
183: IMPORTANT: The manual also describes how to generate and send a "key
184: compromise" certificate that tells readers that your private key has
185: been compromised. If your key has been compromised, please read the
186: manual section on key compromise certificates and how to create them;
187: the faster you send out a key compromise certificate, the smaller the
188: window of opportunity for "bad guys" to send forged messages.
189:
190: .SS "Important Hints"
191:
192: PGP automatically tries compressing your input file; there is no point
193: in precompressing input for transmission.
194:
195: PGP "ascii armor" is only needed on the outer transmitted message; as
196: an example, if you are, say, sending a public key to someone else and
197: you are for some reason signing it, simply armor the outer message;
198: it's better to sign the binary form of the key.
199:
200: .SS "Foreign Languages"
201:
202: PGP is easily customized for foreign language help and error
203: messages; it has been translated into 10 European languages. See the
204: manual for details on the file "language.txt".
205:
206: .SH ENVIRONMENT
207:
208: PGP uses several special files for its purposes, such as your standard
209: key ring files "pubring.pgp" and "secring.pgp", the random number seed
210: file "randseed.bin", the PGP configuration file "config.txt", and the
211: foreign language string translation file "language.txt". These
212: special files can be kept in any directory, by setting the environment
213: variable "PGPPATH" to the desired pathname. If PGPPATH remains
214: undefined, these special files are assumed to be in the current
215: directory.
216:
217: Normally, PGP prompts the user to type a pass phrase whenever PGP
218: needs a pass phrase to unlock a secret key. But it is possible to
219: store the pass phrase in an environment variable from your operating
220: system's command shell. The environmental variable PGPPASS can be
221: used to hold the pass phrase that PGP attempts to use first. If
222: the pass phrase stored in PGPPASS is incorrect, PGP recovers by
223: prompting the user for the correct pass phrase. This dangerous
224: feature makes your life more convenient if you have to regularly deal
225: with a large number of incoming messages addressed to your secret key,
226: by eliminating the need for you to repeatedly type in your pass phrase
227: every time you run PGP. THIS IS A VERY DANGEROUS FEATURE; on UNIX it
228: is trivial to read someone else's environment using the ps(1) command.
229: If you are contemplating using this feature, be sure to read the
230: sections "How to Protect Secret Keys from Disclosure" and "Exposure on
231: Multi-user Systems" in the full PGP manual.
232:
233: .SH "RETURN VALUE"
234:
235: PGP returns a 0 to the shell on success, and a nonzero error code on
236: failure. See the source code for details on nonzero status return
237: values.
238:
239: .SH FILES
240: .br
241: .nf
242: .\" set tabstop to longest possible filename, plus a wee bit
243: .ta \w'/usr/lib/perl/getopts.pl 'u
244: *.pgp ciphertext, signature, or key file
245: *.asc ascii armor file
246: pubring.pgp public key ring
247: secring.pgp secret key ring
248: language.txt foreign language string translation file
249: config.txt configuration file
250: pgp.hlp online help text file
251:
252: .SH NOTE
253: The manual is really good, and it's really important in the long run
254: that you read it. It may not be important to read the fine print on
255: a box of breakfast cereal, but it may be crucial to read the label of
256: a prescription drug. Cryptography software is like pharmaceuticals--
257: so read the manual!
258:
259: .SH CAVEATS
260:
261: It is impossible to overemphasize the importance of protecting your
262: secret key. Anyone gaining access to it can forge messages from you or
263: read mail addressed to you. Be EXTREMELY cautious in using PGP on any
264: multi-user unix system.
265:
266: PGP is believed by its authors to be secure when used as directed, but
267: then again everyone always claims their pet encryption system is
268: secure. Read the section in the manual on "Trusting Snake Oil" and the
269: section on "Vulnerabilities" for caveats.
270:
271: .SH DIAGNOSTICS
272:
273: Mostly self explanatory.
274:
275: .SH BUGS
276:
277: PGP was initially written for the PC, and behaves very PCish. In
278: particular, its automagic file selection, file extensions, and the
279: like all make it somewhat alien in the UNIX environment.
280:
281: .SH AUTHORS
282:
283: Originally written by Philip R. Zimmermann. Later augmented by a cast
284: of thousands, especially including Hal Finney, Branko Lankester, and
285: Peter Gutmann.
286:
287: .SH "LEGAL RESTRICTIONS"
288:
289: For detailed information on PGP licensing, distribution, copyrights,
290: patents, trademarks, liability limitations, and export controls, see
291: the "Legal Issues" section in the "PGP User's Guide, Volume II:
292: Special Topics".
293:
294: PGP uses a public key algorithm claimed by U.S. patent #4,405,829.
295: The exclusive rights to this patent are held by a California company
296: called Public Key Partners, and you may be infringing this patent if
297: you use PGP in the USA. This is explained in the PGP User's Guide,
298: Volume II.
299:
300: PGP is "guerrilla" freeware, and the authors don't mind if you
301: distribute it widely. Just don't ask Philip Zimmermann to send you a
302: copy. Instead, you can get it yourself from many BBS systems and a
303: number of Internet FTP sites.
304:
305:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.