![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to setup.doc CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp|
Return to setup.doc CVS log | Up to [PGP] / pgp |
1.1.1.2 root 1: -----BEGIN PGP SIGNED MESSAGE----- 1.1 root 2: 1.1.1.3 ! root 3: Pretty Good Privacy Version 2.6.2 1.1.1.2 root 4: Installation Guide 5: 6: by Perry Metzger, Colin Plumb, Derek Atkins, 7: Jeffrey I. Schiller and others 1.1 root 8: 9: How to Install PGP 10: ================== 11: 12: The first question is, what platform are you on? 13: 1.1.1.3 ! root 14: The base PGP 2.6.2 distribution runs on several varieties of Unix, ! 15: MS-DOS, OS/2 and VAX VMS (though we haven't compiled it ourselves there ! 16: yet). Ports can be expected shortly to the Atari, Amiga, and possibly ! 17: other systems. Naturally, installation instructions differ depending on ! 18: your hardware. Separate instructions are provided here for MSDOS and ! 19: Unix. 1.1 root 20: 1.1.1.2 root 21: See the section below for your system's particular installation 1.1 root 22: instructions. 23: 1.1.1.2 root 24: If you do not have any of these systems, you will either have to port 1.1 root 25: the sources to your machine or find someone who has already done so. 26: 1.1.1.2 root 27: ######################################################################## 1.1.1.3 ! root 28: ! 29: For MSDOS Installation ! 30: ====================== 1.1 root 31: 1.1.1.2 root 32: PGP is distributed in a compressed archive format, which keeps all the 33: relevant files grouped together, and also saves disk space and 1.1 root 34: transmission time. 35: 1.1.1.3 ! root 36: The current version, 2.6.2, is archived with the ZIP utility, and the ! 37: PGP executable binary release system is in a file named PGP262.ZIP. 1.1.1.2 root 38: This contains the executable program, the user documentation, the RSAREF 1.1.1.3 ! root 39: license, and a few keys and signatures. There is also a second file ! 40: available containing the C and assembly source code, called PGP262S.ZIP. 1.1.1.2 root 41: If you are a programmer, this may be of interest to you. This should be 1.1.1.3 ! root 42: available from the same source from which you got PGP262.ZIP. If not, ! 43: and you want it, see the Licensing and Distribution section of the PGP ! 44: User's Guide. There is also an archive PGP262DC.ZIP, which is just the ! 45: documentation, if you just want to see a description of PGP or have ! 46: misplaced the manual. 1.1.1.2 root 47: 1.1.1.3 ! root 48: You will need PKUNZIP version 2.04g or later to uncompress and split the ! 49: PGP262.ZIP archive file into individual files. PKUNZIP is shareware and 1.1.1.2 root 50: is widely available on MSDOS machines. 51: 1.1.1.3 ! root 52: Each of the ZIP files is actually two nested zip files. Inside ! 53: PGP262.ZIP is PGP262I.ZIP, which contains most of the files, and ! 54: PGP262I.ASC, which is a PGP signature on PGP262I.ASC. If you have a ! 55: previous version of PGP, you can use it to check the signature to see ! 56: that the distribution has not been tampered with. Since a PGP signature ! 57: protects every last bit in a file from change, a BBS adding an ! 58: advertising blurb or recompressing the archive would cause PGP to report ! 59: tampering. Thus, only the inner ZIP file is signed. ! 60: 1.1.1.2 root 61: Create a directory for the PGP files. For this description, let's use 62: the directory C:\PGP26 as an example, but you should substitute your own 63: disk and directory name if you use something different. Type these 64: commands to make the new directory: 1.1 root 65: 66: c: 1.1.1.2 root 67: md \pgp26 68: cd \pgp26 1.1 root 69: 1.1.1.3 ! root 70: Uncompress the distribution file PGP262.ZIP to the directory. For this 1.1.1.2 root 71: example, we will assume the file is on floppy drive A - if not, 1.1 root 72: substitute your own file location. 73: 1.1.1.3 ! root 74: pkunzip -d a:pgp262 1.1.1.2 root 75: 1.1.1.3 ! root 76: This will create the file PGP262I.ZIP and PGP262I.ASC. Unzip ! 77: PGP262I.ZIP with the command: 1.1.1.2 root 78: 1.1.1.3 ! root 79: pkunzip -d pgp262i 1.1.1.2 root 80: 81: If you omit the -d flag, all the files in the doc subdirectory will be 82: deposited in the pgp directory. This merely causes clutter. 1.1 root 83: 1.1.1.3 ! root 84: Keep the PGP262I.ZIP file around. Once you have PGP working you can use ! 85: PGP262I.ASC to verify the digital signature on PGP262I.ZIP. It should 1.1.1.2 root 86: come from Jeffrey I. Schiller (whose key is included in keys.asc). 