THE BEGINNER'S GUIDE TO PRETTY GOOD PRIVACY Version 1.1 (April 13, 1995) by Bill Morton This version is for the following users: PGP 2.6.2 or 2.6i Table of contents: I. The beginner's guide to pretty good privacy. A. Table of Contents B. Information about this edition. C. DISCLAIMER D. Permisson to distribute. II. Introduction. A. Hello there! B. Definitions C. Of front ends and easy approaches D. The PGP command line. E. Playing for perfection III. Some installation tips. A. Where to install it. B. Of drives and directories C. Generating a secret key IV. Key Management. A. Sign your own public key. B. Extracting a public key C. Adding a public key to your public key ring. D. Key verification. E. Signing someone else's key F. The use of Secret Keys and Public Keys. V. Preparing a text for encryption. A. The basics VI. Encrypting a text. A. Basic encryption B. ASCII armor C. Signing a ciphertext D. Wiping and deleting a file E. A Brief note on file extensions VII. Mailing a ciphertext. A. Cut and paste B. File size C. Enclosing a file VIII. Decrypting a ciphertext. IX. Editing the config.txt and autoexec.bat files. A. AUTOEXEC.BAT B. CONFIG.TXT C. Congratulations! X. Some other interesting PGP uses A. Signing and clear-signing B. Other kinds of files C. Signature certificates D. The -c option XI. Some ways to get into trouble A. Improper keyring security B. Accepting uncertified keys C. Plaintext insecurity D. Spy stuff E. When NOT to use PGP. XII. Conclusion. B. Information about this edition. This document was written with the DOS user in mind. If you use a Mac or another operating system you will find it necessary to adapt some of the practises described here to your situation. However, no matter what system you use you can read this document and benefit from it. This text is provided in ASCII format without page breaks or any other printer characters inserted. Thank you William Evans for your diligent proof reading and suggestions which have been heeded, mostly. C. DISCLAIMER You have been asked to read the documents which came with your PGP package, especially the volume of ESSENTIAL TOPICS and you should do this at the first possible moment. This document will attempt to introduce you to the basic use of PGP; the basic concepts of key management, and the basic concepts of text security. This is to get you "up and running" in PGP as safely as possible. Perhaps after a few days of PGP use you will be able to go back to the original documentation and read it more clearly. Until then use this BEGINNER'S GUIDE. HOWEVER, neither the author of this document, or any of its distributors are liable for any loss, damage, or breach of security which results from your failure to understand and use PGP properly. D. Permisson to distribute and other legal stuff. This document may be freely distributed under the following conditions: This document, THE BEGINNER'S GUIDE TO PRETTY GOOD PRIVACY, may be distributed by any electronic means; e-mail, ftp archive, Web page, BBS file, floppy disk. The author reserves all rights to any hard copy distribution. Individual users may make a hard copy for their own private use. When distributing this edition of THE BEGINNER'S GUIDE TO PRETTY GOOD PRIVACY, the attached PGP signature must remain attached and the PGP signed document and the signature must remain unaltered. To obtain my public key to verify the signature on this document please e-mail me: wjmorton@nbnet.nb.ca Don't send me any money! If you find that this document has made your use of PGP easier then all I ask is that you help one other person to begin using PGP. Finally, the mention of any copyrighted software in this document does not imply an endorsement of PGP by the software authors. II. Introduction. A. Hello there! Welcome to the wonderful world of encryption. You have decided for whatever reason to use encryption to protect your e-mail and other data stored or transmitted electronically. Good decision. Many people think that people who encrypt their e-mail have "something to hide." Well they do. Just like you they choose to keep their private thoughts to themselves and share them only with the people with whom they choose to share them. Or, just like you, they have information which they wish to e-mail or store that needs to be hidden from business competitors or even competitors in their own office. The beginning of this document is going to be rather terse. We will begin by defining a few terms and introducing a few concepts and then get right down to installing PGP and using it. For those of you out there who are real sticklers for technical precision I would advise you to tune out right now. If you want hard core information read the PGP documentation. As a general rule, if a description given below is brief that's because the technical nuts and bolts are described in the documents and if you want to know why I'm telling you to do something then read the documents. If a description is long and it seems like I'm hammering the same point over and over it's because it's a really important point. Usually it something that's also described in detail in the PGP documents but it's probably a point where if you make a mistake you will compromise the security of PGP and probably get yourself into trouble. B. Definitions PGP: Pretty Good Privacy, a program developed by Philip Zimmermann which uses public key encryption. It enables two people to communicate by e-mail, whether interoffice or intercontinental, with the greatest probability that no one but the sender and the receiver can read the text. Plaintext: The actual message, text, data, program, GIF file, or whatever. It can be read, run or viewed by anyone. PGP can encrypt any type of data but for the purposes of this document we will refer to the plaintext as a text or message. Ciphertext: What the plaintext looks like after it is encrypted. Unreadable, unrunable, unviewable except by the person with the key to decrypt it. Encryption: Taking plaintext and turning it into ciphertext. Decryption: Taking ciphertext and turning it into plaintext. Text editor: A plain vanilla ASCII text editor is unlike a word processor. You can encrypt word processor files but you should be aware of some of the security drawbacks. Word processors use swap files and automatic back-up files to make it almost impossible for you to lose your text. This is a good thing unless you don't want people to read your text, either by accident or on purpose. For example, this document is being written with MS- Word. When I quit for the night and save the uncompleted manuscript in the file PGPBEGIN.DOC MS-Word automatically saves a copy in PGPBEGIN.BAK. If I work on this document for more than a few moments MS-Word also saves the file in an autoback-up file in case the power goes off. Also, whenever I edit the file MS-Word saves