1 2 Pretty Good Privacy Version 2.6.3i 3 Installation Guide 4 5 by Perry Metzger, Colin Plumb, Derek Atkins, 6 Jeffrey I. Schiller and others 7 . 8 Updated for PGP 2.6.3i by Stale Schumacher 9 10 11How to Install PGP 12================== 13 14The first question is, what platform are you on? 15 16The base PGP 2.6.3i distribution runs on MS-DOS, OS/2, Atari, VMS, 17Archimedes and several varieties of Unix. Naturally, installation 18instructions differ depending on your hardware. Separate instructions 19are provided here for MSDOS, OS/2, Unix and VMS. 20 21See the section below for your system's particular installation 22instructions. 23 24If you do not have any of these systems, you will either have to port 25the sources to your machine or find someone who has already done so. 26 27######################################################################## 28For MSDOS and OS/2: 29 30PGP is distributed in a compressed archive format, which keeps all the 31relevant files grouped together, and also saves disk space and 32transmission time. 33 34The current version, 2.6.3i, is archived with the ZIP utility, and the 35PGP executable binary is in a file named PGP263I.ZIP (MSDOS 16-bit), 36PGP263IX.ZIP (MSDOS 32-bit), PGP263I2.ZIP (OS/2 FAT) or pgp263i-os2.zip 37(OS/2 HPFS). This contains the executable program, the user 38documentation, and a few keys and signatures. There is also another file 39available containing the C and assembly source code, called 40PGP263IS.ZIP. This should be available from the same source from which 41you got PGP263I.ZIP. If not, send email to pgp@hypnotech.com with 42"INFO PGP" in the subject field. 43 44You will need PKUNZIP version 2.0 or later to uncompress and split the 45ZIP archive file into individual files. PKUNZIP is shareware and is 46widely available on MSDOS and OS/2 machines. 47 48Create a directory for the PGP files. For this description, let's use 49the directory C:\PGP as an example, but you should substitute your own 50disk and directory name if you use something different. Type these 51commands to make the new directory: 52 53 c: 54 md \pgp 55 cd \pgp 56 57Uncompress the distribution file to the directory. For this example, we 58will assume the file is on floppy drive A - if not, substitute 59your own file location, e.g.: 60 61 pkunzip -d a:pgp263i 62 63This will create the files PGP263II.ZIP and PGP263II.ASC. Unzip 64PGP263II.ZIP with the command: 65 66 pkunzip -d pgp263ii 67 68If you omit the -d flag, all the files in the doc subdirectory will be 69deposited in the pgp directory. This merely causes clutter. 70 71Keep the PGP263II.ZIP file around. Once you have PGP working you can use 72PGP263II.ASC to verify the digital signature on PGP263II.ZIP. It should 73come from Stale Schumacher (whose key is included in KEYS.ASC). 74 75 Setting the Environment 76 ----------------------- 77 78Next, you can set an "environment variable" to let PGP know where to 79find its special files, in case you use it from other than the 80default PGP directory. Use your favorite text editor to add the 81following lines to your AUTOEXEC.BAT (MSDOS) or CONFIG.SYS (OS/2) file 82(usually on your C: drive): 83 84 SET PGPPATH=C:\PGP 85 SET PATH=C:\PGP;%PATH% 86 87Substitute your own directory name if different from "C:\PGP". 88 89The CONFIG.TXT file contains various preferences. You can change the 90language PGP operates in, and the character set it uses. The IBM PC's 91default character set, "Code Page 850" will be used if the line "charset 92= cp850" appears in the config.txt file. You probably want to add that 93line. 94 95Another environmental variable you should set is "TZ", which tells 96your operating system what time zone you are in. This helps PGP 97create GMT timestamps for its keys and signatures. If you properly 98define TZ in AUTOEXEC.BAT (CONFIG.SYS), then MSDOS (OS/2) will give you 99good GMT timestamps, and will handle daylight savings time adjustments 100for you. Here are some sample lines depending on your time zone: 101 102For Los Angeles: SET TZ=PST8PDT 103For Denver: SET TZ=MST7MDT 104For Arizona: SET TZ=MST7 105 (Arizona never uses daylight savings time) 106For Chicago: SET TZ=CST6CDT 107For New York: SET TZ=EST5EDT 108For London: SET TZ=GMT0BST 109For Amsterdam: SET TZ=MET-1DST 110For Moscow: SET TZ=MSK-3MSD 111For Aukland: SET TZ=NZT-12DST 112 113Now reboot your system to set up PGPPATH and TZ. 114 115 Generating Your First Key 116 ------------------------- 117 118One of the first things you will want to do to really use PGP (other 119than to test itself) is to generate your own key. This is described in 120more detail in the "RSA Key Generation" section of the PGP User's Guide. 