1.1 root 87: 1.1.1.3 ! root 88: 1.1.1.2 root 89: Setting the Environment 90: ----------------------- 1.1 root 91: 1.1.1.2 root 92: Next, you can set an MSDOS "environment variable" to let PGP know where 93: to find its special files, in case you use it from other than the 94: default PGP directory. Use your favorite text editor to add the 1.1 root 95: following lines to your AUTOEXEC.BAT file (usually on your C: drive): 96: 1.1.1.2 root 97: SET PGPPATH=C:\PGP26 98: SET PATH=C:\PGP26;%PATH% 1.1 root 99: 1.1.1.2 root 100: Substitute your own directory name if different from "C:\PGP26". 1.1 root 101: 1.1.1.3 ! root 102: The CONFIG.TXT file contains various user-defined preferences for PGP. ! 103: For example, you can specify which of your secret keys to implicitly ! 104: select for creating digital signatures. See the manual for details on ! 105: how to fine-tune your PGP configuration file. The default values in ! 106: that file are good enough to get you started. 1.1.1.2 root 107: 108: Another environmental variable you should set in MSDOS is "TZ", which 109: tells MSDOS what time zone you are in, which helps PGP create GMT 110: timestamps for its keys and signatures. If you properly define TZ in 111: AUTOEXEC.BAT, then MSDOS gives you good GMT timestamps, and will handle 112: daylight savings time adjustments for you. Here are some sample lines 113: to insert into AUTOEXEC.BAT, depending on your time zone: 1.1 root 114: 115: For Los Angeles: SET TZ=PST8PDT 116: For Denver: SET TZ=MST7MDT 117: For Arizona: SET TZ=MST7 118: (Arizona never uses daylight savings time) 119: For Chicago: SET TZ=CST6CDT 120: For New York: SET TZ=EST5EDT 121: For London: SET TZ=GMT0BST 122: For Amsterdam: SET TZ=MET-1DST 123: For Moscow: SET TZ=MSK-3MSD 124: For Aukland: SET TZ=NZT-13 125: 1.1.1.2 root 126: Now reboot your system to run AUTOEXEC.BAT, which will set up PGPPATH 127: and TZ for you. 1.1 root 128: 1.1.1.2 root 129: Generating Your First Key 130: ------------------------- 1.1 root 131: 1.1.1.2 root 132: One of the first things you will want to do to really use PGP (other 133: than to test itself) is to generate your own key. This is described in 134: more detail in the "RSA Key Generation" section of the PGP User's Guide. 135: Remember that your key becomes something like your written signature or 136: your bank card code number or even a house key - keep it secret and keep 137: it secure! Use a long, unguessable pass phrase and remember it. Right 138: after you generate a key, put it on your key rings and copy your secret 139: keyring (SECRING.PGP) to a blank floppy and write protect the floppy. 140: 141: If you are a first-time user of PGP, it is a good idea to generate a 142: short test key, with a short passphrase, to play around with PGP for a 143: little bit and see how it works, or even more than one so you can 144: pretend to be sending messages between two different people. Since you 145: won't be guarding any secrets, this can be short and have a simple pass 146: phrase. But when you generate your permanent key, that you intend to 147: give to others so they can send secure messages to you, be much more 148: careful. 149: 150: After you generate your own key pair, you can add a few more public keys 151: to your key ring. A collection of sample public keys is provided with 152: the release in the file KEYS.ASC. To add them to your public key ring, 153: see the PGP User's Guide, in the section on adding keys to your key 154: ring. 155: 156: Verifying the PGP distribution 157: ------------------------------ 158: 159: Now that you have PGP up and running and have read in the KEYS.ASC file 160: you can now verify the integrity of the original distribution. To do 161: this type: 162: 1.1.1.3 ! root 163: pgp pgp262i.asc 1.1.1.2 root 164: 1.1.1.3 ! root 165: It will inform you that pgp262i.asc contains a signature but no text. 1.1.1.2 root 166: It may then ask you to provide the name of the file that it applies to. 1.1.1.3 ! root 167: Type in "pgp262i.zip", the internal ZIP file. 1.1.1.2 root 168: 169: PGP should tell you that it has a Good Signature from: 170: 171: Jeffrey I. Schiller <[email protected]> 172: 173: It will also tell you that it doesn't "trust" my ([email protected]) key. 174: This is because PGP does not *know* that the enclosed key really belongs 175: to me. Don't worry about this now. Read the section "How to Protect 176: Public Keys from Tampering" in Volume 1 of the PGP manual. 177: 178: READ THE FINE MANUAL (RTFM) 179: --------------------------- 180: 181: READ THE DOCUMENTATION. At least read Volume I of the PGP User's Guide. 