chunks of this file in case I want to undo my edits. This is great for making sure I don't lose my text, terrible for security. Certainly I could go through my entire hard disk and delete each file but even then a simple DOS command like UNDELETE could bring them back to life. So for the purposes of PGP security always use a text editor like MS-Editor that comes with MS-DOS and then use the -w command option with PGP. (More about this later.) Public Key: This is the part of PGP which is used to encrypt text. This is the key that you give to other people so that they can send ciphertext to you which only you can read. Secret Key: This is the part of PGP which is used to decrypt text. This is the key which allows you and only you to read the ciphertext that was made by your public key. It is protected by your pass phrase. Key id: A hexadecimal number assigned to each key generated which may be used instead of the user id to identify a key. Key Fingerprint: A long string of hexadecimal numbers which is diplayed when you use the PGP command: pgp -kvc john The key fingerprint is used to authenticate PGP public keys. User id: This is also attached to the secret and public keys when the keys are generated. It is the name (and e-mail address) of the person to whom the key belongs. Public Keyring: A file called pubring.pgp where you keep your public key and the public keys of the people to whom you want to send ciphertext. Secret Keyring: A file called secring.pgp where your secret key (or keys) is stored. Command line: A line typed at the DOS prompt which sets a program in action. C. Of front ends and easy approaches In this document I will not be detailing how to physically install PGP on your machine. The central focus of this document is enabling you to use PGP with the greatest ease with the greatest security. And now a word about "front ends." The term "front end" (sometimes referred to as a "shell") refers to a program which acts as an easy user interface for another program . Front ends have been designed for the Amiga, MS-Windows, Macintosh, and MS-DOS environments and to work with various e-mail and newsreader programs. The advantage to using a front end program is that PGP becomes easier to use. The major disadvantage, from the aspect of learning PGP, is that front ends hide the operation of PGP from the user. If you learn to use PGP from the command line and develop some understanding of what is going on, you are less likely to make a mistake which will compromise the effectiveness of PGP and your security. Later you may wish to take advantage of one of the front ends which are available. That can be your decision. However, I believe that after you work your way through the following document you will find PGP so easy to use that you won't need to make it any easier. D. The PGP command line. The PGP command line is simple to construct because it is made up of some basic parts. A PGP command line that you will encounter later in this document looks like this: pgp -seatw intro.doc John -u Mary Right now it may look like gibberish but by the time you read one third of this document you will understand the simplicity of the command line. For now let's look at the parts and give them general names and describe each part's use. "pgp" These letters start Pretty Good Privacy. They will be the first three characters that you type every time you use PGP. "-seatw" The command options. There are a variety of command options that tell PGP what to do. When a command option is being described individually it will be referred to as a single character with a dash preceding it: "-w". However, on the command line only one dash is needed before the command options. Therefore to use the command options -s, -e,-a, -t, and -w you would type pgp -seatw not pgp -s-e-a-t-w "intro.doc" This is the name of the file that is to be encrypted. Any file can be encrypted by PGP as long as you put its name here. The name of the document can even include the path to the document. (This saves the necessity of copying the document.) For example, if PGP is installed in a directory on your hard drive called C:\PGP and the file you want to encrypt, sales.txt is in a directory called C:\REPORTS you could use the following command line while in the PGP directory: pgp -seaw c:\reports\sales.txt. In this example PGP will create an encrypted file called sales.asc and place it in the REPORTS directory. "John" This is the user id attached to the public key that you want to use to encrypt the file. This is the "name" of the person to whom you are sending the ciphertext and the only person who will be able to read the text. The user id's attached to public keys usually include the name of the person to whom the key belongs and some other piece of information, usually their e-mail address. They typically look like this: John Qwerty The nice thing about PGP is that you don't have to type out the complete user id to make use of the public key attached to it. To encrypt a file using John's public key I could type at the command line any of the following: pgp -seaw intro.doc John pgp -seaw intro.doc qwerty pgp -seaw intro.doc "John Qwerty" [The only time you must use quotes around the user id is if there is a space included.] There is one "however" to include here. If you have more than one public key on your public key ring with the name "John" in the user id PGP will automatically pick the first "John" it comes to. You may have to use the last name or the full user id to pick the key you want. If you use the full user id remember to enclose it in quotes. PGP public keys are also identified by a key id which may be used to identify the public key you want to use. This is described in the PGP documentation. Another nice thing is if you forget this piece of information in the command line PGP will ask you for it. "-u Mary" This is the user id of the person using PGP to send the document. As you will see later this form is used with the -s option. This is the name you used on your secret key. If you use the -s option and forget the -u part PGP will use the last secret key you created. E. Playing for perfection There are many ways to learn. There's memorization which is great if you want to remember the multiplication table but it won't work for PGP. Then there's the old "Learn from your mistakes" method. Great if you're working on a BMW but in the world of personal security one mistake can be costly. The only way you can learn PGP safely and quickly is through play. In the course of this guide you will create keys for two fictional people. Then you can play a game of sending encrypted e-mail back and forth between the two of them. III. Some installation tips. A. Where to install it. One possible way to compromise the security of PGP is to install it in a place where people have access to your