LOCK & KEY Windows 95 Explorer PGP Interface Version 4.0 beta 8, July 3, 1997 ** NOTE: Because of the added support for key groups, as well as the KEYCHAIN editor, the next version will have significantly enhanced usefulness as an e-mail front end for PGP. As a result, I am planning to consider this a major release, which will be released as version 4.0, rather than version 3.2. When version 4.0 is released, I am planning to increase the price to $24.95. Since registration passwords will work for future releases, you can still register Lock & Key for $19.95 and your registration code will work with version 4.0 when it is released. THE FOLLOWING CHANGES HAVE BEEN MADE IN THIS BETA 8 RELEASE: - A number of bugs in Key32 have been corrected. These bugs relate to the routines for extracting the original filename from PGP, which is automatically done whenever the .PGP file does not contain an embedded extension. In addition, since this filename might not be related to the .PGP filename, the program now reports the filename of the decrypted file being saved. - INSTALL.EXE has been modified to correct some runtime errors. In addition, the program is not dependent on PGPPATH being set (which some NT users reported is not in fact necessary for PGP). INSTALL.EXE finds PGP first by checking for a prior Lock & Key installation; then by checking PGPPATH; only if it is not found does it prompt the user to enter the path. THE FOLLOWING CHANGES HAVE BEEN MADE IN THE BETA 7 RELEASE: - A number of new configuration settings have been added. These are described in the help file. In particular, these settings will support locating PGP.EXE, the PGP PIF files, and Lock & Key in different folders. Specifically, RUNPGP.PIF and CONSOLE.PIF will be installed in the folder named in the setting RUNPGPPath. The setting PGPEXEPath points to PGP.EXE if PGP.EXE is not in this folder. In addition, the location of the PGP log and the error log can be customized. These settings will be especially helpful to those trying to run Lock & Key on a network. There is also a configuration setting to modify or disable the signature added to data encrypted to the clipboard. - The PGP status animation has been enhanced, and will be displayed for most PGP operations. - Fixed a bug in KEYCHAIN's message editor which caused the key ID (rather than the key name) to appear in the mail program "To" field. - KEYCHAIN's message editor can now send a message to more than one user without the need to create a group. - Runtime errors will cause the verbose log option to be set. THE FOLLOWING CHANGES WERE MADE IN THE BETA 6 RELEASE: - Fixed bug in Install error handler which reported all errors as runtime error 76. - Modified Install to handle CONFIG.TXT if the System attribute is set; this is believed to be the chief cause of runtime error 76. - Fixed bug in LOCK32 which caused public key ring to fail to appear in list box, if public key encryption option is checked while program is running. - Modified KEY32 to delete temporary files when finished. - LOCK32 and KEY32 will generate a detailed execution log as LOCK&KEY.LOG in the Lock & Key folder. To generate a log, set Verbose Log=Yes in the [Common] section of LOCK&KEY.INI. (This setting is added the first time you run beta 6 and is set to No by default.) This file contains much more useful troubleshooting information. Please send this file when reporting bugs! (Note: log support for KEYCHAIN will be added before the final release.) THE FOLLOWING CHANGES WERE MADE IN THE BETA 5 RELEASE: - Added support for key groups. You can create a named group of keys in KeyChain, and compose a message encrypted using all public keys in that group. The groups are also visible in LOCK32, so you can encrypt a file using the public keys of all members of the group. - The English glossary has been built into LOCK32, KEY32 and KEYCHAIN, so English labels and messages will appear (rather than blanks) if GLOSSARY.INI is not present. - Fixed bug in KEY32 which was causing failure to decrypt encrypted data in clipboard. - INSTALL.EXE now writes an install log as LKINSTAL.LOG in the Temp directory. If you encounter an error on installation, please e-mail me this file. This will help me to trap the elusive runtime error 76. THE FOLLOWING CHANGES WERE MADE IN THE BETA 4 RELEASE: - LOCK32 will now make a detached signature certificate. For Encryption, choose None; for Output, choose Binary; and choose Include Signature. The detached signature will be the long filename with the .SIG extension added; e.g. if you sign README.TXT the signature will be saved as README.TXT.SIG. Note: this feature is useful for signing binary files without encrypting them; and for adding multiple signatures to the same file. - KEY32 will verify a detached signature certificate. If you double click on one or more .SIG files, KEY32 will look for the matching binary file and verify the signature (e.g. double click on README.TXT.SIG and KEY32 will assume this is the signature for README.TXT in the same folder). Or, you can right-click on a .SIG file and the corresponding binary file and send them to Lock & Key; this will work even if the .SIG file and the binary file have different names. (Goal for the final release will be to verify multiple signatures of the same file in a single operation.) - Fixed