![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to setup.doc CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp|
Return to setup.doc CVS log | Up to [PGP] / pgp |
1.1.1.2 ! root 1: -----BEGIN PGP SIGNED MESSAGE----- 1.1 root 2: 1.1.1.2 ! root 3: Pretty Good Privacy Version 2.6.1 ! 4: Installation Guide ! 5: ! 6: by Perry Metzger, Colin Plumb, Derek Atkins, ! 7: Jeffrey I. Schiller and others 1.1 root 8: 9: How to Install PGP 10: ================== 11: 12: The first question is, what platform are you on? 13: 1.1.1.2 ! root 14: The base PGP 2.6.1 distribution runs on several varieties of Unix, ! 15: MS-DOS and VAX VMS (though we haven't compiled it ourselves there yet). ! 16: Ports can be expected shortly to the Atari, Amiga, and possibly other ! 17: systems. Naturally, installation instructions differ depending on your ! 18: hardware. Separate instructions are provided here for MSDOS and Unix. 1.1 root 19: 1.1.1.2 ! root 20: See the section below for your system's particular installation 1.1 root 21: instructions. 22: 1.1.1.2 ! root 23: If you do not have any of these systems, you will either have to port 1.1 root 24: the sources to your machine or find someone who has already done so. 25: 1.1.1.2 ! root 26: ######################################################################## 1.1 root 27: For MSDOS: 28: 1.1.1.2 ! root 29: PGP is distributed in a compressed archive format, which keeps all the ! 30: relevant files grouped together, and also saves disk space and 1.1 root 31: transmission time. 32: 1.1.1.2 ! root 33: The current version, 2.6.1, is archived with the ZIP utility, and the ! 34: PGP executable binary release system is in a file named PGP261.ZIP. ! 35: This contains the executable program, the user documentation, the RSAREF ! 36: license, and a few keys and signatures. There is also a second file ! 37: available containing the C and assembly source code, called PGP261S.ZIP. ! 38: If you are a programmer, this may be of interest to you. This should be ! 39: available from the same source from which you got PGP261.ZIP. If not, ! 40: and you want it, see the Licensing and Distribution section of the PGP ! 41: User's Guide. ! 42: ! 43: You will need PKUNZIP version 1.1 or later to uncompress and split the ! 44: PGP26.ZIP archive file into individual files. PKUNZIP is shareware and ! 45: is widely available on MSDOS machines. ! 46: ! 47: Create a directory for the PGP files. For this description, let's use ! 48: the directory C:\PGP26 as an example, but you should substitute your own ! 49: disk and directory name if you use something different. Type these ! 50: commands to make the new directory: 1.1 root 51: 52: c: 1.1.1.2 ! root 53: md \pgp26 ! 54: cd \pgp26 1.1 root 55: 1.1.1.2 ! root 56: Uncompress the distribution file PGP261.ZIP to the directory. For this ! 57: example, we will assume the file is on floppy drive A - if not, 1.1 root 58: substitute your own file location. 59: 1.1.1.2 ! root 60: pkunzip -d a:pgp261 ! 61: ! 62: This will create the file PGP261I.ZIP and PGP261I.ASC. Unzip ! 63: PGP261I.ZIP with the command: ! 64: ! 65: pkunzip -d pgp261i ! 66: ! 67: If you omit the -d flag, all the files in the doc subdirectory will be ! 68: deposited in the pgp directory. This merely causes clutter. 1.1 root 69: 1.1.1.2 ! root 70: Keep the PGP261I.ZIP file around. Once you have PGP working you can use ! 71: PGP261I.ASC to verify the digital signature on PGP261I.ZIP. It should ! 72: come from Jeffrey I. Schiller (whose key is included in keys.asc). 1.1 root 73: 1.1.1.2 ! root 74: Setting the Environment ! 75: ----------------------- 1.1 root 76: 1.1.1.2 ! root 77: Next, you can set an MSDOS "environment variable" to let PGP know where ! 78: to find its special files, in case you use it from other than the ! 79: default PGP directory. Use your favorite text editor to add the 1.1 root 80: following lines to your AUTOEXEC.BAT file (usually on your C: drive): 81: 1.1.1.2 ! root 82: SET PGPPATH=C:\PGP26 ! 83: SET PATH=C:\PGP26;%PATH% 1.1 root 84: 1.1.1.2 ! root 85: Substitute your own directory name if different from "C:\PGP26". 1.1 root 86: 1.1.1.2 ! root 87: The CONFIG.TXT file contains various preferences. You can change the ! 88: language PGP operates in, and the character set it uses. The IBM PC's ! 89: default character set, "Code Page 850" will be used if the line "charset ! 