keyrings. You keyrings are in the files labeled SECRING.PGP, SECRING.BAK, PUBRING.PGP, and PUBRING.BAK. These files need to be protected from prying eyes. Therefore, installing PGP on your machine at work which is networked to every other machine in the office or in your account on the mainframe is not a good idea. The files SECRING.BAK and PUBRING.BAK are automatic back-up files of your keyrings. I will not mention them again but all of the security precautions you would take for the files ending with .PGP apply to these files. For more information on the usefulness of the .BAK files and how to use them please read the PGP documentation. Ideally, you will install PGP on a machine which is not accessible to any other user. If you want more security, install PGP on a floppy disk and only put that floppy into the drive when you want to use it. I have installed PGP on the hard drive of my personal computer. It is not connected to any networks and no other users have access to it. This setup could be made extra secure by putting my keyrings on a floppy and storing them under lock and key somewhere else. If you want to use PGP in the office or any other environment where security is an issue here's a few suggestions: You could install PGP on your home computer, produce the ciphertexts at home then move them to a floppy which you take to your work computer, copy and send. At the end of the day you copy all of the ciphertexts that you have received, take them home and decipher them. Take PGP to work with you on a floppy, only run it when your computer is not on the network and always take the floppy out of the drive and lock it away. (Especially when you go to the bathroom.) For a further discussion of the physical security aspects of PGP see the PGP documentation. By now you should have the idea that under no circumstances should your keyrings be placed where someone else can have access to them. Although your secret key is protected from the casual passerby by your pass phrase you must understand that the pass phrase is one of the weaker links in the PGP chain. A person with unlimited access to your secret key and a little time could crack your pass phrase (if you have a weak pass phrase) and begin to read your incoming mail and send mail signed by you. Answer this question: Does anyone whom I would not want to read my mail have access or could potentially have access to this machine? If you answered yes then only run PGP from a floppy. If you answered no then install it on your hard drive. B. Of drives and directories Put PGP in a directory labeled PGP unless you're putting it on a floppy. When using PKunzip use the -d option so that the documentation is put in a separate directory. Read the documents. Later versions of PGP have been designed not to run without the documents present unless you twiddle with the program. If you want to do that then read the documents and find out how to do it there. At this point you may be tempted to add some lines to the autoexec.bat file. Some of these additions make PGP easier to use but they are not necessary. You may also be tempted to edit the mysterious config.txt file. Resist the temptation. We will discuss editing config.txt and the autoexec.bat files later to make PGP easier to use but for the sake of your security do the following exercises in the directory in which PGP is installed. Once you have PGP in a directory type the following command line: pgp -h This will give you a list of all the command options for PGP. This will also prove that you have something that runs. C. Generating a secret key For practise start by generating two secret keys. We will begin with two casual grade keys and then you can later apply all of the principles learned by a few hours of practise to generate larger keys with greater security. At the command prompt type: pgp -kg 1. Key size You will be asked to select a key size. For these practise sessions pick 1. Casual grade. When you get to generating keys for real select 3. Military grade which produces a 1024 bit key. 2. User Id You will then be asked for your user id. This usually consists of your name and e-mail address and it's how everyone will remember that this key belongs to you. For the practice session type the following: John Qwerty Of course your user id can be anything you want it to be. For example, if you only use PGP on a BBS and you only want to be know by your alias you could enter just your alias. 3. Pass Phrase The next request is for the pass phrase. The pass phrase will be used to unlock the secret key to use it to sign texts and decrypt messages. This is one of the points where you have to be security conscious. The shorter the pass phrase the easier it will be for someone to crack it. Also, do not use your name, your spouse's name, the name of your first born child, your dog's name, your telephone number (work, home, or any combination there of). Use something which is reasonably long and yet something that you can remember. If you want to spice it up you can use unusual spacing, capitalization, and odd characters. For example: Example 1: Willy Wonka meets the Terminator Example 2: willywoNKA meet$ the^ terMIN@tor Both examples are 32 characters long. Technically example #2 would be harder for a machine to guess because it uses odd ASCII characters but #1 has the advantage of being easily remembered. (Tech point: "Willy" is not the same as "willy" and both are different than "wiLLy". Remember, if you capitalize it once it's forever.) NEVER WRITE YOUR PASS PHRASE DOWN! Most of the major security breaches of the 20th century have been the result of people writing their pass phases, PIN's or passwords down. [Note: For the purposes of this exercise use simple pass phrases. When it comes time to make your own secret key pick a good strong pass phrase.] 4. Typing random bytes PGP will now ask you to type for awhile depending on the size of the key you are making. The reason for this is covered in the documents. Just type one of your favorite poems. (Don't sit there and hit the same key again and again.) The bigger the key the more you will be asked to type. Just type until you hear the beep. Then you'll be asked to wait and the program will generate your secret and public key for "John Qwerty". The bigger the key the longer the wait. Take heart though, you only have to generate one secret/public key pair so a little time now pays off later. Congratulations, you have just created a public key and a secret key. Do it one more time for the following fictitious user id: Mary Asdfg Give Mary a different pass phrase than the one you used for John. For normal use you would create only one secret/public key set with your name on it. For the rest of this tutorial we will use the names John and Mary to signify two PGP users who are using PGP to protect their privacy. 