home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1994 March
/
Internet Info CD-ROM (Walnut Creek) (March 1994).iso
/
answers
/
alt
/
pgp-faq
/
part1
< prev
next >
Wrap
Text File
|
1994-04-17
|
45KB
|
1,137 lines
Newsgroups: alt.security.pgp,alt.answers,news.answers
Path: bloom-beacon.mit.edu!hookup!swrinde!ihnp4.ucsd.edu!library.ucla.edu!csulb.edu!csus.edu!netcom.com!gbe
From: gbe@netcom.com (Gary Edstrom)
Subject: alt.security.pgp FAQ (Part 1/5)
Message-ID: <gbe94Apr1717400105@netcom.com>
Followup-To: poster
Summary: Frequently Asked Questions (FAQ) for alt.security.pgp
Keywords: pgp privacy security encryption RSA IDEA MD5
Supersedes: <gbe94Mar1310030104@netcom.com>
Reply-To: gbe@netcom.com (Gary Edstrom)
Organization: Sequoia Software
X-Newsreader: TIN [version 1.2 PL1]
Date: Mon, 18 Apr 1994 00:50:38 GMT
Approved: news-answers-request@mit.edu
Expires: Sun, 31 Jul 1994 07:00:00 GMT
Lines: 1118
Xref: bloom-beacon.mit.edu alt.security.pgp:11404 alt.answers:2462 news.answers:18187
Archive-name: pgp-faq/part1
Version: 9
Last-modified: 1994/4/17
-----BEGIN PGP SIGNED MESSAGE-----
Frequently Asked Questions
alt.security.pgp
Version 9
1994/4/17
========================================================================
IMPORTANT DISCLAIMER!
The use of PGP raises a number of political and legal
issues. I AM NOT a lawyer and AM NOT qualified to give
any legal opinions. Nothing in this document should be
interpreted as legal advice. If you have any legal
questions concerning the use of PGP, you should consult
an attorney who specializes in patent and/or export
law. In any case, the law will vary from country to
country.
========================================================================
Beginning with this revision of the FAQ, I have stopped maintaining
the master document in Microsoft Word for Windows format. It was just
getting to be too much trouble especially since my ultimate output was
going to be just a simple ASCII text file anyway. You will no longer
see the Word for Windows document in my ftp directory.
In place of the Word for Windows master document, you will see the
file "pgpfaq.asc" which is a clear signed version of my ASCII master
document. You can ftp this file in place of the multi-part version
that was posted to usenet if you so desire.
This version of the FAQ is being cross posted to news.answers and
alt.answers as well as being archived at rtfm.mit.edu.
Please check the pgp signatures that I have applied to all parts and
versions of this document. Several people reported to me that part 1
of my previous posting of the FAQ had been corrupted. Others,
however, said that the file checked out just fine. Please report any
signature problem with these files to me.
All additions, deletions, or corrections to this FAQ should be
directed to me. I will acknowledge all e-mail.
Gary Edstrom <gbe@netcom.com>
ftp: ftp.netcom.com:/pub/gbe
========================================================================
Revision History
Ver Date Description
- --- ---- -----------
1 09-Dec-93 Proof Reading Copy - Limited Distribution
2 11-Dec-93 First Preliminary Posting
3 19-Dec-93 Second Preliminary Posting
4 01-Jan-94 Third Preliminary Posting
5 15-Jan-94 First Official Posting
6 26-Jan-94 Assorted Changes
12-Feb-94 Changes for version 7:
Modified Public Key Server List in section 8.2
Added information on Italian PGP translations in section 1.7
06-Feb-94 Changes for version 8:
Fixed a number of minor spelling, grammar, and typographical errors.
Removed entry for PGPWinFront 1.2 as it was superceeded by version 2.0.
Modified public key server list in section 8.
Added additional source for German language pgp files in section 1.7.
Added source for Swedish language pgp files in section 1.7.
Added information in PGP Integration Project in Appendix I.
Changed my ftp address to ftp.netcom.com:/pub/gbe (was netcom.com:/pub...)
Added information on ViaCrypt PGP for Unix, WinCIM, & CSNav in section 1.9
Added PGPAmiga-FrontEnd to support products section in appendix I.
Added late breaking news from -=Xenon=-.
17-Apr-94 Changes for version 9:
Converted file from Word for Windows format to simple text format.
Modified the public key server list in section 8.
Added Japanese to list of languages for which help files are available.
Added information on OzPKE for PGP/OzCIS in Appendix I.
Added information on AutoPGP & PGPSORT in Appendix I.
Added information on The Ferret BBS in section 1.11.
Added information on PGPTalk in Appendix I.
Modified answer in 3.3 on extracting multiple keys into a single file.
Modified information on HPACK in Appendix I.
Added FTP source for StealthPGP.
========================================================================
This FAQ is slanted towards the DOS or Unix users of PGP and many of
the examples given may only apply to them. For other systems, I would
like to direct your attention to the following documents:
MAC: "Here's How to MacPGP!" by Xenon <an48138@anon.penet.fi>
Archimedes PGP comes with its own PGPhints file.
Send e-mail to pgpinfo@mantis.co.uk for a list of PGP tips.
