OK, lets assume that you have downloaded PGP262.ZIP and put it into a
directory
called C:\PGP Now you unzip it (you will need PKUNZIP.EXE either in the
same directory or be pathed to it...or use a Windows unzipping tool) and get
PGP262I.ZIP. Use the command "pkunzip pgp262" if you are working in DOS like
I do. Disregard the .ASC file you get. Now "pkunzip -d pgp262i" (you never
had to unzip anything twice before, huh?) and don't forget the "-d" if you
want to documentation files in a separate directory (doesn't matter).
Now you have a bunch of files. These are the ones to keep. All others are
not needed. You can also delete the .ZIP files now.
CONFIG.TXT - User configuration parameter file for PGP
MITLICEN.TXT - PGP 2.6 License from MIT
PGP.EXE - PGP executable program
PGP.HLP - Online help file for PGP
README.DOC - Interesting file, but I will tell you
RSALICEN.TXT - RSAREF license
DOC\PGPDOC1.DOC - PGP User's Guide, Vol I: Essential Topics
DOC\PGPDOC2.DOC - PGP User's Guide, Vol II: Special Topics
DOC\SETUP.DOC - Installation guide, but I will tell you
OK, lets talk a little about secret codes and keys. You know about secret codes. Well, what you know about is called "conventional" cryptography. It is fast, and requires only a short password. It would take a computer years to crack it, even it the computer was smart enough to tell when it had succeeded (gotten English words as a result). The big problem is that you have no good way of giving the secret password to your friend on the other end (what?...you going to e-mail it to him?) If you had a secure way to send him the password, then you don't need PGP. Face to face meetings in a public park is generally considered to be the only good way to distribute passwords, if you are 100% sure that your friend is really who he says he is. Secret agent stuff, right? Well, the point is you can't just go giving your secret password out to all your friends, can you? I mean not over the internet. E-mail is fairly secure, much more so than the WWW, but still the internet is just millions of information packets all broadcast to the network with addresses on them. Anyone could, supposedly, intercept them. PGP can do "conventional" crytography as well as the good stuff, but that is not of interest to us here.
PGP's strength comes from "shared-key" cryptography. There are two keys, one for creating messages, and one for receiving messages. The "encrypt" key is called the "public" key, and you can give it out to all your friends. Publish it on your web page. The "decrypt" key is secret, stored only in your hard drive, and even it is encrypted so that a password is needed to use it. Well, a pass-phrase is suggested, at least five words long. So that cracking the whole system with a fast computer will take about 100 years.
So, ready to get started? You will may want to define a few DOS environment
variables using your AUTOEXEC.BAT file and a text-editor. This file is
normally in your root directory (C:\) and runs evertime time you boot up your
computer. First thing is to make a copy of this just just in case you mess
up. COPY AUTOEXEC.BAT AUTOEXEC.BAK will make a backup copy. I don't care
how good you are....make a backup! Ok, now find the path statement, notice
the directories named there, and add the new PGP direcory ( C:\PGP ) to it,
don't forget the semi-colon which separates the directory names. Or, you can
put this at the bottom of the file instead:
SET PATH=C:\PGP;%PATH%
This means that the path is the PGP directory plus whatever
was previously defined. Now add this to the bottom of the file also:
SET PGPPATH=C:\PGP
These two things allow your computer to use PGP from anywhere you happen to
be, whenever you want it. You can use PGP before you do this, but you would
have to be in the PGP directory to use it. You can put this off till later.
Similarly, you should add one of these lines to the bottom of the
AUTOEXEC.BAT
file, telling PGP what time zone you are in:
SET TZ=PST8PDT (for Los Angeles)
SET TZ=MST7MDT (for Denver)
SET TZ=MST7 (for Arizona - no DST there)
SET TZ=CST6CDT (for Chicago)
SET TZ=EST5EDT (for New York)
SET TZ=GMT0BST (for London)
SET TZ=MET-1DST (for Amsterdam)
SET TZ=NZT-13 (for Aukland)
If you are absolutely sure that no one will ever use your computer (family,
coworkers, SWAT teams busting down your door) then you can even put your
pass-phrase in the AUTOEXEC.BAT file, so you don't have to type it in, but
this is very unprofessional:
SET PGPPASS=this is my passphrase but its not very secret
Once you are done modifying your AUTOEXEC.BAT, save it (using a text-format
save) and reboot your computer so that all these changes will take effect.
Remember, you can do all this later, if you always go into the PGP directory
to use PGP.
Finally, time to get started. You need to create a set of keys for yourself.
