home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Collection of Tools & Utilities
/
Collection of Tools and Utilities.iso
/
dskut
/
pgpshe32.zip
/
PGPSHELL.TXT
< prev
next >
Wrap
Text File
|
1994-07-05
|
74KB
|
1,534 lines
-= P G P S h e l l =-
Official Menu-Driven Shell of the 1996 Olympics!
Endorsed by the Saddam Hussein Downhill Ski Team, the
National Secrecy Agency, and the Captain Midnight
"Secret Decoder Ring" Fan Club
(c) copyright by James Still 1992-1994
of the Hieroglyphic Voodoo Machine BBS
in snowy, hippie-laden Boulder, Colorado, U.S.A.
All Rights Reserved
PGPShell v 3.2 is released as shareware;
please distribute this program to a local BBS near you!
QUICK START
---------------------------------------------------------------------------
Create a C:\PGPSHELL directory and copy the program contents into it.
Before running PGPSHELL.EXE, make sure your "pgppath" and "tz" DOS
environment variables are set correctly. If you want to check a sig
or decrypt a file just run PGPShell like this: PGPSHELL <cipherfile>.
[New for PGPShell v3.2]
Beginning with v3.2, PGPShell uses four configuration items that are
located *outside* the program and in PGP's CONFIG.TXT file. Three
of the items are PGPShell-specific and are:
#shellkeyfile="c:\pgp\pubring.pgp"
#shellmessagedir="c:\pgpshell\docs"
#shelleditor="c:\dos\edit.com"
and the fourth one is PGP-specific (which PGPShell now uses) and is:
#MyName="Johannes Kepler"
The three PGPShell-specific configuration options are optional but
the MyName variable is MANDATORY. You must edit your CONFIG.TXT file
and enter your own UserID on the MyName line (in quotes) or PGPShell
will not display your key correctly in the Key Management Screen.
Unlike MyName the other three PGPShell config items (shellkeyfile,
shellmessagedir, and shelleditor) *must* begin with a pound '#' sign.
If you leave it out at the beginning PGP will attempt to read it, and
you'll choke out PGP.
Shellkeyfile should be the complete path name to the default key ring
that you want PGPShell to load upon startup. (If shellkeyfile is not
located in CONFIG.TXT, PGPShell will look for your pubring.pgp file
located at PGPPATH as the default.) "Shellmessagedir" is the pathname
that you want PGPShell to go to to retrieve, and place text files that
you create during the en/decryption process. The default for this
item is the current directory that PGPShell is run from. The last
config item, "Shelleditor" is the full path and executable name of an
optional external text editor to use in lieu of the internal PGPShell
editor. Of course PGPShell's own editor is the default should you
not designate a "shelleditor" configuration item in the CONFIG.TXT.
INTRODUCTION
--------------------------------------------------------------------------
PGPShell is a menu-driven front-end "shell" that manages Phil
Zimmermann's Pretty Good Privacy (PGP) public-key, data encryption
program. PGP is available at many Internet sites as PGP23A.ZIP.
Also PGPShell is compatible with MIT's PGP (v2.6) which uses a public
domain RSA toolkit (unlike v2.3a) and is available on many Internet
sites as PGP26.ZIP. See the "WHAT_IS.PGP" file accompanying PGPShell
for more details.
PGP is a UNIXish command-line application, which means that various
switches must be used to perform tasks. PGPShell merely takes this a
step further by introducing a menu-driven environment where, with an
optional mouse, you can point and click to various keys in order to
perform those same actions as you would from the PGP command line.
PGPShell doesn't perform any data encryption on its own; everything
is done by PGP and PGP alone. The only difference is, PGPShell shows
you the PGP commands in an easy-to-read, friendly format and will
make your encryption life a lot easier!
Registered Users: To properly install the registered version of
PGPShell on your computer, insert the PGPShell disk into your disk
drive and type "INSTALL" at the a: prompt.
There are two DOS environment variables that PGP uses in order to
operate properly. They are "TZ" (time zone) and "PGPPATH" (the
DOS path statement to your PGP.EXE program). To properly set them
you must use the DOS command "SET" in this manner:
set TZ=MST7 (or wherever your time zone is)
set PGPPATH=C:\PGP (or wherever you keep PGP.EXE)
Set these environment variables before using PGPShell.
[New for PGPShell v3.2]
Beginning with PGPShell v3.2, four external configuration variables
located in PGP's CONFIG.TXT file are used. They are "MyName,"
"shellkeyfile," "shellmessagedir," and "shelleditor." MyName is a PGP
item that many of you are already familiar with. You should set the
item like this:
MyName = "Johannes Kepler" (or whatever your UserID is)
The MyName variable is the only configuration item that is required
for proper use of PGPShell. Failure to correctly enter your own
UserID name in the CONFIG.TXT will cause erratic behavior when
PGPShell displays your key in the Key Management Screen.
Note that the pound sign ('#') is absent, meaning that the MyName
variable item is PGP-specific. The other three PGPShell-specific
variables must have a pound sign inserted in front of them, because
PGP does not know of their existence (they are used only by PGPShell)
and will choke upon reading them.
The first of these PGPShell-specific configuration items is
"shellkeyfile." It denotes the location of the keyring file that you
want PGPShell to load upon startup. You should set it like this:
#shellkeyfile="c:\pgp\pubring.pgp" (or whatever you want)
The complete file path to the default key ring should be enclosed in
quotes and this key should be pointed to by the PGPPATH variable. If
it isn't, PGPShell may behave strangely. If you want to switch keyring
files from within PGPShell, press F5 (or click the left mouse button) at
the Key Management Screen and choose another keyring file. More on
that later however in the KMS section.
The second PGPShell-specific configuration item is "shellmessagedir."
It denotes the location of the directory where you want to store and
retrieve PGP-encrypted/decrypted text files. Since these files tend
to clutter up the main PGP or PGPShell directories over time, it is
recommended that you create a subdirectory entitled something like,
\MESSAGES so that you can keep them separate from the two programs.
If you do not wish to use a specific message directory, the default
directory that you run PGPShell from will be used instead.
The last PGPShell-specific configuration item is "shelleditor."
It denotes the directory location and executable file of an optional
third-party text editor for use instead of PGPShell's internal editor.
The internal editor is the default should you elect to not use a
third-party editor.
Type "PGPSHELL" at the DOS prompt to execute the program. You must
have PGP installed on your computer before PGPShell will be able to
allow you to encrypt or decrypt anything. This is because PGPShell
cannot perform data encryption on its own, it merely "talks" to PGP
and tells it what to do. If PGP is not properly installed, PGPShell
will display a context-sensitive help screen that explains the
problem and how you can fix it.
Optionally, you may add a filename to the command-line to skip the
main menu to immediately decrypt a ciphertext file or to check the
signature of a ciphertext file. The syntax for this is:
PGPSHELL <filename>
where "filename" is any legal DOS file that has been PGP encrypted.