It should be noted that most of the questions and answers concerning
PGP apply equally well to the ViaCrypt(tm) version.
Material for this FAQ has come from many different sources. It would
be difficult to name each of the contributors individually, but I
would like to thank them as a group for their assistance.
The files making up this FAQ are available via ftp at
ftp.netcom.com:/pub/gbe. The file names are pgpfaq-<n>.asc and are in
clearsig pgp format.
- --
Gary B. Edstrom | Sequoia Software | PGP fingerprint:
Internet: gbe@netcom.com | Programming Services | 2F F6 1B 28 6E A6 09 6C
CompuServe: 72677,564 | P.O. Box 9573 | B0 EA 9E 4C C4 C6 7D 46
Fax: 1-818-247-6046 | Glendale, CA 91226 | Key available via finger
What is PGP? Subscribe to alt.security.pgp and find out!
Late Breaking PGP News From -=Xenon=-
- -----BEGIN PGP SIGNED MESSAGE-----
Gary,
Mac and DOS PGP are now available on MindVox (telnet to phantom.com and
login as guest), which is however a pay service BBS. Their modem numbers
are:
300/1200/2400-bps +1 212 989-4141
96/14.4/16.8/19.2 +1 212 989-1550
Hayes V.FC 28,800 +1 212 645-8065
My "Here's How to MacPGP!" guide is now available by e-mail with Subject
"Bomb me!" to qwerty@netcom.com or by ftp to netcom.com in /pub/qwerty.
Please change my address in the FAQ to qwerty@netcom.com. The Guide is also
available on the WELL in the Mondo conference, by typing 'texts', but make
sure they have updated it to a recent version (2.7).
You might also mention steganography finally. I have a list of
steganography software in /pub/qwerty as Steganography.software.list, where
I have also archived a number of steganography programs. Steganographs let
you replace the "noise" of many types of carrier files with an encrypted
message.
Related to steganography, is the new utility "Stealth", by "Henry Hastur",
available by ftp to netcom.com in /pub/qwerty as Stealth1.1.tar.Z for DOS
or Unix, or as AmigaStealth1.0.lha. The Amiga version, ported by Peter
Simons <simons@peti.gun.de, is also available
by ftp to:
wuarchive.wustl.edu (or any other Aminet host)
/pub/aminet/util/crypt/StealthPGP1_0.lha
/pub/aminet/util/crypt/StealthPGP1_0.readme
The archive contains the binary, source and readme. However, Stealth1.1
should also compile on the Amiga.
Stealth PGP strips a binary PGP message down to the bare bones encrypted
message, something that you cannot easily tell from "noise", so such a
message can masquerade AS noise :-).
ViaCrypt is now selling Unix PGP 2.4 and a neat new add-on for Compuserve
users:
PGP for UNIX 2.4. Includes object code for SunOS 4.1x, RS/6000 AIX, HP 9000
700/800 UX, and SCO 386/486 UNIX (plus others soon). $149.98 single user.
PGP for WinCIM/CSNav 2.4. Specially packaged for users of (and requires)
Compuserve's Information Manager for Windows or Compuserve Navigator for
Windows. Consists of PGP for MS-DOS 2.4 integrated with a companion add-in
program. You can digitally sign and encrypt (or verify and decrypt) e-mail
messages without leaving these popular e- ail programs. Available starting
April 1994. $119.98 single user.
I'm not sure if you mention it but mathew@mantis.co.uk has a nice PGP ftp
site list which he e-mails to anyone sending mail to pgpinfo@mantis.co.uk,
or uses the World Wide Web at www.mantis.co.uk in /pgp/pgp.html, which is a
Hypertext version. He also has a short summary and tips about the legal
situation included in it.
FAQ: What's Phil Zimmermann up to these days?
A: Voice-PGP, the direct answer to the Clipper chip.
Also, the remailer situation keeps changing, so this service is very nice
to have:
From Matthew Ghio <Ghio@andrew.cmu.edu,
"I maintain a FAQ on the anonymous remailers, which lists over a dozen
alternative anonymous services. Many of them are much faster than
anon.penet.fi, because they do not have such a heavy load. You can get the
info by sending mail to: mg5n+remailers@andrew.cmu.edu My software is set
up to automatically send it back when it receives your request, so sending
a blank message is sufficient. I update the info every few weeks or so."
-=Xenon=-
- -----BEGIN PGP SIGNATURE-----
Version: 2.3
iQCVAgUBLYHC7ASzG6zrQn1RAQEU+gP/YqLpSBAaJ9TSziyOK7FD8pQ8ql1ILRBU
1NAkhjGCbeNRRflV1tDNXnH+JO/GXUR1DpkiafPYPbrMAewGnEvQaZvXA57RcvKW
l4ew7nyaGbKU3bLGGvhKXLKrVue8y1cLFNUDlXjC6MmKxtVcaeA/0dv1CNtlkf/u
D82bFKbulW8=
=j9Fv
- -----END PGP SIGNATURE-----
Table of Contents
1. Introductory Questions
1.1. What is PGP?
1.2. Why should I encrypt my mail? I'm not doing anything illegal!
1.3. What are public keys and private keys?
1.4. How much does PGP cost?
1.5. Is encryption legal?
1.6. Is PGP legal?
1.7. Where can I get translations of the PGP documentation and/or
language.txt files?
