- 1.1. What is PGP?
- PGP is a program that gives your electronic mail something that it otherwise doesn't have: Privacy. It does this by encrypting your mail so that nobody but the intended person can read it. When encrypted, the message looks like a meaningless jumble of random characters. PGP has proven itself quite capable of resisting even the most sophisticated forms of analysis aimed at reading the encrypted text.
- PGP can also be used to apply a digital signature to a message without encrypting it. This is normally used in public postings where you don't want to hide what you are saying, but rather want to allow others to confirm that the message actually came from you. Once a digital signature is created, it is impossible for anyone to modify either the message or the signature without the modification being detected by PGP.
- While PGP is easy to use, it does give you enough rope so that you can hang yourself. You should become thoroughly familiar with the various options in PGP before using it to send serious messages. For example, giving the command "PGP -sat <filename>" will only sign a message, it will not encrypt it. Even though the output looks like it is encrypted, it really isn't. Anybody in the world would be able to recover the original text.
- 1.2. Why should I encrypt my mail? I'm not doing anything illegal!
- You should encrypt your e-mail for the same reason that you don't write all of your correspondence on the back of a post card. E-mail is actually far less secure than the postal system. With the post office, you at least put your letter inside an envelope to hide it from casual snooping. Take a look at the header area of any e-mail message that you receive and you will see that it has passed through a number of nodes on its way to you. Every one of these nodes presents the opportunity for snooping. Encryption in no way should imply ille gal activity. It is simply intended to keep personal thoughts personal.
- Xenon <an48138@anon.penet.f> puts it like this:
- Crime? If you are not a politician, research scientist, investor, CEO, lawyer, celebrity, libertarian in a repressive society, investor, or person having too much fun, and you do not send e-mail about your private sex life, financial/political/legal/scientific plans, or gossip then maybe you don't need PGP, but at least realize that privacy has nothing to do with crime and is in fact what keeps the world from falling apart. Besides, PGP is FUN. You never had a secret decoder ring? Boo! -Xenon (Copyright 1993, Xenon)
- 1.3. What are public keys and private keys?
- With conventional encryption schemes, keys must be exchanged with everyone you wish to talk to by some other secure method such as face to face meetings, or via a trusted courier. The problem is that you need a secure channel before you can establish a secure channel! With conventional encryption, either the same key is used for both encryption and decryption or it is easy to convert either key to the other. With public key encryption, the encryption and decryption keys are different and it is impossible for anyone to convert one to the other. Therefore, the encryption key can be made public knowledge, and posted in a database somewhere. Anyone wanting to send you a message would obtain your encryption key from this database or some other source and encrypt his message to you. This message can't be decrypted with the encryption key. Therefore nobody other than the intended receiver can decrypt the message. Even the person who encrypted it can not reverse the process. When you receive a message, you use your secret decryption key to decrypt the message. This secret key never leaves your computer. In fact, your secret key is itself encrypted to protect it from anyone snooping around your computer.
- 1.4. How much does PGP cost?
- Nothing! (Compare to ViaCrypt PGP at $98!)
- It should be noted, however, that in the United States, some freeware versions of PGP *MAY* be a violation of a patent held by Public Key Partners (PKP). The MIT and ViaCrypt versions specifically are not in violation; if you use anything else, it's your risk. See below (question 1.6) for more information on the patent situation.
- Also, the free versions of PGP are free only for noncommercial use. If you need to use PGP in a commercial setting (and you live in the United States or Canada), you should buy a copy of ViaCrypt PGP. ViaCrypt PGP has other advantages as well, most notably a limited license to export it to foreign branch offices. See below, under question 1.10, for information on how to contact ViaCrypt.
- If you need to use PGP for commercial use outside the United States or
Canada, you should contact Ascom Systec AG, the patent holders for IDEA.
They have sold individual licenses for using the IDEA encryption in
PGP. Contact:
- Erhard Widmer
- Ascom Systec AG
- Dep't. CMVV
- Gewerbepark
- CH-5506 Maegenwil
- Switzerland
- IDEA@ascom.ch
- ++41 64 56 59 83 (Fax ++41 64 56 59 90)
- Nothing! (Compare to ViaCrypt PGP at $98!)