182: Cryptography software is easy to misuse, and if you don't use it 183: properly much of the security you could gain by using it will be lost! 184: You might also be unfamiliar with the concepts behind public key 185: cryptography; the manual explains these ideas. Even if you are already 186: familiar with public key cryptography, it is important that you 187: understand the various security issues associated with using PGP. PGP 188: may be an unpickable lock, but you have to install it in the door 189: properly or it won't provide security. 1.1 root 190: 1.1.1.2 root 191: ######################################################################## 1.1 root 192: For UNIX: 193: 1.1.1.2 root 194: You likely will have to compile PGP for your system; to do this, first 195: make sure the unpacked files are in the correct unix textfile format 1.1.1.3 ! root 196: (the files in pgp262s.zip are in MSDOS CRLF format, so for Unix you must ! 197: unpack with "unzip -a"; the tar files pgp262s.tar.Z and pgp262s.tar.gz 1.1.1.2 root 198: use normal Unix line feed conventions). 199: 1.1.1.3 ! root 200: You will need the RSAREF package written by RSA Data Security. It is ! 201: included with the current PGP distribution from MIT. Use this version ! 202: as it has been edited for the larger key sizes needed by PGP 2.6.2 as ! 203: well as to improve performance. 1.1.1.2 root 204: 1.1.1.3 ! root 205: When you untar pgp262s.tar (either compression format) you will find ! 206: that it contains 5 files. pgp262si.tar contains all non-binary files for 1.1.1.2 root 207: PGP including all source code. This tar archive has been created 1.1.1.3 ! root 208: assuming that you will untar it directly into your PGP 2.6.2 "build" ! 209: directory. pgp262si.asc is a detached digital signature of pgp262si.tar 1.1.1.2 root 210: (which you can verify after you have PGP operating, see the section 211: above titled "Verifying the PGP Distribution"). rsaref.tar contains the 212: source code for the RSAREF distribution. You should also untar it from 213: your PGP "build" directory. All RSAREF software will automatically go 214: into an "rsaref" subdirectory. 215: 216: cd to rsaref/install/unix and invoke the "make" command there to build 217: the RSAREF software library. 218: 219: RSAREF tries to build with the GNU CC compiler by default. If you do 220: not have the GCC compiler for your platform, you will have to run make 221: with an option to use the normal CC compiler: 222: 223: make CC=cc 224: 225: If your native compiler does not understand prototypes, then this will 226: fail as well, and you will have to set the PROTOTYPES to 0. You can do 227: this by running make in this manner: 228: 229: make CC=cc PROTOTYPES=0 230: 231: This will try to create an rsaref.a library in the current directory. 232: One last problem you may have is the lack of a ranlib program on your 233: platform. You can fix this by adding this to your make line: 234: 235: RANLIB=true 236: 237: After RSAREF is successfully built, cd to src (cd ../../../src from the 238: RSAREF install/unix directory) and invoke "make" there. You will have 239: to specify your machine platform (make without arguments will give you a 240: list of choices). 241: 242: If you don't have an ANSI C compiler you will need the unproto package 243: written by Wietse Venema. unproto was posted on comp.sources.misc and 244: can be obtained from the various sites that archive this newsgroup 245: (volume 23: v23i012 and v23i013) or ftp.win.tue.nl file: 246: /pub/programming/unproto4.shar.Z Read the file README in the unproto 247: distribution for instructions on how to use unproto. 248: 249: If your system doesn't have a target in the makefile you will have to 250: edit the makefile, make sure you compile for the correct byte order for 251: your system: define HIGHFIRST if your system is big-endian (eg. 252: Motorola 68030). There are also some platform-specific parameters in 253: the include file "platform.h". Some platforms may have to modify this 254: file. 255: 256: If you successfully create a target rule for a new platform, please send 257: the patches to [email protected], so it can be added to the next release. 258: 1.1.1.3 ! root 259: Note: PGP requires the function memmove. Not all machines have this in ! 260: the standard C library. There is an implementation of memmove included ! 261: with this distribution. If you find that your platform requires ! 262: memmove, but the makefile rule for your platform does not include ! 263: memmove (look at the sun4gcc or sun386i rules for an example of how to ! 264: include it), please send mail to [email protected], so we can correct the ! 