1.8. Is there an archive site for alt.security.pgp?
1.9. Is there a commercial version of PGP available?
1.10. What platforms has PGP been ported to?
1.11. Where can I obtain PGP?
2. General Questions
2.1. Why can't a person using version 2.2 read my version 2.3 message?
2.2. Why does it take so long to encrypt/decrypt messages?
2.3. How do I create a secondary key file?
2.4. How does PGP handle multiple addresses?
2.5. How can I use PGP to create a return receipt for a message?
2.6. Where can I obtain scripts to integrate pgp with my email or news
reading system?
3. Keys
3.1. Which key size should I use?
3.2. Why does PGP take so long to add new keys to my key ring?
3.3. How can I extract multiple keys into a single armored file?
3.4. I tried encrypting the same message to the same address two different
times and got completely different outputs. Why is this?
3.5. How do I specify which key to use when an individual has 2 or more
public keys and the very same user ID on each, or when 2 different
users have the same name?
3.6. What does the message "Unknown signator, can't be checked" mean?
3.7. How do I get PGP to display the trust parameters on a key?
4. Security Questions
4.1. How secure is PGP?
4.2. Can't you break PGP by trying all of the possible keys?
4.3. How secure is the conventional cryptography (-c) option?
4.4. Can the NSA crack RSA?
4.5. How secure is the "for your eyes only" option (-m)?
4.6. What if I forget my pass phrase?
4.7. Why do you use the term "pass phrase" instead of "password"?
4.8. If my secret key ring is stolen, can my messages be read?
4.9. How do I choose a pass phrase?
4.10. How do I remember my pass phrase?
4.11. How do I verify that my copy of PGP has not been tampered with?
4.12. How do I know that there is no trap door in the program?
4.13. Can I put PGP on a multi-user system like a network or amainframe?
4.14. Why not use RSA alone rather than a hybrid mix of IDEA, MD5, & RSA?
4.15. Aren't all of these security procedures a little paranoid?
4.16. Can I be forced to reveal my pass phrase in any legal proceedings?
5. Message Signatures
5.1. What is message signing?
5.2. How do I sign a message while still leaving it readable?
6. Key Signatures
6.1. What is key signing?
6.2. How do I sign a key?
6.3. Should I sign my own key?
6.4. Should I sign X's key?
6.5. How do I verify someone's identity?
6.6. How do I know someone hasn't sent me a bogus key to sign?
7. Revoking a key
7.1. My secret key ring has been stolen or lost, what do I do?
7.2. I forgot my pass phrase. Can I create a key revocation certificate?
8. Public Key Servers
8.1. What are the Public Key Servers?
8.2. What public key servers are available?
8.3. What is the syntax of the key server commands?
9. Bugs
10. Related News Groups
11. Recommended Reading
12. General Tips
Appendix I - PGP add-ons and Related Products
Appendix II - Glossary of Cryptographic Terms
Appendix III - Cypherpunks
Appendix IV - How to obtain articles from _Wired_ magazine
Appendix V - Testimony of Philip Zimmermann to Congress
Appendix VI - Announcement of Philip Zimmermann Defense Fund
Appendix VII - A Statement from ViaCrypt Concerning ITAR
Appendix VIII - Unites States Congress Phone and FAX List
========
1. Introductory Questions
========
1.1. What is PGP?
========
PGP is a program that gives your electronic mail something that it
otherwise doesn't have: Privacy. It does this by encrypting your mail
so that nobody but the intended person can read it. When encrypted,
the message looks like a meaningless jumble of random characters. PGP
has proven itself quite capable of resisting even the most
sophisticated forms of analysis aimed at reading the encrypted text.
PGP can also be used to apply a digital signature to a message without
encrypting it. This is normally used in public postings where you
don't want to hide what you are saying, but rather want to allow
others to confirm that the message actually came from you. Once a
digital signature is created, it is impossible for anyone to modify
either the message or the signature without the modification being
detected by PGP.
While PGP is easy to use, it does give you enough rope so that you can
hang yourself. You should become thoroughly familiar with the various
options in PGP before using it to send serious messages. For example,
giving the command "PGP -sat <filename>" will only sign a message, it
will not encrypt it. Even though the output looks like it is
encrypted, it really isn't. Anybody in the world would be able to
recover the original text.
========
1.2. Why should I encrypt my mail? I'm not doing anything illegal!
You should encrypt your e-mail for the same reason that you don't
write all of your correspondence on the back of a post card. E-mail is
actually far less secure than the postal system. With the post office,
you at least put your letter inside an envelope to hide it from casual
snooping. Take a look at the header area of any e-mail message that
you receive and you will see that it has passed through a number of
nodes on its way to you. Every one of these nodes presents the
opportunity for snooping. Encryption in no way should imply illegal
activity. It is simply intended to keep personal thoughts personal.