bug in LOCK32 which prevented successful encryption to a recipient whose user ID also appears in the secret keyring. - The batch file which calls PGP now ends with the EXIT command, which will allow PGP to exit properly, where the user is running 4DOS as a command shell. - KEY32 will properly decrypt a file whose path is a long file name which includes spaces. - INSTALL.EXE now installs to the subfolder "Lock & Key" (not "Lock&Key"), as did version 3.1 and earlier. If you installed beta 3 you may need to manually remove the "Lock&Key" folder if the install creates a new folder. THE FOLLOWING CHANGES WERE MADE IN THE BETA 3 RELEASE: - The message composition feature now works with Pegasus Mail as well as Eudora. Please note, the install program looks for Pegasus Mail and Eudora by seeing where the Mailto URL has been pointed. If the install program fails to detect these programs, that is probably why. You can manually enter the Pegasus Mail program information in LOCK&KEY.INI as follows: [KeyChain] MailProg=Pegasus Mail MailPath=d:\internet\winpm-32.exe -j <--note, you must include the -j I have determined that this feature does *not* work with CyberCreek Mail Express. I am interested in feedback on whether other email programs support this feature (i.e. passing a structured message to the program on the command line). - The message composition window has been enhanced in several ways. First, there is an "unencrypted" space (the white area at the top of the window) where you can include comments which will not be encrypted. Note that the size of this window is adjustable by dragging the shaded bar. The encrypted message is typed in the shaded portion of the window. Second, the menu now includes options to customize the color (eight schemes) and font (Arial, Times New Roman and Courier New, from 8 to 18 points). - The help file has been updated to include information on the mail feature. - First time users were experiencing a runtime error 76 in the installation program. I have traced this to the path selector dialog box. While I want to be able to include a path selector, in the interests of keeping this project moving I have disabled the path selector. The program will now install, as it did previously, to a subfolder of the PGP folder. BETA 2 ADDS A NEW FEATURE TO KEYCHAIN: IF YOU HAVE EUDORA (INCLUDING THE LITE VERSION) INSTALLED, YOU CAN RIGHT-CLICK ON ANY PUBLIC KEY TO COMPOSE AN ENCRYPTED MESSAGE WHICH WILL BE SENT USING EUDORA. Please note the following: - The install program will attempt to find Eudora by looking to see whether Eudora has captured the "mailto" url. If another mail program has captured the "mailto" url, Eudora won't be found. You can manually enter the path to eudora.exe to LOCK&KEY.INI under the entry MailPath under [KeyChain], e.g. [KeyChain] MailProg=Eudora MailPath=d:\internet\eudora\eudora.exe - This feature is known to work with Eudora Lite version 3. I will be interested in hearing whether this feature works with other e-mail programs. - The recipient's public key User ID must state a valid e-mail address. This is customary for PGP public keys. Please note that the User ID on the public key is the address to which the message will be sent. - The sender's (your) e-mail address is the user name for your default secret key. This is found under "MyName" in CONFIG.TXT. If MyName has not been set, use KeyChain's secret key window, pick your default secret key, right-click and choose Make Default. - The message composition window can be resized and will remember its settings. - The message composition window supports signing messages (using the default secret key) as well as adding your public key to the message. These are toggled on the Option menu. The current setting is visible both on the menu and at the bottom of the message composition window: e.g. a key (if the append key option is checked); and the pass phrase box grayed out (if the signature option is not checked). - This beta release performs no error checking; e.g. if you enter a bad pass phrase for signature. This will be corrected in the final release. I also intend to add an option for choosing the editor font. - The message composition window supports standard Windows editing commands (Undo, Cut, Copy, Paste) including their keyboard shortcuts. - A message will appear after your message has been encrypted and queued into Eudora. I suggest that beta testers open their Eudora outbox and look at the message which has been created (it will be prefixed with a Q indicating the message is queued but not sent). I am particularly interested in feedback on this new feature. This is a few steps short of a Eudora plug-in, which is a longer term goal; but it does offer convenience in that KeyChain automatically maintains, in effect, the address book. Also, the editor is specially tailored for encryption of messages. Also fixed in this beta 2 release is a bug in Lock32 which caused the clipboard contents not to be found when saving a file. THE FOLLOWING CHANGES WERE MADE IN THE BETA 1 RELEASE: - LOCK & KEY uses PGP to read the public and secret keyrings in all cases. The key ring contents are stored in a cache (CACHE.KEY in the Lock & Key folder). When encrypting to a single recipient, the unique Key ID (rather than the user ID) is used to encrypt. This has