PGP JUMP START If you hate reading manuals -- here is the easy way to get started with PGP (Pretty Good Privacy). PGP JUMP START helps you get up and running fast with PGP, so that you can exchange encrypted e-mail messages with your friends. This document assumes basic familiarity with DOS, Windows and Unzipping! STEP ONE: DOWNLOAD PGP STEP TWO: DOWNLOAD PGP QuickStart (for Windows users) STEP TWO-A: UNCOMPRESS PGP STEP TWO-B: EDIT AUTOEXEC.BAT STEP THREE: GENERATE YOUR PGP KEY PAIR STEP FOUR: SIGN YOUR KEY STEP FIVE: EXTRACT A COPY OF YOUR KEY STEP SIX: REGISTER YOUR PUBLIC KEY STEP SEVEN: OBTAIN A PERSON'S PUBLIC KEY STEP EIGHT: ADD A PERSON'S KEY TO YOUR PUBLIC KEYRING STEP NINE: ENCRYPT A MESSAGE STEP TEN: SEND AN ENCRYPTED MESSAGE AS E-MAIL STEP ELEVEN: DECRYPT AN ENCRYPTED E-MAIL MESSAGE STEP TWELVE: READ THE DOCUMENTATION STEP THIRTEEN:PGP THE EASY WAY STEP ONE: DOWNLOAD PGP If you do not already have an official copy of Phil Zimmermann's PGP 2.6.2, then download pgp262.zip now from one of the MIT sites: ftp://net-dist.mit.edu/pub/PGP/ http://web.mit.edu/network/pgp.html Go ahead ~ download PGP now! ~ It's only 276 K. We'll wait for you. STEP TWO: DOWNLOAD PGP QuickStart (for Windows users) PGP QuickStart is a PGP install program which will automatically perform STEP TWO-A and TWO-B listed below. This easy-to-use Windows program, written by Joel McNamara, is highly recommended. EITHER download PGP QuickStart and skip to STEP THREE, OR continue with Step TWO-A below. Note: If you decide to use PGP QuickStart, you may want to scan STEP TWO-A and TWO-B to get an idea of what PGP QuickStart does. STEP TWO-A: UNCOMPRESS PGP Create a directory for the PGP files (e.g. C:\PGP). UNZIP pgp262.zip to the PGP directory. This will create the files pgp262i.zip, pgp262i.asc and setup.doc. UNZIP pgp262i.zip into the same directory. STEP TWO-B: EDIT AUTOEXEC.BAT Add the following lines, after the PATH statement, to your Autoexec.bat file: SET PGPPATH=C:\PGP SET PATH=C:\PGP;%PATH% SET TZ=**** (**** is the timezone you are in) Below are some examples: Hawaii: SET TZ=HST10 (Hawaii never uses daylight savings time) Alaska: SET TZ=AST9 Los Angeles: SET TZ=PST8PDT Denver: SET TZ=MST7MDT Arizona: SET TZ=MST7 (Arizona never uses daylight savings time) Chicago: SET TZ=CST6CDT New York: SET TZ=EST5EDT London: SET TZ=GMT0BST Amsterdam: SET TZ=MET-1DST Moscow: SET TZ=MSK-3MSD Auckland: SET TZ=NZT-13 Substitute your own directory name if different from "C:\PGP" Now reboot your computer so that these changes will take effect. STEP THREE: GENERATE YOUR PGP KEY PAIR You are now ready to generate your PGP Key Pair. At the DOS prompt type: pgp -kg and press Enter. STEP THREE is divided into 4 Parts. Answer the questions when prompted by the PGP program. STEP THREE, Part 1. *Pick your RSA key size* We recommend Size 2 [768 bits - High commercial grade] as the most practical for general use. STEP THREE, Part 2. *Enter a user ID for your public key* Use your full name as your userID, because then there will be less risk of people using the wrong Public Key to encrypt messages to you. Spaces and punctuation are allowed in the userID. Type your full name followed by your E-mail address in like so: John Q. Smith Please note: When you use PGP, you do not have to type your full userID when requested. You can type any part of the userID. If your userID were John Q. Smith any of the following would work: John Smith jqs "John Q." (Note: If there is a space, the userID must be in quotes.) "John Q. Smith" STEP THREE, Part 3. *Enter pass phrase* PGP will ask for a "pass phrase" to protect your secret key in case it falls into the wrong hands. Nobody can use your secret key without this pass phrase. The pass phrase is like a password, except that it can be a whole phrase or sentence with many words, spaces, punctuation, or anything else you want in it. The pass phrase is case-sensitive, and should not be too short or easy to guess. The longer and more random your pass phrase is, the more secure your key files and encrypted files will be. Don't leave your pass phrase written down where someone else can see it, and don't store it on your computer if other people