Xenon <an48138@anon.penet.fi> puts it like this:
Crime? If you are not a politician, research scientist, investor, CEO,
lawyer, celebrity, libertarian in a repressive society, investor, or
person having too much fun, and you do not send e-mail about your
private sex life, financial/political/legal/scientific plans, or
gossip then maybe you don't need PGP, but at least realize that
privacy has nothing to do with crime and is in fact what keeps the
world from falling apart. Besides, PGP is FUN. You never had a secret
decoder ring? Boo! -Xenon (Copyright 1993, Xenon)
========
1.3. What are public keys and private keys?
With conventional encryption schemes, keys must be exchanged with
everyone you wish to talk to by some other secure method such as face
to face meetings, or via a trusted courier. The problem is that you
need a secure channel before you can establish a secure channel! With
conventional encryption, either the same key is used for both
encryption and decryption or it is easy to convert either key to the
other. With public key encryption, the encryption and decryption keys
are different and it is impossible for anyone to convert one to the
other. Therefore, the encryption key can be made public knowledge, and
posted in a database somewhere. Anyone wanting to send you a message
would obtain your encryption key from this database or some other
source and encrypt his message to you. This message can't be decrypted
with the encryption key. Therefore nobody other than the intended
receiver can decrypt the message. Even the person who encrypted it can
not reverse the process. When you receive a message, you use your
secret decryption key to decrypt the message. This secret key never
leaves your computer. In fact, your secret key is itself encrypted to
protect it from anyone snooping around your computer.
========
1.4. How much does PGP cost?
Nothing! (Compare to ViaCrypt PGP at $98!) It should be noted,
however, that in the United States, the freeware version of PGP *MAY*
be a violation of a patent held by Public Key Partners (PKP).
========
1.5. Is encryption legal?
In much of the civilized world, encryption is either legal, or at
least tolerated. However, there are a some countries where such
activities could put you in front of a firing squad! Check with the
laws in your own country before using PGP or any other encryption
product. A couple of the countries where encryption is illegal are
Iran and Iraq.
========
1.6. Is PGP legal?
In addition to the comments about encryption listed above, there are a
couple of additional issues of importance to those individuals
residing in the United States or Canada. First, there is a question
as to whether or not PGP falls under ITAR regulations which govern the
exporting of cryptographic technology from the United States and
Canada. This despite the fact that technical articles on the subject
of public key encryption have been available legally worldwide for a
number of years. Any competent programmer would have been able to
translate those articles into a workable encryption program. There is
the possibility that ITAR regulations may be relaxed to allow for
encryption technology.
========
1.7. Where can I get translations of the PGP documentation and/or
language.txt files?
Spanish: ghost.dsi.unimi.it:/pub/crypt.
Author: Armando Ramos <armando@clerval.org>
German: black.ox.ac.uk:/src/security/pgp_german.txt
Author: Marc Aurel <4-tea-2@bong.saar.de>
Swedish: black.ox.ac.uk:/src/security/pgp_swedish.txt
Italian: ghost.dsi.unimi.it:/pub/crypt/pgp-lang.italian.tar.gz
Author: David Vincenzetti <vince@dsi.unimi.it>
Lithuanian: ghost.dsi.unimi.it:/pub/crypt/pgp23ltk.zip
nic.funet.fi:/pub/crypt/ghost.dsi.unimi.it/pgp23ltk.zip
Author: Zygimantas Cepaitis, Bokera Ltd., Kaunas Lithuania.
<zcepaitis@ktl.fi> or <zygis@bokera.lira.lt.ee>
Japanese: black.ox.ac.uk/src/security
========
1.8. Is there an archive site for alt.security.pgp?
laszlo@instrlab.kth.se (Laszlo Baranyi) says:
"My memory says that ripem.msu.edu stores a backlog of both
alt.security.pgp, and sci.crypt. But that site is ONLY open for ftp
for those that are inside US."
========
1.9. Is there a commercial version of PGP available?
Yes, by arrangement with the author of PGP, a company called ViaCrypt
is marketing a version of PGP that is almost identical to the version
currently available on Internet. Each can read or write messages to
the other. The list price of ViaCrypt PGP is $98 (US) for a single
user license and is NOT available for export from the United States.
In addition, it is presently available only for MS-DOS and Unix. Soon
to be available are versions for CompuServe's WinCIM & CSNav.
Versions for other platforms are under development. While the present
product is 100% compatible with free PGP, it is not known if this will
remain the case in the future. The address of ViaCrypt is:
ViaCrypt
David A. Barnhart
Product Manager
2104 West Peoria Avenue
Phoenix, Arizona 85029
Tel: (602) 944-0773
Fax: (602) 943-2601
E-Mail: 70304.41@compuserve.com
E-Mail: wk01965@worldlink.com
Credit card orders only. (800)536-2664 (8-5 MST M-F)
========
1.10. What platforms has PGP been ported to?
DOS: 2.3a
MAC: 2.3
OS/2: 2.3a
Unix: 2.3a (Variations exist for many different systems.)
VAX/VMS: 2.3a
Atari ST: 2.3a
Archimedes: 2.3a subversion 1.18b
Commodore Amiga: 2.3a patchlevel 2
========
From: simons@peti.GUN.de (Peter Simons)
Date: Fri, 31 Dec 1993 08:10:53 +0100
Newsgroups: alt.security.pgp
Subject: PGPAmiga 2.3a.2 available for FTP
TITLE
Pretty Good Privacy (PGP)
VERSION
Version 2.3a patchlevel 2
AUTHOR
Amiga port and enhancements by Peter Simons <simons@peti.GUN.de>
CHANGES
This version is re-compiled with SAS/C 6.50. A few minor bugs
have been fixed. Additionally, the manual is now available in TexInfo
style and can easily be converted into AmigaGuide, postscript, dvi or
whatever format. AmigaGuide versions are included.