three consequences. First, loading of the keyrings is almost instantaneous (except where the keyrings have changed and the cache needs to be updated). Second, since PGP functions are used to read the keyrings, compatibility problems experienced by some users will be avoided. Third, since the key ID is shorter than the key name, problems experienced by some users with an excessively long PGP command line are avoided. - Configuration settings are stored in LOCK&KEY.INI in the Lock & Key directory, rather than in the Registry. This makes user modification of configuration settings easier. - The viewer names are stored in LOCK&KEY.INI. Two viewers are supported: a binary viewer, and an ASCII viewer. The binary viewer is set to be QuickView if present. The ASCII viewer is by default set to NOTEPAD.EXE. The correct viewer is selected based on whether the file is binary or text. RTF and HTML files are treated as binary. - While the program will install by default to a subdirectory under the PGP directory, this location can be changed via a folder path dialog box. - When decrypting a signed file, KEY32 now reports bad signatures (altered contents) as well as good signatures. - RUNPGP.PIF has been modified to remove the name of the batch file. This bug had caused RUNPGP.BAT to be run twice on some (but not all) systems, resulting in various odd behavior, all related to Lock & Key being unable to find the PGP output. - The delay before KEY32 deletes temporary files has been increased from 5 to 12 seconds. This gives QuickView+ version 4.0 time to load (if it has not already been loaded in the session). I may make this delay user configurable in the final release. - Lock & Key temporarily renames files whose names contain accented characters, in order to permit PGP to properly process these files. Upon completion, the files are given their original names. This solves a bug which caused Lock & Key to fail when handling filenames with certain accented characters. I may make this feature user configurable in the final release, to improve performance and safety for those who don't need this feature. - A bug in LOCK32 which caused a message encrypted to the clipboard to fail to be copied to the clipboard has been corrected. LOCK & KEY is the first and foremost PGP interface to the Windows 95 Explorer, specifically designed to support key Windows 95 features: - Right-click on any file in Explorer to encrypt it. - Double-click on any encrypted file to decrypt it. - Decrypt files to QuickView/QuickView Plus if present. - Encrypt/decrypt to/from the Windows clipboard. - Preserve Windows 95 long file names when encrypting. ********************************************************************** Four stars - ZDNet (Ziff-Davis) Four cows - TUCOWS (The Ultimate Collection of Windows Shareware) 1001 Best Shareware - PC/Computing Magazine ********************************************************************** LOCK & KEY supports most common PGP functions, extending many of them: - Encrypt files as binary or armored. - Include your public key when sending messages. - Option to wipe original file after encryption. - Sign files when encrypting. - Choose a secret key for making signatures from a drop-down list. - View signatures in Windows 95 when decrypting. - View the public key ring and delete individual keys. - Pick a recipient's public key from a drop-down list. - Encrypt files to self. - Use conventional or public key cryptography. ********************************************************************** NEW!!! You can now register Lock & Key online using First Virtual™. First Virtual provides secure electronic commerce using your Visa or MasterCard. It is secure - you do not transmit your credit card information online. Annual registration as a buyer costs $2.00 - this fee will be deducted from all orders received before March 1, 1997! For information on registering as a First Virtual buyer, please follow the link to First Virtual on our web page. Once you have received your VirtualPIN, you can order LOCK & KEY online at our web site, http://www.voicenet.com/~wheindl/order.htm. ********************************************************************** To install LOCK & KEY, follow these steps: 1. Unzip all files to a disk or directory. 2. Run INSTALL.EXE. LOCK & KEY is written in Microsoft Visual Basic and requires the Visual Basic 4/32 bit runtime (VB40032.DLL). If you do not have this file, see the Installation section of the Help file which will explain how to get this file. LOCK & KEY supports Windows 95 automatic uninstallation. LOCK & KEY is shareware. The shareware version is fully functional but includes a shareware delay and registration reminder. Registration is U.S. $19.95. To register, send U.S. $19.95 to: Walter E. Heindl 271 Misty Patch Road Coatesville, PA 19320 You may also register LOCK & KEY on CompuServe. Type GO SWREG. Registration number is 12438. Registered users will receive a password which will remove the shareware delay for this and future versions. Visit http://www.voicenet.com/~wheindl/order.htm to order online using your credit card and the First Virtual Internet payment system. You may freely distribute the shareware archive provided that all files are intact. For technical support, bug reports or suggestions, send email to: Walter E. Heindl