Cream of the Crop 3

home *** CD-ROM | disk | FTP | other *** search

/ Cream of the Crop 3 / Cream of the Crop 3.iso / utility / pgpshe30.zip / PGPSHELL.DOC < prev next >

Wrap

Text File | 1994-01-04 | 62KB | 1,306 lines

-= P G P S h e l l =- Official Menu-Driven Shell of the 1996 Olympics! Endorsed by the Saddam Hussein Downhill Ski Team, the National Secrecy Agency, and the Captain Midnight "Secret Decoder Ring" Fan Club (c) copyright by James Still 1992-1994 of the Hieroglyphic Voodoo Machine BBS in snowy, hippie-laden Boulder, Colorado, U.S.A. All Rights Reserved PGPShell v 3.0 is released as shareware; please distribute this program to a local BBS near you! QUICK START --------------------------------------------------------------------------- Create a C:\PGPSHELL directory and copy the program contents into it. Before running PGPSHELL.EXE, make sure your "pgppath" and "tz" DOS environment variables are set correctly. If you want to check a sig or decrypt a file just run PGPShell like this: PGPSHELL <cipherfile>. INTRODUCTION -------------------------------------------------------------------------- PGPShell is a menu-driven front-end "shell" that manages Phil Zimmermann's Pretty Good Privacy (PGP) public-key, data encryption program. PGP is available at many Internet sites as PGP23A.ZIP. PGP is a UNIXish command-line application, which means that various switches must be used to perform tasks. PGPShell merely takes this a step further by introducing a menu-driven environment where, with an optional mouse, you can point and click to various keys in order to perform those same actions as you would from the PGP command line. PGPShell doesn't perform any data encryption on its own; everything is done by PGP and PGP alone. The only difference is, PGPShell shows you the PGP commands in an easy-to-read, friendly format and will make your encryption life a lot easier! To properly install the registered version of PGPShell on your computer, insert the PGPShell disk into your disk drive and type "INSTALL" at the a: prompt. There are two DOS environment variables that PGP uses in order to operate properly. They are "TZ" (time zone) and "PGPPATH" (the DOS path statement to your PGP.EXE program). To properly set them you must use the DOS command "SET" in this manner: set TZ=MST7 (or wherever your time zone is) set PGPPATH=C:\PGP (or wherever you keep PGP.EXE) Set these environment variables before using PGPShell. Type "PGPSHELL" at the DOS prompt to execute the program. You must have PGP installed on your computer before PGPShell will be able to allow you to encrypt or decrypt anything. This is because PGPShell cannot perform data encryption on its own, it merely "talks" to PGP and tells it what to do. If PGP is not properly installed, PGPShell will display a context-sensitive help screen that explains the problem and how you can fix it. Optionally, you may add a filename to the command-line to skip the main menu to immediately decrypt a ciphertext file or to check the signature of a ciphertext file. The syntax for this is: PGPSHELL <filename> where "filename" is any legal DOS file that has been PGP encrypted. MAIN MENU -------------------------------------------------------------------------- When you execute PGPSHELL.EXE, and after the copyright screen pops up, press any key (or move the mouse) to get to the main menu. The main menu looks like Figure 1 below: ╔═════════════════════════════════════════════╗ ║ Main Menu ║ ║ ║ ║ 1 Encrypt a Message ║ ║ 2 Decrypt a Message/Check Signature ║ ║ 3 Conventionally Encrypt a File ║ ║ 4 Key Management ║ ║ 5 Quit ║ ║ ║ ╚═════════════════════════════════════════════╝ Fig. 1 At any time you many press F1 for a context-sensitive help screen that will provide additional help on the currently highlighted main menu topic. Also, you may press F2 to initiate the file viewer. A pop up dialog box similar to Fig. 4 (below) will display asking you to choose the file you wish to view. Just click on the file, or press ENTER, and it will promptly display. There is no limit to the size of the file you wish to view. There are three ways to choose a main menu topic: By pointing and clicking with a mouse, pressing ENTER after arrowing down to a topic, or pressing the hot-key (numbered one through five) of the desired topic. I'll take you through a brief description of each menu topic, and then we'll get into more detail later. Encrypt a Message ----------------- This menu option will allow you to prepare either a new, or a previously composed text file for PGP encryption to one or more recipients. You may also prepare encrypted messages from the Key Management Screen. (See the Key Management Screen later in this manual.) Decrypt a Message ----------------- This menu option will allow you to decrypt or the check the certifying signature that may be attached to a ciphertext file. Upon choosing this option, a directory window will pop-up on the screen and you will be prompted to select the ciphertext file with either your mouse or by pressing ENTER. Alternatively, you may use this menu option from the PGPShell command line by using the syntax: PGPSHELL <ciphertext>. Conventionally Encrypt a File ----------------------------- This PGP command is sometimes misunderstood by some PGP enthusiasts. It uses the "-c" PGP command, and will archive any text file for your own record keeping or security purposes. Various files such as tax records, sensitive memos or letters, proprietary source code, are just a few examples of items you may want to conventionally encrypt with PGP's single-key cryptography method. You shouldn't use this menu option to send something to another person (unless there is a secure way of communicating the pass phrase to them) and you should not use your secret key's pass phrase when conventionally encrypting files. Consult the PGP manual for the correct usage of the conventional encryption option. Key Management -------------- The Key Management Screen is the "meat and potatoes" of PGPShell, and where you'll probably spend the most of your time when using PGPShell. Proper key management is critical with PGP and the Key Management Screen will help you take proper control of your key ring. See the "Key Management Screen" portion of this manual for more details on its usage. Quit ---- This option exits the PGPShell program and returns you to DOS or Windows. Main Menu Encryption Option --------------------------- If you choose to Encrypt a Message from the Main Menu, PGPShell will replace the Main Menu with a list of recipients (see Figure 2) and ask you to choose the person