home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ShareWare OnLine 2
/
ShareWare OnLine Volume 2 (CMS Software)(1993).iso
/
util2
/
pgp22src.zip
/
README.DOC
< prev
next >
Wrap
Text File
|
1993-03-07
|
6KB
|
119 lines
Pretty Good Privacy version 2.2 - READ ME FIRST
Notes by Perry Metzger
Additions for 2.2 by Colin Plumb
You are looking at the README file for PGP release 2.2. PGP, short for
Pretty Good Privacy, is a public key encryption package; with it, you
can secure messages you transmit against unauthorized reading and
digitally sign them so that people receiving them can be sure they
come from you.
The files DOC\PGPDOC1.DOC and DOC\PGPDOC2.DOC contain documentation
for the system. If the DOC directory doesn't exist because you forgot
to specify the -d option to unzip to make it preserve the directory
structure, it would probably be a good idea to go back and do so.
The command is probably:
pkunzip -d pgp22.zip
Before using PGP, PLEASE READ THE DOCUMENTATION. This tends to get
neglected with most computer software, but cryptography software is
easy to misuse, and if you don't use it properly much of the security
you could gain by using it will be lost! You might also be unfamiliar
with the concepts behind public key cryptography; the manual explains
these ideas. Even if you are already familiar with public key
cryptography, it is important that you understand the various security
issues associated with using PGP.
The file DOC\SETUP.DOC contains information on how to install PGP on your
system; this document is broken up into several sections, each dealing
with a different operating system: PGP is known to run on MS-DOS,
UNIX, and VMS. Part of the information in SETUP.DOC might make more
sense if you have already read the manuals.
PGP 2.2, which was released on March 6, 1993, is the second
update after the September 1992 release of PGP 2.0. It will be
followed by more updated versions in the months to come, so check
around for more recent updates, especially if you received PGP 2.2
substantially after the release date. If there is a more recent
release, please acquire it, and please get the place from which you
got your earlier version to update their release, too.
This 2.2 release has fixed a number of irritating bugs in PGP 2.1,
and has some notable improvements. Managing large key rings is now
much faster and you can now send to multiple recipients. Also a number
of features intended to make it easier to use in shell scripts and with
mailers or editors have been included. See DOC\NEWFOR22.DOC for details.
MANIFEST for PGP 2.2
--------------------
Here is a list of files included in the PGP 2.2 MSDOS executable release
file PGP22.ZIP:
README.DOC - This file you are reading
PGP.EXE - PGP executable program
CONFIG.TXT - User configuration parameter file for PGP
LANGUAGE.TXT - Sample language file for French and Spanish
PGP.HLP - Online help file for PGP
ES.HLP - Online help file in Spanish
FR.HLP - Online help file in French
KEYS.ASC - Sample public keys you should add to your keyring
PGPSIG.ASC - Detached signature of PGP.EXE, to detect viruses
DOC\SETUP.DOC - Installation guide
DOC\PGPDOC1.DOC - PGP User's Guide, Vol I: Essential Topics
DOC\PGPDOC2.DOC - PGP User's Guide, Vol II: Special Topics
DOC\NEWFOR22.DOC - Things that have changed since PGP 2.1
DOC\KEYSERV.DOC - How to use a key server to exchange public keys
DOC\POLITIC.DOC - Political organiztions that may be of interest to PGP users
The source releases (PGP22SRC.ZIP or pgp22.tar.Z) do NOT contain the files:
PGP.EXE - MS-DOS executable
PGPSIG.ASC - Signature for above
DOC\PGPDOC1.DOC - Paginated User's Guide, Vol I
DOC\PGPDOC2.DOC - Paginated User's Guide, Vol II
But do contain, in addition to those listed above:
SRCFILES - A list of the source code files
DOC\README.VMS - Details needed by VMS users only
DOC\PGP.1 - A PGP man page, not entirely up-to-date
DOC\PGPDOC1.TXT - Unpaginated user's guide, Vol I: Essential Topics
DOC\PGPDOC2.TXT - Unpaginated user's guide, Vol II: Special Topics
DOC\PGFORMAT.DOC - Documentation on the format of .pgp files
DOC\APPNOTE.DOC - An application note on using pgp with mailers (see CONTRIB)
SRC\ - The full source code
CONTRIB\ - Some contributed utilities - see the README file there.
The only differences between the .zip and the .tar.Z files are end-of-line
conventions and the fact that the filenames are lowercase.
For Clinical Paranoia Sufferers Only
------------------------------------
If you have a previous version of PGP that you trust, you can use
it to check the current version. For binary distributions, that's
straightforward. For source distributions, in the CONTRIB directory
is an MD5SUM utility that can be used to verify the source, comparing the
MD5 signature of each source file with a master list (which is signed
with PGP).
If, however, this is the first version of PGP you've received, then
it is always possible that the PGP you have received has been tampered
with in some way. This is a risk because PGP is used as a system to
assure security, so those wishing to breach your security could likely
do it by making sure that your copy of PGP has been tampered with. Of
course, if you receive PGP in a binary distribution, it makes sense to
check it for viruses, and if you receive PGP as source code, looking
for signs of obvious tampering might be a good idea. However, it is
very difficult to actually determine if the code has no subtle bugs
that have been introduced and that the executable you are using has
not been tampered with in any way. If you are a really paranoid
person, try getting a cryptographically signed copy of the software
from someone you trust to have a good copy. It would also likely be
good for you to read the sections of the manual on "Vulnerabilities",
which you should have read anyway since you have read the
documentation already, haven't you?
