In the beginning, nobody needed encryption, because
no one could write! Then, after many years of struggle,
writing was invented! But there was still no problem,
because only the rulers and their trusted servants
could read or write. But, as time went on, more and
more people learned to read, and there began to be a problem
with written communications, in that if someone hostile intercepted
a written document, they could read it!
This began a war between the people trying to find
ever more complicated, neat ways of scrambling messages
and the people trying to figure out ways of descrambling
Sometimes the people scrambling messages would win,
and sometimes the people descrambling messages would win.
As time went on, this war over ciphers became intertwined
with regular wars, and things got interesting! In spite of
cryptography's use in wars, cryptography was invented by civilians.
And it was used by civilians through out its history.
Anyhow, the first ciphers were single key or conventional ciphers.
In single key ciphers, there is one key that must be used
by both the sender to encrypt, and by the recipient to
decrypt. The message can be decrypted by anyone who possess
this key. This leads to the
key distribution problem.
There must be some way to insure that both the sender
and the recipient have the same key. Care must be taken
so that unwanted parties do not posses this key. It is
necessary to have some kind of secure channel to accomplish this.
The problem with secure channels is that they are difficult
to establish and that people are always trying to compromise
Then Rivest, Shamir, and Aldeman
Public Key Cryptography and the algorithm that bears their name, RSA.
The RSA algorithm is based on the mathematics of
In this scheme, there are two keys, an encryption
key and a decryption or secret
key. The Recipient creates both keys. The encryption key
is published. The decryption key is kept secret. Thus,
anyone can encrypt and send a message to the recipient,
but only the recipient can decrypt. This encryption scheme
solves the key distribution problem, since the only key that
the sender needs can be published without compromising the
messages. It can be sent via any unsecured channel.
Now, from your point of view of as a user of PGP, PGP behaves
as if it were a Public Key Encryption program. A you create
a secret/public key pair and publishes the public key.
But internally, PGP is
a hybrid encryption program.
When PGP encrypts
a file, it creates a random
conventional encryption key. It sends that key to the
recipient using a header block that is encrypted using
RSA public key encryption. Thus RSA
serves as the secure channel
which is used to transmit
a conventional key, solving the key distribution problem.
The bulk of the message is encrypted using a conventional
cipher, IDEA. PGP uses this scheme because
encryption is very slow, so that if the whole message were
encrypted with RSA
then PGP would be too slow. IDEA
is thought to be a stronger encryption method than
so this scheme does not weaken PGP.
Now, PGP stores keys in keyrings.
Usually, public keys are stored in a file called
and secret keys are stored in a file called
How does PGP help you keep your secret keys secret?
RSA secret and public keys must be hundreds of bits
long and they are must be chosen randomly. This presents
a problem. If PGP were to ask you, a human being, to
remember your public key, it would be incontinent, because
most human beings do not remember long strings of binary
information well. You might write it down. This would be
bad, because someone might do a black bag job
on you. A black bag job
is when a practical cryptoanalyst comes to your house
when your are not there
with a bunch of locksmithing tools in his black bag.
He comes away with your secret key in his black bag.
The other alternative would be to store your secret key
in a computer file. But this risks someone doing
a black bag job
on your computer. PGP solves this dilemma by storing
both your public and secret keys in computer files called
keyrings. But, it stores your secret key encrypted with
conventional encryption. Your secret key will be protected
with a pass phrase which you must specify
every time you wish to use your secret key.
(When you decrypt a message or sign a message.)
you will choose your pass phrase
so that it will be easy for you, as a human being, to remember it.
PGP scrunches your pass phrase to a 128 bit cryptographic checksum,
using an algorithm called MD5.
(English has a entropy of about 1 bit per character, so if
you use a pass phrase 128 characters long, then all values
for the checksum will be equally possible.)
is used as a conventional key to encrypt or decrypt your
secret key, using IDEA.
The upshot of all this is that your secret key
is stored on a file on your disk.
Thus your disk must be carefully backed up.
The secret key
is encrypted, so that you must specify a pass phrase
anytime you wish to perform an action that uses your
secret key. Thus you will be asked for your pass phrase
when you wish decrypt a message, or when you wish to
sign a message. You should choose your pass phrase
so that you can remember it, but no one else can guess it.
PGP can authenticate or sign messages.
You can create digital signatures.
A digital signature is additional information that
tends to show that a given document really came from
a given person. PGP can check digital signatures
to check if a given document for tampering.
How does PGP authenticate a message?