If you want to check the file integrity of PGPShell type:
PGPSHELL crc
and the cyclical-redundancy test will run providing you with a
5-digit integer number. Compare this number to the one reported
in the readme file to make sure that your version of PGPShell is
free from viruses, tampering, or other improprieties. Note that
the README.DOC is clear-signed with my key so that you can check
to make sure that the README file itself has not been tampered
with! To do this, run PGPSHELL.EXE and press F4 from within the
Key Management Screen to add my key to your key ring. (My public
key is also available on my BBS if you want a clean, updated one.)
After adding my key, quit to the Main Menu and choose menu item 2,
"Decrypt a Message/Check Signature." When the file dialogue box
pops up, select the README.DOC and press ENTER.
MAIN MENU
--------------------------------------------------------------------------
When you execute PGPSHELL.EXE, and after the copyright screen pops up,
press any key (or move the mouse) to get to the main menu. The main
menu looks like Figure 1 below:
╔═════════════════════════════════════════════╗
║ Main Menu ║
║ ║
║ 1 Encrypt a Message ║
║ 2 Decrypt a Message/Check Signature ║
║ 3 Conventionally Encrypt a File ║
║ 4 Key Management ║
║ 5 Quit ║
║ ║
╚═════════════════════════════════════════════╝
Fig. 1
At any time you many press F1 for a context-sensitive help screen that
will provide additional help on the currently highlighted main menu
topic. Also, you may press F2 to initiate the file viewer. A pop up
dialog box similar to Fig. 4 (below) will display asking you to choose
the file you wish to view. Just click on the file, or press ENTER, and
it will promptly display.
There are three ways to choose a main menu topic: By pointing
and clicking with a mouse, pressing ENTER after arrowing down to a
topic, or pressing the hot-key (numbered one through five) of the
desired topic.
I'll take you through a brief description of each menu topic, and then
we'll get into more detail later.
Encrypt a Message
-----------------
This menu option will allow you to prepare either a new, or a
previously composed text file for PGP encryption to one or more
recipients. You may also prepare encrypted messages from the
Key Management Screen. (See the Key Management Screen later in
this manual.)
Decrypt a Message
-----------------
This menu option will allow you to decrypt or the check the
certifying signature that may be attached to a ciphertext file.
Upon choosing this option, a directory window will pop-up on the
screen and you will be prompted to select the ciphertext file
with either your mouse or by pressing ENTER. Alternatively, you
may use this menu option from the PGPShell command line by using
the syntax: PGPSHELL <ciphertext>.
Conventionally Encrypt a File
-----------------------------
This PGP command is sometimes misunderstood by some PGP enthusiasts.
It uses the "-c" PGP command, and will archive any text file for
your own record keeping or security purposes. Various files such
as tax records, sensitive memos or letters, proprietary source code,
are just a few examples of items you may want to conventionally
encrypt with PGP's single-key cryptography method. You shouldn't
use this menu option to send something to another person (unless
there is a secure way of communicating the pass phrase to them) and
you should not use your secret key's pass phrase when conventionally
encrypting files. Consult the PGP manual for the correct usage of
the conventional encryption option.
Key Management
--------------
The Key Management Screen is the "meat and potatoes" of PGPShell,
and where you'll probably spend the most of your time when using
PGPShell. Proper key management is critical with PGP and the Key
Management Screen will help you take proper control of your key
ring. See the "Key Management Screen" portion of this manual for
more details on its usage.
Quit
----
This option exits the PGPShell program and returns you to DOS or
Windows.
Main Menu Encryption Option
---------------------------
If you choose to Encrypt a Message from the Main Menu, PGPShell will
replace the Main Menu with a list of recipients (see Figure 2) and ask
you to choose the person for whom your message is for. The list will
look like the Key Management Screen's UserID Box (see "Key Management
Screen" section)
Choose Recipients:
┌────────────────────────────┐
these two are --> │ √ Hober Mallow, Trader to │
checkmarked --> │ √ Wendy O. Williams │
│ R. Weston Westrope │
│ Alan Bradley │
│ Lenny Bruce │
│ Nathaniel David Jones
└────────────────────────────┘
Fig. 2
Use the spacebar to checkmark one or more of the recipients in the UserID
Box who you will be sending your PGP-encrypted message to. If you change
your mind press the Escape key. When you are ready to continue, press
ENTER. For help at any time, press F1. After you have pressed ENTER,
PGPShell will ask you whether or not you wish to create a new message or
open an existing text file. A dialogue box will ask you "Create a New
Message?" to which you may answer "Yes" or "No" (see Figure 3).
┌───────────────────────┐
│Create a New Message? Y│
└───────────────────────┘
Fig. 3
The default is "Yes" but you can also choose "No" to prompt a pop up
Directory Dialog Box to choose a file name (see Fig. 4 below). If you
answer "yes", you will go to the text editor where you can begin writing
your message. Pressing the ESC key, aborts this process and takes you
back to the Main Menu. See the section on Encryption Options for details
on encrypting your plaintext file.
Main Menu Decryption Option
---------------------------
When you choose to decrypt a cipherfile from the Main Menu, a pop up
dialogue box (figure 4) is displayed over the Main Menu. Double-click
the file or select the file and press the ENTER button to choose that
file for decryption.
┌────── Choose an Encrypted PGP File ────────┐
│ Name: │
│ *.pgp OK ▄ │
│ ▀▀▀▀▀▀▀▀ │
│ Files: Directories: │
│ PUBRING.PGP [..] Cancel ▄ │
│ SECRING.PGP [ -A- ] ▀▀▀▀▀▀▀▀ │
│ [ -E- ] │
│ [ -F- ] Help ▄ │
│ [ -G- ] ▀▀▀▀▀▀▀▀ │
│ [ -H- ] │
│ [ -I- ] │
│ [ -M- ] │
│ │
│ │
│ │
│ │
│C:\PGP26 │
│PUBRING.PGP 3764 Jul 01,1994 3:36p A│
└────────────────────────────────────────────┘
Fig. 4
If you change your mind when choosing a file for decryption, just press
the ESC key or the Cancel button and you will be taken back to the Main
Menu. See the section on Decryption Options for details on decrypting a
PGP-encrypted file.
Using PGPShell's Text Editor
----------------------------
With version 3.1, PGPShell has started using its own simple text editor.
This is the default text editor, but if you should choose to use your
own favorite text editor, set the configuration in your PGP CONFIG.TXT
file by entering: #shelleditor="c:\[pathname]\[executable]". To use
the DOS QBasic editor you would enter: #shelleditor="c:\dos\edit.com"
If you need help while in the text editor, just press F1 for a pop up
help screen. After you have edited, or composed new from scratch, a
text file for encryption, just press the Escape key. You will be asked:
Save and prepare for encryption? [y/n]
If you are satisfied with your message, answer "y" and PGPShell will
process your message for encryption. To abort the editor, just answer
"no" and you will be taken back to the main menu (or to the Key
Management Screen if you entered the text editor from there.) The
following commands are allowed in the PGPShell Editor:
Key Action Taken
--- ------------
F1 Displays a pop up help screen
Esc Quit PGPShell Editor
Insert Toggles between insert mode and overwrite mode
Home Moves cursor to beginning of current line
End Moves cursor to the end of current line
Alt-F Toggles between all available foreground colors
Alt-B Toggles between all available background colors
In addition to these keys, the standard arrow keys and ENTER key will move
you through the text. Wordwrapping is automatically enabled so that your
text will "wrap" to the next line if it is greater than the screen length.
