1
2                   Pretty Good Privacy Version 2.6.3i
3                           Installation Guide
4
5              by Perry Metzger, Colin Plumb, Derek Atkins,
6                     Jeffrey I. Schiller and others
7                                           .
8               Updated for PGP 2.6.3i by Stale Schumacher
9
10
11How to Install PGP
12==================
13
14The first question is, what platform are you on?
15
16The  base PGP 2.6.3i distribution  runs on  MS-DOS,  OS/2,  Atari,  VMS,
17Archimedes  and  several  varieties  of  Unix.  Naturally,  installation
18instructions  differ depending  on your hardware.  Separate instructions
19are provided here for MSDOS, OS/2, Unix and VMS.
20
21See  the  section  below  for   your  system's  particular  installation
22instructions.
23
24If you do not have any  of  these  systems, you will either have to port
25the sources to your machine or find someone who has already done so.
26
27########################################################################
28For MSDOS and OS/2:
29
30PGP is distributed in a  compressed archive format, which keeps all  the
31relevant  files  grouped  together,   and  also  saves  disk  space  and
32transmission time.
33
34The current version,  2.6.3i, is archived with the ZIP utility,  and the
35PGP  executable binary is  in a file named  PGP263I.ZIP  (MSDOS 16-bit),
36PGP263IX.ZIP (MSDOS 32-bit),  PGP263I2.ZIP (OS/2 FAT) or pgp263i-os2.zip
37(OS/2  HPFS).     This  contains  the  executable  program,   the   user
38documentation, and a few keys and signatures. There is also another file
39available  containing   the  C  and   assembly  source   code,    called
40PGP263IS.ZIP.  This should be available from the same source  from which
41you  got PGP263I.ZIP.   If not,  send  email to  pgp@hypnotech.com  with
42"INFO PGP" in the subject field.
43
44You  will need PKUNZIP  version 2.0 or later to uncompress and split the
45ZIP archive  file into  individual files.  PKUNZIP is  shareware  and is
46widely available on MSDOS and OS/2 machines.
47
48Create a directory  for the PGP files.  For this description, let's  use
49the directory  C:\PGP as an example,  but you should substitute your own
50disk  and  directory name if  you use something  different.  Type  these
51commands to make the new directory:
52
53   c:
54   md \pgp
55   cd \pgp
56
57Uncompress the distribution file to the directory.  For this example, we
58will assume the  file  is  on  floppy  drive  A  -  if  not,  substitute
59your own file location, e.g.:
60
61   pkunzip -d a:pgp263i
62
63This  will  create   the  files  PGP263II.ZIP  and  PGP263II.ASC.  Unzip
64PGP263II.ZIP with the command:
65
66   pkunzip -d pgp263ii
67
68If you omit the -d flag, all the  files in the  doc subdirectory will be
69deposited in the pgp directory. This merely causes clutter.
70
71Keep the PGP263II.ZIP file around. Once you have PGP working you can use
72PGP263II.ASC to verify the digital signature on PGP263II.ZIP.  It should
73come from Stale Schumacher (whose key is included in KEYS.ASC).
74
75 Setting the Environment
76 -----------------------
77
78Next,  you can set  an "environment variable"  to let PGP know  where to
79find  its  special  files,  in case  you  use  it from  other  than  the
80default  PGP  directory.   Use  your favorite  text  editor to  add  the
81following lines to  your AUTOEXEC.BAT (MSDOS) or  CONFIG.SYS (OS/2) file
82(usually on your C: drive):
83
84   SET PGPPATH=C:\PGP
85   SET PATH=C:\PGP;%PATH%
86
87Substitute your own directory name if different from "C:\PGP".
88
89The CONFIG.TXT file  contains  various preferences.  You  can change the
90language PGP operates in, and the character set it  uses.  The  IBM PC's
91default character set, "Code Page 850" will be used if the line "charset
92= cp850" appears in the config.txt file.   You probably want to add that
93line.
94
95Another environmental  variable you  should  set is  "TZ",  which  tells
96your  operating  system what  time zone  you  are  in.  This  helps  PGP
97create  GMT timestamps  for its  keys  and signatures.  If  you properly
98define TZ in AUTOEXEC.BAT (CONFIG.SYS),  then MSDOS (OS/2) will give you
99good GMT timestamps, and  will handle daylight savings  time adjustments
100for you.  Here are some sample lines depending on your time zone:
101
102For Los Angeles:  SET TZ=PST8PDT
103For Denver:       SET TZ=MST7MDT
104For Arizona:      SET TZ=MST7
105   (Arizona never uses daylight savings time)
106For Chicago:      SET TZ=CST6CDT
107For New York:     SET TZ=EST5EDT
108For London:       SET TZ=GMT0BST
109For Amsterdam:    SET TZ=MET-1DST
110For Moscow:       SET TZ=MSK-3MSD
111For Aukland:      SET TZ=NZT-12DST
112
113Now reboot your system to set up PGPPATH and TZ.