for whom your message is for. The list will look like the Key Management Screen's UserID Box (see "Key Management Screen" section) Choose Recipients: ┌────────────────────────────┐ these two are --> │ √ Hober Mallow, Trader to │ checkmarked --> │ √ Wendy O. Williams │ │ R. Weston Westrope │ │ Alan Bradley │ │ Lenny Bruce │ │ Nathaniel David Jones └────────────────────────────┘ Fig. 2 Use the spacebar to checkmark one or more of the recipients in the UserID Box who you will be sending your PGP-encrypted message to. If you change your mind press the Escape key. When you are ready to continue, press ENTER. For help at any time, press F1. After you have pressed ENTER, PGPShell will ask you whether or not you wish to create a new message or open an existing text file. A dialogue box will ask you "Create a New Message?" to which you may answer "Yes" or "No" (see Figure 3). ┌───────────────────────┐ │Create a New Message? Y│ └───────────────────────┘ Fig. 3 The default is "Yes" but you can also choose "No" to prompt a pop up Directory Dialog Box to choose a file name (see Fig. 4 below). If you answer "yes", you will go to the text editor where you can begin writing your message. Pressing the ESC key, aborts this process and takes you back to the Main Menu. See the section on Encryption Options for details on encrypting your plaintext file. Main Menu Decryption Option --------------------------- When you choose to decrypt a cipherfile from the Main Menu, a pop up dialogue box (figure 4) is displayed over the Main Menu. Click on the file or press the ENTER key to choose that file for decryption. ┌─C:\PGPSHE30\*.*─────────────────────────────────────┐ │ .. <DIR> Nov 17,1993 9:20a │ │ DOC <DIR> Dec 06,1993 8:11a │ │ EDITOR <DIR> Dec 06,1993 8:12a │ │ KEYTEMP <DIR> Dec 06,1993 3:10p │ │ PGPSHELL.EXE 77264 Dec 13,1993 8:28a A │ │ OUTPUT.TXT 1684 Dec 13,1993 8:35a A │ │ OUTPUT.DOC 6722 Dec 13,1993 8:35a A │ │ READ.ME 6894 Feb 05,1993 2:58p A │ │ PROCPGP.TXT 2496 Dec 13,1993 8:28a A │ │ LLIST.TXT 4160 Dec 13,1993 8:28a A │ │ LIST.TXT 12160 Dec 13,1993 8:28a A │ │ TOOLS.TXT 7360 Dec 13,1993 8:28a A │ └─────────────────────────────────────────────────────┘ Fig. 4 If you change your mind when choosing a file for decryption, just press the ESC key and you will be taken back to the Main Menu. See the section on Decryption Options for details on decrypting a PGP-encrypted file. Using PGPShell's Text Editor ---------------------------- With version 3.0, PGPShell has started using its own simple text editor. If you need help while in the text editor, just press F1 for a pop up help screen. After you have edited, or composed new from scratch, a text file for encryption, just press the Escape key. You will be asked: Save and prepare for encryption? [y/n] If you are satisfied with your message, answer "y" and PGPShell will process your message for encryption. To abort the editor, just answer "no" and you will be taken back to the main menu (or to the Key Management Screen if you entered the text editor from there.) The following commands are allowed in the PGPShell Editor: Key Action Taken --- ------------ F1 Displays a pop up help screen Esc Quit PGPShell Editor Insert Toggles between insert mode and overwrite mode Home Moves cursor to beginning of current line End Moves cursor to the end of current line Alt-F Toggles between all available foreground colors Alt-B Toggles between all available background colors In addition to these keys, the standard arrow keys and ENTER key will move you through the text. Wordwrapping is automatically enabled so that your text will "wrap" to the next line if it is greater than the screen length. The PGPShell Editor with some sample text looks like this: PGPShell Editor v 1.0 File: C:\PGPSHE30\TEST.TXT Ins ---+----1----+----2----+----3----+----4----+----5----+----6----+----7---- Hey Ph00bar, howz it goin? Nothing much over here at my end. Oh yeah, I almost forgot to tell you, I won the lottery this morning--got 2 million dollars burning a hole in my right hip pocket. I'm going out to buy a Sparc workstation right now and getting my domain address hooked up in my smallish apartment tommorrow. Well take care. - Johannes ----------------------------------------------------------------------------- Fig. 5 The editor is similar to Microsoft's QBasic Interpreter that DOS 5.0 (and greater) uses when you type EDIT.COM at the DOS prompt. It is not designed for serious word processing however. If you wish to load text files that are larger than 20K, you may get a memory error. PGPShell must give PGP as much memory as possible (PGP is quite a large program) and so there's not much left over for text editing. 20K should be enough for 99.9% of all of your encrypting needs, but in those rare cases where you're writing someone a very lengthy post, you may want to type and prepare the text outside of PGPShell. Encryption Options ------------------ After you have prepared a text file for encryption, PGPShell will display a pop up dialog box (figure 6) and ask you to choose the Encryption Options for the message. There are four options available to you when encrypting a file in PGPShell: o Sign the plaintext with your secret key o Shred the original file after encryption o Force recipient to view "on-screen" only o Clear sign the file instead of encrypting it For a full explanation of these PGP encryption options you should consult your PGP documentation, but I'll go over each one briefly. Sign - This option uses the PGP [-s] command and allows you to sign the file in addition to encrypting it. Shred - This option uses the PGP [-w] command and literally shreds the original plaintext after you have encrypted the ciphertext. Force - This option uses the PGP [-m] command and provides an extra layer of security to protect the decrypted file when it arrives at it's destination. Clear - This option uses the PGP [clearsig=on] option in your CONFIG.TXT file. Useful for bulletins or flyers where you still want to prove your identity and authenticate the output of the clear signed file as valid. Here is what the Encryption Options dialog box looks like: Encryption Options ┌──────────────────────────────────────────┐ │ Sign the message with your secret key │ │ Shred the original after encryption │ │ Should recipient view on-screen only │ │ Clear sign the message; no radix-64 │ └──────────────────────────────────────────┘ Fig. 6 Notice that the pointer tool is currently positioned at the first item in this list. To select "Sign" as an option, press the spacebar and a checkmark will appear to the left of the item: ┌──────────────────────────────────────────┐ Checkmarked ---> │ √ Sign the message with your secret key │ If you change your mind, you can press the spacebar again to remove the item as an option (and the checkmark will disappear). All of the items are optional, none are required for proper encryption with PGP. Two PGP commands, Radix-64 ASCII encryption, and Canonical text (-a and -t respectively in PGP) are now automatically used in PGPShell. They have both become a universal standard among PGP users worldwide and so they will be used by PGPShell as well. Consult your PGP documentation for more information on the optional encryption switches available to you. Decryption Options ------------------ You may decrypt a ciphertext file in PGPShell by one of two ways: either at the DOS command line by typing PGPSHELL <filename> or by selecting "Decrypt a Message" at the Main Menu. PGPShell will provide you the opportunity to choose none or all four decryption options from the Decryption Options dialog box (see Figure 7). The options available to you when choosing to decrypt a ciphertext file in PGPShell are: o Leave the signature on the message intact o Recover the original plaintext while decrypting o Detach signature certification from message o Don't write to a file; view on-screen only For a full explanation of these PGP encryption options you should consult your PGP documentation, but I'll go over each one briefly. Leave - This option uses the PGP [-d] command and if checkmarked, will override PGP's default and leave any signatures intact. Recover - This option uses the PGP [-p] command and if checkmarked, will save the decrypted plaintext's original filename. Detach - This option uses the PGP [-b] command and will create a separate <FOO>.SIG file that contains the signature attached to the ciphertext file. View - This option uses the PGP [-m] command and forces the output to the screen (rather than PGP's default that saves to disk) when you read the decrypted plaintext. Here is what the Decryption Options dialog box looks like: Decryption Options ┌────────────────────────────────────────────────────┐ │ Leave the signature on the message intact │ │ Recover the original plaintext while decrypting │ │ Detach signature certification from message │ │ Don't write to a file; view on-screen only │ └────────────────────────────────────────────────────┘ Fig. 7 Notice that the pointer tool is currently positioned at the first item in this list. To select "Leave" as an option, press the spacebar and a checkmark will appear to the left of the item: ┌──────────────────────────────────────────────┐ Checkmarked ---> │ √ Leave the signature on the message intact │ If you change your mind, you can press the spacebar again to remove the item as an option (and the checkmark will disappear). All of the items are optional, none are required for proper decryption with PGP. Consult your PGP documentation for more information on the optional decryption switches available to you. KEY MANAGEMENT SCREEN --------------------- The Key Management Screen can be accessed from the Main Menu by either pressing "4" (hot-key), using the arrow keys to highlight "Key Management" and pressing ENTER, or by clicking once with your mouse when highlighted. When you wish to exit from here, just press the ESC key. The Key Management Screen (the KMS if you will) is where all the action is happening. PGPShell has previously gathered all the relevent data concerning your public key ring and presents it to you here in a logical, concise way. The KMS is divided into three "boxes," the UserID Box, located in the upper left-hand corner; the Function Key Box, located in the upper right-hand corner; and the Current Key Box which fills the bottom two-thirds of the screen. The entire KMS is shown here in Figure 8: ┌─────────────────────────┐┌────────────────────────────────────────────────┐ │ kat woman │ F1 - Help │ │ Philip R. Zimmermann ││ F2 - Edit/Copy key currently selected │ │ Harry Bush ││ F3 - Compose message to checkmarked recipients │ │ Johannes Kepler ││ F4 - Add a new key to your key ring │ └─────────────────────────┘└────────────────────────────────────────────────┘ ┌───────────────────────────────────────────────────────────────────────────┐ │ UserID: Johannes Kepler │ │ E-mail: still@kailua.colorado.edu KeyID: 4E4937 │ │ Fingerprint: AD 29 BE 28 5D 2B 77 BE F6 85 08 45 B6 2D 0B 36 │ │ │ │ Signatures Attached: Your Trust of This Person: │ │ │ │ Alan Bradley marginal │ │ R. Weston Westrope marginal │ │ Nathaniel David Jones marginal │ │ Lenny Bruce marginal │ │ Umberto Eco complete │ │ │ │ Other signatures exist but not displayed... │ │ This is your public key... │ │ │ └───────────────────────────────────────────────────────────────────────────┘ Spacebar to checkmark UserID - ENTER/left-click to view stats - ESC to quit Fig. 8 There's a lot going on here, so don't worry about it at first if you're intimidated by it all. Lets take each section of the KMS individually and explain it in greater detail. The UserID Box -------------- The UserID Box displays a list of all of the people that are on your public key ring in an easy-to-read, scrollable box shown here in Figure 9: ┌─────────────────────────┐ │ kat woman │ Philip R. Zimmermann │ │ Harry Bush │ │ Johannes Kepler │ └─────────────────────────┘ Fig. 9 The pointer tool () highlights the key that is currently chosen. By pressing ENTER or clicking with your mouse, you can update the contents of the Current Key Box (the bottom two-thirds of the KMS) with information regarding that key. In the above example, my key "Johannes Kepler" has been highlighted (the pointer tool is set on that key) and the Current Key Box displays information relevent to my personal public key. (I'll explain more about the information in the Current Key Box later on.) If you wish to perform an action on a key, or to just view information about it, just click once with your mouse, or press ENTER when you arrow down to it. The Function Key Box -------------------- The Function Key Box is nothing more than a static display to remind you of what actions you may perform when in the KMS. There are four function keys (F1 through F4) available to you. ┌────────────────────────────────────────────────┐ │ F1 - Help │ │ F2 - Edit/Copy key currently selected │ │ F3 - Compose message to checkmarked recipients │ │ F4 - Add a new key to your key ring │ └────────────────────────────────────────────────┘ Fig. 10 By pressing "F1" at any time, a context-sensitive help window will pop up with more detailed information to guide you in using