The PGPShell Editor with some sample text looks like this:
PGPShell Editor v 1.0 File: C:\PGPSHE30\TEST.TXT Ins
---+----1----+----2----+----3----+----4----+----5----+----6----+----7----
Hey Ph00bar, howz it goin? Nothing much over here at my end. Oh
yeah, I almost forgot to tell you, I won the lottery this morning--got 2
million dollars burning a hole in my right hip pocket. I'm going out to buy
a Sparc workstation right now and getting my domain address hooked up in my
smallish apartment tommorrow. Well take care.
- Johannes
-----------------------------------------------------------------------------
Fig. 5
The editor is similar to Microsoft's QBasic Interpreter that DOS 5.0+
uses when you type EDIT.COM at the DOS prompt. It is not designed
for serious word processing however. If you wish to load text files that
are larger than 20K, you may get a memory error. PGPShell must give PGP
as much memory as possible (PGP is quite a large program) and so there's
not much left over for text editing. 20K should be enough for 99.9% of
all of your encrypting needs, but in those rare cases where you're writing
someone a very lengthy post, you may want to type and prepare the text
outside of PGPShell.
Encryption Options
------------------
After you have prepared a text file for encryption, PGPShell will display
a pop up dialog box (figure 6) and ask you to choose the Encryption Options
for the message. There are four options available to you when encrypting a
file in PGPShell:
o Sign the plaintext with your secret key
o Shred the original file after encryption
o Force recipient to view "on-screen" only
o Clear sign the file instead of encrypting it
For a full explanation of these PGP encryption options you should consult
your PGP documentation, but I'll go over each one briefly.
Sign - This option uses the PGP [-s] command and
allows you to sign the file in addition to
encrypting it.
Shred - This option uses the PGP [-w] command and
literally shreds the original plaintext
after you have encrypted the ciphertext.
Force - This option uses the PGP [-m] command and
provides an extra layer of security to
protect the decrypted file when it arrives
at it's destination.
Clear - This option uses the PGP [clearsig=on]
option in your CONFIG.TXT file. Useful for
bulletins or flyers where you still want to
prove your identity and authenticate the
output of the clear signed file as valid.
Here is what the Encryption Options dialog box looks like:
Encryption Options
┌──────────────────────────────────────────┐
│ Sign the message with your secret key │
│ Shred the original after encryption │
│ Should recipient view on-screen only │
│ Clear sign the message; no radix-64 │
└──────────────────────────────────────────┘
Fig. 6
Notice that the pointer tool is currently positioned at the first item
in this list. To select "Sign" as an option, press the spacebar and a
checkmark will appear to the left of the item:
┌──────────────────────────────────────────┐
Checkmarked ---> │ √ Sign the message with your secret key │
If you change your mind, you can press the spacebar again to remove the
item as an option (and the checkmark will disappear). All of the items
are optional, none are required for proper encryption with PGP.
Two PGP commands, Radix-64 ASCII encryption, and Canonical text (-a and
-t respectively in PGP) are now automatically used in PGPShell. They
have both become a universal standard among PGP users worldwide and so
they will be used by PGPShell as well.
Consult your PGP documentation for more information on the optional
encryption switches available to you.
Decryption Options
------------------
You may decrypt a ciphertext file in PGPShell by one of two ways: either
at the DOS command line by typing PGPSHELL <filename> or by selecting
"Decrypt a Message" at the Main Menu.
PGPShell will provide you the opportunity to choose none or all four
decryption options from the Decryption Options dialog box (see Figure 7).
The options available to you when choosing to decrypt a ciphertext file in
PGPShell are:
o Leave the signature on the message intact
o Recover the original plaintext while decrypting
o Detach signature certification from message
o Don't write to a file; view on-screen only
For a full explanation of these PGP encryption options you should consult
your PGP documentation, but I'll go over each one briefly.
Leave - This option uses the PGP [-d] command and
if checkmarked, will override PGP's default
and leave any signatures intact.
Recover - This option uses the PGP [-p] command and
if checkmarked, will save the decrypted
plaintext's original filename.
Detach - This option uses the PGP [-b] command and
will create a separate <FOO>.SIG file that
contains the signature attached to the
ciphertext file.
View - This option uses the PGP [-m] command and
forces the output to the screen (rather than
PGP's default that saves to disk) when you
read the decrypted plaintext.
Here is what the Decryption Options dialog box looks like:
Decryption Options
┌────────────────────────────────────────────────────┐
│ Leave the signature on the message intact │
│ Recover the original plaintext while decrypting │
│ Detach signature certification from message │
│ Don't write to a file; view on-screen only │
└────────────────────────────────────────────────────┘
Fig. 7
Notice that the pointer tool is currently positioned at the first item
in this list. To select "Leave" as an option, press the spacebar and a
checkmark will appear to the left of the item:
┌──────────────────────────────────────────────┐
Checkmarked ---> │ √ Leave the signature on the message intact │
If you change your mind, you can press the spacebar again to remove the
item as an option (and the checkmark will disappear). All of the items
are optional, none are required for proper decryption with PGP.
Consult your PGP documentation for more information on the optional
decryption switches available to you.
KEY MANAGEMENT SCREEN
---------------------
The Key Management Screen can be accessed from the Main Menu by either
pressing "4" (hot-key), using the arrow keys to highlight "Key Management"
and pressing ENTER, or by clicking once with your mouse when highlighted.
When you wish to exit from here, just press the ESC key.
The Key Management Screen (the KMS if you will) is where all the action is
happening. PGPShell has previously gathered all the relevent data concerning
your public key ring and presents it to you here in a logical, concise way.
The KMS is divided into three "boxes," the UserID Box, located in the upper
left-hand corner; the Function Key Box, located in the upper right-hand
corner; and the Current Key Box which fills the bottom two-thirds of the
screen. The entire KMS is shown here in Figure 8:
┌─────────────────────────┐┌────────────────────────────────────────────────┐
│ kat woman │ F1 - Help │
│ Philip R. Zimmermann ││ F2 - Edit/Copy key currently selected │
│ Harry Bush ││ F3 - Compose message to checkmarked recipients │
│ Johannes Kepler ││ F4 - Add a new key to current key ring │
│ Fyodor Dostoyevsky ││ F5 - Choose a different PGP key ring │
└─────────────────────────┘└────────────────────────────────────────────────┘
┌───────────────────────────────────────────────────────────────────────────┐
│ UserID: Johannes Kepler │
│ E-mail: still@kailua.colorado.edu KeyID: 4E4937 │
│ Fingerprint: AD 29 BE 28 5D 2B 77 BE F6 85 08 45 B6 2D 0B 36 │
│ │
│ Signatures Attached: Your Trust of This Person: │
│ │
│ Alan Bradley marginal │
│ R. Weston Westrope marginal │
│ Nathaniel David Jones marginal │
│ Lenny Bruce marginal │
│ Umberto Eco complete │
│ │
│ │
│ This is your key... │
│ │
└───────────────────────────────────────────────────────────────────────────┘
Spacebar to checkmark UserID - ENTER/left-click to view stats - ESC to quit
Fig. 8
There's a lot going on here, so don't worry about it at first if you're
intimidated by it all. Lets take each section of the KMS individually and
explain it in greater detail.
