home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Monster Media 1993 #2
/
Image.iso
/
lan
/
pgpshe22.zip
/
PGPSHELL.DOC
< prev
next >
Wrap
Text File
|
1993-08-03
|
23KB
|
516 lines
-= P G P S h e l l =-
Official Menu-Driven Shell of the 1996 Olympics!
Endorsed by the Saddam Hussein Downhill Ski Team, the
National Security Agency, and the Captain Midnight
"Secret Decoder Ring" Fan Club
(c) copyright by James Still 1993
of the Hieroglyphic Voodoo Machine BBS
in snowy, hippie-laden Boulder, Colorado, U.S.A.
All Rights Reserved
PGPShell v 2.2 is released as freeware in August of 1993
Please distribute this program to a local BBS near you!
Pretty Good Privacy (PGP) is (c) copyrighted 1990-1992
by Philip Zimmermann (way to go Phil...)
WHAT'S NEW WITH VER 2.2?
------------------------------------------------------------------------
Two biggies: I added one more command to the main menu called "View
PUBRING.PGP" that will display the contents of your public key ring in a
scroll box. PGP's three view commands (view signatures, fingerprints,
and standard key view) located in the Key Ring Menu are also supported
in this way. The other big change is the addition of a command-line
option. Instead of going through the main menu you can now type
PGPSHELL <filename> to immediately begin decryting or encrypting the
file. Also:
* Ditched the headache-causing "beginner" routines that
searched your AUTOEXEC.BAT and basically told you how
to set up PGP on your system.
PGPShell now just takes a peek at your DOS environment to find PGP and
leaves it at that. In other words, you must have installed PGP on your
system already and PGPShell won't walk you through it. Sorry if this
seems to be "leaving behind" the newbies, but its difficult to program
PGPShell as "all things to all people" and still be an effective
encryption tool. If you are brand spankin' new to this whole thing,
consult the PGP documentation for instructions on how to install PGP on
your computer.
* Made the menu structure more intuitive, taking you to the
next logical option in the encryption/decryption process
depending on what you are doing.
* Cleaned up a lot of internal methods that were causing some
problems for some people in isolated circumstances and
generally "idiot-proofed" the code. (I should have just
said bug-fix huh?) Optimization also trimmed the EXE down
to a nice size too.
WARRANTY
-------------------------------------------------------------------------
Nope! Use at your own risk. James Still (and his evil twin Johannes
Kepler) disclaim all warranties, expressed or implied, including without
limitation, the warranties of use and/or fitness of PGPShell for any
purpose. James Still assumes no liabilities for damages, direct or
consequential, which may result from the use or misuse of PGPShell.
PGPShell is FREEWARE which means you may use it without charge for as
long as you want to, even on Mars, and 53 miles west of Venus if you
should so desire. However, James Still retains all rights to the
copyright of PGPShell versions 1.0, 2.0, 2.1, and 2.2. When they
make a movie of it someday with Sean Connery, I want to be there to say
"No, no, the menu structure didn't look like that at all!"
QUICK START
--------------------------------------------------------------------------
Create a C:\PGPSHELL directory and copy PGPSHELL.EXE into that directory.
Run PGPSHELL either as a stand-alone by typing "PGPSHELL" or by adding an
optional <filename> parameter for immediate processing of the filename, as
in "PGPSHELL plaintext.doc" or "PGPSHELL ciphertext.pgp".
INTRODUCTION
--------------------------------------------------------------------------
PGPShell version 2.2 is a menu-driven front-end that makes Phil
Zimmermann's excellent program Pretty Good Privacy (PGP) easier to manage
and use. Use it instead of PGP to make your encryption life easier!
PGPShell uses a GUI interface and mouse driver, comprehensive Key Menu
for key management, and fully supports all PGP commands.
For the public key encryption novice, PGPShell should be a perfect
introduction to the exciting and wacky world of public-key encryption.