PGPShell. The "F2" key is reserved for editing or otherwise manipulating whichever key is currently highlighted. In our above example, if I wanted to remove some of the signatures from my public key, (PGP's -krs command) all I would have to do is press F2 and a popup menu will display. More on that later. Press "F3" to immediately compose a PGP-encrypted e-mail to one or more persons "checkmarked" in the UserID Box. To checkmark a UserID, just press the spacebar when the highlight bar rests on their name. You may checkmark as many persons as you want to, but at least one person must be checkmarked. If you press F3 and no one is checkmarked, an error message will briefly pop up on the screen and no action will be taken. I'll get into details about encrypting a message to one or more recipients later on in this documentation. Press "F4" to add a new key to your public key ring. A directory window will pop up asking you to select (with either your mouse or an arrow key and pressing ENTER) the DOS filename that contains the external key you wish to add. You can add any number of keys that may be contained in a file and the file doesn't necessarily have to contain only keys. In other words, there can be several pages of text with a key buried in the middle somewhere and PGP will find it okay. This is often the case when a new found friend sends you a PGP-encrypted text file and has put his public key at the end of it. Current Key Box --------------- The Current Key Box is the "output" of the selection you make in the UserID box when you press ENTER or click with your mouse. It will be constantly updated as you scroll through the keys on your public key ring and click on different ones to view them. The Current Key Box is divided up into three main sections: the Header, the Signators, and the Trust Parameters. Let's look at each one individually: Header The Header displays the UserID, E-mail address, KeyID, and Fingerprint of the current key. If PGPShell cannot determine an e-mail address for this key, a notice saying so will be displayed instead. Signators The Signators section displays, in a column format, all of the signatures attached to this public key and your trust of that signator (if you have indicated so). It is important to remember that your trust of the signator is not the same as your trust of the person that these signature's are attached to! You may trust "Alice" very closely, but that doesn't mean that "John" who has signed her key is also worthy of your trust. PGP's "web of trust" concept will be discussed later in this doc. Trust Parameters The bottom of the Current Key Box is reserved for two trust parameters: your trust and PGP's trust of this key. They should not be confused, since your trust is yours alone, but PGP makes a trust determination based upon *all* signator's to the current key. Again, this concept will be explained later in this documentation. F2 Function Key - Edit/Copy Key ------------------------------- Let's go into some greater detail on the inner workings of the last three function keys. (F1 Help, I'm sure needs no further explanation) When you press F2 to Edit/Copy the key currently selected, a Key Management pop-up menu will display. It is shown in Figure 11: ┌──────────────────────────────────────────────────┐ │ Key Management │ │ │ │ 1 Delete this key from your key ring │ │ 2 Copy this key to an external file │ │ 3 Indicate your trust in this person │ │ 4 Certify this key as valid │ │ 5 Remove signature(s) from this key │ │ 6 Disable or reenable this key │ │ 7 Quit │ │ │ └──────────────────────────────────────────────────┘ Fig. 11 Each item on the menu may be selected by pressing its corresponding "hot key" number (one through seven), mouse-clicking, or pressing ENTER. Item number 1, Deletion is the PGP command: [-kr]. Choose this option to remove the currently selected key from your key ring. Removal is permanent so make sure you really want to delete that person from your key ring. Item number 2, Copy (Extraction) is the PGP command: [-kxa]. Choose this option when you want to make a duplicate, or a copy, or any key (including your own) on your public key ring. Usually you will need to do this when you want to give your key to someone else. You may also use this option after signing someone else's key that they have just given to you. That way they can have their key back with your signature on it. Notice that PGPShell adds the "a" (for ASCII) onto the command. Without it, the key would be extracted in binary format; nothing wrong with that, except that most remailers on the Internet will not handle binary format correctly. As a default PGPShell uses the ASCII option throughout because that has become the standard among most PGP users. This is especially so when you consider the recent popularity and explosion of users on the Internet who are exchanging keys and messages via Internet remailers. Item number 3, Trust Determination is the PGP command: [-ke]. Choose this option when you want to indicate your trust of the key currently selected. Unfortunately, many PGP users never use this option correctly. I won't go into detail here, but see the section on PGP's "web of trust" for more information on to correctly determine trust parameters. If you haven't read the PGP documentation, then by all means, do so. Item number 4, Certification is the PGP command: [-ks]. Choose this option to certify someone else's key on your key ring. Many a "key signing party" has taken place where this command gets used. When you certify someone's key, you are saying to the rest of the world that this person is who they say they are. No one has really addressed the issue of whether or not you should play "cop" and ask to see a driver's license. Although as I write this, some California Cypherpunks jokingly asked for each other's driver's licenses, presumably to counter the dangerous Tentacles of Medusa and other psuedospoofing tactics that have (tongue-in-cheek) manifested recently. Should you require firm identification? Probably not. This isn't to say that circumstances may be different for you. If you're a Bosnian Serb fighting Muslims and Croatians around Sarajevo, you may have different authentification standards than some fellas hanging out at the coffee shop. Item number 5, Signature Removal is the PGP command: [-krs]. Choose this option to remove one (or more) signator's from the key currently selected. If a key has a signature of a person that you have never heard of, then only their KeyID will be displayed in the Current Key Box. PGP's "web of trust" organization encourages