The UserID Box
--------------
The UserID Box displays a list of all of the people that are
on your public key ring in an easy-to-read, scrollable box shown
here in Figure 9:
┌─────────────────────────┐
│ kat woman
│ Philip R. Zimmermann │
│ Harry Bush │
│ Johannes Kepler │
│ Fyodor Dostoyevsky │
└─────────────────────────┘
Fig. 9
The pointer tool () highlights the key that is currently chosen.
By pressing ENTER or clicking with your mouse, you can update the
contents of the Current Key Box (the bottom two-thirds of the KMS)
with information regarding that key. In the above example, my key
"Johannes Kepler" has been highlighted (the pointer tool is set on
that key) and the Current Key Box displays information relevent to
my personal public key. (I'll explain more about the information
in the Current Key Box later on.)
When you move the mouse up and down (or arrow up and down) the
fields will automatically update to the current key chosen.
The Function Key Box
--------------------
The Function Key Box is nothing more than a static display to
remind you of what actions you may perform when in the KMS.
There are four function keys (F1 through F5) available to you.
┌────────────────────────────────────────────────┐
│ F1 - Help │
│ F2 - Edit/Copy key currently selected │
│ F3 - Compose message to checkmarked recipients │
│ F4 - Add a new key to current key ring │
│ F5 - Choose a different PGP key ring │
└────────────────────────────────────────────────┘
Fig. 10
By pressing "F1" at any time, a context-sensitive help window
will pop up with more detailed information to guide you in using
PGPShell.
The "F2" key is reserved for editing or otherwise manipulating
whichever key is currently highlighted. In our above example,
if I wanted to remove some of the signatures from my public key,
(PGP's -krs command) all I would have to do is press F2 and a
popup menu will display. More on that later.
Press "F3" to immediately compose a PGP-encrypted e-mail to
one or more persons "checkmarked" in the UserID Box. To checkmark
a UserID, just press the spacebar when the highlight bar rests on
their name. You may checkmark as many persons as you want to, but
at least one person must be checkmarked. If you press F3 and no
one is checkmarked, an error message will briefly pop up on the
screen and no action will be taken. I'll get into details about
encrypting a message to one or more recipients later on in this
documentation.
Press "F4" to add a new key to the current key ring. A directory
window will pop up asking you to select (with either your mouse or
an arrow key and pressing ENTER) the DOS filename that contains the
external key you wish to add. You can add any number of keys that
may be contained in a file and the file doesn't necessarily have to
contain only keys. In other words, there can be several pages of
text with a key buried in the middle somewhere and PGP will find it
okay. This is often the case when a new found friend sends you a
PGP-encrypted text file and has put his public key at the end of it.
[New for PGPShell v3.2]
Press "F5" to switch to another key ring. (You may also click
with the mouse to perform this function.) Most people will use
two key rings, the PUBRING.PGP and the SECRING.PGP key ring files.
Quite a few others (families for instance) share the PGP.EXE file
and each have their own key ring files. With this function, you
can switch and choose key rings to load into PGPShell. Keep in
mind that your key rings must be located where PGP can use them
(in the PGPPATH DOS environment variable). You cannot change the
PGPPATH variable from within the shell.
Current Key Box
---------------
The Current Key Box is the "output" of the selection you make in
the UserID box when you press ENTER or click with your mouse. It
will be constantly updated as you scroll through the keys on your
public key ring and click on different ones to view them. The
Current Key Box is divided up into three main sections: the Header,
the Signators, and the Trust Parameters. Let's look at each one
individually:
Header The Header displays the UserID, E-mail address,
KeyID, and Fingerprint of the current key. If
PGPShell cannot determine an e-mail address for
this key, a notice saying so will be displayed
instead.
Signators The Signators section displays, in a column
format, all of the signatures attached to this
public key and your trust of that signator (if
you have indicated so). It is important to
remember that your trust of the signator is not
the same as your trust of the person that these
signature's are attached to! You may trust
"Alice" very closely, but that doesn't mean
that "John" who has signed her key is also
worthy of your trust. PGP's "web of trust"
concept will be discussed later in this doc.
Trust Parameters The bottom of the Current Key Box is reserved
for two trust parameters: your trust and PGP's
trust of this key. They should not be confused,
since your trust is yours alone, but PGP makes
a trust determination based upon *all* signator's
to the current key. Again, this concept will be
explained later in this documentation.
F2 Function Key - Edit/Copy Key
-------------------------------
Let's go into some greater detail on the inner workings of the last three
function keys. (F1 Help, I'm sure needs no further explanation) When you
press F2 to Edit/Copy the key currently selected, a Key Management pop-up
menu will display. It is shown in Figure 11:
┌──────────────────────────────────────────────────┐
│ Key Management │
│ │
│ 1 Delete this key from your key ring │
│ 2 Copy this key to an external file │
│ 3 Indicate your trust in this person │
│ 4 Certify this key as valid │
│ 5 Remove signature(s) from this key │
│ 6 Disable or reenable this key │
│ 7 Quit │
│ │
└──────────────────────────────────────────────────┘
Fig. 11
Each item on the menu may be selected by pressing its corresponding "hot
key" number (one through seven), mouse-clicking, or pressing ENTER.
Item number 1, Deletion is the PGP command: [-kr]. Choose this option
to remove the currently selected key from your key ring. Removal is
permanent so make sure you really want to delete that person from your
key ring.
Item number 2, Copy (Extraction) is the PGP command: [-kxa]. Choose this
option when you want to make a duplicate, or a copy, or any key (including
your own) on your public key ring. Usually you will need to do this when
you want to give your key to someone else. You may also use this option
after signing someone else's key that they have just given to you. That
way they can have their key back with your signature on it. Notice that
PGPShell adds the "a" (for ASCII) onto the command. Without it, the key
would be extracted in binary format; nothing wrong with that, except that
most remailers on the Internet will not handle binary format correctly.
As a default PGPShell uses the ASCII option throughout because that has
become the standard among most PGP users. This is especially so when you
consider the recent popularity and explosion of users on the Internet who
are exchanging keys and messages via Internet remailers.
Item number 3, Trust Determination is the PGP command: [-ke]. Choose this
option when you want to indicate your trust of the key currently selected.
Unfortunately, many PGP users never use this option correctly. I won't go
into detail here, but see the section on PGP's "web of trust" for more
information on to correctly determine trust parameters. If you haven't
read the PGP documentation, then by all means, do so.
Item number 4, Certification is the PGP command: [-ks]. Choose this option
to certify someone else's key on your key ring. Many a "key signing party"
has taken place where this command gets used. When you certify someone's
key, you are saying to the rest of the world that this person is who they
say they are. No one has really addressed the issue of whether or not you
should play "cop" and ask to see a driver's license. Although as I write
this, some California Cypherpunks jokingly asked for each other's driver's
licenses, presumably to counter the dangerous Tentacles of Medusa and other
psuedospoofing tactics that have (tongue-in-cheek) manifested recently.
Should you require firm identification? Probably not. This isn't to say
that circumstances may be different for you. If you're a Bosnian Serb
fighting Muslims and Croatians around Sarajevo, you may have different
authentification standards than some fellas hanging out at the coffee shop.
Item number 5, Signature Removal is the PGP command: [-krs]. Choose this
option to remove one (or more) signator's from the key currently selected.
If a key has a signature of a person that you have never heard of, then
only their KeyID will be displayed in the Current Key Box. PGP's "web of
trust" organization encourages this, because you never know who you may
run into in the future that, once you add their key to your public key
ring, their name triggers those KeyID's into giving you a positive
identification of who they are and what their relationship is to your new
found friend. Nevertheless, there may be reasons why you want to remove
on or more signature's from a given key.
Item number 6, Disable/Reenable is the PGP command: [-kd]. Choose this
option to disable (make inactive) or, if already disabled, reenabled.
You will probably use this option very rarely. Originally it was designed
to act as a substitute for a key revocation certificate in the event that
someone's secret key was compromised. But if that person lost their
secret key, they would be unable to issue a revocation certificate (it can
be a Catch-22, the lesson is don't lose your secret key!) Disabling a
public key will render is useless for anything except signature checking.
You cannot send an encrypted message to a recipient whose key has been
disabled.
Item number 7 will dispose of the Key Management menu and take you back to
the Key Management Screen.
F3 Function Key - Compose Message
---------------------------------
PGPShell allows you to compose PGP-encrypted messages to the recipients
on your public key ring from the Key Management Screen. Just press the
spacebar to toggle the names in the UserID Box on or off, like a light
switch. A checkmark (√) will appear to the left of the selected name after
you press the spacebar key. Here is a sample of the Key Management Screen
again, only I have checkmarked "Hober Mallow" and "R. Weston Holland":
┌─────────────────────────┐┌────────────────────────────────────────────────┐
│ √ Hober Mallow, Trader ││ F1 - Help │
│√ R. Weston Holland ││ F2 - Edit/Copy key currently selected │
│ Douglas Bradley ││ F3 - Compose message to checkmarked recipients │
│ Wendy O. Williams │ F4 - Add a new key to current key ring │
│ Fyodor Dostoyevsky ││ F5 - Choose a different PGP key ring │
└─────────────────────────┘└────────────────────────────────────────────────┘
┌───────────────────────────────────────────────────────────────────────────┐
│ UserID: Douglas Bradley │
│ E-mail: bradleyr@ucsu.colorado.edu KeyID: A8E45D86 │
│ Fingerprint: 04 59 CA C3 89 2C 28 CC 15 E0 71 59 E7 89 CF 7C │
│ │
│ Signatures Attached: Your Trust of This Person: │
│ │
│ Johannes Kepler ultimate │
│ Nathaniel David Jones marginal │
│ │
│ │
│ │
│ │
│ ┌───────────────────────┐ │
│ Your personal trust of R.│Create a New Message? Y│nal │
│ PGP has determined the va└───────────────────────┘to be: complete │
└───────────────────────────────────────────────────────────────────────────┘
After checkmarking the two recipients and pressing F3 to compose a PGP-
encrypted message to them, a dialog box will pop up at the bottom of the
KMS asking, "Create a New Message?" If you want to compose a message to
them from scratch then answer "Y" by pressing the 'y' key. If you have
previously composed or wish to continue editing a message, answer "N" (by
pressing the 'n' key) and a directory dialog box will pop up to the left of
the screen. Just find the file you were working on and press ENTER (or
click with your mouse). If you change your mind during the selection of
a file, you can always press the Escape key to return to the KMS.
If you answer 'yes' and wish to create a new file, PGPShell will ask you
to name it. Any legal DOS filename is acceptable. See the text editor
section further on for details about using the PGPShell Editor.
F4 - Add a New Key
------------------
To add a new key to your public key ring, press the F4 function key.
A directory dialogue box will pop up and wait for you to point and
click on the key file. If you change your mind, just press the ESC
key and you will return to the KMS.
Okay, so we've gone over the Key Management Screen pretty thoroughly, but
it still may not make much sense to you if you're not very familiar with
PGP. That's okay, once you get a few keys on your key ring (mine for
instance it should be included with PGPShell as KEPLER.ASC), you'll get
the hang of it. Practice using PGPShell by going into the Key Management
Screen and pressing "F4". Choose my key and add it to your key ring. Then
click on it (or press ENTER) to view the stats. Unless you've met me in
person though, don't sign it! How do you know I am who I say I am? More on
this stuff later though when I get into PGP's "web of trust."
F5 - Choose a different Key Ring
--------------------------------
This function key allows you to choose between many different key files
that you may have created. Some people will have one key pair for their
personal correspondence and another for business entities. Families
find it useful to keep their key pairs separate too. Clicking once with
the mouse will also invoke this function. You'll find this function
useful for switching between your public and secret keys. The default
directory that PGPShell will show you is the PGPPATH directory.
Be aware that choosing a key ring file outside of the current PGPPATH
directory will not change the PGPPATH environment variable automatically.
You will be able to pull up key ring files in other directories and
look at them in PGPShell, but you will not be able to manipulate them,
because PGP will not know that they are there; it is still looking at
the PGPPATH directory. To conveniently work with multiple key rings,
keep them in the PGPPATH directory and rename them to a logical name
that you find intuitive. For instance, you might have a key pair
called "PRIMUS.PUB" and "PRIMUS.SEC" for your business, and another
pair called "JOHANN.PUB" and "JOHANN.SEC" for your personal use.
Families might employ first names to rename their key files to in
order to intuitively tell them apart.
If all else fails and you must have different key pairs in more than
one directory, just exit PGPShell, set the new PGPPATH environment
variable, and restart PGPShell.
PGP AND THE "WEB OF TRUST"
--------------------------
In keeping with the informality of this documentation, I'll digress into
a little anecdote. Recently I attended a UNIX users conference in Boulder
in which Philip Zimmermann (the author of PGP) gave a lecture on public key
encryption and PGP in general. Throughout most of the meeting, he
patiently answered questions concerning specific calculations of the IDEA
algorithm, and the potential for brute force attacks on one's secret key.
Finally he said something to the effect of, "Encryption is fine, but I
would rather talk about something more important; the politics of PGP."
Well said! Encryption is for the cryptologists; privacy is our gig.
Only a fraction of us know much about the mathematics of encryption
ciphers. Fortunately, PGP was not made for the cryptologists. It was
made for you and I, people who desire a level of privacy in our lives
that traditional e-mail doesn't have. So let's talk about the politics
of PGP and specifically the "web of trust."
Half of all the source code in PGP is dedicated to key authentication,
trust level, and certification tracking. Good key management is
essential if you are to succeed in knowing who's who on your key ring.