GETTING STARTED
--------------------------------------------------------------------------
These title heads are starting to look like an old WordStar manual eh?
PGPShell is DOS-only which means that I don't know how to port this to
UNIX. UNIX-guru's can write their own scripts in PERL and abhor the
heresy's of mouse drivers so I think its safe to assume that they won't
be joining us anyway. Okay to get things set up, from the root directory
(C:\) of DOS enter these commands:
md pgpshell
cd pgpshell
Then copy the PGPSHELL.EXE file and any other related docs, into the
PGPSHELL directory.
Type PGPSHELL at the DOS prompt to execute the program. You must have
PGP installed on your computer before PGPShell will be able to allow
you to encrypt or decrypt anything. This is because PGPShell cannot
perform data encryption on its own, it merely "talks" to PGP and tells
it what to do.
Optionally, you may add a filename to the command-line to skip the
main menu to immediately decrypt (if the filename ends with *.pgp or
*.asc) or encrypt (any other filename such as *.txt or *.doc) the
file. The syntax for this is:
PGPSHELL <filename>
where "filename" is any legal DOS file. This is useful if you need
to decrypt or encrypt a previously written file quickly and wish to
skip the GUI menu stuff. "Streamlined PGPShell" if you will.
MAIN MENU
--------------------------------------------------------------------------
The main menu consists of these options in handling plain/ciphertexts:
■ Compose a Plaintext for Encryption
■ View a Plaintext on Screen
■ Encrypt a Previously Written Plaintext
■ Decrypt a Ciphertext
■ View PUBRING.PGP < --- [ New for ver 2.2 ]
■ Archive a File
■ Key Ring Menu
COMPOSE A PLAINTEXT
~~~~~~~~~~~~~~~~~~~
To write a message for encryption to someone, choose this option.
If the PGPSHELL.CFG does not exist, or you've never used PGPShell
before, PGPShell will ask you to define a text editor for it to
use. Choose EDIT.COM in your \DOS directory, if you don't have a
favorite text editor.
PGPShell will ask you what file name you want to call your message
just before taking you into the text editor. Any legal DOS filename
can be used (like "message.txt" or "luvlettr.doc"). After you finish
your message and save/exit, the encryption dialogue box will pop up.
VIEW A PLAINTEXT
~~~~~~~~~~~~~~~~
PGPShell contains a built-in viewer to allow you to read your
decrypted messages, and will pop up automatically after you decrypt
a file. If the file is too large to load into the file viewer,
you'll get an error message that says (surprise) "File too large
to load." Unless you're running on less than 640K of memory however,
you'll probably never see this error message.
ENCRYPT A PREVIOUSLY WRITTEN PLAINTEXT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are five options in an Encryption Dialogue box for you to choose
from when encrypting a plaintext file. I'll list them and the PGP
argument in parenthesis after:
1) Radix-64 ASCII e-mail format (-a)
2) Sign the plaintext with your secret key (-s)
3) Wipe or "shred" the original after encrytion (-w)
4) Convert plaintext to canonical text (-t)
5) Force recipient to view "on-screen" only (-m)
Consult the PGP documentation for more details on what these parameters
are used for when encrypting plaintexts from within PGPShell.
DECRYPT A CIPHERTEXT
~~~~~~~~~~~~~~~~~~~~
As with the encryption options, there are five decryption options that
you may toggle in a Decryption Options dialogue box. They are:
1) Check the signature authority of the ciphertext (-o)
2) Detach a signature certificate from a ciphertext (-b)
3) Leave the signature on the ciphertext intact (-d)
4) View the ciphertext "on-screen" only (-m)
5) Keep the original filename on the ciphertext (-p)
Again, consult the PGP documentation for detailed help with these
arguments.
After successful decryption of a ciphertext.pgp file, PGPShell will
automatically open a file viewer and load the plaintext file into
it for you to view. If you rename the output in PGP to something
other than the default however, PGPShell will not perform this task.