can access your computer. Here are some examples of pass phrases: QwErTy Omaha, Bugaha, Rugaha, 1936XYZ hdF6kjHd4f$w%@@K#^%5%RoEihefiUwe9/f/g77E5Q7$ Although the third pass phrase is strongest, don't make the pass phrase too complicated, since you have to type your pass phrase EVERY time you decrypt or sign a PGP message. The first one, a simple pass"word" will work, but it is vulnerable to attack and may compromise your security. If you can find the phrase in any published work then don't use it. Don't use any phrases from your personal history or popular culture. Using "0dd sp3LLing5 and CaPitaliZaTiOn" will make your pass phrase harder to guess or attack. Also, you must remember which letters are capitalized, since the pass phrase is case-sensitive. Now type your pass phrase. STEP THREE, Part 4. *We need to generate ___ random bits* PGP will ask you to enter some random text to help it accumulate random bits for key generation. When asked, you should provide some keystrokes that have irregular timing between strokes, and that utilize upper case and lower case letters as well as numerals. Type this random text on the keyboard, until you are prompted to stop. There will then be a delay (a few seconds to a few minutes) depending upon the speed of your computer and the RSA key size you picked. PGP will actually generate two keys [your key pair]; your Secret key that you keep secret and a Public key that your friends and [if you allow it] the general public may obtain and use to send you messages. (The public key "locks" the message; the secret key "unlocks" it.) Your Secret key will automatically be placed into the file C:\pgp\secring.pgp which is your Secret keyring. Your Public key will be automatically placed into the file C:\pgp\pubring.pgp which is your Public keyring. To view or verify your keyring, type: pgp -kv and press Enter. STEP FOUR: SIGN YOUR KEY You must sign your key for added security. At the DOS prompt type: pgp -ks userID and press Enter. (The userID is what you decided on, back in STEP THREE, Part 2) PGP will respond by showing your Key ID and your Key fingerprint. You don't need to worry about such things at this point. Press y and Enter when you are asked: "to solemnly certify that the above public key actually belongs to the user specified by the above userID ?" Type in your pass phrase when asked. (The pass phrase is what you decided on, back in STEP THREE, Part 2) You will then see, "Key signature certificate added". STEP FIVE: EXTRACT A COPY OF YOUR KEY TO A KEYFILE To allow others to send you encrypted messages, you must give them your public key. To do this, you should extract a copy of your key to an ascii keyfile. The keyfile name should start with your initials, followed by the word "key", and the extension "asc", which indicates that the keyfile is an ascii file. For example, if your name were John Q. Smith, then you would name your keyfile, jqskey.asc. At the DOS prompt type: pgp -kxa userID keyfile Below is an example of how John Q. Smith would extract a copy of his key at the DOS prompt: pgp -kxa John jqskey.asc He would then see: "Key extracted to file 'jqskey.asc'" In STEP SEVEN you can see an example of a PGP PUBLIC KEY BLOCK that is contained in a PGP keyfile. STEP SIX: REGISTER YOUR PUBLIC KEY In order to receive messages encrypted with PGP, you should submit your public key to a PGP Public Key Server, which allows PGP users to exchange their public keys with each other. http://www-swiss.ai.mit.edu/~bal/pks-commands.html is the URL of a PGP Public Key Server where you can submit your public key. Follow the simple instructions found there to add your public key to the PGP Public Key Server's keyring. It's as easy as using the copy and paste commands. The keyserver processes ADD requests every 10 minutes. After your key has been processed the server will send a confirmation message to your e-mail address. Note: It is not mandatory that you register your public key. There are alternative methods available to exchange public keys. These methods are mentioned at the end of STEP SEVEN. STEP SEVEN: OBTAIN A PERSON'S PUBLIC KEY In order to send a message encrypted with PGP to a person, you