265: problem. 1.1.1.2 root 266: 267: If you have any problems, bugs, patches, etc., please send mail to 268: [email protected]! 1.1 root 269: 270: If all goes well, you will end up with an executable file called "pgp". 271: 272: Before you install pgp, run these tests: 273: (do not create your real public key yet, this is just for testing pgp) 274: 1.1.1.2 root 275: - create a public/secret key pair (enter "test" as userid/password): 276: pgp -kg 1.1 root 277: 1.1.1.2 root 278: - add the keys from the file "keys.asc" to the public keyring: 279: pgp -ka keys.asc 280: pgp will ask if you want to sign the keys you are adding, answer yes 281: for at least one key. 1.1 root 282: 1.1.1.2 root 283: - do a keyring check: 284: pgp -kc 1.1 root 285: 1.1.1.2 root 286: - encrypt pgpdoc1.txt: 287: pgp -e pgpdoc1.txt test -o testfile.pgp 1.1 root 288: 1.1.1.2 root 289: - decrypt this file: 290: pgp testfile.pgp 1.1 root 291: 1.1.1.2 root 292: this should produce the file "testfile" compare this file with 293: pgpdoc1.txt 1.1 root 294: 295: If everything went well, install pgp in a bin directory. 296: 1.1.1.2 root 297: Place the documentation, pgpdoc1.txt and pgpdoc2.txt somewhere where you 298: can reasonably read it. The software looks for it when running 299: (especially generating keys), so someplace reasonably obvious would be 300: good. "pgp -kg" will give you full details if it can't find the 301: manuals. 302: 303: Place the man page (pgp.1) in an appropriate spot. If you don't know 304: anything about how man pages work, you can make the man page look human 305: readable yourself by typing "nroff -man pgp.1 >pgp.man" and reading 306: "pgp.man". 307: 308: Create a subdirectory somewhere in your home directory hierarchy to hold 309: your public and private key rings and anything else pgp might need (like 310: the language.txt file). The default name PGP assumes is ~/.pgp. If you 311: want to use a different name, you must set the environment variable 312: "PGPPATH" to point to this place before you use the system. 313: 314: > IMPORTANT: This directory cannot be shared! It will contain your < 315: > personal private keys! < 316: 317: If you are installing PGP for yourself, copy the files "language.txt", 318: "config.txt", and the ".hlp" files from the distribution into this 319: subdirectory. 320: 321: If you are installing PGP system-wide, the directory to use is 322: /usr/local/lib/pgp for the config, language and help files. This can be 323: changed in fileio.h when compiling. It's the value of PGP_SYSTEM_DIR. 324: 325: Tell PGP the character set and language you wish to use in the 326: config.txt file. If you have a terminal that only displays 7-bit ASCII, 327: use "charset=ascii" to display an approximation (accents are omitted) of 328: extended characters. 329: 330: >> IMPORTANT: Please read the sections in the man page and manual << 331: >> about vulnerabilities before using this software on a multi- << 332: >> user machine! << 1.1 root 333: 334: Now, if you haven't done so yet, GO READ THE MANUAL. 335: 1.1.1.2 root 336: ######################################################################## 1.1 root 337: For VMS: 338: 1.1.1.3 ! root 339: PGP/VMS Version 2.6.2 1.1.1.2 root 340: --------------------- 1.1 root 341: 1.1.1.2 root 342: ***THIS MAY OR MAY NOT WORK***. 1.1 root 343: 1.1.1.2 root 344: The pgp26/vmsbuild contains support files for building a VMS version of 1.1.1.3 ! root 345: PGP 2.6.2. We at MIT have not tested this code out, but it should work 1.1.1.2 root 346: without too much effort. See the file: vmsbuild/000read.me. 347: 1.1.1.3 ! root 348: In particular, PGP needs to be linked with the RSAREF library. 1.1.1.2 root 349: David North has provided a build file "vmsbuild/rsabuild.com" that 350: should help in building RSAREF. 351: 352: If you can figure out how to compile it, it SHOULD work. One change is 353: that PGP can now look for support files in a system-wide directory. The 354: default (PGP_SYSTEM_DIR, defined in fileio.h) is PGP$LIBRARY:, but you 355: can change that if you like. 356: 1.1.1.3 ! root 357: 1.1.1.2 root 358: -----BEGIN PGP SIGNATURE----- 1.1.1.3 ! root 359: Version: 2.6.2 1.1.1.2 root 360: 1.1.1.3 ! root 361: iQCVAwUBLqmXwsUtR20Nv5BtAQG+rQP+KBJzh22axMqNymQtN55iU+znyJwnaTge ! 362: buI7mpZnjUAYBZvOHhxVtUg/5v4PgDISrDnTkne6EZdDNEH5nP9AB8YDOChourKg ! 363: drUlhn7NsEyToqDF42rX53kq0kc8P7CWilQvTfti6i8bAGWLAN9dwdq0iwFxRz8I ! 364: G8Cql4kIbhA= ! 365: =0JzK 1.1.1.2 root 366: -----END PGP SIGNATURE-----
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.