5. Another World At this point some of you are asking, "Why do John and Mary want to use PGP? They must be up to something! To keep your mind out of the gutter and to provide you with a practical use for PGP I'll tell you why they are using PGP. John and Mary work for the same company. John is in the New York office and Mary works in the San Francisco office. They are working very hard on a presentation to the Board of Directors concerning the future of the company they work for: Glomabyte Inc. The information they are exchanging could compromise the financial situation of the company if it fell into the competitor's hands. That's reason #1. Reason #2 has to do with the manager of the NY office, Judy Putz, and the manager of the SF office, Vinny Brick. Both have advanced their careers by appropriating ideas from others. In the past they have just cruised by their victim's desk while the victim was on a break and quickly copied all the files on the victim's computer onto a floppy and then went to their own office to read them at their leisure. John and Mary have already taken the precaution of installing security systems on their PC's at work. However, as managers both Judy and Vinny can monitor e-mail. Most of this stuff is just nasty rumor but there have been too many coincidences. John and Mary have installed fairly good security systems on their personal computers but they know that their e-mail is vulnerable. For both these reasons John and Mary have decided to use PGP. They have both installed PGP on floppy and keep the floppy under their possession at all times. For Mary to be able to send ciphertext to John that only he can read she needs a copy of John's public key. For John to send ciphertext to Mary that only she can read he needs a copy of Mary's public key. The next step is PGP key management. Every time you use the -kg command option you generate a unique key pair. If you generate two key pairs with the same user id they will be different keys with different key id's and plaintext which is encrypted with one key will not be able to be read with a differnt key. For example, we could generate another key for John Qwerty using the same user id so that we now have two keys for John Qwerty distinguishable by the key id number and fingerprint. Let's call them key A and key B and I'll show you how John can get into trouble. John distributes the public key component of key A to all of his associates who then use it to encrypt mail and send it to him. John decides to use key B for his friends. So far, fine and good. However, the only way that John can distinguish between the two keys is with the key id number. He must remember when sending a ciphertext to his friends that he must sign with key 0x45F6 and when he sends a ciphertext to his associates he must sign with key 0x3FC6. Sometimes he gets the keys mixed up and the recipients of his messages get an "Unknown Signature" message which causes some concern. Also, if you generate a key pair and then delete the file SECRING.PGP there is no way to reconstruct your secret key. You would not be able to read any mail sent to you which was encrypted with the public key that matched the now missing secret key. Keep a back-up copy of your keyring files in a safe place. IV. Key Management. A. Sign your own public key. Signing a public key is saying, I know who this person is and trust that this key belongs to them. You know who you are so sign your own public key. This also makes it next to impossible for someone to tamper with your public key. Sign John's public key with John's secret key with the following command: pgp -ks John -u John Sign Mary's public key with Mary's secret key with the following command: pgp -ks Mary -u Mary For all signing procedures you will be asked for the pass phrase for your secret key. Your secret key is used to sign things like other people's public keys and to sign texts. Since you are the only one with your secret key then the message must have come from you. Right? B. Extracting a public key John sits down at his computer and types the following command: pgp -kxa John PGP asks him: "Extract key to which file:?" He types "john" He ends up with a file called JOHN.ASC. He then mails the file JOHN.ASC to Mary. Mary does the same thing with her public key and sends the results, MARY.ASC, to John. (More on actually sending PGP files later.) You, of course, have actually created these files. Take a look at them with a text editor. C. Adding a public key to your public key ring. John types the following command: pgp mary.asc PGP "reads" the file, notes that it is a public key, asks John if he wants to add it to the public key ring, and then asks a few more questions. (More on those later.) (At this point you will not be able to "add" these keys because you already have them on you public keyring.) After Mary has added John's public key to her public keyring they are now ready to send PGP encrypted material back and forth. However, there is one way that Vinny or Judy could compromise the security of John and Mary's PGP keys. It involves a complicated switching of keys but it can be done. John and Mary must make sure that the public keys in their possession are actually the public keys of the person whose name appears in the user id. D. Key verification. It should have occurred to you by now that you could create a key with any user id on it. Let's say you create a key with the user id: Bill Clinton . Unless I can verify that this key actually does or does not belong to Mr. Clinton then I might be fooled into thinking that I was sending mail to the "real" Mr. Clinton. PGP provides a method for key verification. John and Mary have each other's home telephone numbers and they have had enough telephone conversations to recognize each others voice. They have also met several times. They arrange a mutually convenient time and meet on the telephone. John is sitting at his computer and Mary is sitting at hers. John types the command: pgp -kvc mary This shows him the "PGP fingerprint" of Mary's public key. At the same time Mary has typed the same command. Then John reads to her the list of numbers and letters. If it matches the fingerprint that Mary has then they both know that John has received a copy of Mary's public key and that it is safe to use it with confidence. They repeat the procedure for John's key. Right now John and Mary are ready to begin sending texts back and forth in the security of PGP. E. Signing someone else's key John now types the command: pgp -ks mary -u john Mary types: pgp -ks john -u mary In answering the questions presented by PGP they are "telling" PGP that the key in question actually belongs to the person whose user id is attached and the level of trust accorded to that person's ability to manage keys. In order for Mary to have a copy of her