A PGP digital signature shows that the person who
signed the document had access to the PGP secret
key and the pass phrase for the key indicated
by the signature and that the document has not been modified
since it was signed. This is different than hand writing
signature authentication, which ultimately depends on the
nervous system of the signer.
PGP has no menus. there are no mouse buttons to
click. PGP will not paint a fancy picture for you
to look at and it will not cause sound to come out
of your computer. PGP is a unix style command line
program. The direct way to use PGP is to enter
a PGP command. This command will typically include
computer filenames, key identifiers and options. Options
begin with the "-" character followed by a string
of incomprehensible letters. (Except for the Mackintosh
version of PGP. Hey, I do not know anything about the
Macintrash or the Macintrash version of PGP, but you
MacPGP and AppleScript FAQ.)
However, the command pgp -h
displays all the information you need to accomplish
most PGP tasks, provided you understand PGP terminology
the documentation that comes with PGP. There are subtle
problems that you can get yourselves into if you do not.
This document attempts to give you the background to understand
There are six books on PGP.
- PGP Pretty Good Privacy by Simson Garfinkel
- Protect Your Privacy A Guide for PGP users by
- E-MAIL SECURITY How to keep Your Electronic Messages Private
by Bruce Schneier
- The Computer Privacy Handbook by André
- The Official PGP User's Guide by Philip R. Zimmermann
- PGP Companion for Windows The offical Guide to WinPGP
by Peter Kent
There are a number of PGP frontend programs that give PGP
a menu oriented interface.
Some mail programs such as ELM
support PGP. Some editors support PGP extensions. There are
PGP extensions to
There is a
second mode extension for GNUEMACS
EPM editor can be extended to support PGP. .
There are a number of shells for the MSDOS program loader:
There is even a shell for WINDOZE or
There are two separate problems that encryption
in dealing with text. PGP has two separate solutions to
these problems. It is important that these problems
and their solutions not be confused. If the solution
to one problem is used when the other solution is required, the
results will be bad.
Ordinarily, a well encrypted file is not mailable.
The encrypted file usually uses characters that most
mail programs will not accept. Since line terminators
occur essentially randomly in the encrypted file, lines
can easily be too long for most mail programs.
PGP solves this problem with the
This causes PGP to use the ascii radix-64 armor
The resulting output limits the characters used to a set of
characters that mail programs will accept. It creates lines
a reasonable size. Thus the output file should be mailable.
PGP is programmed to accept such files, reversing the radix-64
format before decrypting. The
-a option can be used
when signing a file as well. This causes the signed file
to be in the radix-64 format. Using
results in output that is about 30% larger.
-a option can be specified by itself, without
requesting encryption or authentication. In this case, PGP
is being used as a superior uuencode/uudecode.
Different Operating systems represent text in different ways.
For example, different end of line characters are used.
The UNIX operating system uses linefeed characters to end lines,
but the MSDOS program loader uses the carriage return linefeed
combination to end lines. The Macintrash operating system is
said to use carriage returns to separate lines. These differences
mean that text files must be converted, when they move between
operating systems. If this conversion is not done, then the files
will not display or print properly.
This need for text file conversion, is why the FTP
(file transfer program)
needs to have binary and ascii modes, when it moves files
between operating systems.
Now when PGP is asked to
encrypt a plaintext file on one operating system and decrypt it
on another, then the PGP system as a whole is being asked to move
a text file between operating systems.
The same considerations apply when signing text files on one
operating system and removing the signature on another.
should be specified when
encrypting or signing a text file. This will ensure that
the text file conversion is done correctly. The
should not be used if the file contains binary data, such as
executable, some word processor files, and many data files.
Fred wishes to encrypt a spreadsheet file (
and put it on a floppy and mail it to his financial advisor.
Since the file is not being sent through e-mail, the
-a option is not needed. Since the file
contains binary data, the
should not be used.
At the last minute, Fred finds that his financial advisor has
an e-mail address and decides to e-mail the file.
Since the file is going to be e-mailed, the
option should be specified. The original file still contains
binary data, so the
-t option should not be specified.
A huge text file needs to be moved to the accounting department's
computer. For security reasons, this computer is not connected
to any networks, so the file will be moved on a floppy
-t option should be used because the original file
is text. The
-a option is not needed, and should
not be used so the resulting file has a better chance of fitting
on one floppy.
Fred wishes to e-mail an encrypted love-letter to his girl friend.
Since the plaintext is text, the
be used. