PGP Information

PGP(tm), Philip Zimmermann's Pretty Good Privacy package, has been installed on the main IT Unix systems. It is used to make electronic communication more secure. Although there is no such thing as aboslute security, (Want to know why? Read the PGP documents.) this is a "pretty good" attempt. Here is a paragraph taken from the extended documentation. 

 

Synopsis: PGP(tm) uses public-key encryption to protect E-mail and data files. Communicate securely with people you've never met, with no secure channels needed for prior exchange of keys. PGP is well featured and fast, with sophisticated key management, digital signatures, data compression, and good ergonomic design. 

Before you use pgp, you really should look over the documentation. It is a pair of 40+ page documents. Parts of it are even intersting. They are located at:

If you insist on getting started right away and refuse to read the documentation, look at the man page and the remainder of this page.

What is PGP?
Setting up PGP
PGP Quick Reference

What is PGP?

PGP is a public key cryptosystem. That means to encrypt a file or mail message you must know the recipient's public key. The encrypted file or message can only be decrypted using the recipient's private key and a pass phrase. This is analogous to a pass word but may include multiple words, special characters, spaces, etc. Before starting the setup process, think of a good pass phrase. 

Setting up PGP

1. Tell PGP to generate your key set then follow the instructions.
   
   pgp -kg 
   
2. Extract a plain text copy of your public key to include in your email messages.
   
   pgp -kxa username tempfilename
    
3. Add this to the end of your signature file if you want it included on all signed email messages. You may instead want to add it to the end of your plan file so anybody that fingers you can get your key. Finger (with the -l option) dennis@cs.wm.edu for an example.
   
   cat tempfilename.asc >>! ~/.plan 
   cat tempfilename.asc >>! ~/.signature 

Now you, too, can send secret spy mail ... just like the professionals. 

PGP Quick Reference

Each of the following options to pgp are explained in great detail in both the man page and the online documentation. This list was extracted using the

pgp -h

option at the command prompt.

pgp -e textfile her_userid 

To encrypt a plaintext file with the recipient's public key: 

pgp -e textfile her_userid 

To sign a plaintext file with your secret key: 

pgp -s textfile [-u your_userid] 

To sign a plaintext ASCII text file with your secret key, producing a signed plaintext message suitable for sending via E-mail: 

pgp -sta textfile [-u your_userid] 

To sign a plaintext file with your secret key, and then encrypt it with the recipient's public key: 

pgp -es textfile her_userid [-u your_userid] 

To encrypt a plaintext file with just conventional cryptography, type: 

pgp -c textfile 

To decrypt an encrypted file, or to check the signature integrity of a signed file: 

pgp ciphertextfile [-o plaintextfile] 

To encrypt a message for any number of multiple recipients: 

pgp -e textfile userid1 userid2 userid3 

Key management commands: 

To generate your own unique public/secret key pair: 

pgp -kg 

To add a public or secret key file's contents to your public or secret key ring: 

pgp -ka keyfile [keyring] 

To extract (copy) a key from your public or secret key ring do either: 

pgp -kx userid keyfile [keyring] 

pgp -kxa userid keyfile [keyring] 

To view the contents of your public key ring: 

pgp -kv[v] [userid] [keyring] 

To view the "fingerprint" of a public key, to help verify it over the telephone with its owner: 

pgp -kvc [userid] [keyring] 

To view the contents and check the certifying signatures of your public key ring: 

pgp -kc [userid] [keyring] 

To edit the userid or pass phrase for your secret key: 

pgp -ke userid [keyring] 

To edit the trust parameters for a public key: 

pgp -ke userid [keyring] 

To remove a key or just a userid from your public key ring: 

pgp -kr userid [keyring] 

To sign and certify someone else's public key on your public key ring: 

pgp -ks her_userid [-u your_userid] [keyring] 

To remove selected signatures from a userid on a keyring: 

pgp -krs userid [keyring] 

To permanently revoke your own key, issuing a key compromise certificate: 

pgp -kd your_userid 

To disable or reenable a public key on your own public key ring: 

pgp -kd userid 

Esoteric commands: 

To decrypt a message and leave the signature on it intact: 

pgp -d ciphertextfile 

To create a signature certificate that is detached from the document: 

pgp -sb textfile [-u your_userid] 

To detach a signature certificate from a signed message: 

pgp -b ciphertextfile 

Command options that can be used in combination with other command options (sometimes even spelling interesting words!): 

To produce a ciphertext file in ASCII radix-64 format, just add the -a option when encrypting or signing a message or extracting a key use either: 

pgp -sea textfile her_userid 

pgp -kxa userid keyfile [keyring] 

To wipe out the plaintext file after producing the ciphertext file, just add the -w (wipe) option when encrypting or signing a message: 

pgp -sew message.txt her_userid 

To specify that a plaintext file contains ASCII text, not binary, and should be converted to recipient's local text line conventions, add the -t (text) option to other options: 

pgp -seat message.txt her_userid 

To view the decrypted plaintext output on your screen (like the Unix-style "more" command), without writing it to a file, use the -m (more) option while decrypting: 

pgp -m ciphertextfile

To specify that the recipient's decrypted plaintext will be shown ONLY on her screen and cannot be saved to disk, add the -m option: 

pgp -steam message.txt her_userid 

To recover the original plaintext filename while decrypting, add the -p option: 

pgp -p ciphertextfile 

To use a Unix-style filter mode, reading from standard input and writing to standard output, add the -f option: 

pgp -feast her_userid < inputfile > outputfile