this, because you never know who you may run into in the future that, once you add their key to your public key ring, their name triggers those KeyID's into giving you a positive identification of who they are and what their relationship is to your new found friend. Nevertheless, there may be reasons why you want to remove on or more signature's from a given key. Item number 6, Disable/Reenable is the PGP command: [-kd]. Choose this option to disable (make inactive) or, if already disabled, reenabled. You will probably use this option very rarely. Originally it was designed to act as a substitute for a key revocation certificate in the event that someone's secret key was compromised. But if that person lost their secret key, they would be unable to issue a revocation certificate (it can be a Catch-22, the lesson is don't lose your secret key!) Disabling a public key will render is useless for anything except signature checking. You cannot send an encrypted message to a recipient whose key has been disabled. Item number 7 will dispose of the Key Management menu and take you back to the Key Management Screen. F3 Function Key - Compose Message --------------------------------- PGPShell allows you to compose PGP-encrypted messages to the recipients on your public key ring from the Key Management Screen. Just press the spacebar to toggle the names in the UserID Box on or off, like a light switch. A checkmark (√) will appear to the left of the selected name after you press the spacebar key. Here is a sample of the Key Management Screen again, only I have checkmarked "Hober Mallow" and "R. Weston Holland": ┌─────────────────────────┐┌────────────────────────────────────────────────┐ │ √ Hober Mallow, Trader ││ F1 - Help │ │√ R. Weston Holland ││ F2 - Edit/Copy key currently selected │ │ Douglas Bradley ││ F3 - Compose message to checkmarked recipients │ │ Wendy O. Williams │ F4 - Add a new key to your key ring │ └─────────────────────────┘└────────────────────────────────────────────────┘ ┌───────────────────────────────────────────────────────────────────────────┐ │ UserID: Douglas Bradley │ │ E-mail: bradleyr@ucsu.colorado.edu KeyID: A8E45D │ │ Fingerprint: 04 59 CA C3 89 2C 28 CC 15 E0 71 59 E7 89 CF 7C │ │ │ │ Signatures Attached: Your Trust of This Person: │ │ │ │ Johannes Kepler ultimate │ │ Nathaniel David Jones marginal │ │ │ │ │ │ │ │ │ │ ┌───────────────────────┐ │ │ Your personal trust of R.│Create a New Message? Y│nal │ │ PGP has determined the va└───────────────────────┘to be: complete │ └───────────────────────────────────────────────────────────────────────────┘ After checkmarking the two recipients and pressing F3 to compose a PGP- encrypted message to them, a dialog box will pop up at the bottom of the KMS asking, "Create a New Message?" If you want to compose a message to them from scratch then answer "Y" by pressing the 'y' key. If you have previously composed or wish to continue editing a message, answer "N" (by pressing the 'n' key) and a directory dialog box will pop up to the left of the screen. Just find the file you were working on and press ENTER (or click with your mouse). If you change your mind during the selection of a file, you can always press the Escape key to return to the KMS. If you answer 'yes' and wish to create a new file, PGPShell will ask you to name it. Any legal DOS filename is acceptable. See the text editor section further on for details about using the PGPShell Editor. F4 - Add a New Key ------------------ To add a new key to your public key ring, press the F4 function key. A directory dialogue box will pop up and wait for you to point and click on the key file. If you change your mind, just press the ESC key and you will return to the KMS. Okay, so we've gone over the Key Management Screen pretty thoroughly, but it still may not make much sense to you if you're not very familiar with PGP. That's okay, once you get a few keys on your key ring (mine for instance it should be included with PGPShell as KEPLER.ASC), you'll get the hang of it. Practice using PGPShell by going into the Key Management Screen and pressing "F4". Choose my key and add it to your key ring. Then click on it (or press ENTER) to view the stats. Unless you've met me in person though, don't sign it! How do you know I am who I say I am? More on this stuff later though when I get into PGP's "web of trust." PGP AND THE "WEB OF TRUST" -------------------------- In keeping with the informality of this documentation, I'll digress into a little anecdote. Recently I attended a UNIX users conference in Boulder in which Philip Zimmermann (the author of PGP) gave a lecture on public key encryption and PGP in general. Throughout most of the meeting, he patiently answered questions concerning specific calculations of the IDEA algorithm, and the potential for brute force attacks on one's secret key. Finally he said something to the effect of, "Encryption is fine, but I would rather talk about something more important; the politics of PGP." Well said! Encryption is for the cryptologists; privacy is our gig. Only a fraction of us know much about the mathematics of encryption ciphers. Fortunately, PGP was not made for the cryptologists. It was made for you and I, people who desire a level of privacy in our lives that traditional e-mail doesn't have. So let's talk about the politics of PGP and specifically the "web of trust." Half of all the source code in PGP is dedicated to key authentication, trust level, and certification tracking. Good key management is essential if you are to succeed in knowing who's who on your key ring. Let's start with your own keys. PGP recognizes your personal private and public keys as "ultimate" for purposes of trust. That means that you are trusted "ultimately" to act as an introducer to others should they provide you a copy of their key. In PGP-talk, an "introducer" is any person who is with PGP public keys, what a notary public is with important documents. Picture a world where everyone is a notary public; stamping each others documents with their own official seals, verifying the validity of documents based upon the trustworthiness of the person who stamped it. That's the world of PGP, only instead of notary public seals, we have secret keys. And everyone who uses PGP has the capability of acting in the role of an introducer. Zimmermann describes this as a "guerilla-style" model of society rather than the more formalized "hierarchical" approach. PGP automatically ranks your own keys as "ultimate" and uses that as a base for the determination of the trust and validity of every other