Let's start with your own keys. PGP recognizes your personal private
and public keys as "ultimate" for purposes of trust. That means that you
are trusted "ultimately" to act as an introducer to others should they
provide you a copy of their key. In PGP-talk, an "introducer" is any
person who is with PGP public keys, what a notary public is with important
documents. Picture a world where everyone is a notary public; stamping
each others documents with their own official seals, verifying the validity
of documents based upon the trustworthiness of the person who stamped it.
That's the world of PGP, only instead of notary public seals, we have secret
keys. And everyone who uses PGP has the capability of acting in the role of
an introducer. Zimmermann describes this as a "guerilla-style" model of
society rather than the more formalized "hierarchical" approach.
PGP automatically ranks your own keys as "ultimate" and uses that as a base
for the determination of the trust and validity of every other key on your
key ring. PGP weighs the validity of keys based upon your trust of, either
that person directly, or indirectly if you have indicated a trust in a third
party. Here's an example:
You know "Jane" personally (she's your girlfriend as a matter of fact) and
trust her very well so you have signed her key and indicated your trust in
her as "complete." (The highest trust you can place in someone other than
yourself). PGPShell displays Jane's key like this:
Jane's Key
----------
Signatures Attached: Your Trust of This Person:
Your_Name_Here ultimate
Your trust of Jane is: complete.
PGP has determined the validity as: complete. <--- PGP's decision
Notice that PGP has automatically weighed its own determination of the
validity of Jane based upon your indication of trust in her. PGP doesn't
pull this stuff out of a hat, there are parameters that you set in PGP's
CONFIG.TXT file for telling PGP how much to trust someone. Here's what
that part of my CONFIG.TXT file looks like:
# Number of completely trusted signatures needed to make a key valid.
Completes_Needed = 1
# Number of marginally trusted signatures needed to make a key valid.
Marginals_Needed = 3
I have configured PGP to validate someone's key if one signature is
completely trusted. If a signator is only marginally trusted, then it
takes three such signatures to validate the key.
Okay, so let's go back to good ol' Jane, your girlfriend. The next day
"Joe" gives you his public key. You don't know Joe very well, but Jane
does and she says he's a real swell guy. So you put Joe on your key ring
and take a peek at it in PGPShell:
Joe's Key
---------
Signatures Attached: Your Trust of This Person:
Jane complete
Your trust of Joe is: unknown.
PGP has determined the validity as: complete.
"Aha," you say to yourself, Jane has signed Joe's key. Notice how
PGPShell displays your trust of the signator (Jane) and then at the bottom
of the screen displays your trust of Joe as "unknown" because you have
never set the trust parameter and only just put the key on your ring.
Nevertheless the CONFIG.TXT validity parameters are set as "One complete
makes a key valid" so PGP determines the validity to be "complete." This
is what is meant by a "web of trust", you trust Jane, Jane trusts Joe, so
therefore PGP trusts Joe.
A trusts B, and
B trusts C, so
A trusts C.
Joe comes over to your apartment later that day and you find him to be
a nice and real friendly guy. He loans you 5 bucks as a matter of fact.
"What a swell guy," you think. Still, it's too early to make a personal
determination of your trust in Joe so you stay with PGP's determination
for now.
A few days later, something weird happens. You come home from work and
there's a letter sitting on your keyboard that says something to the effect
of, "Dear Computer Nerd, I have left you for Joe. Goodbye, Jane."
"I'll show her!" you say to yourself. After firing up your computer, and
starting PGPShell, you highlight Jane's key and change your trust of her
from "complete" to "no" trust at all.
Because you have changed your trust in your now ex-girlfriend, it sends
a "ripple effect" throughout all of your other keys on your key ring.
Remember that you still haven't made a trust determination for Joe, instead
letting PGP determine it for you until you got to know him better. Let's
look at Joe's key now:
Joe's Key After the Breakup
---------------------------
Signatures Attached: Your Trust of This Person:
Jane untrusted
Your trust of Joe is: unknown.
PGP has determined the validity as: undefined. <----- changed!
Notice that PGP is nice enough to not condemn Joe right along with Jane.
It merely lists its determination of Joe as "undefined" rather than
"untrusted" like Jane. It leaves it up to you to gauge Joe's trustworth-
iness from now on based upon events as they unfold.
The point behind the web of trust model that PGP uses, is that everything
is determined and weighed based upon your trust of all of the people on
your public key. The "domino effect" could downgrade other "tentacles"
(inside joke...) attached to a key that you edit.
Likewise, if you upgrade your trust in someone, it could affect several
other keys with signatures attached to this one and make their keys valid.
You should take the editing of trust parameters very seriously because it
will affect not just other keys on your key ring, but the keys on other
peoples key rings as well (if you trade keys). Perhaps "erring on the side
of caution," isn't a bad idea when it comes to the management of the keys on
your key ring. Don't be afraid to make changes to your keys either. The
important thing is to be very honest and make a good judgment call. Don't
worry about what other people will think--PGP keeps your trust parameters
private (on your secret key) and no one else will know about what you
think.
ADVANCED ENCRYPTION TECHNIQUES
---------------------------------------------------------------------------
The RAM Drive
~~~~~~~~~~~~~
Some people have grown up on Windows' smart drive and DOS Shells and have
forgotten what oldish things like RAM drives are all about. In issues
such as privacy however, a RAM drive is an extra safety net to insure that
your secret key is not compromised in any way. Here's how to set one up.
Insert this line into your CONFIG.SYS file:
DEVICE=C:\DOS\RAMDRIVE.SYS 1024 /e
If you have a 386 or better computer, you could type "DEVICEhigh" instead
of DEVICE to load the RAMDRIVE.SYS driver into high memory, but its only
about 6K so its not crucial. The 1024 block of memory (1 meg) is the size
of your RAM drive, and the switch "e" (/e) means you wish to use "extended"
memory for your virtual drive.
Reboot your computer for these changes to take effect. Your RAM drive
will be given the next letter after your physical hard drive, i.e., if
you have a single hard drive "C:" like most people, the RAM drive will
be called "D". Type "cd d:" at the DOS prompt and you are in your RAM
drive.
The advantage of creating and using a RAM drive for PGP is that the RAM
drive "D" is not physical, but located only in memory. That way when
you shut down your computer, PGP disappears with it, and any trace of
your secret key as well. Advanced PGP users keep the critical PGP
files (CONFIG.TXT, PGP.EXE, PUBRING.PGP, SECRING.PGP, etc.) on a floppy
that they carry around with them and only use PGP in their virtual RAM
drives. When you want to enter a PGP session, just put the floppy in,
and type "copy a:*.* d:" and your PGP files will be in the RAM drive.
You can do this and still keep a copy of PGPShell in a C:\PGPSHELL directory
to use PGP. Before starting a PGP session, just type "set pgppath=d:" at
the DOS prompt, (or insert this command in your AUTOEXEC.BAT file if you use
PGP often) to tell DOS that you've put PGP in a RAM drive. PGPShell will
look at the DOS environment and see that PGP is located in the D: drive,
and work on everything in there.
Don't worry about loading PGPShell into your RAM drive; PGPShell itself is
harmless and contains nothing that would compromise your secret key ring.