- 1.5. Is encryption legal?
- In much of the civilized world, encryption is either legal, or at
least tolerated. However, there are a some countries where such
activities could put you in front of a firing squad! Check with the
laws in your own country before using PGP or any other encryption
product. A couple of the countries where encryption is illegal are
France, Iran, and Iraq.
*** NEWS FLASH ***
- On April 3, 1995, Boris Yeltsin issued a decree formally banning
encryption with methods not approved by the state. This would,
presumably, include PGP. Thus, Russia must be added to the short list
above.
*** END NEWS FLASH ***
- The legal status of encryption in many countries has been placed on the World Wide Web. You can access it from:
- In much of the civilized world, encryption is either legal, or at
least tolerated. However, there are a some countries where such
activities could put you in front of a firing squad! Check with the
laws in your own country before using PGP or any other encryption
product. A couple of the countries where encryption is illegal are
France, Iran, and Iraq.
- 1.6. Is PGP legal?
- In addition to the comments about encryption listed above, there are a couple of additional issues of importance to those individuals residing in the United States or Canada.
- First, there is a question as to whether or not PGP falls under ITAR regulations which govern the exporting of cryptographic technology from the United States and Canada. This despite the fact that technical articles on the subject of public key encryption have been available legally worldwide for a number of years. Any competent programmer would have been able to translate those articles into a workable encryption program. A lawsuit has recently been filed by the EFF challenging the ITAR regulations; thus, they may be relaxed to allow encryption technology to be exported.
- Second, older versions of PGP (up to 2.3a) were thought to be violating the patent on the RSA encryption algorithm held by Public Key Partners (PKP), a patent that is only valid in the United States. This was never tested in court, however, and recent versions of PGP have been made with various agreements and licenses in force which effectively settle the patent issue. So-called "international" versions and older versions (previous to ViaCrypt PGP 2.4), however, are still considered in violation by PKP; if you're in the USA, use them at your own risk!
- 1.7. What's the current version of PGP?
- You would think that's an easy question to answer!
- At the moment, there are four different "current" versions of PGP.
All of these are derived, more or less, from a common source base: PGP
2.3a, the last "guerillaware" version of PGP. Negotiations to make
PGP legal and "legitimate" have resulted in the differing versions
available; all of them, for the most part, are approximately
equivalent in functionality, and they can all work with each other in
most respects.
- MIT PGP 2.6.2 is the current "official" freeware version. It has been developed both with Phil Zimmermann's approval and active involvement. It contains several bug fixes and enhancements over 2.3a, and it avoids the patent question surrounding other versions of PGP by using the RSAREF library for some of its functions. This library was developed by RSA Data Security, Inc., and is (basically) free for noncommercial use. As part of MIT's agreement with RSADSI, all versions of MIT PGP generate encrypted messages that cannot be decrypted with PGP 2.3a or previous versions.
- ViaCrypt PGP 2.7.1 is the current "official" commercial version. It is available from ViaCrypt, a company out of Arizona, and also has Phil's approval and involvement. See below for details on this version.
- PGP 2.6.2i ("international") is a version of PGP developed from the source code of MIT PGP, which was exported illegally from the United States at some point. Basically, it is MIT PGP 2.6.2, but it uses the old encryption routines from PGP 2.3a; these routines perform better than RSAREF and in addition do not have the usage restrictions in the RSAREF copyright license. It also contains some fixes for bugs discovered since the release of MIT PGP 2.6.2.
- PGP 2.6ui ("unofficial international") is PGP 2.3a with minor modifications made so it can decrypt files encrypted with MIT PGP. It does not contain any of the MIT fixes and improvements; it does, however, have other improvements, most notably in the Macintosh version.
- 1.8. Is there an archive site for alt.security.pgp?
- (Laszlo Baranyi) says:
- "My memory says that ripem.msu.edu stores a backlog of both alt.security.pgp, and sci.crypt. But that site is ONLY open for ftp for those that are inside US."
- (Laszlo Baranyi) says:
- 1.9. Is there a commercial version of PGP available?
- Yes; by arrangement with the author of PGP, a company called ViaCrypt is marketing a version of PGP that is almost identical to the freeware version. Each can read or write messages which the other can understand.