Also for the first time, the alt.security.pgp frequently asked
questions (FAQ) are included in the archive.
NOTES
Please take note that the archive contains a readme file, with
checksums for ALL files in the distribution and is signed with my key!
Please be careful, if this file is missing or rigged!
A mailing list concerning PGPAmiga has been opened on
peti.GUN.de. To subscribe, send e-mail to listserv@peti.GUN.de with
"ADD your_address PGPAmiga" in the message body. You may add "HELP" in
the next line to receive a command overview of ListSERV.
SPECIAL REQUIREMENTS
none
HOST NAME
Any Aminet host, i.e. ftp.uni-kl.de (131.246.9.95).
DIRECTORY
/pub/aminet/util/crypt/
FILE NAMES
PGPAmi23a_2.lha
PGPAmi23a2_src.lha
========
1.11. Where can I obtain PGP?
FTP sites:
soda.berkeley.edu
/pub/cypherpunks/pgp (DOS, MAC)
Verified: 21-Dec-93
ftp.demon.co.uk
/pub/amiga/pgp
/pub/archimedes
/pub/pgp
/pub/mac/MacPGP
ftp.informatik.tu-muenchen.de
ftp.funet.fi
ghost.dsi.unimi.it
/pub/crypt
Verified: 21-Dec-93
ftp.tu-clausthal.de (139.174.2.10)
wuarchive.wustl.edu
/pub/aminet/util/crypt
src.doc.ic.ac.uk (Amiga)
/aminet
/amiga-boing
ftp.informatik.tu-muenchen.de
/pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2)
black.ox.ac.uk (129.67.1.165)
/src/security (Unix)
iswuarchive.wustl.edu
pub/aminet/util/crypt (Amiga)
csn.org
/mpj (see README.MPJ for export restrictions)
nic.funet.fi (128.214.6.100)
van-bc.wimsey.bc.ca (192.48.234.1)
ftp.uni-kl.de (131.246.9.95)
qiclab.scn.rain.com (147.28.0.97)
pc.usl.edu (130.70.40.3)
leif.thep.lu.se (130.235.92.55)
goya.dit.upm.es (138.4.2.2)
tupac-amaru.informatik.rwth-aachen.de (137.226.112.31)
ftp.etsu.edu (192.43.199.20)
princeton.edu (128.112.228.1)
pencil.cs.missouri.edu (128.206.100.207)
StealthPGP:
The Amiga version can be FTP'ed from the Aminet in
/pub/aminet/util/crypt/ as StealthPGP1_0.lha.
Also, try an archie search for PGP using the command:
archie -s pgp23 (DOS Versions)
archie -s pgp2.3 (MAC Versions)
ftpmail:
For those individuals who do not have access to FTP, but do have access
to e-mail, you can get FTP files mailed to you. For information on
this service, send a message saying "Help" to ftpmail@decwrl.dec.com.
You will be sent an instruction sheet on how to use the ftpmail
service.
BBS sites:
Hieroglyphics Vodoo Machine (Colorado)
DOS version only
(303) 443-2457
Verified: 26-Dec-93
Colorado Catacombs BBS
(303) 938-9654
Exec-Net (New York)
Host BBS for the ILink net.
(914) 667-4567
The Grapvine BBS (Little Rock, Arkansas)
Now combined with and known as:
The Ferret BBS (North Little Rock, Arkansas)
(501) 791-0124 also (501) 791-0125
Carrying RIME, Throbnet, Smartnet, and Usenet
Special PGP users account:
login name: PGP USER
password: PGP
This information from: Jim Wenzel <jim.wenzel@grapevine.lrk.ar.us>
========
2. General Questions
========
2.1. Why can't a person using version 2.2 read my version 2.3 message?
Try adding "+pkcs_compat=0" to your command line as follows: "pgp
- -seat +pkcs_compat=0 <filename>" By default, version 2.3 of PGP uses
a different header format that is not compatible with earlier versions
of PGP. Inserting this option into the command will force PGP to use
the older header format. You can also set this option in your
config.txt file, but this is not recommended.
========
2.2. Why does it take so long to encrypt/decrypt messages?
This problem can arise when you have placed the entire public key ring
from one of the servers into the pubring.pgp file. PGP may have to
search through several thousand keys to find the one that it is after.
The solution to this dilemma is to maintain 2 public key rings. The
first ring, the normal pubring.pgp file, should contain only those
individuals that you send messages to quite often. The second key ring
can contain ALL of the keys for those occasions when the key you need
isn't in your short ring. You will, of course, need to specify the key
file name whenever encrypting messages using keys in your secondary
key ring. Now, when encrypting or decrypting messages to individuals
in your short key ring, the process will be a LOT faster.