90: = cp850" appears in the config.txt file. You probably want to add that ! 91: line. ! 92: ! 93: Another environmental variable you should set in MSDOS is "TZ", which ! 94: tells MSDOS what time zone you are in, which helps PGP create GMT ! 95: timestamps for its keys and signatures. If you properly define TZ in ! 96: AUTOEXEC.BAT, then MSDOS gives you good GMT timestamps, and will handle ! 97: daylight savings time adjustments for you. Here are some sample lines ! 98: to insert into AUTOEXEC.BAT, depending on your time zone: 1.1 root 99: 100: For Los Angeles: SET TZ=PST8PDT 101: For Denver: SET TZ=MST7MDT 102: For Arizona: SET TZ=MST7 103: (Arizona never uses daylight savings time) 104: For Chicago: SET TZ=CST6CDT 105: For New York: SET TZ=EST5EDT 106: For London: SET TZ=GMT0BST 107: For Amsterdam: SET TZ=MET-1DST 108: For Moscow: SET TZ=MSK-3MSD 109: For Aukland: SET TZ=NZT-13 110: 1.1.1.2 ! root 111: Now reboot your system to run AUTOEXEC.BAT, which will set up PGPPATH ! 112: and TZ for you. 1.1 root 113: 1.1.1.2 ! root 114: Generating Your First Key ! 115: ------------------------- 1.1 root 116: 1.1.1.2 ! root 117: One of the first things you will want to do to really use PGP (other ! 118: than to test itself) is to generate your own key. This is described in ! 119: more detail in the "RSA Key Generation" section of the PGP User's Guide. ! 120: Remember that your key becomes something like your written signature or ! 121: your bank card code number or even a house key - keep it secret and keep ! 122: it secure! Use a long, unguessable pass phrase and remember it. Right ! 123: after you generate a key, put it on your key rings and copy your secret ! 124: keyring (SECRING.PGP) to a blank floppy and write protect the floppy. ! 125: ! 126: If you are a first-time user of PGP, it is a good idea to generate a ! 127: short test key, with a short passphrase, to play around with PGP for a ! 128: little bit and see how it works, or even more than one so you can ! 129: pretend to be sending messages between two different people. Since you ! 130: won't be guarding any secrets, this can be short and have a simple pass ! 131: phrase. But when you generate your permanent key, that you intend to ! 132: give to others so they can send secure messages to you, be much more ! 133: careful. ! 134: ! 135: After you generate your own key pair, you can add a few more public keys ! 136: to your key ring. A collection of sample public keys is provided with ! 137: the release in the file KEYS.ASC. To add them to your public key ring, ! 138: see the PGP User's Guide, in the section on adding keys to your key ! 139: ring. ! 140: ! 141: Verifying the PGP distribution ! 142: ------------------------------ ! 143: ! 144: Now that you have PGP up and running and have read in the KEYS.ASC file ! 145: you can now verify the integrity of the original distribution. To do ! 146: this type: ! 147: ! 148: pgp pgp261i.asc ! 149: ! 150: It will inform you that pgp261i.asc contains a signature but no text. ! 151: It may then ask you to provide the name of the file that it applies to. ! 152: Type in "pgp261i.zip", the internal ZIP file. ! 153: ! 154: PGP should tell you that it has a Good Signature from: ! 155: ! 156: Jeffrey I. Schiller <[email protected]> ! 157: ! 158: It will also tell you that it doesn't "trust" my ([email protected]) key. ! 159: This is because PGP does not *know* that the enclosed key really belongs ! 160: to me. Don't worry about this now. Read the section "How to Protect ! 161: Public Keys from Tampering" in Volume 1 of the PGP manual. ! 162: ! 163: READ THE FINE MANUAL (RTFM) ! 164: --------------------------- ! 165: ! 166: READ THE DOCUMENTATION. At least read Volume I of the PGP User's Guide. ! 167: Cryptography software is easy to misuse, and if you don't use it ! 168: properly much of the security you could gain by using it will be lost! ! 169: You might also be unfamiliar with the concepts behind public key ! 170: cryptography; the manual explains these ideas. Even if you are already ! 171: familiar with public key cryptography, it is important that you ! 172: understand the various security issues associated with using PGP. PGP ! 173: may be an unpickable lock, but you have to install it in the door ! 174: properly or it won't provide security. 