public key with John's signature on it John must do the following: pgp -kxa mary and creates a file called MARY.ASC which he then mails to Mary. When Mary receives the file she types the command: pgp mary.asc PGP reads the file and automatically adds John's signature to her public key. Mary repeats the procedure with John's public key. 1. The Web of Trust PGP is unique in that it relies on the users to a great extent for the security of public keys. When you sign a public key you make two evaluations. The first and most important one is "Does this key belong to the person to whom the user id says it belongs?" For example, if Mr. Clinton comes to my house with a disk containing his PGP key and someone I really trust, like Melissa my barber, comes along and says "That really is Bill Clinton," then I might sign his key. However, if I get a piece of e-mail with a note saying, "Hi Bill. I want to get my key signed by all the Bills in the world. Signed Bill Clinton," I am definitely not going to sign the key. The second evaluation that is made is my trust of that person's ability to sign keys. For example, Let's say Mr. Clinton did drop by for coffee and I did sign his key. Let's also say that you have met me and signed my public key and placed it on your key ring and indicated to PGP that you completely trust my key management abilities. When you receive Mr. Clinton's key you are more likely to accept it as genuine. Once you evaluate a person's key management ability PGP automatically evaluates every key that person signs. And this evaluation never leaves your Public Keyring. So if you have a friend whose key you feel comfortable signing but you know that they are a bit of a ditz when it comes to signing other people's keys you can still sign their key but set the trust parameter low. F. The use of Secret Keys and Public Keys. When you use the PGP command -kg you actually generate a key pair. Both keys have the same user id attached. The Secret Key is the key you use to unlock ciphertext that is made with your Public Key. Your Public Key is the key that other people must have if they are to send ciphertext to you. When you use the PGP command option -kxa PGP automatically makes a copy of your Public Key for you to e- mail to a friend or associate. You never have to worry about "accidently" mailing your secret key. The only way someone could get their hands on your Secret Key is if they get a copy of SECRING.PGP and they manage to break your pass phrase that is used to lock the key. V. Preparing a text for encryption. A. The basics The first thing that Mary wants to send John is a copy of the introduction to the report they are working on. They have both been using MS-Word and so she can send the file in MS-Word format. The first thing Mary does is get to the DOS prompt. Because she uses Windows she clicks on the icon for the DOS prompt. (Another option would be to exit Windows completely.) She then copies the file she wants to send, called INTRO.DOC, to the PGP floppy which she has already installed in the A drive of her computer. [If Mary had installed PGP on the hard drive of her computer she would have copied the text into the PGP directory. Earlier I mentioned that you can include the full path of the file you want to encrypt in the PGP command line. This is true but for the purpose of keeping the example simple I've had Mary copy the file.] She is now ready to encrypt the file for sending. VI. Encrypting a text. Mary has several options which she can choose from to enhance the security of her text in transmission. A. Basic encryption By typing the command pgp -e intro.doc john Mary will produce a file encrypted with John's public key. Only John can decrypt the contents of INTRO.PGP and read it but that's not good enough. The file INTRO.PGP contains some odd characters and because of the way e-mail works it may not make the journey from coast to coast intact. If even one piece of the file INTRO.PGP is changed John will not be able to read it. Therefore, another option must be used to make the file e- mailable. B. ASCII armor ASCII characters are recognized by almost every computer in the world. They like ASCII characters and will pass them on unchanged but they may not like some of the characters that they find in a file which ends with the letters "pgp". Therefore it is necessary to wrap the PGP file in ASCII characters. PGP does this easily and automatically when the -a command option is included. There is also another technical consideration. Some computers use a carriage return and a line feed command at the end of each line, some do not. If Mary was using a MAC and John had an IBM PC this could cause some problems. PGP can automatically compensate for this with the -t command option. Mary might have typed this command: pgp -eat intro.doc john which would have produced a file called INTRO.ASC. Now the file can be e-mailed but that's still not good enough. C. Signing a ciphertext First, a demonstration of why this option is important. Remember Vinny? He has realized early on that John and Mary are going to use PGP and he knows that he will not be able to read their mail anymore. (Vinny has been using PGP for some time because he knows just how important security is.) So he decides to throw a monkey wrench into their working relationship. Vinny captures a copy of John's public key as it goes out in e-mail and adds it to his public key ring. He still can't read John's PGP mail but he does do the following: He writes a nasty note on his word processor and puts Mary's name to it. He then encrypts it using John's public key and sends it to John using Mary's account. (Stranger things have happened in the world of office politics.) John receives the ciphertext, decrypts it, and is startled for a moment. Then he realizes that the message is not signed with Mary's secret key. Mary always signs her messages therefore the message probably doesn't come from her. Signing a message with your secret key means that the message could only have come from you since only you could have a copy of your secret key. Therefore Mary encrypts the file INTRO.DOC with the following command: pgp -seat intro.doc john -u mary This produces a file named INTRO.ASC which has been signed with Mary's secret key. To sign the file Mary will be asked to enter the pass phrase for her secret key so that PGP can unlock her secret key and use it. Therefore, if her pass phase is long enough and unguessable even if someone were to steal her secret keyring they still could not read her mail and sign ciphertexts with her secret key. (Now do you see why I went on about pass phrases earlier!) Mary is now ready to send the ciphertext to John but there is one more security issue that she wants PGP to deal with automatically. D. Wiping and deleting a file. Mary still has a copy of INTRO.DOC