========
2.3. How do I create a secondary key file?
First, let's assume that you have all of the mammoth public key ring
in your default pubring.pgp file. First, you will need to extract all
of your commonly used keys into separate key files using the -kx
option. Next, rename pubring.pgp to some other name. For this example,
I will use the name pubring.big. Next, add each of the individual key
files that you previously created to a new pubring.pgp using the -ka
option. You now have your 2 key rings. To encrypt a message to someone
in the short default file, use the command "pgp -e <userid>". To
encrypt a message to someone in the long ring, use the command "pgp -e
<userid> c:\pgp\pubring.big". Note that you need to specify the
complete path and file name for the secondary key ring. It will not be
found if you only specify the file name.
========
2.4. How does PGP handle multiple addreses?
When encrypting a message to multiple addresses, you will notice that
the length of the encrypted file only increases by a small amount for
each additional address. The reason that the message only grows by a
small amount for each additional key is that the body of the message
is only encrypted once using a random session key and IDEA. It is only
necessary then to encrypt this session key once for each address and
place it in the header of the message. Therefore, the total length of
a message only increases by the size of a header segment for each
additional address. (To avoid a known weakness in RSA when encrypting
the same message to multiple recipients, the IDEA session key is
padded with different random data each time it is RSA- encrypted.)
========
2.5. How can I use PGP to create a return receipt for a message?
I was planning on including a section on this question. However, while
following a similar thread in alt.security.pgp, I realized that there
were too many unresolved issues to include an answer here. I may try
to include the subject in a future release of the FAQ.
========
2.6. Where can I obtain scripts to integrate pgp with my email or news
reading system?
The scripts that come with the source code of PGP are rather out of
date. Newer versions of some of the scripts are available via
anonymous ftp at ftp.informatik.uni-hamburg.de:/pub/virus/misc/contrib.zip
========
3. Keys
========
3.1. Which key size should I use?
PGP gives you 4 choices of key size: 384, 512, 1024, or a user
selected number of bits. The larger the key, the more secure the RSA
portion of the encryption is. The only place where the key size makes
a large change in the running time of the program is during key
generation. A 1024 bit key can take 8 times longer to generate than a
384 bit key. Fortunately, this is a one time process that doesn't need
to be repeated unless you wish to generate another key pair. During
encryption, only the RSA portion of the encryption process is affected
by key size. The RSA portion is only used for encrypting the session
key used by the IDEA. The main body of the message is totally
unaffected by the choice of RSA key size. So unless you have a very
good reason for doing otherwise, select the 1024 bit key size. Using
currently available algorithms for factoring, the 384 bit key is just
not far enough out of reach to be a good choice.
========
3.2. Why does PGP take so long to add new keys to my key ring?
The time required to check signatures and add keys to your public key
ring tends to grow as the square of the size of your existing public
key ring. This can reach extreme proportions. I just recently added
the entire 850KB public key ring form one of the key servers to my
local public key ring. Even on my 66MHz 486 system, the process took
over 10 hours.
========
3.3. How can I extract multiple keys into a single armored file?
A number of people have more than one public key that they would like
to make available. One way of doing this is executing the "-kxa"
command for each key you wish to extract from the key ring into
separate armored files, then appending all the individual files into a
single long file with multiple armored blocks. This is not as
convenient as having all of your keys in a single armored block.
Unfortunately, the present version of PGP does not allow you to do
this directly. Fortunately, there is an indirect way to do it.
I would like to thank Robert Joop <rj@rainbow.in-berlin.de> for
supplying the following method which is simpler than the method that I
had previously given.
solution 1:
pgp -kxaf uid1 > extract
pgp -kxaf uid2 >> extract
pgp -kxaf uid3 >> extract
Someone who does a `pgp extract` processes the individual keys, one by
one. that's inconvinient.
solution 2:
pgp -kx uid1 extract
pgp -kx uid2 extract
pgp -kx uid3 extract
This puts all three keys into extract.pgp. To get an ascii amored
file, call:
pgp -a extract.pgp
You get an extract.asc. Someone who does a `pgp extract` and has
either file processes all three keys simultaneously.
A Unix script to perform the extraction with a single command would be
as follows:
foreach name (name1 name2 name3 ...)
pgp -kx $name /tmp/keys.pgp <keyring>
end
An equivalent DOS command would be:
for %a in (name1 name2 name3 ...) do pgp -kx %a <keyring>
========
3.4. I tried encrypting the same message to the same address two
different times and got completely different outputs. Why is this?
Every time you run pgp, a different session key is generated. This
session key is used as the key for IDEA. As a result, the entire
header and body of the message changes. You will never see the same
output twice, no matter how many times you encrypt the same message to
the same address. This adds to the overall security of PGP.
========
3.5. How do I specify which key to use when an individual has 2 or
more public keys and the very same user ID on each, or when 2
different users have the same name?
Instead of specifying the user's name in the ID field of the PGP
command, you can use the key ID number. The format is 0xNNNNNN where
NNNNNN is the user's 6 character key ID number. It should be noted
that you don't need to enter the entire ID number, a few consecutive
digits from anywhere in the ID should do the trick. Be careful: If
you enter "0x123", you will be matching key IDs 0x123937, 0x931237, or
0x912373. Any key ID that contains "123" anywhere in it will produce
a match. They don't need to be the starting characters of the key
ID. You will recognize that this is the format for entering hex
numbers in the C programming language. For example, any of the
following commands could be used to encrypt a file to me.
pgp -e <filename> "Gary Edstrom"
pgp -e <filename> gbe@netcom.com
pgp -e <filename> 0x90A9C9
This same method of key identification can be used in the config.txt
file in the "MyName" variable to specify exactly which of the keys in
the secret key ring should be used for encrypting a message.
