![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to pgp.1 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp|
Return to pgp.1 CVS log | Up to [PGP] / pgp |
1.1.1.2 ! root 1: .TH PGP 1 ! 2: .\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection ! 3: .\" other parms are allowed: see man(7), man(1) ! 4: .SH NAME ! 5: pgp \- Pretty Good Privacy encryption system ! 6: .\" denote multiple entry points thus; makewhatis(8) will catch them ! 7: .SH SYNOPSIS ! 8: pgp [options] ! 9: .SH "DESCRIPTION" ! 10: ! 11: PGP (Pretty Good Privacy) is a public key encryption package to ! 12: protect E-mail and data files. It lets you communicate securely with ! 13: people you've never met, with no secure channels needed for prior ! 14: exchange of keys. It's well featured and fast, with sophisticated ! 15: key management, digital signatures, data compression, and good ! 16: ergonomic design. If you really want to learn how to use it ! 17: properly, it's best to read the full documentation that comes with ! 18: the system, which is very complete. This is a "quick start" guide ! 19: and reference manual; it is necessarily incomplete, and assumes you ! 20: are already familiar with most of the basic concepts, including the ! 21: concepts behind public key cryptography. ! 22: ! 23: .SS "Terminology" ! 24: ! 25: user id: an ascii string used to identify a user. User IDs tend to ! 26: look like "Robert M. Smith <[email protected]>"; please try sticking to ! 27: that format. ! 28: ! 29: pass phrase: the secret string used to conventionally encypher your ! 30: private key; it's important that this be kept secret. ! 31: ! 32: keyring: a file containing a set of public or secret keys. Default ! 33: names for public and secret rings are "pubring.pgp" and "secring.pgp" ! 34: respectively. ! 35: ! 36: ascii armor: the ascii radix 64 format PGP uses for transmitting ! 37: messages over channels like E-Mail; similar in concept to uuencoding. ! 38: ! 39: .SS "Command summary" ! 40: ! 41: To see a quick command usage summary for PGP, just type: ! 42: pgp -h ! 43: ! 44: To encrypt a plaintext file with the recipient's public key: ! 45: pgp -e textfile her_userid ! 46: ! 47: To sign a plaintext file with your secret key: ! 48: pgp -s textfile [-u your_userid] ! 49: ! 50: To sign a plaintext file with your secret key, and then encrypt it ! 51: with the recipient's public key: ! 52: pgp -es textfile her_userid [-u your_userid] ! 53: ! 54: To create a signature certificate that is detached from the document: ! 55: pgp -sb textfile [-u your_userid] ! 56: ! 57: To encrypt a plaintext file with just conventional cryptography, type: ! 58: pgp -c textfile ! 59: ! 60: To decrypt an encrypted file, or to check the signature integrity of a ! 61: signed file: ! 62: pgp ciphertextfile [-o plaintextfile] ! 63: ! 64: To generate your own unique public/secret key pair: ! 65: pgp -kg ! 66: ! 67: To add a public or secret key file's contents to your public or ! 68: secret key ring: ! 69: pgp -ka keyfile [keyring] ! 70: ! 71: To remove a key from your public key ring: ! 72: pgp -kr userid [keyring] ! 73: ! 74: To extract (copy) a key from your public or secret key ring: ! 75: pgp -kx userid keyfile [keyring] ! 76: or: pgp -kxa userid keyfile [keyring] ! 77: ! 78: To view the contents of your public key ring: ! 79: pgp -kv[v] [userid] [keyring] ! 80: ! 81: To view the "fingerprint" of a public key, to help verify it over ! 82: the telephone with its owner: ! 83: pgp -kvc [userid] [keyring] ! 84: ! 85: To view the contents and check the certifying signatures of your ! 86: public key ring: ! 87: pgp -kc [userid] [keyring] ! 88: ! 89: To edit the userid or pass phrase for your secret key: ! 90: pgp -ke userid [keyring] ! 91: ! 92: To edit the trust parameters for a public key: ! 93: pgp -ke userid [keyring] ! 94: ! 95: To remove a key or just a userid from your public key ring: ! 96: pgp -kr userid [keyring] ! 97: ! 98: To sign and certify someone else's public key on your public key ring: ! 99: pgp -ks her_userid [-u your_userid] [keyring] ! 100: ! 101: To remove selected signatures from a userid on a keyring: ! 102: pgp -krs userid [keyring] ! 103: ! 104: ! 105: Command options that can be used in combination with other command ! 106: options (sometimes even spelling interesting words!): ! 107: ! 108: To produce a ciphertext file in ASCII radix-64 format, just add the ! 109: -a option when encrypting or signing a message or extracting a key: ! 110: pgp -sea textfile her_userid ! 111: or: pgp -kxa userid keyfile [keyring] ! 