121Remember that your key becomes something like your written signature or 122your bank card code number or even a house key - keep it secret and keep 123it secure! Use a long, unguessable pass phrase and remember it. Right 124after you generate a key, put it on your key rings and copy your secret 125keyring (SECRING.PGP) to a blank floppy and write protect the floppy. 126 127If you are a first-time user of PGP, it is a good idea to generate a 128short test key, with a short passphrase, to play around with PGP for a 129little bit and see how it works, or even more than one so you can 130pretend to be sending messages between two different people. Since you 131won't be guarding any secrets, this can be short and have a simple pass 132phrase. But when you generate your permanent key, that you intend to 133give to others so they can send secure messages to you, be much more 134careful. 135 136After you generate your own key pair, you can add a few more public keys 137to your key ring. A collection of sample public keys is provided with 138the release in the file KEYS.ASC. To add them to your public key ring, 139see the PGP User's Guide, in the section on adding keys to your key 140ring. 141 142 Verifying the PGP distribution 143 ------------------------------ 144 145Now that you have PGP up and running and have read in the KEYS.ASC file 146you can verify the integrity of the original distribution. To do this 147type: 148 149 pgp pgp263ii.asc 150 151It will inform you that pgp263ii.asc contains a signature but no text. 152It may then ask you to provide the name of the file that it applies to. 153Type in "pgp263ii.zip", the internal ZIP file. 154 155PGP should tell you that it has a Good Signature from: 156 157Stale Schumacher <stale@hypnotech.com> 158 159It will also tell you that it doesn't "trust" this key. This is because 160PGP does not *know* that the enclosed key really belongs to me. Don't 161worry about this now. Read the section "How to Protect Public Keys from 162Tampering" in Volume 1 of the PGP manual. 163 164 READ THE FINE MANUAL (RTFM) 165 --------------------------- 166 167READ THE DOCUMENTATION. At least read Volume I of the PGP User's Guide. 168Cryptography software is easy to misuse, and if you don't use it 169properly much of the security you could gain by using it will be lost! 170You might also be unfamiliar with the concepts behind public key 171cryptography; the manual explains these ideas. Even if you are already 172familiar with public key cryptography, it is important that you 173understand the various security issues associated with using PGP. PGP 174may be an unpickable lock, but you have to install it in the door 175properly or it won't provide security. 176 177######################################################################## 178For UNIX: 179 180You likely will have to compile PGP for your system; to do this, first 181make sure the unpacked files are in the correct unix textfile format 182(the files in pgp263is.zip are in MSDOS CRLF format, so for Unix you 183must unpack with "unzip -a"; the tar files pgp263is.tar.Z and 184pgp263is.tar.gz use normal Unix line feed conventions). 185 186If you intend to compile PGP 2.6.3i for use within the USA, you will 187need the RSAREF package written by RSA Data Security. It is NOT included 188with the PGP 2.6.3i distribution. 189 190When you untar pgp263is.tar (either compression format) you will find 191that it contains 5 files. pgp263ii.tar contains all non-binary files for 192PGP including all source code. This tar archive has been created 193assuming that you will untar it directly into your PGP 2.6.3i "build" 194directory. pgp263ii.asc is a detached digital signature of pgp263ii.tar 195(which you can verify after you have PGP operating, see the section 196above titled "Verifying the PGP Distribution"). 197 198If you don't have an ANSI C compiler you will need the unproto package 199written by Wietse Venema. unproto was posted on comp.sources.misc and 200can be obtained from the various sites that archive this newsgroup 201(volume 23: v23i012 and v23i013) or ftp.win.tue.nl file: 202/pub/programming/unproto4.shar.Z. Read the file README in the unproto 203distribution for instructions on how to use unproto. 