1.1 root 175: 1.1.1.2 ! root 176: ######################################################################## 1.1 root 177: For UNIX: 178: 1.1.1.2 ! root 179: You likely will have to compile PGP for your system; to do this, first ! 180: make sure the unpacked files are in the correct unix textfile format ! 181: (the files in pgp261s.zip are in MSDOS CRLF format, so for Unix you must ! 182: unpack with "unzip -a"; the tar files pgp261s.tar.Z and pgp261s.tar.gz ! 183: use normal Unix line feed conventions). ! 184: ! 185: You will need the RSAREF package written by RSA Data Security. It is ! 186: included with the PGP 2.6.1 distribution from MIT. Use this version as ! 187: it has been edited for the larger key sizes needed by PGP 2.6.1 as well ! 188: as to improve performance. ! 189: ! 190: When you untar pgp261s.tar (either compression format) you will find ! 191: that it contains 5 files. pgp261si.tar contains all non-binary files for ! 192: PGP including all source code. This tar archive has been created ! 193: assuming that you will untar it directly into your PGP 2.6.1 "build" ! 194: directory. pgp261si.asc is a detached digital signature of pgp261si.tar ! 195: (which you can verify after you have PGP operating, see the section ! 196: above titled "Verifying the PGP Distribution"). rsaref.tar contains the ! 197: source code for the RSAREF distribution. You should also untar it from ! 198: your PGP "build" directory. All RSAREF software will automatically go ! 199: into an "rsaref" subdirectory. ! 200: ! 201: cd to rsaref/install/unix and invoke the "make" command there to build ! 202: the RSAREF software library. ! 203: ! 204: RSAREF tries to build with the GNU CC compiler by default. If you do ! 205: not have the GCC compiler for your platform, you will have to run make ! 206: with an option to use the normal CC compiler: ! 207: ! 208: make CC=cc ! 209: ! 210: If your native compiler does not understand prototypes, then this will ! 211: fail as well, and you will have to set the PROTOTYPES to 0. You can do ! 212: this by running make in this manner: ! 213: ! 214: make CC=cc PROTOTYPES=0 ! 215: ! 216: This will try to create an rsaref.a library in the current directory. ! 217: One last problem you may have is the lack of a ranlib program on your ! 218: platform. You can fix this by adding this to your make line: ! 219: ! 220: RANLIB=true ! 221: ! 222: After RSAREF is successfully built, cd to src (cd ../../../src from the ! 223: RSAREF install/unix directory) and invoke "make" there. You will have ! 224: to specify your machine platform (make without arguments will give you a ! 225: list of choices). ! 226: ! 227: If you don't have an ANSI C compiler you will need the unproto package ! 228: written by Wietse Venema. unproto was posted on comp.sources.misc and ! 229: can be obtained from the various sites that archive this newsgroup ! 230: (volume 23: v23i012 and v23i013) or ftp.win.tue.nl file: ! 231: /pub/programming/unproto4.shar.Z Read the file README in the unproto ! 232: distribution for instructions on how to use unproto. ! 233: ! 234: If your system doesn't have a target in the makefile you will have to ! 235: edit the makefile, make sure you compile for the correct byte order for ! 236: your system: define HIGHFIRST if your system is big-endian (eg. ! 237: Motorola 68030). There are also some platform-specific parameters in ! 238: the include file "platform.h". Some platforms may have to modify this ! 239: file. ! 240: ! 241: If you successfully create a target rule for a new platform, please send ! 242: the patches to [email protected], so it can be added to the next release. ! 243: ! 244: Note: PGP 2.6.1 requires the function memmove. Not all machines have ! 245: this in the standard C library. There is an implementation of memmove ! 246: included with this distribution. If you find that your platform ! 247: requires memmove, but the makefile rule for your platform does not ! 248: include memmove (look at the sun4gcc or sun386i rules for an example of ! 249: how to include it), please send mail to [email protected], so we can ! 250: correct the problem. ! 251: ! 252: If you have any problems, bugs, patches, etc., please send mail to ! 253: [email protected]! 1.1 root 254: 255: If all goes well, you will end up with an executable file called "pgp". 