Don't forget to copy the contents of the RAM drive back onto your floppy
after exiting PGPShell, especially if you've added to, deleted or otherwise
modified your keys. Once you shut off your computer anything located
in RAM memory will be gone with it!
Consult those old dusty DOS manuals for more information on creating
and using RAM drives.
The Encrypted Drive
~~~~~~~~~~~~~~~~~~~
Even safer and more convenient than the RAM drive, is the encrypted
drive. Mike Ingle's "Secure Drive" program (currently version 1.0)
is a rare needle in the software haystack allowing you to partition
a portion of your hard drive and physically encrypt it using the
same technology that PGP uses.
Using Secure Drive, slice off a good chunk of real estate from your
C drive (at least 5 megs) using DOS' FDISK command to create a
secondary partition. (Follow the directions in your DOS manual to
do this.) Then, put your PGP files, including your key pair into
the encrypted drive. Your PGP files are encrypted and safely protected
from the outside world.
Read Mike's documentation carefully when you use Secure Drive. The
most important thing to remember is that you should turn your computer
off (or do some kind of cold boot) so that your pass phrase is removed
from memory. There's no way to mess with the TSR that manages the
Secure Drive partition (in an attempt to gather your pass phrase) if
you perform a cold boot on your machine after using the Secure Drive.
You can obtain Secure Drive as: SECDRV13E.ZIP from numerous sites in
the U.S. only (not for export as of this writing) on the Hieroglyphic
Voodoo Machine BBS in the Free Files section. The phone number is
1.303.443.2457 (N81 V.32bis). [Note: As of the original writing of
the documention for PGPShell a newcomer on the scene has arrived:
"Secure Device" is another crypto tool worthy of your consideration.
You can pick this up at Mike Johnson's FTP site (see WHAT_IS.PGP) or
on my BBS as SECDV??.ZIP in the free files area.]
The Hidden Directory
~~~~~~~~~~~~~~~~~~~~
The hidden directory is the oldest trick in the book (and many a bane
to system admins trying to clean up directory trees). Although far from
foolproof, the hidden directory will slow down nosy co-workers who may
be snooping on your computer while you're at lunch.
Let's say you're not paranoid enough to warrant the use of a RAM drive
but you still don't want anyone knowing you use PGP. Here's the next
best thing:
Go into a mundane directory tree like \DOS or \WINDOWS\SYSTEMS where
no one ever looks and create a subdir called something harmless like
"SYS" or "BIN". Copy all of your PGP stuff into that directory
(let's say C:\DOS\BIN for example.) Then get back out to C:\DOS and
type: "ATTRIB +H BIN" from the DOS prompt. Using the DOS "Attribute"
command, you've hidden (+H) the BIN subdirectory from view. Its still
there, but someone would have to know what they were doing to find it.
(If you want to see it type "ATTRIB BIN" from the DOS prompt.)
When you want to use PGP, just type "set pgppath=c:\dos\bin" at a DOS
prompt and you're set. Here's a good batch file to use (which you
can hide as well) that can be located anywhere along the DOS path:
@echo off
set pgppath=c:\dos\bin
cd \pgpshell
pgpshell
Call the batch file something dumb like "READ_DIR.BAT" or hide it by
using ATTRIB like this: ATTRIB +H READ_DIR.BAT so that the pgppath
statement is not compromised easily. Whenever you want to use PGP
just type READ_DIR and everything will load for you.
This isn't 100%, as I stated before, but its good enough to fool most
people since they won't mess around with something that they don't
even know is there. If people or police are specifically looking for
PGP or encrypted messages on your system, then you're screwed anyway;
call a lawyer.
The Paranoid Encryptor
~~~~~~~~~~~~~~~~~~~~~~
This one is courtesy of the handful of paranoid people that warned me to
be careful because, as a result of PGPShell "they" will be out to get me.
Nevertheless, there may be occasions when the enemy is very real, and you
cannot afford to have your encrypted messages cracked by those naughty
NSA Cray computers. One way in which a computer is able to crack your
message is by applying a consistent mathematical algorithm (a brute force
attack) against your message until a pattern emerges that spells out words.
Your RANDSEED.BIN 24-byte file (Random Seed Binary) is where PGP draws its
material from when it comes time to encrypt your message. A computer is
not able to generate truly random acts on its own, thats why PGP needed you
to monkey-type at random when you first created your personal keys.
If PGP can't find a RANDSEED.BIN file, it will create a seed file
"on the fly" and ask you to bang away on your keyboard just before
encrypting. By inserting a line at the end of the above READ_DIR batch
file like this: "del c:\dos\bin\randseed.bin", you'll create a new seed
file each time you use PGP. This will blow any pattern that could possibly
develop over time (during which the attacker is amassing your encrypted
messages and studying each of them for patterns). PGP's own RANDSEED.BIN
file does a good job of providing enough material for encryption, but
this option is still a "safety net" of sorts for the truly paranoid.
CLOSING COMMENTS
----------------------------------------------------------------------------
PGPShell should be easy to use. If it isn't, then I failed somewhere.
Many users want to use encryption but face a "mental block" when using
PGP because of its intimidating UNIX command-line interface. My hope is
that more people who want to get into encryption, will do so through
the friendlier PGPShell environment. My philosophy is that this is
YOUR program and that I am merely the caretaker of it.
If you have any questions or comments, please feel free to e-mail me on
the Internet at <still@rintintin.colorado.edu> or at the Voodoo Machine
if you're a BBSer. If you e-mail me, please don't encrypt it (I know that
in the past I said "send me an encrypted e-mail for practice") but the
problem was *everybody* did just that. I was swamped with ASCII code and
had to decrypt it all before knowing what was said. Just jot it down
normal-fashion, and I can reply to you more easily.
Also included in this file is KEPLER.ASC which is my public key. Practice
with it if you're new to encryption. Try adding it to your key ring,
deleting it, etc.
REGISTRATION
----------------------------------------------------------------------------
Registering (purchasing) PGPShell allows you to use the product after
the trial period. Registered PGPShell users get the current version of
PGPShell on disk along with their own serial number, and priority when
electronically mailing me for User Support (still@rintintin.colorado.edu)
or on my BBS at +1 303 443 2457 (V.32bis N81). I cannot guarantee
User Support to unregistered users, but I will do my best. To register
PGPShell with your VISA or MasterCard, call 1-800-333-HEAR (4327).
---> Please remember that this is an orders-only line! The guys
who answer the phone sell hearing aids (don't ask...) and
don't know the first thing about programming or PGPShell.
They will NOT be able to answer your questions regarding the
use or functionality of PGPShell.
Ten-percent of all revenues from PGPShell will be donated to the
Philip Zimmermann Legal Defense Fund in Boulder, Colorado, to assist
the author of PGP in his long, expensive criminal investigation by
the U.S. Customs Bureau. I will personally send a letter to the
defense fund's attorney, Phil Dubois (and forward a carbon copy
directly to Philip Zimmermann) and sign the names of all registered
users to the letter indicating the amount of the collective donation,
and include the donation in the form of a bank-certified check.