- ViaCrypt reports:
- If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in Phoenix, Arizona, USA. The commercial version of PGP is fully licensed to use the patented RSA and IDEA encryption algorithms in commercial applications, and may be used in corporate and government environments in the USA and Canada. It is fully compatible with, functionally the same as, and just as strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA distribution license, ViaCrypt only distributes executable code and documentation for it, but they are working on making PGP available for a variety of platforms. Call or write to them for the latest information. The latest version number for Viacrypt PGP is 2.7. [Note: Since this statement was issued, ViaCrypt has updated ViaCrypt PGP to 2.7.1.]
- Here is a brief summary of Viacrypt's currently-available
products:
- 1. ViaCrypt PGP for Windows (3.1). Prices start at $124.98
- 2. ViaCrypt PGP for Macintosh, 680x0 or PowerPC, System 6.04 or later. Prices start at $124.98
- 3. ViaCrypt PGP for MS-DOS. Prices start at $99.98
- 4. ViaCrypt PGP for UNIX. Includes executables for the following
platforms:
- SunOS 4.1.x (SPARC)
- Solaris 2.3
- IBM RS/6000 AIX
- HP 9000 Series 700/800 UX
- SCO 386/486 UNIX
- SGI IRIX
- AViiON
- DG-UX(88/OPEN)
- Prices start at $149.98
- Executables for the following additional platforms are
available upon request for an additional $30.00 charge.
- BSD 386
- Ultrix MIPS DECstation 4.x
- DEC Alpha OSF/1
- NeXTSTEP
- Executables for the following additional platforms are
available upon request for an additional $30.00 charge.
- 5. ViaCrypt PGP for WinCIM/CSNav. A special package for users of
CompuServe. Prices start at $119.98
- If you wish to place an order please call 800-536-2664 during the hours of 8:30am to 5:00pm MST, Monday - Friday. We accept VISA, MasterCard, AMEX and Discover credit cards.
- If you have further questions, please feel free to contact me.
- Best Regards, Paul E. Uhlhorn
- Director of Marketing, ViaCrypt Products
- Mail:
- 9033 N. 24th Avenue
- Suite 7
- Phoenix, AZ 85021-2847
- Phone: (602) 944-0773
- Fax: (602) 943-2601
- Internet: viacrypt@acm.org
- Compuserve: 70304,41
- Mail:
- They have also reported recently that they have gained a general export license for exporting ViaCrypt PGP to foreign subsidiaries of USA-based companies. Contact ViaCrypt for details.
- 1.10. Is PGP available as a programming library, so I can write programs
that use it?
- Not yet. PGP 3.0, when it is released, is supposed to have support for doing this. The PGP development team has even released a preliminary API for the library; you can get it from:
- The development team has expressed that this is not a definitive spec; some of it is already out of date. It's good for getting the general idea, though. Send comments concerning the spec to pgp@lsd.com
- In the meantime, you can write your programs to call the PGP program when necessary. In C, for example, you would likely use the system()or spawn...() functions to do this.
- 1.11. What platforms has PGP been ported to?
- PGP has been ported successfully to many different platforms, including DOS, the Macintosh, OS/2, Unix (just about all flavors), VMS, the Atari ST, Archimedes, and the Commodore Amiga. A Windows NT port is reportably in the works as well.
- If you don't see your favorite platform above, don't despair! It's likely that porting PGP to your platform won't be too terribly difficult, considering all the platforms it has been ported to. Just ask around to see if there might in fact be a port to your system, and if not, try it!
- PGP's VMS port, by the way, has its own Web page:
- 1.12. Where can I obtain PGP?
- PGP is very widely available, so much so that a separate FAQ has been written for answering this question. It is called, "WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP)"; it is posted in alt.security.pgp regularly, is in the various FAQ archive sites, and is also available from:
- However, I will describe below the ways to get the differing versions of PGP from their source sites. Please refer to the above document for more information.