256: 257: Before you install pgp, run these tests: 258: (do not create your real public key yet, this is just for testing pgp) 259: 1.1.1.2 ! root 260: - create a public/secret key pair (enter "test" as userid/password): ! 261: pgp -kg 1.1 root 262: 1.1.1.2 ! root 263: - add the keys from the file "keys.asc" to the public keyring: ! 264: pgp -ka keys.asc ! 265: pgp will ask if you want to sign the keys you are adding, answer yes ! 266: for at least one key. 1.1 root 267: 1.1.1.2 ! root 268: - do a keyring check: ! 269: pgp -kc 1.1 root 270: 1.1.1.2 ! root 271: - encrypt pgpdoc1.txt: ! 272: pgp -e pgpdoc1.txt test -o testfile.pgp 1.1 root 273: 1.1.1.2 ! root 274: - decrypt this file: ! 275: pgp testfile.pgp 1.1 root 276: 1.1.1.2 ! root 277: this should produce the file "testfile" compare this file with ! 278: pgpdoc1.txt 1.1 root 279: 280: If everything went well, install pgp in a bin directory. 281: 1.1.1.2 ! root 282: Place the documentation, pgpdoc1.txt and pgpdoc2.txt somewhere where you ! 283: can reasonably read it. The software looks for it when running ! 284: (especially generating keys), so someplace reasonably obvious would be ! 285: good. "pgp -kg" will give you full details if it can't find the ! 286: manuals. ! 287: ! 288: Place the man page (pgp.1) in an appropriate spot. If you don't know ! 289: anything about how man pages work, you can make the man page look human ! 290: readable yourself by typing "nroff -man pgp.1 >pgp.man" and reading ! 291: "pgp.man". ! 292: ! 293: Create a subdirectory somewhere in your home directory hierarchy to hold ! 294: your public and private key rings and anything else pgp might need (like ! 295: the language.txt file). The default name PGP assumes is ~/.pgp. If you ! 296: want to use a different name, you must set the environment variable ! 297: "PGPPATH" to point to this place before you use the system. ! 298: ! 299: > IMPORTANT: This directory cannot be shared! It will contain your < ! 300: > personal private keys! < ! 301: ! 302: If you are installing PGP for yourself, copy the files "language.txt", ! 303: "config.txt", and the ".hlp" files from the distribution into this ! 304: subdirectory. ! 305: ! 306: If you are installing PGP system-wide, the directory to use is ! 307: /usr/local/lib/pgp for the config, language and help files. This can be ! 308: changed in fileio.h when compiling. It's the value of PGP_SYSTEM_DIR. ! 309: ! 310: Tell PGP the character set and language you wish to use in the ! 311: config.txt file. If you have a terminal that only displays 7-bit ASCII, ! 312: use "charset=ascii" to display an approximation (accents are omitted) of ! 313: extended characters. ! 314: ! 315: >> IMPORTANT: Please read the sections in the man page and manual << ! 316: >> about vulnerabilities before using this software on a multi- << ! 317: >> user machine! << 1.1 root 318: 319: Now, if you haven't done so yet, GO READ THE MANUAL. 320: 1.1.1.2 ! root 321: ######################################################################## 1.1 root 322: For VMS: 323: 1.1.1.2 ! root 324: PGP/VMS Version 2.6.1 ! 325: --------------------- 1.1 root 326: 1.1.1.2 ! root 327: ***THIS MAY OR MAY NOT WORK***. 1.1 root 328: 1.1.1.2 ! root 329: The pgp26/vmsbuild contains support files for building a VMS version of ! 330: PGP 2.6.1. We at MIT have not tested this code out, but it should work ! 331: without too much effort. See the file: vmsbuild/000read.me. ! 332: ! 333: In particular, PGP 2.6.1 needs to be linked with the RSAREF library. ! 334: David North has provided a build file "vmsbuild/rsabuild.com" that ! 335: should help in building RSAREF. ! 336: ! 337: If you can figure out how to compile it, it SHOULD work. One change is ! 338: that PGP can now look for support files in a system-wide directory. The ! 339: default (PGP_SYSTEM_DIR, defined in fileio.h) is PGP$LIBRARY:, but you ! 340: can change that if you like. ! 341: ! 342: -----BEGIN PGP SIGNATURE----- ! 343: Version: 2.6.1 ! 344: ! 345: iQCVAwUBLmuzYcUtR20Nv5BtAQEwnwP9FqPOE9aEet4+qtTXTW5YNrpqwvQxF0/h ! 346: ytH2WYMgA0HFRIZN9Crx5SQBX8syqaEZs0GPxOoLPVPCHVV8G3Dg3L8f72kwRAC+ ! 347: J2Z+XBt49RwwRIWm+MmWfG5IwS4OlAXTe+IDxgdViXuDDNVoWysGaWJSW+hv+yry ! 348: xU9pY5AYBKc= ! 349: =8s1o ! 350: -----END PGP SIGNATURE-----
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.