VIEW PUBRING.PGP
~~~~~~~~~~~~~~~~
This menu selection is new for version 2.2. Use it to evoke PGP's
"key view" (-kv) argument. PGPShell will read your pubring.pgp
key ring and display it in a scrollable box. You'll see a smallish
box that looks like this: [■], on the upper left-hand corner of the
scroll box. If you have a mouse, just click on that box to close
the window and return to the main menu. Or you may press the Escape
key to close it as well.
ARCHIVE A FILE
~~~~~~~~~~~~~~
This is the -c argument in PGP ("c" meaning conventional encryption)
and also the most misunderstood.
The difference between the -c arg and regular public-key encryption,
is that this option is used for archiving a file for backup or security
purposes, not for private communication with other people. Each time
you run the -c arg, a new pass phrase is created just for that file.
Common uses for this option are: business' safekeeping proprietary
code, John Q. Public encrypting tax records, hiding love letters from
little brothers/sisters, etc.
Its not a good idea to use your secret key's (secring.pgp) pass phrase
just in case someone guesses your key ring pass phrase from one of
these conventionally encrypted files. They could then intercept your
e-mail and (assuming they've gotten a copy of your secret key) decrypt
your messages without your knowledge.
KEY RING MENU
~~~~~~~~~~~~~
Choosing this menu option, will take you to the key ring management
submenu. The key ring menu is broken down into three sections:
1) Access Key Ring Submenu (copy, view, add, remove keys)
2) Access Certification Submenu (certify, signatures, etc.)
3) Access Create/Revoke Submenu (edit UserID, revoke keys, etc.)
These three options have hotkeys assigned to them which are 1, 2, and
3, and are shown on the menu at the left side of the menu. To leave
the Key Ring Menu or any of its submenus, just slap the Escape key.
Take a peek at the PGP documentation for more detailed information
on what the various -k (key arguments) are. I could repeat them
here, but the PGP documentation explains this better than I could.
Play around with PGPShell for a while (If you are new to public-key
encryption, first create a unique key for yourself) and you'll get
the hang of it.
WINDOWS AND NETWORKS
----------------------------------------------------------------------------
You can run PGPShell in Windows by setting up a PIF file with low graphics,
run in the foreground, etc. I would not have recommended doing this in
the past for the simple reason that PGP ver 2.2 had some serious bugs in
it that tended to lock up your computer if too much DOS memory was being
used. With PGP ver 2.3 out now (get it if you don't already have it) this
is not a problem and PGP and PGPShell runs smoothly in Windows.
PGPSHELL CONFIG FILE
----------------------------------------------------------------------------
PGPShell uses a configuration file called "PGPSHELL.CFG." The sole purpose
for this file is to store the location of the text editor that you use
when composing messages from within PGPShell. This file will be created
"on the fly", that is, if it is needed PGPShell will ask you to double-
click on the executable file that you want to use for your text editor.
If you don't have a favorite text editor, just go into your DOS directory
and double-click on EDIT.COM. (You can use the TAB, arrow, and ENTER
keys to navigate around the directory dialogue box if you don't have a
mouse).
If you decide to change your mind and choose a different text editor in
the future, either manually edit the PGPSHELL.CFG file, or delete it and
the next time you run PGPShell, it will create another one.
ADVANCED ENCRYPTION TECHNIQUES
---------------------------------------------------------------------------
The RAM Drive
~~~~~~~~~~~~~
Some people have grown up on Windows' smart drive and DOS Shells and have
forgotten what oldish things like RAM drives are all about. In issues
such as privacy however, a RAM drive is an extra safety net to insure that
your secret key is not compromised in any way. Here's how to set one up.