112: ! 113: To wipe out the plaintext file after producing the ciphertext file, ! 114: just add the -w (wipe) option when encrypting or signing a message: ! 115: pgp -sew message.txt her_userid ! 116: ! 117: To specify that a plaintext file contains ASCII text, not binary, and ! 118: should be converted to recipient's local text line conventions, add ! 119: the -t (text) option to other options: ! 120: pgp -seat message.txt her_userid ! 121: ! 122: To view the decrypted plaintext output on your screen (like the ! 123: Unix-style "more" command), without writing it to a file, use ! 124: the -m (more) option while decrypting: ! 125: pgp -m ciphertextfile ! 126: ! 127: To specify that the recipient's decrypted plaintext will be shown ! 128: ONLY on her screen and cannot be saved to disk, add the -m option: ! 129: pgp -steam message.txt her_userid ! 130: ! 131: To recover the original plaintext filename while decrypting, add ! 132: the -p option: ! 133: pgp -p ciphertextfile ! 134: ! 135: To use a Unix-style filter mode, reading from standard input and ! 136: writing to standard output, add the -f option: ! 137: pgp -feast her_userid <inputfile >outputfile ! 138: ! 139: ! 140: .SS "The Config File" ! 141: ! 142: PGP uses a fairly complete configuration database that is stored in ! 143: the file "config.txt"; please see the manual for complete details. ! 144: Some highlights: ! 145: ! 146: MYNAME - Default User ID for Making Signatures ! 147: ! 148: Default setting: MYNAME = "" ! 149: ! 150: The configuration parameter MYNAME specifies the default user ID to ! 151: use to select the secret key for making signatures. If MYNAME is not ! 152: defined, the most recent secret key you installed on your secret key ! 153: ring is used. The user may also override this setting by ! 154: specifying a user ID on the PGP command line with the -u option. ! 155: ! 156: TEXTMODE - Assuming Plaintext is a Text File ! 157: ! 158: Default setting: TEXTMODE = off ! 159: ! 160: The configuration parameter TEXTMODE is equivalent to the -t command ! 161: line option. If enabled, it causes PGP to assume the plaintext is a ! 162: text file, not a binary file, and converts it to "canonical text" ! 163: before encrypting it. Canonical text has a carriage return and a ! 164: linefeed at the end of each line of text. ! 165: ! 166: This mode is automatically turned off if PGP detects that the ! 167: plaintext file contains 8-bit binary data. ! 168: ! 169: ARMOR - Enable ASCII Armor Output ! 170: ! 171: Default setting: ARMOR = off ! 172: ! 173: The configuration parameter ARMOR is equivalent to the -a command ! 174: line option. If enabled, it causes PGP to emit ciphertext or keys in ! 175: ASCII Radix-64 format suitable for transporting through E-mail ! 176: channels. Output files are named with the ".asc" extension. ! 177: ! 178: If you tend to use PGP mostly for E-mail, it may be a good idea to ! 179: enable this parameter. ! 180: ! 181: .SS "Key certification" ! 182: ! 183: PGP employs a system where users specify trusted users who may sign ! 184: other people's public keys. It is important that you understand how ! 185: this mechanism works; a full description is in the manual. ! 186: ! 187: IMPORTANT: The manual also describes how to generate and send a "key ! 188: compromise" certificate that tells readers that your private key has ! 189: been compromised. If your key has been compromised, please read the ! 190: manual section on key compromise certificates and how to create them; ! 191: the faster you send out a key compromise certificate, the smaller the ! 192: window of opportunity for "bad guys" to send forged messages. ! 193: ! 194: .SS "Important Hints" ! 195: ! 196: PGP automatically tries compressing your input file; there is no point ! 197: in precompressing input for transmission. ! 198: ! 199: PGP "ascii armor" is only needed on the outer transmitted message; as ! 200: an example, if you are, say, sending a public key to someone else and ! 201: you are for some reason signing it, simply armor the outer message; ! 202: it's better to sign the binary form of the key. ! 203: ! 204: .SS "Foreign Languages" ! 205: ! 206: PGP is easily customized for foreign language help and error ! 207: messages; it has been translated into 10 European languages. See the ! 208: manual for details on the file "language.txt". ! 209: ! 210: .SH ENVIRONMENT ! 211: ! 212: PGP uses several special files for its purposes, such as your standard ! 213: key ring files "pubring.pgp" and "secring.pgp", the random number seed ! 