- MIT PGP 2.6.2:
- Due to the ITAR regulations (described above), MIT has found it necessary to place PGP in an export-controlled directory to prevent people outside the United States from downloading it. If you are in the USA, you may follow these directions:
- Telnet to net-dist.mit.edu and log in as "getpgp". You will then be given a short statement about the regulations concerning the export of cryptographic software, and be given a series of yes/no questions to answer. If you answer correctly to the questions (they consist mostly of agreements to the RSADSI and MIT licenses and questions about whether you intend to export PGP), you will be given a special directory name in which to find the PGP code. At that point, you can FTP to net-dist.mit.edu, change to that directory, and access the software. You may be denied access to the directories even if you answer the questions correctly if the MIT site cannot verify that your site does in fact reside in the USA.
- Further directions, copies of the MIT and RSAREF licenses, notes, and the full documentation are freely available from:
- An easier method of getting to the PGP software is now available on
the World Wide Web at the following location:
- http://bs.mit.edu:8001/pgp-form.htm l
- ViaCrypt PGP 2.7.1:
- ViaCrypt PGP is not generally available for FTP; it is commercial software. It is, furthermore, not available outside the United States or Canada except under special circumstances. See above (question 1.9) for contact information.
- PGP 2.6.2i:
- As Norway is not limited by ITAR, no hoops are needed to get this version:
- You may also get it via mail by sending a message to
hypnotech-request@ifi.uio.no
with your request in the subject:
- GET pgp262i[s].[zip | tar.gz]
- Specify the "s" if you want the source code. Putting ".zip" at the end gets you the files in the PKZIP/Info-ZIP archive format, while putting "tar.gz" at the end gets the files in a gzipped tar file.
- PGP 2.6ui:
- This link is also an excellent resource for other information about PGP.
- A note on ftpmail:
- For those individuals who do not have access to FTP, but do have access to e-mail, you can get FTP files mailed to you. For information on this service, send a message saying "Help" to ftpmail@decwrl.dec.com You will be sent an instruction sheet on how to use the ftpmail service.
- A note on ftpmail:
- 1.13. I want to find out more!
- If this FAQ doesn't answer your question, there are several places for
finding out information about PGP.
- Web/Mosaic/Lynx:
- FTP Sites:
- News Groups:
- Discussion of anonymity and anon remailers alt.anonymous
- For anonymous encrypted message transfer alt.anonymous.messages
- Clipper, Capstone, Skipjack, Key Escrow alt.privacy.clipper
- General security discussions alt.security
- Index to alt.security alt.security.index
- Discussion of PGP alt.security.pgp
- Discussion of RIPEM alt.security.ripem
- Key distribution via Usenet alt.security.keydist
- General civil liberties, including privacy alt.society.civil-liberty
- Discussion of compression algorithms comp.compression
- News reports from EFF comp.org.eff.news
- Discussion of EFF related issues comp.org.eff.talk
- Discussion of S/W patents, including RSA comp.patents
- Some mention of crypto and wiretapping comp.risks
- General privacy issues comp.society.privacy
- Announcements of security holes comp.security.announce
- Software patents, copyrights, computer laws misc.legal.computing
- Methods of data encryption/decryption sci.crypt
- General math discussion sci.math
- General talk on crypto politics politics.crypto
- If this FAQ doesn't answer your question, there are several places for
finding out information about PGP.
- 2.1. Why can't a person using version 2.2 read my version 2.3
message?
- You might try adding "+pkcs_compat=0" to your command line as follows: "pgp -seat +pkcs_compat=0 <filename>" By default, versions 2.3 and later of PGP uses a different header format that is not compatible with earlier versions of PGP. Inserting this option into the command will force PGP to use the older header format. You can also set this option in your config.txt file, but this is not recommended, as the newer versions of PGP cannot understand the old signature format.
- 2.2. Why can't a person using version 2.x read my version 2.6
message?
- You are probably using MIT PGP, or possibly some other version of PGP with the "legal_kludge" option turned off.
- As part of the agreement made to settle PGP's patent problems, MIT PGP changed its format slightly to prevent PGP 2.4 and older versions from decrypting its messages. This format change was written into MIT PGP to happen on September 1, 1994. Thus, all messages encrypted with MIT PGP after that date are unreadable by 2.4 (and earlier).
- The best route here is for your friend to upgrade to a newer version of PGP. Alternatively, if you are using a non-MIT version, look up the "legal_kludge" option in your documentation; you should be able to configure your copy of PGP to generate old-style messages.