Insert this line into your CONFIG.SYS file:
DEVICE=C:\DOS\RAMDRIVE.SYS 1024 /e
If you have a 386 or better computer, you could type "DEVICEhigh" instead
of DEVICE to load the RAMDRIVE.SYS driver into high memory, but its only
about 6K so its not crucial. The 1024 block of memory (1 meg) is the size
of your RAM drive, and the switch "e" (/e) means you wish to use "extended"
memory for your virtual drive.
Reboot your computer for these changes to take effect. Your RAM drive
will be given the next letter after your physical hard drive, i.e., if
you have a single hard drive "C:" like most people, the RAM drive will
be called "D". Type "cd d:" at the DOS prompt and you are in your RAM
drive.
The advantage of creating and using a RAM drive for PGP is that the RAM
drive "D" is not physical, but located only in memory. That way when
you shut down your computer, PGP disappears with it, and any trace of
your secret key as well. Advanced PGP users keep the critical PGP
files (CONFIG.TXT, PGP.EXE, PUBRING.PGP, SECRING.PGP, etc.) on a floppy
that they carry around with them and only use PGP in their virtual RAM
drives. When you want to enter a PGP session, just put the floppy in,
and type "copy a:*.* d:" and your PGP files will be in the RAM drive.
You can do this and still keep a copy of PGPShell in a C:\PGPSHELL directory
to use PGP. Before starting a PGP session, just type "set pgppath=d:" at
the DOS prompt, (or insert this command in your AUTOEXEC.BAT file if you use
PGP often) to tell DOS that you've put PGP in a RAM drive. PGPShell will
look at the DOS environment and see that PGP is located in the D: drive,
and work on everything in there.
Don't worry about loading PGPShell into your RAM drive; PGPShell itself is
harmless and contains nothing that would compromise your secret key ring.
Don't forget to copy the contents of the RAM drive back onto your floppy
after exiting PGPShell, especially if you've added to, deleted or otherwise
modified your keys. Once you shut off your computer anything located
in RAM memory will be gone with it!
Consult those old dusty DOS manuals for more information on creating
and using RAM drives.
The Hidden Directory
~~~~~~~~~~~~~~~~~~~~
The hidden directory is the oldest trick in the book (and many a bane
to system admins trying to clean up directory trees). Although far from
foolproof, the hidden directory will slow down nosy co-workers who may
be snooping on your computer while you're at lunch.
Let's say you're not paranoid enough to warrant the use of a RAM drive
but you still don't want anyone knowing you use PGP. Here's the next
best thing:
Go into a mundane directory tree like \DOS or \WINDOWS\SYSTEMS where
no one ever looks and create a subdir called something harmless like
"SYS" or "BIN". Copy all of your PGP stuff into that directory
(let's say C:\DOS\BIN for example.) Then get back out to C:\DOS and
type: "ATTRIB +H BIN" from the DOS prompt. Using the DOS "Attribute"
command, you've hidden (+H) the BIN subdirectory from view. Its still
there, but someone would have to know what they were doing to find it.
(If you want to see it type "ATTRIB BIN" from the DOS prompt.)
When you want to use PGP, just type "set pgppath=c:\dos\bin" at a DOS
prompt and you're set. Here's a good batch file to use (which you
can hide as well) that can be located anywhere along the DOS path:
@echo off
set pgppath=c:\dos\bin
cd \pgpshell
pgpshell
Call the batch file something dumb like "READ_DIR.BAT" or hide it by
using ATTRIB like this: ATTRIB +H READ_DIR.BAT so that the pgppath
statement is not compromised easily. Whenever you want to use PGP
just type READ_DIR and everything will load for you.
This isn't 100%, as I stated before, but its good enough to fool most
people since they won't mess around with something that they don't
even know is there. If people or police are specifically looking for
PGP or encrypted messages on your system, then you're screwed anyway;
call a lawyer.
The Paranoid Encryptor
~~~~~~~~~~~~~~~~~~~~~~
This one is courtesy of the handful of paranoid people that warned me to
be careful because, as a result of PGPShell "they" will be out to get me.