114
115 Generating Your First Key
116 -------------------------
117
118One of the first things you  will want to  do  to really use PGP  (other
119than to test  itself) is to generate your own key.  This is described in
120more detail in the "RSA Key Generation" section of the PGP User's Guide.
121Remember that your key becomes something like  your written signature or
122your bank card code number or even a house key - keep it secret and keep
123it secure!  Use a long, unguessable pass phrase and remember  it.  Right
124after you generate  a key, put it on your key rings and copy your secret
125keyring (SECRING.PGP) to a blank floppy and write protect the floppy.
126
127If  you  are a first-time user of PGP,  it is a  good idea to generate a
128short test key, with a short  passphrase, to play around with PGP for  a
129little bit and  see  how  it  works,  or even  more  than one so you can
130pretend  to be sending messages between two different people.  Since you
131won't be guarding any secrets, this can be  short and have a simple pass
132phrase.  But when you  generate your permanent  key, that  you intend to
133give to  others so  they can send secure messages  to you, be  much more
134careful.
135
136After you generate your own key pair, you can add a few more public keys
137to your key ring.  A collection of  sample public keys is  provided with
138the release  in the file KEYS.ASC.  To add them to your public key ring,
139see the PGP  User's  Guide, in  the section on adding  keys  to your key
140ring.
141
142 Verifying the PGP distribution
143 ------------------------------
144
145Now that you have PGP up and  running and have read in the KEYS.ASC file
146you can verify the  integrity of the original distribution.   To do this
147type:
148
149   pgp pgp263ii.asc
150
151It will inform  you that pgp263ii.asc contains a signature but  no text.
152It may then ask you to provide the name  of the file that it applies to.
153Type in "pgp263ii.zip", the internal ZIP file.
154
155PGP should tell you that it has a Good Signature from:
156
157Stale Schumacher <stale@hypnotech.com>
158
159It will also tell you that it doesn't "trust" this key.  This is because
160PGP does not *know* that the  enclosed key really belongs to me.   Don't
161worry about this now.  Read the section "How to Protect Public Keys from
162Tampering" in Volume 1 of the PGP manual.
163
164 READ THE FINE MANUAL (RTFM)
165 ---------------------------
166
167READ THE DOCUMENTATION.  At least read Volume I of the PGP User's Guide.
168Cryptography  software  is easy  to  misuse,  and if  you  don't  use it
169properly much  of the security  you could gain by using it will be lost!
170You might  also  be  unfamiliar  with  the  concepts  behind  public key
171cryptography; the manual explains these ideas.   Even if you are already
172familiar  with  public  key  cryptography,  it  is  important  that  you
173understand  the various security issues associated with  using PGP.  PGP
174may be an  unpickable  lock,  but you have  to  install  it in the  door
175properly or it won't provide security.
176
177########################################################################
178For UNIX:
179
180You likely will have to compile  PGP for your system;  to do this, first
181make sure  the unpacked  files are  in  the correct unix textfile format
182(the files  in pgp263is.zip  are in MSDOS  CRLF format,  so for Unix you
183must  unpack  with  "unzip  -a";   the  tar  files   pgp263is.tar.Z  and
184pgp263is.tar.gz use normal Unix line feed conventions).
185
186If you intend  to compile PGP  2.6.3i for  use within the USA,  you will
187need the RSAREF package written by RSA Data Security. It is NOT included
188with the PGP 2.6.3i distribution.
189
190When  you untar  pgp263is.tar (either  compression format) you will find
191that it contains 5 files. pgp263ii.tar contains all non-binary files for
192PGP  including  all source code.  This  tar  archive  has  been  created
193assuming  that you  will untar it directly into your  PGP 2.6.3i "build"
194directory.  pgp263ii.asc is a detached digital signature of pgp263ii.tar
195(which  you can verify  after  you have PGP  operating,  see the section
196above titled "Verifying the  PGP Distribution").
197
198If you don't have an  ANSI C compiler  you will need the unproto package
199written by  Wietse Venema.  unproto was  posted on comp.sources.misc and
200can  be  obtained  from the various  sites  that archive this  newsgroup
201(volume   23:   v23i012   and    v23i013)   or    ftp.win.tue.nl   file:
202/pub/programming/unproto4.shar.Z.   Read the file  README in the unproto
203distribution for instructions on how to use unproto.
