PGP

Section: User Manual (5.0)
Updated: JULY 1997 (v5.0)
Index Return to Main Contents
 

NAME

PGP - A suite of tools for encrypting, decrypting and verifying messages.  

DESCRIPTION

There are two files in this package, but several additional modes of operation are available via symbolic links:

pgp(1) is the main cryptographic engine of the PGP package. However, invoking it as itself merely prints a usage summary.

pgpe(1) is executed to encrypt, or encrypt and sign, files. It is a link to pgp(1).

pgps(1) is executed to only sign files. It is a link to pgp(1).

pgpv(1) is executed to only verify or decrypt signed or encrypted files. It is a link to pgp(1).

pgpk(1) is the key management application, which is used to generate, retrieve and send keys, as well as manage trust.

Public key cryptography must be fully understood by the user to be useful. A successful PGP user must be familiar with public key cryptography in general, and some PGP-specific concepts (such as the web of trust). If you feel comfortable with your own level of knowledge on this subject, your first step is probably going to be to invoke pgpk(1) to generate a key.  

FILES

~/.pgp/pgp.cfg
User-specific configuration file. In previous releases, this file was called config.txt. See pgp.cfg(5) for further details.
 

MIGRATION

Users migrating from earlier versions of PGP will need to manually migrate the following configuration files:

~/.pgp/config.txt is now ~/.pgp/pgp.cfg. This file may be copied manually. If not copied, internal defaults will be used. This file is largely unchanged in 5.0. See pgp.cfg(5) for more information on this file.

~/.pgp/pubring.pgp is now ~/.pgp/pubring.pkr. You may copy your old public keyring, or allow 5.0 to generate a new keyring for you.

~/.pgp/secring.pgp is now ~/.pgp/secring.skr. You may copy your old private keyring. Even if you do this, you are encouraged to generate a new DSS/Diffie-Hellman key to allow communication with all 5.0 users.

~/.pgp/language.txt is now ~/.pgp/language50.txt. This file should not be copied from your previous installation, as it is completely different in 5.0. If this file is not present, internal defaults will be used.

 

AUTHORS

A cast of thousands. This is, of course, derived directly from the work of Phil R. Zimmerman <prz@pgp.com>. Major contributors to this release include:

Unix Development
Derek Atkins <warlord@MIT.EDU>
Hal Finney <hal@pgp.com>
Mark McArdle <markm@pgp.com>
Brett A. Thomas <quark@baz.com>
Mark Weaver <mhw@pgp.com>
Be Development
Mark Elrod <elrod@pgp.com>
Brett A. Thomas <quark@baz.com>
Library Development
Derek Atkins <warlord@MIT.EDU>
Colin Plumb <colin@pgp.com>
Hal Finney <hal@pgp.com>
Mark Weaver <mhw@pgp.com>
Unix Beta Testing
Steve Gilbert <darkelf@redcloud.org>
Mike Shappe <mshappe@jeeves.net>
Man Pages
Brett A. Thomas <quark@baz.com>
 

BUGS

pgp_old (backwards compatibility mode) is unimplemented.

Keyserver support should be more informative with unknown protocols.

URL parsing uses static buffers and is vulnerable to overflow attacks.

The PAGER directive in pgp.cfg doesn't work.

No UI support for corporate message recovery keys (MRK).

"Echo passphrase" not supported.

On systems with /dev/random, we should read in the available random bytes every runtime.

Keyserver support should ask for verification prior to adding keys to your keyring.

Batch mode doesn't yet do all that it should (specifically, "simple batch mode," which will allow non-interactive execution of PGP, hasn't been implemented).

In batch mode, there is not yet any user interface to allow the specification of file descriptors to use for certain kinds of output.

PGP does not warn you when encrypting to both RSA and DSS/Diffie-Hellman keys, which will cause problems for users of versions 2.6.2, 4.0 and 4.5.

Conventional mode encryption causes a crash.

The -b option to pgpv(1) is not implemented.

pgpk -rs (to remove signatures from keys) may not do the right thing if you have a large number of signatures and revocations on the key.

Encrypting to multiple receivers, where one receiver is unknown, produces no output file.

pgpk(1) doesn't warn you if you specify multiple user IDs on a command that doesn't allow multiple user IDs.

pgpv -m ("more" mode) and "eyes-only" decryption is not displaying properly. It is suggested that your pipe the output of pgpv(1) into your pager of preference until this is fixed.

pgpk(1) doesn't pay attention to the +force option to force file overwrite; it stops to ask for confirmation.

Automatic passphrase specification isn't documented or implemented consistently across all applications.

Multipart armoring doesn't handle all possible permutations - specifically, it does not work properly if all the sections are in one file, or only the first file is named on the command line.

There is currently no way to specify just a secret or public keyring for an operation.

pgp --version doesn't work. Use pgpk --version or one of the other commands, instead.

pgpv -p, to "preserve" the original input filename, is not yet supported.

pgpk -c, which checks signatures on a key or your keyring, does not have properly formatted or sorted output.

There are a number of bugs when specifying filenames ending in digits; the general result is that the default output filename is not what might be expected (i.e., pgpe -sa foo1 results in an output suggestion of foo1.asc.1 instead of foo1.asc, as expected). It is conjectured that the user interface is becoming confused and invoking the rules used to generate multi-part ASCII armor filenames.

Configuration option TZfix doesn't allow specifying non-mainstream values, such as -420 or 30.

 

SEE ALSO

pgpe(1), pgpv(1), pgps(1), pgpk(1), pgp.cfg(5), pgp-integration(7), http://www.pgp.com (US versions) and http://www.pgpi.com (International versions)


 

Index

NAME
DESCRIPTION
FILES
MIGRATION
AUTHORS
BUGS
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 23:26:50 GMT, August 22, 2024