========
3.6. What does the message "Unknown signator, can't be checked" mean?
========
It means that the key used to create that signature does not exist in
your database. If at sometime in the future, you happen to add that
key to your database, then the signature line will read normally. It
is completely harmless to leave these non-checkable signatures in your
database. They neither add to nor take away from the validity of the
key in question.
========
3.7. How do I get PGP to display the trust parameters on a key?
You can only do this when you run the -kc option by itself on the
entire database. The parameters will NOT be shown if you give a
specific ID on the command line. The correct command is: "pgp -kc".
The command "pgp -kc smith" will NOT show the trust parameters for
smith.
========
4. Security Questions
========
4.1. How secure is PGP?
The big unknown in any encryption scheme based on RSA is whether or
not there is an efficient way to factor huge numbers, or if there is
some backdoor algorithm that can break the code without solving the
factoring problem. Even if no such algorithm exists, it is still
believed that RSA is the weakest link in the PGP chain.
========
4.2. Can't you break PGP by trying all of the possible keys?
This is one of the first questions that people ask when they are first
introduced to cryptography. They do not understand the size of the
problem. For the IDEA encryption scheme, a 128 bit key is required.
Any one of the 2^128 possible combinations would be legal as a key,
and only that one key would successfully decrypt all message blocks.
Let's say that you had developed a special purpose chip that could try
a billion keys per second. This is FAR beyond anything that could
really be developed today. Let's also say that you could afford to
throw a billion such chips at the problem at the same time. It would
still require over 10,000,000,000,000 years to try all of the possible
128 bit keys. That is something like a thousand times the age of the
known universe! While the speed of computers continues to increase and
their cost decrease at a very rapid pace, it will probably never get
to the point that IDEA could be broken by the brute force attack.
The only type of attack that might succeed is one that tries to solve
the problem from a mathematical standpoint by analyzing the
transformations that take place between plain text blocks, and their
cipher text equivalents. IDEA is still a fairly new algorithm, and
work still needs to be done on it as it relates to complexity theory,
but so far, it appears that there is no algorithm much better suited
to solving an IDEA cipher than the brute force attack, which we have
already shown is unworkable. The nonlinear transformation that takes
place in IDEA puts it in a class of extremely difficult to solve
mathmatical problems.
========
4.3. How secure is the conventional cryptography (-c) option?
Assuming that you are using a good strong random pass phrase, it is
actually much stronger than the normal mode of encryption because you
have removed RSA which is believed to be the weakest link in the
chain. Of course, in this mode, you will need to exchange secret keys
ahead of time with each of the recipients using some other secure
method of communication, such as an in- person meeting or trusted
courier.
========
4.4. Can the NSA crack RSA?
This question has been asked many times. If the NSA were able to crack
RSA, you would probably never hear about it from them. The best
defense against this is the fact the algorithm for RSA is known
worldwide. There are many competent mathematicians and cryptographers
outside the NSA and there is much research being done in the field
right now. If any of them were to discover a hole in RSA, I'm sure
that we would hear about it from them. I think that it would be hard
to hide such a discovery. For this reason, when you read messages on
USENET saying that "someone told them" that the NSA is able to break
pgp, take it with a grain of salt and ask for some documentation on
exactly where the information is coming from.
========
4.5. How secure is the "for your eyes only" option (-m)?
It is not secure at all. There are many ways to defeat it. Probably
the easiest way is to simply redirect your screen output to a file as
follows:
pgp [filename] > [diskfile]
The -m option was not intended as a fail-safe option to prevent plain
text files from being generated, but to serve simply as a warning to
the person decrypting the file that he probably shouldn't keep a copy
of the plain text on his system.
========
4.6. What if I forget my pass phrase?
In a word: DON'T. If you forget your pass phrase, there is absolutely
no way to recover any encrypted files. I use the following technique:
I have a backup copy of my secret key ring on floppy, along with a
sealed envelope containing the pass phrase. I keep these two items in
separate safe locations, neither of which is my home or office. The
pass phrase used on this backup copy is different from the one that I
normally use on my computer. That way, even if some stumbles onto the
hidden pass phrase and can figure out who it belongs to, it still
doesn't do them any good, because it is not the one required to unlock
the key on my computer.
========
4.7. Why do you use the term "pass phrase" instead of "password"?
This is because most people, when asked to choose a password, select
some simple common word. This can be cracked by a program that uses a
dictionary to try out passwords on a system. Since most people really
don't want to select a truly random password, where the letters and
digits are mixed in a nonsense pattern, the term pass phrase is used
to urge people to at least use several unrelated words in sequence as
the pass phrase.
========
4.8. If my secret key ring is stolen, can my messages be read?
No, not unless they have also stolen your secret pass phrase, or if
your pass phrase is susceptible to a brute-force attack. Neither part
is useful without the other. You should, however, revoke that key and
generate a fresh key pair using a different pass phrase. Before
revoking your old key, you might want to add another user ID that
states what your new key id is so that others can know of your new
address.