Notice of the donation will be posted prominently on at least the
Hieroglyphic Voodoo Machine BBS and the Cypherpunks Mailing List
when it is made.
PGPShell registration costs $20 in U.S. funds, (includes shipping) for
a registered copy of PGPShell on disk. A commercial site license is
available to government or company entities for a one-time fee of
$199 in U.S. funds, and has no workstation restrictions. A bound,
printed manual is available at an additional cost of $5 per copy,
including shipping charges. An evaluation disk with the current trial
version of PGPShell on it is also available for a $5 fee (again in U.S.
funds). This is to be used to try out PGPShell, and does not include
registration (the right to use PGPShell after the 30-day evaluation
period). The fee covers the cost of the diskette and shipping and
handling charges.
Mail registration to: James Still, P.O. Box 1583, Boulder, CO 80306-1583.
Payment may be in the form of check or money order that I can deposit
in a U.S. bank. I will also accept corporate or academic purchase orders
for the site license fee only and not the single-user license cost.
I must be able to deposit the check into my bank account or I cannot
process your registration.
QUESTIONS & ANSWERS
--------------------------------------------------------------------------
Q: I notice that PGPShell runs an output routine to gather data from
my public key rings. My key ring is very large and this takes too
long; isn't there some other way to do this?
A: The answer is yes and no. (or maybe not really...) After
experimenting with various ways of collecting PGP data, the "all
at once" way was the best, proving to be as seamless to the end
user as possible.
Lately there has been a strange obsession by a good number of
enthusiasts to actually possess every single key that they can
acquire from the Internet key servers and public-domain key rings.
Alt.security.pgp posters have naively boasted of their enormous
2 and 3 thousand-key rings, as if encryption and 'crypto-anarchy'
were like a Hollywood move and accomplished through sheer numbers
alone. (Pardon the word play...) PGPShell was not designed for
the 'baseball card' collector or the fasionable crypto-poseur.
It was designed for the serious encryption-user who uses PGP
*daily* and needs a coherent, understandable program for managing
and working with a key ring of a couple dozen keys or so.
If you have a slow computer, or grow impatient at this output
routine, you should copy those keys that you don't need or use
into a "repository" directory (perhaps in a subdirectory named
KEYS off of the main C:\PGPSHELL directory) and only add them
on if you need them for that 'once in a while' e-mail message.
This will keep your key ring smaller and a lot easier to manage.
Q: Why isn't there a Windows version of PGPShell?
A: PGPShell can be run from Windows already if you create a PIF file
with low graphics, foreground use, etc. Usually this question is
asked more from a compatibility or aesthetics standpoint ("I'd like
to see a cool looking icon....") Several things:
o A good many people in places like the former Soviet Union
who remember the pre-Perestroika days and wish to use PGP,
still don't have access to 386+ computers, let alone the
latest graphical operating systems like here in the West.
o Having said that, my time is limited because I'm in college
so multiple ports (and the subsequent support for each) to
various operating systems is not realistic; I have to choose
which to support.
o I decided that, given the purpose and reason for PGP (Phil's
vision of grass-roots based communication, et. al.) serving
the 640K RAM, DOS-based XT's (and monochrome monitor folks)
and above was the best choice.
Q: When I first start PGPShell, it runs some PGP commands while a
dialogue box says, "Please wait, gathering PGP data...." But
then it locks up and I have to reboot.
A: 90% of the time that this happens it is because you have a bad
key on your key ring. When PGP asks you to certify a key (and
gives you 4 choices of certification levels) it does not perform
error correction upon user input. In other words, if you type
'Y' instead of one through four, PGP will not catch the error
and ask you to reenter; instead waiting until the next time you
invoke PGP to fix the error. Run the "PGP -kc" command from
the DOS prompt to have PGP look for and correct any bad keys
on your key ring and the lockup problem should be fixed.
For the other 10% of the time (and if it still occurs after
the -kc command has been executed) it is probably because PGP
has run out of memory and has died. This is especially true
with v2.3a, but beginning with PGP v2.6 an "out of memory"
error will display instead of locking up.
Q: I keep getting "out of memory" errors when trying to run PGP
from within PGPShell.
A: PGPShell shares a "parent-child" relationship with PGP, which
means that PGPShell runs PGP as a "child process" when you
invoke PGP commands from within the shell. In order for this
to work, PGPShell must give PGP as much memory as possible,
while still scraping together a little bit to keep itself going.
Data encryption is already a very memory-intensive process,
so you will find it difficult to run PGP and/or PGPShell if you
are also loading several other drivers or TSR's. You should
first remove unnecessary drivers and TSR's from memory and
reboot your computer to see if that frees up enough memory to
run PGPShell. Also reducing your files and buffers in your
CONFIG.SYS file may help with memory problems.
Q: Everytime I try to add, remove, or otherwise work with my key
ring PGP gives me error messages of "UserID not found" and it
doesn't seem to be able to read it even though the shell shows
everything fine. What's up?
A: Check to make sure that the key you have loaded into PGPShell
is pointed to by the DOS environment variable PGPPATH. If you
are unsure, exit PGPShell and type "set pgppath=[filepath] and
try again. PGPShell may read and load a keyring fine, but if
PGP doesn't know about it (through PGPPATH) you'll get error
messages. Also make sure that the MyName config variable in
the CONFIG.TXT file is entered in quotes and that your UserID
is spelled correctly.
Q: What gives? My key displays garbage at the bottom of the KMS!
A: You either misspelled or forgot to type your UserID in the
"MyName" configuration of PGP's CONFIG.TXT file.
Q: When I enter the Key Management Screen from the main menu
PGPShell doesn't display any keys at all!
A: The PGP.EXE file is probably missing from the PGPPATH directory
and the keys were not gathered properly upon startup. Make
sure that PGPPATH points to your PGP directory.
DISCLAIMER OF WARRANTY
--------------------------------------------------------------------------
This software and manual are sold "AS IS" and without warranties as to
performance of merchantability or any other warranties whether expressed
or implied. Because of the various hardware and software environments
into which this program may be put, no warranty of fitness for a particular
purpose is offered.
Good data processing procedure dictates that any program be thoroughly
tested with non-critical data before relying on it. The User must assume
the entire risk of using the program. Any liability of the seller will be
limited exclusively to product replacement or refund of purchase price.
James Still disclaims all warranties, expressed or implied, including
without limitation, the warranties of use and/or fitness of PGPShell for
any purpose. James Still assumes no liabilities for damages, direct or
consequential, which may result from the use or misuse of PGPShell. Are
you writing this down?
CREDITS
----------------------------------------------------------------------------
Pretty Good Privacy (PGP) is copyrighted by Philip Zimmermann. Thanks Phil!
Now solid public key encrypton tools and secure communications are possible
for us normal folks...
Also thanks to Katherine, my wife, for being a extraordinarily special
companion and putting up with my weird, conspiratorial diatribes to her
friends at those "posh" mountain parties.
Bye!
PGPShell is Copyright (c) 1992-1994 by James Still. All Rights Reserved.
----- EOF ---------------------------------------------------------------