on the floppy she was using. She wants to get rid of that copy just in case the worst happens and she loses the disk or accidently leaves the disk in the machine and Vinny comes along and makes a copy of it. Deleting a file just won't cut it in the world of security. When you use the command to delete a file what happens is the "address" of the file is removed from the operating system and its name no longer appears in the file lists. However, the data itself, the contents of the file, remain on the disk and can be restored to a readable state by a simple command. It is necessary to wipe the file first with the PGP -w command option and then delete it. When PGP "wipes" a file it smears it with a bunch of electronic gobble-de-gook. Any attempt to look at the file would only yield a screen full of meaningless characters. Then PGP deletes the file. Therefore Mary uses the following command to encrypt the file she is sending to John: pgp -seatw intro.doc john -u mary Except for a few exceptions Mary always uses the command options -seatw to encrypt her mail. So should you. There are some exceptions and we will touch on them later but for now get into the habit of typing "pgp -seatw" A word of caution. When you use the -w option make sure you really don't want the plaintext around. If Mary had referred to the original copy of INTRO.DOC in the PGP command line like this: pgp -seatw c:\project\intro.doc john -u mary then the next time she went to look for INTRO.DOC it would be gone. She would have to send the file INTRO.ASC to John, have him decrypt it and then encrypt it with her public key and send it back. Mary is now ready to mail a ciphertext to John. E. A Brief note on file extensions File extensions are the three letter tags on the end of file names. For example "sample.txt" has a file extension ".txt" which generally indicates that it is a text file. PGP uses two file extensions: ".pgp" indicates that the file is PGP encrypted in binary format. ".asc" indicates that the file is PGP encrypted AND wrapped in ASCII armor. While these are the file extensions PGP uses they are not necessary. If I PGP encrypt a file called SAMPLE.TXT into a file called SAMPLE.ASC I can rename the file BINKY.TXT. As long as the PGP headers remain in the ciphertext all I need to do to read the file is type: pgp binky.txt PGP will automatically detect the PGP encryption, and if I have the proper secret key, it will decrypt the file. VII. Mailing a ciphertext. There are a variety of e-mail packages around which make it next to impossible to give detailed instructions. Therefore, we will describe in general terms the methods for getting a ciphertext to its destination. You will have to experiment with your system. A. Cut and paste 1. Open the encrypted file with a text editor. It is important that you use the text editor with your mailer or some other text editor. Some word processors add special formatting characters automatically to files that they open and save. They may also change the line length or use word wrap to change the shape of the text. A PGP encrypted message must retain its integrity to be useful at the other end. 2. Select all the text in the file. Everything from -----BEGIN PGP MESSAGE----- to -----END PGP MESSAGE----- must be included. 3. Cut it. 4. Paste it into the message area of your e-mail Be sure not to change the least smallest character in the ciphertext. You should also be aware of the line length in the e-mail window. An ASCII armored file is 65 characters wide. If your line length is set to 60 then your program may attempted to split the lines and thereby corrupt the ciphertext. The can also cause problems for clearsigned texts. B. File size If you use the cut and paste method for sending your encrypted files then you may run into a technical glitch. Most e-mail systems have a maximum size for the message being sent, sometimes around 50 Kb or 720 lines of text. PGP can automatically compensate for this. One of the settings in the config.txt file (which we are soon going to begin looking at) tells PGP to break long files into shorter files. Let's say that Mary's file, INTRO.DOC, when encrypted produces a file 98 K long. Instead of producing a large file labeled INTRO.ASC, PGP automatically produces two files labeled INTRO.AS1 and INTRO.AS2. Mary would then send both files in separate e-mail. C. Enclosing a file Most e-mail programs have an "enclose" function. This allows you to send a file along with a message. Mary could type a brief note saying: "Here's the material we talked about," and then send the file INTRO.ASC as an enclosure. Either method works so pick the one you like. If you can try sending yourself some encrypted e-mail using both methods. VIII. Decrypting a ciphertext. Mary chooses to use the enclosure method and so John receives a brief note with a file attached which is placed in the directory c:\mail\incoming. When he sees the .ASC file extension he knows it's a PGP file so he puts his PGP disk into drive A and switches to DOS. He copies the file to the PGP disk, (or directory if he has installed it in a directory on his hard drive) and types the following at the command line: pgp intro.asc PGP asks him for the pass phrase to unlock his secret key. PGP announces that the file has a good signature from Mary and then produces a plaintext file called "INTRO". At this point John can read the file with his word processor or text editor. It's that simple. If John is using a word processor like MS-WORD to read the file then he may want to rename the file "INTRO.DOC" but that's his choice. If the file is too big to be e-mailed and PGP has broken INTRO.ASC into INTRO.AS1 and INTRO.AS2 then the only change John has to make to his command line is pgp intro.as1 PGP automatically reassembles the file and places it under one file name. If Mary had used the cut and past method and placed the PGP file into the message area of her e-mail John would simply save the e-mail to a file. In her subject header Mary would give some indication as to what file name to use. Either, "Save this as intro.asc" or "Save this as intro.as1". The one time that the file extension is important is when a large file has been broken into smaller files. Then the numbered file extensions are used to reassemble the original text. Therefore if plaintxt.doc has been PGPed into plaintxt.as1, plaintxt.as2, plaintext.as3 it is important that the file extension be affixed. If John wanted to automatically restore the original file name he would have used the following command line: pgp -p intro.asc The -p command option automatically restores the original filename to the document. IX. Editing the config.txt and autoexec.bat files. One of the files that popped into existence when you installed PGP was a file labeled CONFIG.TXT. This file allows you to store some of your