========
4.9. How do I choose a pass phrase?
All of the security that is available in PGP can be made absolutely
useless if you don't choose a good pass phrase to encrypt your secret
key ring. Too many people use their birthday, their telephone number,
the name of a loved one, or some easy to guess common word. While
there are a number of suggestions for generating good pass phrases,
the ultimate in security is obtained when the characters of the pass
phrase are chosen completely at random. It may be a little harder to
remember, but the added security is worth it. As an absolute minimum
pass phrase, I would suggest a random combination of at least 8
letters and digits, with 12 being a better choice. With a 12 character
pass phrase made up of the lower case letters a-z plus the digits 0-9,
you have about 62 bits of key, which is 6 bits better than the 56 bit
DES keys. If you wish, you can mix upper and lower case letters in
your pass phrase to cut down the number of characters that are
required to achieve the same level of security. I don't do this myself
because I hate having to manipulate the shift key while entering a
pass phrase.
A pass phrase which is composed of ordinary words without punctuation
or special characters is susceptible to a dictionary attack.
Transposing characters or mis-spelling words makes your pass phrase
less vulnerable, but a professional dictionary attack will cater for
this sort of thing.
========
4.10. How do I remember my pass phrase?
This can be quite a problem especially if you are like me and have
about a dozen different pass phrases that are required in your
everyday life. Writing them down someplace so that you can remember
them would defeat the whole purpose of pass phrases in the first
place. There is really no good way around this. Either remember it, or
write it down someplace and risk having it compromised.
========
4.11. How do I verify that my copy of PGP has not been tampered with?
If you do not presently own any copy of PGP, use great care on where
you obtain your first copy. What I would suggest is that you get two
or more copies from different sources that you feel that you can
trust. Compare the copies to see if they are absolutely identical.
This won't eliminate the possibility of having a bad copy, but it will
greatly reduce the chances.
If you already own a trusted version of PGP, it is easy to check the
validity of any future version. There is a file called PGPSIG.ASC
included with all new releases. It is a stand-alone signature file for
the contents of PGP.EXE. The signature file was created by the author
of the program. Since nobody except the author has access to his
secret key, nobody can tamper with either PGP.EXE or PGPSIG.ASC
without it being detected. To check the signature, you MUST be careful
that you are executing the OLD version of PGP to check the NEW. If
not, the entire check is useless. Let's say that your existing copy of
PGP is in subdirectory C:\PGP and your new copy is in C:\NEW. You
should execute the following command:
\PGP\PGP C:\NEW\PGPSIG.ASC C:\NEW\PGP.EXE
This will force your old copy of PGP to be the one that is executed.
If you simply changed to the C:\NEW directory and executed the command
"PGP PGPSIG.ASC PGP.EXE" you would be using the new version to check
itself, and this is an absolutely worthless check.
Once you have properly checked the signature of your new copy of PGP,
you can copy all of the files to your C:\PGP directory.
========
4.12. How do I know that there is no trap door in the program?
The fact that the entire source code for PGP is available makes it
just about impossible for there to be some hidden trap door. The
source code has been examined by countless individuals and no such
trap door has been found. To make sure that your executable file
actually represents the given source code, all you need to do is to
re-compile the entire program. I did this with the DOS version 2.3a
and the Borland C++ 3.1 compiler and found that the output exactly
matched byte for byte the distributed executable file.
========
4.13. Can I put PGP on a multi-user system like a network or a
mainframe?
You can, but you should not, because this greatly reduces the security
of your secret key/pass phrase. This is because your pass phrase may
be passed over the network in the clear where it could be intercepted
by network monitoring equipment. Also, while it is being used by PGP
on the host system, it could be caught by some Trojan Horse program.
Also, even though your secret key ring is encrypted, it would not be
good practice to leave it lying around for anyone else to look at.
========
4.14. Why not use RSA alone rather than a hybrid mix of IDEA, MD5, &
RSA?
Two reasons: First, the IDEA encryption algorithm used in PGP is
actually MUCH stronger than RSA given the same key length. Even with
a 1024 bit RSA key, it is believed that IDEA encryption is still
stronger, and, since a chain is no stronger than its weakest link, it
is believed that RSA is actually the weakest part of the RSA - IDEA
approach. Second, RSA encryption is MUCH slower than IDEA. The only
purpose of RSA in most public key schemes is for the transfer of
session keys to be used in the conventional secret key algorithm, or
to encode signatures.
========
4.15. Aren't all of these security procedures a little paranoid?
That all depends on how much your privacy means to you! Even apart
from the government, there are many people out there who would just
love to read your private mail. And many of these individuals would be
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLbHXFUHZYsvlkKnJAQGFuAQAx9r5I0au9vOehjkjdhAG0ZIYoL3NPjmq
Ncipy8KppVsmIMLcILaZh7Lfu9TUwlXH21YUbOVNJwULk4aYhquOplyQo119+BrU
n/O8mt77synNziEctSu5vuYA9/NJUmXQZwlP//EJnz/GZ3ZhJeQfLQhsnm2zE1vk
ihYJ0RgjIiw=
=Hcvw
-----END PGP SIGNATURE-----