must first obtain that person's PGP Public Key. Go to the http://www-swiss.ai.mit.edu/~bal/pks-commands.html Website. This is the same URL of the PGP Public Key Server mentioned above, and is where you can extract someone else's public key. Follow the simple step-by-step instructions found there to extract a public key from the PGP Public Key Server's keyring. Remember, while viewing the keyfile, highlight the entire PGP PUBLIC KEY BLOCK with your mouse and copy. Then paste the KEY BLOCK into a text editor and save it as a keyfile using the same keyfile naming convention as you used in STEP FIVE to name your own keyfile. Thus the keyfile name for John Q. Smith (whose initials are jqs) would be jqskey.asc Below is an example of a PGP PUBLIC KEY BLOCK that would be copied. Be sure to highlight all the dashes "-----" at the beginning and end of the KEY BLOCK. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCtAzFdDD8AAAEFAPLLiJ+cmQEPDE7l7SFgJw/RZvRK8Z/dDprpBzTVmdGzSuwX SORInqHH5/AADA6WWIrRctOHE5nkfaM/LUwz24NXMRXodUgreIHZQndFQz3oDe6c eg5voBMft0NyAk23WMlU3FCiff8QW1duA0g3UXaD1ufuzYrX0avSrGbJoSS0Yw8w 5olqZkfWQtc6gWVdULyuuliZkRwOjnqxi1n7ThUABRG0KEpvaG4gV2hpdG1hbiA8 NzUyMTEuMjE0N0Bjb21wdXNlcnZlLmNvbT6JALUDBRAxXRtejnqxi1n7ThUBAQ7h BQDAhm/C7WeH/QMhn2wePS46z86gN9Q2BmK4QnItN01yRw5unJgXhCxGF/R+RFid m1ulc5thOCDYUktJWvUU7a+tNmwwL2rD4MZ6Z7AdTn5zeU00/FSh2B6PrWVoBZgJ LB0TDBCQg1jkk3e9Tm0NFrjjG287GzIxyhbM4K8wq7wrXBCKJGLnjm7MnxZLD9dQ 9BfsBZvQtFvvUGxOxCHyt/yw =KJOg -----END PGP PUBLIC KEY BLOCK----- If your web browser does not support the highlighting of text with a mouse, then do a Save As command to download the keyfile to the PGP directory on your computer. There are alternative methods to obtain (or deliver) a PGP Public Key: You can simply e-mail the keyfile that contains the PGP PUBLIC KEY BLOCK instead of using a PGP Public Key Server. You would e-mail your keyfile to your friend, so that your friend could encrypt messages to you, with your public key. And, your friend would e-mail their keyfile to you, so that you could encrypt messages to them, with their public key. You can post your PGP PUBLIC KEY BLOCK on your web site or ftp site. A visitor need only highlight the entire PGP PUBLIC KEY BLOCK with their mouse and copy. They would then paste the KEY BLOCK into a text editor and save it as a keyfile. (See STEP FIVE for instructions on naming a keyfile). You can obtain a person's public key from their web site or ftp site in the same manner. STEP EIGHT: ADD A PERSON'S KEY TO YOUR PUBLIC KEYRING After you receive an individual's public key (as in STEP SEVEN), you must add that person's key to your public keyring (pubring.asc), so that PGP can use it. At the DOS prompt type: pgp -ka keyfile This will automatically add the person's key to your public keyring. For example, to add John Q. Smith's key to your keyring you would type: pgp -ka jqskey.asc To view your key ring and verify that the key was added properly, type: pgp -kv at the DOS prompt. STEP NINE: ENCRYPT A MESSAGE Type a short test message with a text editor and save it as an ascii file, message.txt. To encrypt and sign your message, go to the DOS prompt and type: pgp -seat message.txt sender_userID recipient_userID Remember that you don't have to type the full userID, but if the userID has a space in it, then the userID must be in quotes. Since the message is signed, you will be asked for your pass phrase. Type in your pass phrase that you created in STEP THREE, Part 3, and press Enter. The program will then state: Transport armor file: Message.asc Message.asc is the name of the encrypted ascii file that you will e-mail to your friend. Note: to see what the individual letters (-seat) instruct PGP to do, at the DOS prompt type: pgp -h for online help. STEP TEN: SEND AN ENCRYPTED MESSAGE AS E-MAIL Open the encrypted ascii file, message.asc, with your text editor. Copy/paste the entire PGP MESSAGE block into your e-mail client, then send your e-mail in the usual way. Below is an example of a PGP MESSAGE that would be copied. Be sure to highlight all the dashes "-----" at both ends of the MESSAGE. -----BEGIN PGP MESSAGE----- Version: 2.6.2 