preferences and makes using PGP even easier. In this part of the Beginner's Guide to PGP we will explore modifying that file (it's easy!) and the AUTOEXEC.BAT file (even easier!). Then we will look at some other PGP options you might use. A. AUTOEXEC.BAT The AUTOEXEC.BAT file sets up some of the options which make using programs on your computer easier. You can add a couple of items to AUTOEXEC.BAT which will make using PGP easier. Here's a step by step guide: 1. Open AUTOEXEC.BAT with a text editor. You cannot use a word processor like MS-WORD or WORDPERFECT to edit this file. You must use something like MS-EDITOR or NOTEPAD in MS-WINDOWS. Before making any changes save your current AUTOEXEC.BAT as AUTOEXEC.OLD just in case. (You should have created a back-up boot disk long ago.) 2. Put PGP in the PATH Find the line which starts with the word PATH. It will look something like this: PATH=C:\;C:\DOS;C:\GMOUSE;C:\WORD If you have installed PGP on your hard drive add the following to the end of the above line: ;C:\PGP so that it now looks like this: PATH=C:\;C:\DOS;C:\GMOUSE;C:\WORD;C:\PGP 3. Set PGPPATH The environment variable PGPPATH tells PGP where to look for the files it needs to operate. Just below the line which starts with PATH add this line: PGPPATH=C:\PGP I am assuming that you have installed PGP in a directory named PGP on your hard drive. If it's elsewhere then put the path to elsewhere here and in the PATH line. 4. Re-boot To get all the modifications that you have added to take effect save your new AUTOEXEC.BAT, exit the text editor, and reboot. Simple. These changes will allow you to use PGP in any directory and on any disk. Instead of copying files around just go to the directory or disk where the file you want to encrypt is and use the PGP command line. The encrypted file will be created in the same directory. B. CONFIG.TXT CONFIG.TXT is a file of PGP options which can be set by the user. It is mostly self explanatory and all you need to do is open it with a text editor and make the changes which you want. I am going to suggest four specific changes which will make your use of PGP more effective and explain one of the other options. As for the other options included in CONFIG.TXT you can make up your mind about them after reading the PGP documents. 1. MYNAME The first option you will encounter is #MyName = "John Q. Public" Normally PGP will use the last key added to your secret key ring to decrypt and sign things or it will prompt you for the key you want to use. Setting your user id in the quotes will select the key you want to use automatically. You may include your name, your name and your e-mail address, or any item in your user id. Set this one if you have more than one secret key but use one key more than the other. John makes the following change: MyName = "John Qwerty" 2. ARMORLINES = 720 Don't change this setting unless your e-mail system is a little quirky. It affects the size of ASCII armor files. If the big files which you PGP get chopped up into smaller files that are still to big to e-mail than make this number smaller. If you wish to store a big file in ASCII armor with out it being chopped up you can use the following command line: pgp -seaw intro.doc john +armorlines=0 3. #ARMOR = ON If you are going to use PGP mostly for e-mail then remove the "#" from the front of this line. Now you no longer have to use the -a option in the command line. 4. #TEXTMODE = ON Again, if you're using e-mail, PGP will automatically take care of things like translating from one machine to another. Remove the "#" and you no longer have to use the -t option in the command line. 5. #CLEARSIG=ON This is handy if you are posting to USENET groups or if you want to send a plaintext note and still have the security of having signed it so that the text cannot be altered without detection. (As well as indicating to everyone who reads the news group and has your key that the note really came from you!) Remove the "#". Another example of clear signing is this document. C. Congratulations! Save the modifications you've made to CONFIG.TXT and you are well on your way to being an effective PGP user. Remember the command line that Mary used to get the text ready to send to John? pgp -seatw intro.doc john -u Mary Now all she needs to type is: pgp -sew intro.doc john See how easy it gets? X. Some other interesting PGP uses This section discusses some of the interesting uses of PGP. Right now you are set to produce all of the encrypted e-mail that you want. If you can do that you can do everything listed below. A. Signing and clear-signing Authentication is one of the considerations of any security system. Is the person who sent the text the person whom they say they are? Is the file that has been received actually the file that they intended to send? PGP authenticates not only ciphertext but plaintext and binary files as well. Using the PGP command pgp -s plaintext.txt if you have activated the clearsig and armor options in CONFIG.TXT, will produce a file called PLAINTEXT.ASC. It will be readable by anyone but it will also contain a PGP signature. Anyone with your public key will know if the text came from you and if the text has been tampered with. This is helpful if you intend to post something to a Usenet newsgroup or to a BBS message board and you want to make sure that no one changes what you have said. If you want to send a binary file PGP can also be useful. Using the PGP command PGP -sb binary.exe will leave the file BINARY.EXE untouched but will also create a signature certificate, BINARY.ASC. A person who has your public key, the files BINARY.EXE and BINARY.ASC can now detect any tampering attempt made against BINARY.EXE. This is useful if you are planning to post a binary file, perhaps a program you have written, at an ftp site or on a BBS. PGP signatures, whether clear signed or on ciphertext cannot be forged. In other words, if you clear sign a text the signature cannot be cut from the text and pasted onto something else. The signature depends not just on your secret key be on the contents of the text as well. B. Other kinds of files As mentioned earlier, PGP can be used to sign a variety of files, it can also be used to encrypt a variety of files. For example, if you are using a compression utility to archive important documents into a zipped file you could protect those files in one of two ways. You could encrypt each file and then include them in the zipped file. This might take awhile if you have 1000 files to archive. A quicker method, and one which is just as secure, is to archive all of the files in the zipped file first and then encrypt the zipfile. PGP is also an execellent choice for e-mailing binary files like gif, jpeg, exe. Because PGP also compresses the file which it encrypts it also leaves you with fewer bytes to