key on your key ring. PGP weighs the validity of keys based upon your trust of, either that person directly, or indirectly if you have indicated a trust in a third party. Here's an example: You know "Jane" personally (she's your girlfriend as a matter of fact) and trust her very well so you have signed her key and indicated your trust in her as "complete." (The highest trust you can place in someone other than yourself). PGPShell displays Jane's key like this: Jane's Key ---------- Signatures Attached: Your Trust of This Person: Your_Name_Here ultimate Your trust of Jane is: complete. PGP has determined the validity as: complete. <--- PGP's decision Notice that PGP has automatically weighed its own determination of the validity of Jane based upon your indication of trust in her. PGP doesn't pull this stuff out of a hat, there are parameters that you set in PGP's CONFIG.TXT file for telling PGP how much to trust someone. Here's what that part of my CONFIG.TXT file looks like: # Number of completely trusted signatures needed to make a key valid. Completes_Needed = 1 # Number of marginally trusted signatures needed to make a key valid. Marginals_Needed = 3 I have configured PGP to validate someone's key if one signature is completely trusted. If a signator is only marginally trusted, then it takes three such signatures to validate the key. Okay, so let's go back to good ol' Jane, your girlfriend. The next day "Joe" gives you his public key. You don't know Joe very well, but Jane does and she says he's a real swell guy. So you put Joe on your key ring and take a peek at it in PGPShell: Joe's Key --------- Signatures Attached: Your Trust of This Person: Jane complete Your trust of Joe is: unknown. PGP has determined the validity as: complete. "Aha," you say to yourself, Jane has signed Joe's key. Notice how PGPShell displays your trust of the signator (Jane) and then at the bottom of the screen displays your trust of Joe as "unknown" because you have never set the trust parameter and only just put the key on your ring. Nevertheless the CONFIG.TXT validity parameters are set as "One complete makes a key valid" so PGP determines the validity to be "complete." This is what is meant by a "web of trust", you trust Jane, Jane trusts Joe, so therefore PGP trusts Joe. A trusts B, and B trusts C, so A trusts C. Joe comes over to your apartment later that day and you find him to be a nice and real friendly guy. He loans you 5 bucks as a matter of fact. "What a swell guy," you think. Still, it's too early to make a personal determination of your trust in Joe so you stay with PGP's determination for now. A few days later, something weird happens. You come home from work and there's a letter sitting on your keyboard that says something to the effect of, "Dear Computer Nerd, I have left you for Joe. Goodbye, Jane." "I'll show her!" you say to yourself. After firing up your computer, and starting PGPShell, you highlight Jane's key and change your trust of her from "complete" to "no" trust at all. Because you have changed your trust in your now ex-girlfriend, it sends a "ripple effect" throughout all of your other keys on your key ring. Remember that you still haven't made a trust determination for Joe, instead letting PGP determine it for you until you got to know him better. Let's look at Joe's key now: Joe's Key After the Breakup --------------------------- Signatures Attached: Your Trust of This Person: Jane untrusted Your trust of Joe is: unknown. PGP has determined the validity as: undefined. <----- changed! Notice that PGP is nice enough to not condemn Joe right along with Jane. It merely lists its determination of Joe as "undefined" rather than "untrusted" like Jane. It leaves it up to you to gauge Joe's trustworth- iness from now on based upon events as they unfold. The point behind the web of trust model that PGP uses, is that everything is determined and weighed based upon your trust of all of the people on your public key. The "domino effect" could downgrade other "tentacles" (inside joke...) attached to a key that you edit. Likewise, if you upgrade your trust in someone, it could affect several other keys with signatures attached to this one and make their keys valid. You should take the editing of trust parameters very seriously because it will affect not just other keys on your key ring, but the keys on other peoples key rings as well (if you trade keys). Perhaps "erring on the side of caution," isn't a bad idea when it comes to the management of the keys on your key ring. Don't be afraid to make changes to your keys either. The important thing is to be very honest and make a good judgment call. Don't worry about what other people will think--PGP keeps your trust parameters private (on your secret key) and no one else will know about what you think. ADVANCED ENCRYPTION TECHNIQUES --------------------------------------------------------------------------- The RAM Drive ~~~~~~~~~~~~~ Some people have grown up on Windows' smart drive and DOS Shells and have forgotten what oldish things like RAM drives are all about. In issues such as privacy however, a RAM drive is an extra safety net to insure that your secret key is not compromised in any way. Here's how to set one up. Insert this line into your CONFIG.SYS file: DEVICE=C:\DOS\RAMDRIVE.SYS 1024 /e If you have a 386 or better computer, you could type "DEVICEhigh" instead of DEVICE to load the RAMDRIVE.SYS driver into high memory, but its only about 6K so its not crucial. The 1024 block of memory (1 meg) is the size of your RAM drive, and the switch "e" (/e) means you wish to use "extended" memory for your virtual drive. Reboot your computer for these changes to take effect. Your RAM drive will be given the next letter after your physical hard drive, i.e., if you have a single hard drive "C:" like most people, the RAM drive will be called "D". Type "cd d:" at the DOS prompt and you are in your RAM drive. The advantage of creating and using a RAM drive for PGP is that the RAM drive "D" is not physical, but located only in memory. That way when you shut down your computer, PGP disappears with it, and any trace of your secret key as well. Advanced PGP users keep the critical PGP files (CONFIG.TXT, PGP.EXE, PUBRING.PGP, SECRING.PGP, etc.) on a floppy that they carry around with them and only use PGP in their virtual RAM drives. When you want to enter a PGP session, just put the floppy in, and type "copy a:*.