- 2.3. Why does PGP complain about checking signatures every so often?
- Version 2.3a introduced the "pkcs_compat" option, allowing the format of signatures to change slightly to make them more compatible with industry standards. (See question 2.1.) MIT PGP, because it uses the RSAREF library, is unable to understand the old signature format, so it therefore ignores the signature and warns you that it is doing so.
- This problem comes up mostly with old key signatures. If your key contains such old signatures, try to get those people who signed your key to resign it.
- If an old signature is still vitally important to check, get a non-MIT version of PGP to check it with, such as ViaCrypt's.
- 2.4. Why does it take so long to encrypt/decrypt messages?
- This problem can arise when you have placed the entire public key ring from one of the servers into the pubring.pgp file. PGP may have to search through several thousand keys to find the one that it is after. The solution to this dilemma is to maintain 2 public key rings. The first ring, the normal pubring.pgp file, should contain only those individuals that you send messages to quite often. The second key ring can contain ALL of the keys for those occasions when the key you need isn't in your short ring. You will, of course, need to specify the key file name whenever encrypting messages using keys in your secondary key ring. Now, when encrypting or decrypting messages to individuals in your short key ring, the process will be a LOT faster.
- 2.5. How do I create a secondary key file?
- First, let's assume that you have all of the mammoth public key ring in your default pubring.pgp file. First, you will need to extract all of your commonly used keys into separate key files using the -kx option. Next, rename pubring.pgp to some other name. For this example, I will use the name "pubring.big". Next, add each of the individual key files that you previously created to a new pubring.pgp using the - -ka option. To encrypt a message to someone in the short default file, use the command "pgp -e <file> <userid>". To encrypt a message to someone in the long ring, use the command "pgp -e +pubring=c:\pgp\pubring.big <file> <userid>". Note that you need to specify the complete path and file name for the secondary key ring. It will not be found if you only specify the file name.
- 2.6. How does PGP handle multiple addreses?
- When encrypting a message to multiple addresses, you will notice that the length of the encrypted file only increases by a small amount for each additional address. The reason that the message only grows by a small amount for each additional key is that the body of the message is only encrypted once using a random session key and IDEA. It is only necessary then to encrypt this session key once for each address and place it in the header of the message. Therefore, the total length of a message only increases by the size of a header segment for each additional address. (To avoid a known weakness in RSA when encrypting the same message to multiple recipients, the IDEA session key is padded with different random data each time it is RSA- encrypted.)
- 2.7. Where can I obtain scripts to integrate pgp with my email or
newsreading system?
- There are many scripts and programs available for making PGP easier to use. See below, in Appendix I, for a list of such programs. A set of scripts was distributed with PGP for doing this. Since these scripts were considered out of date, they have been removed from the MIT distribution.
- 2.8. How can I decrypt messages I've encrypted to others?
- With conventional encryption, you can read the message by running PGP on the encrypted file and giving the pass phrase you used to encrypt.
- With regular encryption, it's impossible unless you encrypted to yourself as well. Sorry!
- There is an undocumented setting, EncryptToSelf, which you can set in your CONFIG.TXT or on the command line to "on" if you want PGP to always encrypt your messages to yourself. Be warned, though; if your key is compromised, this means that the "cracker" will be able to read all the message you sent as well as the ones you've received.
- 2.9. Why can't I generate a key with PGP for Unix?
- Most likely this is caused because PGP can't create the public and private key ring files. If PGPPATH isn't defined, PGP will try to put those files in the subdirectory ".pgp" off your home directory. It will not create the directory if needed, so if the directory's not there already, PGP will crash after generating the key.
- There are two solutions: set the PGPPASS environment variable to point to the location of your key rings, or run a "mkdir $HOME/.pgp" before generating your key.
- 2.10. When I clearsign a document in PGP, it adds a "dash-space" to
several of my lines. What gives?
- PGP does this because of the "-----BEGIN PGP MESSAGE-----" (and related) headers it uses to mark the beginning of PGP messages. To keep it from getting confused, it tacks a "- " to the beginning of every line in the regular text which has a dash at the start. It strips the extra dash and space when you check the message's signature, and writes the original text to the output.
Go to Part Two of PGP FAQ
Go to Part Three of PGP FAQ