transfer. Basically, if there is a file on your computer PGP can encrypt it. C. Signature certificates There was an earlier mention of signature certificates. These are generated withthe PGP command: pgp -sb text.txt and they have a variety of uses already mentioned. Here's a use that you may not have thought of yet. You can make a signature certificate of any file on your computer. For example, let's say that I made signature certificates for every executable file on my machine and stored them on a floppy somewhere safe. Anytime I wished I could retrieve the signature certificates and compare them to the files. I would know immediately if the files had been altered. While this might not replace virus scanning utilities it is a protection if there is any danger of your system being maliciously hacked. D. The -c option The PGP command option -c enables you to use the IDEA algorythm for encryption without the RSA keys. Each time you use -c you will be asked for a pass phrase. This pass phrase is unique to the file you are encrypting and can change each time you want it to. All you have to do is remember the pass phrase. This is an excellent option for storing files on your hard drive or encrypting stuff to yourself. Because PGP compresses files as it encrypts them is is also an excellent archive format. XI. Some ways to get into trouble. A. Improper keyring security Your keyrings are kept in two files. Your secret key is kept in the file SECRING.PGP and your public keys as well as the public keys of the people you encrypt to are kept in PUBRING.PGP. Both of these files should be backed up on a secure medium and kept in a safe place. If you lose SECRING.PGP and don't have a secure copy then you are stuck. You will need to generate a new key pair and re-distribute the matching public key to all your correspondents. SECRING.PGP is protected by your pass phrase. Don't write the pass phrase down, anywhere. Also, do not use PGP on a multiuser system. There are just too many ways for someone to monitor your keystrokes, capture your pass phrase, and use your secret key. Keeping these two files safe and tamper free is your major security concern with the use of PGP. B. Accepting uncertified keys PGP allows you to use any public key in your possession to encrypt files. You do not need to sign a key to use it nor do you need to accord it any level of trust. However, you must remember that these keys are used "as is"; there is no guarantee that the key belongs to the person whose name is in the user id. Read the PGP docs to learn about how this could cause you a problem. C. Plaintext insecurity One sure way to compromise your security is by sloppy handling of your plaintext. First of all, unless you use the -w command option, your plaintext remains on your disk. If you've just written a nasty note about your boss he or she cannot read the encrypted copy but if the plaintext is still in existence you may be in trouble. The same problem may occur at the other end. Your buddy who decrypts your nasty note may leave the plaintext out in full view. One way to check this is to use the -m command option when encrypting your nasty note. pgp -sewm nastnote.txt john When John decrypts NASTNOTE.ASC PGP will not create a plaintext file. Instead it will print the file to screen only. There is a very simple way to short circuit the -m command option and create a plaintext file but at least using the -m option will alert the receiver that the material is sensitive. You can also use the -m option when decrypting a file. You will be able to preview the text before deciding whether or not to create a permanent plaintext file. Simply type pgp -m ciphertext.asc D. Spy stuff In the documents which come with PGP there is a section that describes some of the tactics used by very determined opponents to compromise your security. Even if you are a perfect user of PGP, securing your keyrings, wiping your plaintext, using a strong pass phrase, etc., there are tatics which can be used by the determined opponent. Some of these tactics require some sophistication like Tempest technology. Other tactics are as simple as a hidden camera pointed at the screen of your terminal. [Hidden cameras are becoming a tool of management with increasing frequency.] The other point to remember is that you can be as security conscious as you could possibly be only to have all your precautions compromised by the recipient of your ciphertext. What it all boils down to is this: PGP provides an excellent protection against random invasions of privacy. Used properly PGP protects your e-mail from any intrusion while in transit or any file PGP encypted while on your machine (provided you have a strong pass phrase and/or SECRING.PGP is not on your hard drive as well.) When it comes to security be as paranoid as you want to be but always remember to have fun. With all of the people who want to examine the details of everything you do personal privacy is one of the major issues of the late 20th century. PGP is a tool to enhance your personal freedom by securing your personal information. It will only work as well as you choose to use it. E. When NOT to use PGP. There are some circumstances when using PGP might not be a wise idea, or if you do use it you might want to consider the risks. Currently PGP is legal to use in Canada, the United States, and many other countries. However, there are some countries which restrict the use of encryption. France is one example. If you are not sure about the encryption laws in the country in which you live get a discreet legal opinion from a lawyer. (Never trust a "legal" opinion posted in a newsgroup.) You may want to exercise some prudence when using PGP at your place of employment. Sending an encrypted file to a co-worker in another department is one thing. However, sending an encrypted message through the firewall to a friend who works at an other company might set off some alarms especially if you work for a major corporation. XII. Conclusion. Congratulations, you are now a new and productive member of the world of encryption. If you have made no modifications to the PGP config.txt file or the autoexec.bat file you can use PGP in just the way that has been outlined in this document. All you have to do is remember to copy the file which you want to encrypt to the directory or disk in which you have installed PGP. Before you go any further delete the John and Mary keys. Use the following commands: pgp -kr john pgp -kr mary It might be the case that you have started using PGP before you read this document and now want to make some changes. If you want to change your pass phrase or user id use the following command: pgp -ke (your user id here) For more information on the nuts and bolts of PGP and some of the issues involved please read the documents that came with your copy of PGP.