One will be placed on you public key ring, along with the public keys of your
friends, and one will be placed on you secret key ring, all alone.
Type this: PGP -KG
It will ask you how big a key you want to create. Most everyone uses 1024.
For a short message now and then, speed is not important, and it makes you
look cool. Next it will ask your your userID. It is traditional to include
your address in angle brackets, and some software requires this.
Black Fox <blackfox@your.isp.com>
is the proper format. At least here
at first, lets all use the proper format. You will be asked to type in some
junk...this is simple. After a minute or three, you will have your new keys
installed on your key rings. You can view your public keys at any time with
PGP -KV
You can either make a spare copy of these by extracting each key to another
file for backup files called pubkey.bak and seckey.bak:
PGP -KX BLACKFOX PUBKEY.BAK PUBRING.PGP
PGP -KX BLACKFOX SECKEY.BAK SECRING.PGP
Or just make backup copies of the PUBPING.PGP and SECRING.PGP files (using
different names) the usual way, thus saving eveything, not just your keys.
By the way, instructions for all this are in the PGP.HLP file, or enter:
PGP -H
and space-bar through the instructions.
When I make such an important backup, I like to keep a copy on floppy, and
I usually make it read-only (undelete-able) with
ATTRIB +R PUBKEY.BAK
Notice in the above examples, I used the userID BLACKFOX right after the -KX command. Whenever you are using this type of command telling PGP to go look through PUBRING.PGP (if you leave the keyring name off, it will assume you mean PUBRING.PGP, so I will leave it off from now on) for user BLACKFOX, it does a case-insensitive search for whatever one word you give it, so I could not have searched for "Black Fox", that's two words. The word "blackfox" is in the address part of the userID, so I can tell it to search for that. I could also have used "fox@your.isp" or just "fox", whatever will allow it to find the correct userID.
Now you will want to make me a copy of your public key, in 7-bit form,
so that it can pass through the e-mail systems.
PGP -KXAT BLACKFOX BLFOXKEY.TXT
Then send this file to me, and all your other
friends (BLFOXKEY.TXT)...I suggest you cut and paste it into a message rather
than "attach" it, if you know how.
The next step is to add my pubilc key to your keyring. At this point I
should
mention that PGP is set up to do much more than we need it to do. It can
also be used to authenticate a message as actually coming from the person
you think it is coming from, but to do this, you must be 100% sure that
when you get my public key, that it is really from me and not some fraudulant
key. Bad messages that look real is not a big concern for us, but maybe for
some people it is. If you know 100% for sure that my key came from me, then
would you trust me to "introduce" someone else's key to you as authentic?
PGP will ask you questions about certifying when adding new keys, or using
keys
for the first time, and it does not matter what your answer is. Just don't
be surprised when it does. "Key management" with PGP is sophisticated,
but is of no interest to us. Suppose you have my public key that you
downloaded from my web site, or you have an e-mail that contains (among other
things) my public key. Assume the file is called SPIKEKEY.TXT
This is a public key, and should be added to your public key ring. Add it
like this:
PGP -KA SPIKEKEY.TXT
It does not matter how you answer the question about "certifying" the keys.
That's it. You are done. To decrypt a message from me (you may have to
cut-and-paste it from your mailer using Clipboard, or save it as a
text-format
file from your mailer) called MAIL.MSG go:
PGP MAIL.MSG
It will decrypt it and save it as just MAIL, unless that file already exists.
Then you can read it with a word processor.
If you know where your outgoing mail is stored, you can encrypt a message to
me (messages must always be encrypted to one particular person...even you
cannot decrypt your own message to me...but of course you still have your
original text file), add mail headers, and leave it there for your next mail
run. If your message is called MYMSG.TXT, and my name is Spike, then go:
PGP -EAT MYMSG.TXT SPIKE
You will get MYMSG.ASC, and you can add the required headers, rename it, and
leave it for the next mail run. Many of you will just cut-and-paste this
PGP message block into your e-mail as you are writing the message to me.
This way is much simpler for most of you, and you do not have to know where
your outgoing messages are stored. If you must, "attach" it and I will do
whatever is necessary at this end to put it back in usable form. But please
try to learn the cut-and-paste method (using Clipboard) first.
If you decrypt using PGP MAIL.MSG, as above, and you run across a new public key in the file, that it will ask if you want to add it to your keyring. It really is simple from this point on. I assume you have learned where your outgoing mail is stored, and how to manipulate it using a text editor. To receive a message, use the PGP command. The send a message, use the PGP -EAT command. That's it.