* d:" and your PGP files will be in the RAM drive. You can do this and still keep a copy of PGPShell in a C:\PGPSHELL directory to use PGP. Before starting a PGP session, just type "set pgppath=d:" at the DOS prompt, (or insert this command in your AUTOEXEC.BAT file if you use PGP often) to tell DOS that you've put PGP in a RAM drive. PGPShell will look at the DOS environment and see that PGP is located in the D: drive, and work on everything in there. Don't worry about loading PGPShell into your RAM drive; PGPShell itself is harmless and contains nothing that would compromise your secret key ring. Don't forget to copy the contents of the RAM drive back onto your floppy after exiting PGPShell, especially if you've added to, deleted or otherwise modified your keys. Once you shut off your computer anything located in RAM memory will be gone with it! Consult those old dusty DOS manuals for more information on creating and using RAM drives. The Encrypted Drive ~~~~~~~~~~~~~~~~~~~ Even safer and more convenient than the RAM drive, is the encrypted drive. Mike Ingle's "Secure Drive" program (currently version 1.0) is a rare needle in the software haystack allowing you to partition a portion of your hard drive and physically encrypt it using the same technology that PGP uses. Using Secure Drive, slice off a good chunk of real estate from your C drive (at least 5 megs) using DOS' FDISK command to create a secondary partition. (Follow the directions in your DOS manual to do this.) Then, put your PGP files, including your key pair into the encrypted drive. Your PGP files are encrypted and safely protected from the outside world. Read Mike's documentation carefully when you use Secure Drive. The most important thing to remember is that you should turn your computer off (or do some kind of cold boot) so that your pass phrase is removed from memory. There's no way to mess with the TSR that manages the Secure Drive partition (in an attempt to gather your pass phrase) if you perform a cold boot on your machine after using the Secure Drive. You can obtain Secure Drive as: SECDRV10.ZIP from numerous sites in the U.S. only (not for export as of this writing) on the Hieroglyphic Voodoo Machine BBS in the Free Files section. The phone number is 1.303.443.2457 (N81 V.32bis). The Hidden Directory ~~~~~~~~~~~~~~~~~~~~ The hidden directory is the oldest trick in the book (and many a bane to system admins trying to clean up directory trees). Although far from foolproof, the hidden directory will slow down nosy co-workers who may be snooping on your computer while you're at lunch. Let's say you're not paranoid enough to warrant the use of a RAM drive but you still don't want anyone knowing you use PGP. Here's the next best thing: Go into a mundane directory tree like \DOS or \WINDOWS\SYSTEMS where no one ever looks and create a subdir called something harmless like "SYS" or "BIN". Copy all of your PGP stuff into that directory (let's say C:\DOS\BIN for example.) Then get back out to C:\DOS and type: "ATTRIB +H BIN" from the DOS prompt. Using the DOS "Attribute" command, you've hidden (+H) the BIN subdirectory from view. Its still there, but someone would have to know what they were doing to find it. (If you want to see it type "ATTRIB BIN" from the DOS prompt.) When you want to use PGP, just type "set pgppath=c:\dos\bin" at a DOS prompt and you're set. Here's a good batch file to use (which you can hide as well) that can be located anywhere along the DOS path: @echo off set pgppath=c:\dos\bin cd \pgpshell pgpshell Call the batch file something dumb like "READ_DIR.BAT" or hide it by using ATTRIB like this: ATTRIB +H READ_DIR.BAT so that the pgppath statement is not compromised easily. Whenever you want to use PGP just type READ_DIR and everything will load for you. This isn't 100%, as I stated before, but its good enough to fool most people since they won't mess around with something that they don't even know is there. If people or police are specifically looking for PGP or encrypted messages on your system, then you're screwed anyway; call a lawyer. The Paranoid Encryptor ~~~~~~~~~~~~~~~~~~~~~~ This one is courtesy of the handful of paranoid people that warned me to be careful because, as a result of PGPShell "they" will be out to get me. Nevertheless, there may be occasions when the enemy is very real, and you cannot afford to have your encrypted messages cracked by those naughty NSA Cray computers. One way in which a computer is able to crack your message is by applying a consistent mathematical algorithm (a brute force attack) against your message until a pattern emerges that spells out words. Your RANDSEED.BIN 24-byte file (Random Seed Binary) is where PGP draws its material from when it comes time to encrypt your message. A computer is not able to generate truly random acts on its own, thats why PGP needed you to monkey-type at random when you first created your personal keys. If PGP can't find a RANDSEED.BIN file, it will create a seed file "on the fly" and ask you to bang away on your keyboard just before encrypting. By inserting a line at the end of the above READ_DIR batch file like this: "del c:\dos\bin\randseed.bin", you'll create a new seed file each time you use PGP. This will blow any pattern that could possibly develop over time (during which the attacker is amassing your encrypted messages and studying each of them for patterns). PGP's own RANDSEED.BIN file does a good job of providing enough material for encryption, but this option is still a "safety net" of sorts for the truly paranoid. CLOSING COMMENTS ---------------------------------------------------------------------------- PGPShell should be easy to use. If it isn't, then I failed somewhere. Many users want to use encryption but face a "mental block" when using PGP because of its intimidating UNIX command-line interface. My hope is that more people who want to get into encryption, will do so through the friendlier PGPShell environment. Privacy shouldn't be the exception, it should be the norm; and it shouldn't be a hassle or only for the UNIX gurus! If you have any questions or comments, please feel free to e-mail me on the Internet at <still@rintintin.colorado.edu> or at the Voodoo Machine if you're a BBSer. If you e-mail me, please don't encrypt it (I know that in the past I said "send me an encrypted e-mail for practice") but the problem was *everybody* did just that. I was swamped with ASCII code and had to decrypt it all before knowing what was said. Just jot it down normal-fashion, and I can reply to you more easily. Also included in this file is KEPLER.ASC which is my public key. Practice with it if you're new to encryption. Try adding it to your key ring, deleting it, etc. REGISTRATION ---------------------------------------------------------------------------- Registering (purchasing) PGPShell allows you to use the product after the trial period. Registered PGPShell users get the current version of PGPShell on disk along with their own serial number, and priority when electronically mailing me for User Support (still@rintintin.colorado.edu) or on my BBS at +1 303 443 2457 (V.32bis N81). I cannot guarantee User Support to unregistered users, but I will do my best. To register PGPShell with your VISA or MasterCard, call 1-800-333-HEAR (4327). Please remember that this is an orders-only line and the person that takes your order will not be able to answer questions directly related to PGPShell User Support. Ten-percent of all revenues from PGPShell will be donated to the Philip Zimmermann Legal Defense Fund in Boulder, Colorado, to assist the author of PGP in his long, expensive criminal investigation by the U.S. Customs Bureau. I will personally send a letter to the defense fund's attorney, Phil Dubois (and forward a carbon copy directly to Philip Zimmermann) and sign the names of all registered users to the letter indicating the amount of the collective donation, and include the donation in the form of a bank-certified check. Notice of the donation will be posted prominently on at least the Hieroglyphic Voodoo Machine BBS and the Cypherpunks Mailing List when it is made. PGPShell registration costs $20 in U.S. funds, (includes shipping) for a registered copy of PGPShell on disk. A commercial site license is available to government or company entities for a one-time fee of $199 in U.S. funds, and has no workstation restrictions. A bound, printed manual is available at an additional cost of $5 per copy, including shipping charges. An evaluation disk with the current trial version of PGPShell on it is also available for a $5 fee (again in U.S. funds). This is to be used to try out PGPShell, and does not include registration (the right to use PGPShell after the 30-day evaluation period). The fee covers the cost of the diskette and shipping and handling charges. Mail registration to: James Still, P.O. Box 1583, Boulder, CO 80306-1583. Payment may be in the form of check or money order that I can deposit in a U.S. bank. I will also accept corporate or academic purchase orders for the site license fee only and not the single-user license cost. I must be able to deposit the check into my bank account or I cannot process your registration. QUESTIONS & ANSWERS -------------------------------------------------------------------------- Q: I notice that PGPShell runs an output routine to gather data from my public key rings. My key ring is very large and this takes too long; isn't there some other way to do this? A: The answer is yes and no. (or maybe not really...) After experimenting with various ways of collecting PGP data, the "all at once" way was the best, proving to be as seamless to the end user as possible. This keeps the "parent-child" process that PGP and PGPShell share to a minimum, by only using PGP when there is a need. Also, PGPShell can't directly modify your PGP keys because they are themselves PGP-encrypted and in binary format, preventing outside "tampering" from programs like PGPShell. If you have a slow computer, or grow impatient at this output routine, you should copy those keys that you don't need or use often, into a "repository" directory (perhaps in a subdirectory named KEYS off of the main C:\PGPSHELL directory) and only add them on later if you need them. This will keep your key ring smaller and a lot easier to manage. Q: What happened to the old PGPSHELL.CFG file from previous versions? Do I still need it for version 3.0? A: No. PGPShell completely does away with the need for a configuration file by internalizing everything that it needs. For instance, in the past you had to use an external text editor, but beginning with version 3.0, a text editor is built-in for your convenience. If you are upgrading from version 2.2, feel free to delete the old PGPSHELL configuration file. Q: Why isn't there a Windows version of PGPShell? A: PGPShell can be run from Windows already if you create a PIF file with low graphics, foreground use, etc. Usually this question is asked more from a compatibility or aesthetics standpoint ("I'd like to see a cool looking icon....") Several things: o A good many people in places like the former Soviet Union who remember the pre-Perestroika days and wish to use PGP, still don't have access to 386+ computers, let alone the latest graphical operating systems like here in the West. o Having said that, my time is limited because I'm in college so multiple ports (and the subsequent support for each) to various operating systems is not realistic; I have to choose which to support. o I decided that, given the purpose and reason for PGP (Phil's vision of grass-roots based communication, et. al.) serving the 512K RAM, DOS-based XT's (and monochrome monitor folks) and above was the best choice. DISCLAIMER OF WARRANTY -------------------------------------------------------------------------- This software and manual are sold "AS IS" and without warranties as to performance of merchantability or any other warranties whether expressed or implied. Because of the various hardware and software environments into which this program may be put, no warranty of fitness for a particular purpose is offered. Good data processing procedure dictates that any program be thoroughly tested with non-critical data before relying on it. The User must assume the entire risk of using the program. Any liability of the seller will be limited exclusively to product replacement or refund of purchase price. James Still disclaims all warranties, expressed or implied, including without limitation, the warranties of use and/or fitness of PGPShell for any purpose. James Still assumes no liabilities for damages, direct or consequential, which may result from the use or misuse of PGPShell. Are you writing this down? CREDITS ---------------------------------------------------------------------------- Pretty Good Privacy (PGP) is copyrighted by Philip Zimmermann. Thanks Phil! Now solid public key encrypton tools and secure communications are possible for us normal folks... Also thanks to Katherine, my wife, for being a extraordinarily special companion and putting up with my weird, conspiratorial diatribes to her friends at those "posh" mountain parties. Bye! PGPShell is Copyright (c) 1992-1994 by James Still. All Rights Reserved. ----- EOF ---------------------------------------------------------------