204
205If your system doesn't  have a target in the  makefile you  will have to
206edit the makefile, make sure you compile for the  correct byte order for
207your  system:  define  HIGHFIRST  if  your  system  is  big-endian  (eg.
208Motorola 68030).  There are  also  some  platform-specific parameters in
209the include  file "platform.h".  Some platforms may have  to modify this
210file.
211
212If you successfully create a target rule for a new platform, please send
213the patches  to  pgp-bugs@ifi.uio.no,  so it can  be added  to the  next
214release.
215
216Note: PGP 2.6.3i requires the  function memmove.  Not all machines  have
217this in the standard C library.  There  is an  implementation of memmove
218included  with  this  distribution.   If  you  find that  your  platform
219requires memmove,  but  the makefile  rule  for your  platform  does not
220include memmove (look at the  sun4gcc or sun386i rules for an example of
221how to include  it),  please send mail to pgp-bugs@ifi.uio.no,  so I can
222correct the problem.
223
224If  you  have any problems, bugs, patches,  etc.,  please  send mail  to
225pgp-bugs@ifi.uio.no.
226
227If all goes well, you will end up with an executable file called "pgp".
228
229Before you install pgp, run these tests:
230(do not create your real public key yet, this is just for testing pgp)
231
232 - create a .pgp directory in your home directory
233
234 - create a public/secret key pair (enter "test" as userid/password):
235        pgp -kg
236
237 - add the keys from the file "keys.asc" to the public keyring:
238        pgp -ka keys.asc
239   pgp will ask if you want to  sign the keys you are adding, answer yes
240   for at least one key.
241
242 - do a keyring check:
243        pgp -kc
244
245 - encrypt pgpdoc1.txt:
246        pgp -e pgpdoc1.txt test -o testfile.pgp
247
248 - decrypt this file:
249        pgp testfile.pgp
250
251This  should  produce  the  file  "testfile".  Compare  this  file  with
252pgpdoc1.txt
253
254If everything went well, install pgp in a bin directory.
255
256Place the documentation, pgpdoc1.txt and pgpdoc2.txt somewhere where you
257can  reasonably  read  it.   The  software  looks  for it  when  running
258(especially generating  keys), so someplace reasonably obvious would  be
259good.   "pgp  -kg"  will give  you full details  if  it  can't  find the
260manuals.
261
262Place  the man page (pgp.1) in  an appropriate spot.  If  you don't know
263anything about how man pages work, you can  make the man page look human
264readable  yourself by typing  "nroff  -man pgp.1  >pgp.man" and  reading
265"pgp.man".
266
267Create a subdirectory somewhere in your home directory hierarchy to hold
268your public and private key rings and anything else pgp might need (like
269the language.txt file).  The default name PGP assumes is ~/.pgp.  If you
270want  to  use a  different  name, you must set  the environment variable
271"PGPPATH" to point to this place before you use the system.
272
273> IMPORTANT: This directory cannot be shared!  It will contain your <
274> personal private keys!                                            <
275
276If you are installing PGP for yourself,  copy the  files "language.txt",
277"config.txt", and  the  ".hlp"  files  from  the  distribution into this
278subdirectory.
279
280If  you  are  installing  PGP  system-wide,  the  directory  to  use  is
281/usr/local/lib/pgp for the config, language and help files.  This can be
282changed in fileio.h when compiling.  It's the value of PGP_SYSTEM_DIR.
283
284Tell  PGP  the  character set  and  language  you  wish  to use  in  the
285config.txt file.  If you have a terminal that only displays 7-bit ASCII,
286use "charset=ascii" to display an approximation (accents are omitted) of
287extended characters.
288
289>> IMPORTANT: Please read the sections in the man page and manual  <<
290>> about vulnerabilities before using this software on a multi-    <<
291>> user machine!                                                   <<
292
293Now, if you haven't done so yet, GO READ THE MANUAL.
294
295########################################################################
296For VMS:
297
298Usage is generally:
299  1) Unzip your PGP 2.6.3i sources in [.PGP] using the -aa option
300  2) Set default to [.PGP.SRC]
301  3) Type @PGPINSTAL and answer the questions
302
303See the file [.pgp.src]pgpinstal.com for more detailed information.
304
305For proper  operation,  the logical name  PGPPATH  *must*  be defined to
306point to  a directory  containing the  PGP  help files,  language files,
307your keyrings (keyrings get created automatically), and your CONFIG.TXT.
308Refer to  the  PGP  documentation for  information  on  how the  PGPPATH
309"environment variable" is used.
310