214: file "randseed.bin", the PGP configuration file "config.txt", and the ! 215: foreign language string translation file "language.txt". These ! 216: special files can be kept in any directory, by setting the environment ! 217: variable "PGPPATH" to the desired pathname. If PGPPATH remains ! 218: undefined, these special files are assumed to be in the current ! 219: directory. ! 220: ! 221: Normally, PGP prompts the user to type a pass phrase whenever PGP ! 222: needs a pass phrase to unlock a secret key. But it is possible to ! 223: store the pass phrase in an environment variable from your operating ! 224: system's command shell. The environmental variable PGPPASS can be ! 225: used to hold the pass phrase that PGP attempts to use first. If ! 226: the pass phrase stored in PGPPASS is incorrect, PGP recovers by ! 227: prompting the user for the correct pass phrase. This dangerous ! 228: feature makes your life more convenient if you have to regularly deal ! 229: with a large number of incoming messages addressed to your secret key, ! 230: by eliminating the need for you to repeatedly type in your pass phrase ! 231: every time you run PGP. THIS IS A VERY DANGEROUS FEATURE; on UNIX it ! 232: is trivial to read someone else's environment using the ps(1) command. ! 233: If you are contemplating using this feature, be sure to read the ! 234: sections "How to Protect Secret Keys from Disclosure" and "Exposure on ! 235: Multi-user Systems" in the full PGP manual. ! 236: ! 237: .SH "RETURN VALUE" ! 238: ! 239: PGP returns a 0 to the shell on success, and a nonzero error code on ! 240: failure. See the source code for details on nonzero status return ! 241: values. ! 242: ! 243: .SH FILES ! 244: .br ! 245: .nf ! 246: .\" set tabstop to longest possible filename, plus a wee bit ! 247: .ta \w'/usr/lib/perl/getopts.pl 'u ! 248: *.pgp ciphertext, signature, or key file ! 249: *.asc ascii armor file ! 250: pubring.pgp public key ring ! 251: secring.pgp secret key ring ! 252: language.txt foreign language string translation file ! 253: config.txt configuration file ! 254: pgp.hlp online help text file ! 255: ! 256: .SH NOTE ! 257: The manual is really good, and it's really important in the long run ! 258: that you read it. It may not be important to read the fine print on ! 259: a box of breakfast cereal, but it may be crucial to read the label of ! 260: a prescription drug. Cryptography software is like pharmaceuticals-- ! 261: so read the manual! ! 262: ! 263: .SH CAVEATS ! 264: ! 265: It is impossible to overemphasize the importance of protecting your ! 266: secret key. Anyone gaining access to it can forge messages from you or ! 267: read mail addressed to you. Be EXTREMELY cautious in using PGP on any ! 268: multi-user unix system. ! 269: ! 270: PGP is believed by its authors to be secure when used as directed, but ! 271: then again everyone always claims their pet encryption system is ! 272: secure. Read the section in the manual on "Trusting Snake Oil" and the ! 273: section on "Vulnerabilities" for caveats. ! 274: ! 275: .SH DIAGNOSTICS ! 276: ! 277: Mostly self explanatory. ! 278: ! 279: .SH BUGS ! 280: ! 281: PGP was initially written for the PC, and behaves very PCish. In ! 282: particular, its automagic file selection, file extensions, and the ! 283: like all make it somewhat alien in the UNIX environment. ! 284: ! 285: .SH AUTHORS ! 286: ! 287: Originally written by Philip R. Zimmermann. Later augmented by a cast ! 288: of thousands, especially including Hal Finney, Branko Lankester, and ! 289: Peter Gutmann. ! 290: ! 291: .SH "LEGAL RESTRICTIONS" ! 292: ! 293: For detailed information on PGP licensing, distribution, copyrights, ! 294: patents, trademarks, liability limitations, and export controls, see ! 295: the "Legal Issues" section in the "PGP User's Guide, Volume II: ! 296: Special Topics". ! 297: ! 298: PGP uses a public key algorithm claimed by U.S. patent #4,405,829. ! 299: The exclusive rights to this patent are held by a California company ! 300: called Public Key Partners, and you may be infringing this patent if ! 301: you use PGP in the USA. This is explained in the PGP User's Guide, ! 302: Volume II. ! 303: ! 304: PGP is "guerrilla" freeware, and the authors don't mind if you ! 305: distribute it widely. Just don't ask Philip Zimmermann to send you a ! 306: copy. Instead, you can get it yourself from many BBS systems and a ! 307: number of Internet FTP sites. ! 308: ! 309:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.