Follow the instructions that come with the PGP distribution you have downloaded or purchased.
Each of the ZIP files is actually two nested zip files. Inside
PGP262.ZIP is PGP262I.ZIP, which contains most of the files, and
PGP262I.ASC, which is a PGP signature on PGP262I.ASC. If you have a
previous version of PGP, you can use it to check the signature to see
that the distribution has not been tampered with. Since a PGP signature
protects every last bit in a file from change, a BBS adding an
advertising blurb or recompressing the archive would cause PGP to report
tampering. Thus, only the inner ZIP file is signed.
Create a directory for the PGP files. For this description, let's use
the directory C:\PGP26 as an example, but you should substitute your own
disk and directory name if you use something different. Type these
commands to make the new directory:
c:
md \pgp26
cd \pgp26
Uncompress the distribution file PGP262.ZIP to the directory. For this
example, we will assume the file is on floppy drive A - if not,
substitute your own file location.
pkunzip -d a:pgp262
This will create the file PGP262I.ZIP and PGP262I.ASC. Unzip
PGP262I.ZIP with the command:
pkunzip -d pgp262i
If you omit the -d flag, all the files in the doc subdirectory will be
deposited in the pgp directory. This merely causes clutter.
Keep the PGP262I.ZIP file around. Once you have PGP working you can use
PGP262I.ASC to verify the digital signature on PGP262I.ZIP. It should
come from Jeffrey I. Schiller (whose key is included in keys.asc).
Setting the Environment
-----------------------
Next, you can set an MSDOS "environment variable" to let PGP know where
to find its special files, in case you use it from other than the
default PGP directory. Use your favorite text editor to add the
following lines to your AUTOEXEC.BAT file (usually on your C: drive):
SET PGPPATH=C:\PGP26
SET PATH=C:\PGP26;%PATH%
Substitute your own directory name if different from "C:\PGP26".
The CONFIG.TXT file contains various user-defined preferences for PGP.
For example, you can specify which of your secret keys to implicitly
select for creating digital signatures. See the manual for details on
how to fine-tune your PGP configuration file. The default values in
that file are good enough to get you started.
Another environmental variable you should set in MSDOS is "TZ", which
tells MSDOS what time zone you are in, which helps PGP create GMT
timestamps for its keys and signatures. If you properly define TZ in
AUTOEXEC.BAT, then MSDOS gives you good GMT timestamps, and will handle
daylight savings time adjustments for you. Here are some sample lines
to insert into AUTOEXEC.BAT, depending on your time zone:
SET TZ=EST5EDT
Now reboot your system to run AUTOEXEC.BAT, which will set up PGPPATH
and TZ for you.
3.Generate PGP keys (public and private)
On DOS systems, this is done by issuing the command
pgp -kg
Issuing this command on a typical system yielded the following:
Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
(c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 29 Aug 94
Distributed by the Massachusetts Institute of Technology. Uses RSAREF.
Export of this software may be restricted by the U.S. government.
Current time: 1996/09/31 23:45 GMT
Pick your RSA key size:
1) 512 bits- Low commercial grade, fast but less secure
2) 768 bits- High commercial grade, medium speed, good security
3) 1024 bits- "Military" grade, slow, highest security
Choose 1, 2, or 3, or enter desired number of bits:
Choose option 3, 1024 bits, for maximum security.
You will be prompted for your full name and your e-mail address:
Generating an RSA key with a 1024-bit modulus.
You need a user ID for your public key. The desired form for this
user ID is your name, followed by your E-mail address enclosed in
, if you have an E-mail address.
For example: John Q. Smith <12345.6789@compuserve.com>
Enter a user ID for your public key:
Next, you'll be prompted for a passphrase. This can include spaces, and should be a phrase you can remember easily, such as the first line of your favorite song.
IMPORTANT: DO NOT WRITE DOWN THIS PHRASE.
Enter your passphrase.
You need a pass phrase to protect your RSA secret key.
Your pass phrase can be any sentence or phrase and may have many
words, spaces, punctuation, or any other printable characters.
Enter pass phrase:
Enter same pass phrase again:
You'll then be asked to type random keys as your PGP keys are generated. You will see a series of dots and
plus signs. Finally, your keys will be generated and stored in secring.pgp (your private keyring) and
pubring.pgp (your public keyring).
4.Sign your key
Always sign your key. Do this with the command
pgp -ks
5.Extract your public key in ASCII
IMPORTANT: You must extract an ASCII representation of your key, or you won't be able to mail it.
Use the command
pgp -kxa
which will prompt you for a filename to use for this ASCII version of your public key. A good name might be your_user_idpubkey.asc or just pubkey.asc.
6. Register your public key and/or send it the parties you want to be able to
encrypt messages to you.
IMPORTANT: Never send your secret key to anyone - the file named secring.pgp
Cut and paste the .asc file you created in step 5. You can do this by
typing
type pubkey.asc
and cutting and pasting the results
Or you can load the pubkey.asc file into any text editor and cutting
pasting from there.
Paste the key into your preferred e-mail app and send it to whomever
you wish to recieve the key, such as uta@shinn.net. To register your
key you should visit the MIT PGP Key Server, or some other Public
Key Server.
7. Encrypt your message
On a DOS machine type the following
pgp -esa file_name recipient_name -u your_pgp_userid
To multiple recipients
pgp -esa file_name recipient_name recipient_name2 recipient_nameN -u your_pgp_userid
To wipe out the plaintext file after producing the ciphertext file,
just add the -w (wipe) option when encrypting or signing a message:
pgp -seaw message.txt her_userid -u your_userid
NOTE: You do not need to use the -u switch if you only generated one
set of keys, or your primary PGP user_id is the one you wish to use to
sign your messages.
8. Decrypt message
Just type
pgp encrypted_file
You will then be prompted for your secret ket password, and if the file
is signed PGP will notify you if you have the public key of the sender
to check its authenticity and if it does, if the signature is good.
Additional PGP commands:
To add a public or secret key file's contents to your public or
secret key ring:
pgp -ka keyfile [keyring]
To extract (copy) a key from your public or secret key ring:
pgp -kx userid keyfile [keyring]
or: pgp -kxa userid keyfile [keyring]
To view the contents of your public key ring:
pgp -kv[v] [userid] [keyring]
To view the "fingerprint" of a public key, to help verify it over
the telephone with its owner:
pgp -kvc [userid] [keyring]
To view the contents and check the certifying signatures of your
public key ring:
pgp -kc [userid] [keyring]
To edit the userid or pass phrase for your secret key:
pgp -ke userid [keyring]
To edit the trust parameters for a public key:
pgp -ke userid [keyring]
To remove a key or just a userid from your public key ring:
pgp -kr userid [keyring]
To sign and certify someone else's public key on your public key ring:
pgp -ks her_userid [-u your_userid] [keyring]
To remove selected signatures from a userid on a keyring:
pgp -krs userid [keyring]
To permanently revoke your own key, issuing a key compromise
certificate:
pgp -kd your_userid
To disable or reenable a public key on your own public key ring:
pgp -kd userid
To specify that the recipient's decrypted plaintext will be shown
ONLY on her screen and cannot be saved to disk, add the -m option:
pgp -steam message.txt her_userid
To view the decrypted plaintext output on your screen (like the
Unix-style "more" command), without writing it to a file, use
the -m (more) option while decrypting:
pgp -m ciphertextfile
Software which makes PGP *much* easier to use:
The Time Hack Cryptography Shack