204 205If your system doesn't have a target in the makefile you will have to 206edit the makefile, make sure you compile for the correct byte order for 207your system: define HIGHFIRST if your system is big-endian (eg. 208Motorola 68030). There are also some platform-specific parameters in 209the include file "platform.h". Some platforms may have to modify this 210file. 211 212If you successfully create a target rule for a new platform, please send 213the patches to pgp-bugs@ifi.uio.no, so it can be added to the next 214release. 215 216Note: PGP 2.6.3i requires the function memmove. Not all machines have 217this in the standard C library. There is an implementation of memmove 218included with this distribution. If you find that your platform 219requires memmove, but the makefile rule for your platform does not 220include memmove (look at the sun4gcc or sun386i rules for an example of 221how to include it), please send mail to pgp-bugs@ifi.uio.no, so I can 222correct the problem. 223 224If you have any problems, bugs, patches, etc., please send mail to 225pgp-bugs@ifi.uio.no. 226 227If all goes well, you will end up with an executable file called "pgp". 228 229Before you install pgp, run these tests: 230(do not create your real public key yet, this is just for testing pgp) 231 232 - create a .pgp directory in your home directory 233 234 - create a public/secret key pair (enter "test" as userid/password): 235 pgp -kg 236 237 - add the keys from the file "keys.asc" to the public keyring: 238 pgp -ka keys.asc 239 pgp will ask if you want to sign the keys you are adding, answer yes 240 for at least one key. 241 242 - do a keyring check: 243 pgp -kc 244 245 - encrypt pgpdoc1.txt: 246 pgp -e pgpdoc1.txt test -o testfile.pgp 247 248 - decrypt this file: 249 pgp testfile.pgp 250 251This should produce the file "testfile". Compare this file with 252pgpdoc1.txt 253 254If everything went well, install pgp in a bin directory. 255 256Place the documentation, pgpdoc1.txt and pgpdoc2.txt somewhere where you 257can reasonably read it. The software looks for it when running 258(especially generating keys), so someplace reasonably obvious would be 259good. "pgp -kg" will give you full details if it can't find the 260manuals. 261 262Place the man page (pgp.1) in an appropriate spot. If you don't know 263anything about how man pages work, you can make the man page look human 264readable yourself by typing "nroff -man pgp.1 >pgp.man" and reading 265"pgp.man". 266 267Create a subdirectory somewhere in your home directory hierarchy to hold 268your public and private key rings and anything else pgp might need (like 269the language.txt file). The default name PGP assumes is ~/.pgp. If you 270want to use a different name, you must set the environment variable 271"PGPPATH" to point to this place before you use the system. 272 273> IMPORTANT: This directory cannot be shared! It will contain your < 274> personal private keys! < 275 276If you are installing PGP for yourself, copy the files "language.txt", 277"config.txt", and the ".hlp" files from the distribution into this 278subdirectory. 279 280If you are installing PGP system-wide, the directory to use is 281/usr/local/lib/pgp for the config, language and help files. This can be 282changed in fileio.h when compiling. It's the value of PGP_SYSTEM_DIR. 283 284Tell PGP the character set and language you wish to use in the 285config.txt file. If you have a terminal that only displays 7-bit ASCII, 286use "charset=ascii" to display an approximation (accents are omitted) of 287extended characters. 288 289>> IMPORTANT: Please read the sections in the man page and manual << 290>> about vulnerabilities before using this software on a multi- << 291>> user machine! << 292 293Now, if you haven't done so yet, GO READ THE MANUAL. 294 295######################################################################## 296For VMS: 297 298Usage is generally: 299 1) Unzip your PGP 2.6.3i sources in [.PGP] using the -aa option 300 2) Set default to [.PGP.SRC] 301 3) Type @PGPINSTAL and answer the questions 302 303See the file [.pgp.src]pgpinstal.com for more detailed information. 304 305For proper operation, the logical name PGPPATH *must* be defined to 306point to a directory containing the PGP help files, language files, 307your keyrings (keyrings get created automatically), and your CONFIG.TXT. 308Refer to the PGP documentation for information on how the PGPPATH 309"environment variable" is used. 310