Nevertheless, there may be occasions when the enemy is very real, and you
cannot afford to have your encrypted messages cracked by those naughty
NSA Cray computers. One way in which a computer is able to crack your
message is by applying a consistent mathematical algorithm (a brute force
attack) against your message until a pattern emerges that spells out words.
Your RANDSEED.BIN 24-byte file (Random Seed Binary) is where PGP draws its
material from when it comes time to encrypt your message. A computer is
not able to generate truly random acts on its own, thats why PGP needed you
to monkey-type at random when you first created your personal keys.
If PGP can't find a RANDSEED.BIN file, it will create a seed file
"on the fly" and ask you to bang away on your keyboard just before
encrypting. By inserting a line at the end of the above READ_DIR batch
file like this: "del c:\dos\bin\randseed.bin", you'll create a new seed
file each time you use PGP. This will blow any pattern that could possibly
develop over time (during which the attacker is amassing your encrypted
messages and studying each of them for patterns). PGP's own RANDSEED.BIN
file does a good job of providing enough material for encryption, but
this option is still a "safety net" of sorts for the truly paranoid.
CLOSING COMMENTS
----------------------------------------------------------------------------
PGPShell should be easy to use. If it isn't, then I failed somewhere.
Many users want to use encryption but face a "mental block" when using
PGP because of its intimidating UNIX command-line interface. My hope is
that more people who want to get into encryption, will do so through
the friendlier PGPShell environment.
Privacy shouldn't be the exception, it should be the norm; and it shouldn't
be a hassle or only for the UNIX gurus!
If you have any questions or comments, please feel free to e-mail me on the
Internet at <still@kailua.colorado.edu> or at the Voodoo Machine if
you're a BBSer. If you e-mail me, please don't encrypt it (I know that
in the past I said "send me an encrypted e-mail for practice") but the
problem was *everybody* did just that. I was swamped with ASCII code and
had to decrypt it all before knowing what was said. Just jot it down
normal-fashion, and I can reply to you more easily.
Also included in this file is KEPLER.ASC which is my public key. Practice
with it if you're new to encryption. Try adding it to your key ring,
deleting it, etc.
REGISTRATION
----------------------------------------------------------------------------
Nope! This is freeware. Do me a favor and give a copy of PGPShell to at
least two of your co-workers, friends, enemies (why not?) and anyone else
who's interested in privacy. Also take an interest in current events
like the Clinton Administration's plans to introduce "Clipper Chip"
technology into telephones. If you don't know what the Clipper is all
about, then you may be a victim of allowing others to dictate your privacy
rights for you. Europeans (and the few Russians) I spoke to seem to have
a clear grasp of what is at stake in the Information Revolution that is
coming. Unfortunately most Americans lazily take privacy for granted, and
assume their government will do right by them.
I leave you with one of my favorite quotes:
"Somewhere Else they assume that they have a right to exist,
and don't stop to consider that it may be a priviledge."
- Whitley Streiber, "Warday"
Substitute "privacy" for "exist" and the metaphor becomes obvious.
CREDITS
----------------------------------------------------------------------------
Thanks to Technojock Software, Inc. for their toolkit that I horked to throw
this together. I freely admit I didn't register it, but if you want to
acquire an excellent and comprehensive toolkit (I think its only $50) give
'em a call on Compu$erve at 74017,227, or write: P.O. Box 820927,
Houston, TX 77282-0927. Thanks to everyone who has written me with
valuable suggestions, I've looked at all of them and have incorporated
each and every one of them into this version for you. (NOT!)
Thanks to Philip Zimmermann who made PGP possible in the first place. Now
solid public key encryption tools and secure communications are possible for
us normal folks!
Also thanks to Katherine, my wife, who puts up with my sense of humor and
shares my twisted sense of absurd aesthetics.
Bye!
-------------- EOF ---------------------------------------------------------