pgAAATVqaqdNzOXCQBI/XNhE9nOZSUBbhGr6UuiSKty2jT/aP8/VhY8/WxLkfmsm H1AlD5TBzoBwDMqLLQCT9SU0NozeAFCMRMzMl0c1AFB2dT/YNE5Y2hE00TfkHecM ddggHzxVur+Xcon6C1tN0TUAQqLK+l0+aomtYBeRghVGAqTHB3nA71yK9MXeEcz2 lzEqUJuhKORCMYy6GfeW5ZRKmKloggJXHIafisF82Fw9FZXKHjbsUKtQZCYWxADR XSs6QzedojKNu33MvxNzjqX4JGUr4w7rYSCY6L2SJWz0MROop1EsHNb0AS/cdd0t eKNFi6JrHfG3aSBkL9QNcfqsQZiyeAjxv9/YsbJGC4h0Nxlu+Dlfq5nXajARaJNG szmrPNYxwIO7waKIeB6Y84OE9CcMXd7TriY= =5+NR -----END PGP MESSAGE----- STEP ELEVEN: DECRYPT AN ENCRYPTED E-MAIL MESSAGE When you receive an encrypted e-mail message save the message to your hard drive using "asc" as the extension to the file name. (e.g., message.asc) To decrypt the message that you received, type: pgp message.asc -o message.txt. The file name "message.txt", after the -o indicates the name of the output file that you will create and read. You will be asked for your secret pass phrase to decrypt the message. After creating the file "message.txt", read it in a text editor. Assuming you have installed PGP, you can go back to STEP TEN, and try to decrypt the actual PGP Message shown there. Remember, highlight the entire PGP MESSAGE block with your mouse and copy. Then paste the PGP MESSAGE block into a text editor and save the message to your hard drive as "practice.asc". To decrypt the file type: pgp practice.asc -o practice.txt at the DOS prompt. When asked for the pass phrase type in "Zimmermann Rules", without the quotes, and press enter. Then view the newly created file "practice.txt" with a text editor or your favorite file viewer. STEP TWELVE: READ THE DOCUMENTATION PGP JUMP START is not a substitute for your reading the files, pgpdoc1.txt and pgpdoc2.txt, which contain documentation for PGP. Before using PGP, at least read Volume I of the PGP User's Guide, pgpdoc1.txt. Reading the manual tends to get neglected with most computer software, but Cryptography software is easy to misuse. If you don't use it properly much of the security you could gain by using it will be lost! You might also be unfamiliar with the concepts behind public key cryptography; the manual explains these ideas. Even if you are already familiar with public key cryptography, it is important that you understand the various security issues associated with using PGP. PGP may be an unpickable lock, but you have to install it in the door properly or it won't provide security. Below is a list of PGP Documentation files which come with the program: setup.doc - Installation guide pgpdoc1.txt - PGP User's Guide, Vol I: Essential Topics pgpdoc2.txt - PGP User's Guide, Vol II: Special Topics pgp.hlp - Online help file for PGP To display the online help file, type: pgp -h at the DOS prompt. You may prefer to read the hypertext version of Phil Zimmermann's PGP Documentation files at http://www.pegasus.esprit.ec.org/people/arne/pgp.html After reading all the PGP documentation if you still have a specific question you can ask the noble PGP Help Team at http://www.well.com/user/ddt/crypto/pgp-help-team.html STEP THIRTEEN: PGP THE EASY WAY PGP is a DOS command line program, surviving in a Windows world. Many computer users have no interest in using arcane DOS commands. PGP The Easy Way means using a Windows Front-End program. You may download a PGP Windows Front-End program (or a PGP DOS Shell) (or even a UNIX or OS/2 or Mac Front-End) from Scott Hauert's Website at http://www.primenet.com/~shauert/ To incorporate PGP with your e-mail client try Joel McNamara's Private Idaho at http://www.eskimo.com/~joelm/pi.html the Windows PGP Front-End, which facilitates sending/receiving encrypted email messages. There's even a Windows Front-End which runs as an extension to Eudora, called PgpEudra at http://www.xs4all.nl/~comerwel/ The most recent version of PGP JUMP START, which is always found at http://tucson.com/2001/pgpjumps.html, may be freely distributed for non-commercial purposes, by any electronic means. Please leave intact, unaltered, and fully credited. However, neither the author of this document, nor any of its distributors are liable for any loss, damage, or breach of security which may result from its use. Copyright 1996 Author: John Whitman <75211.2147@compuserve.com> Editor: William Johnson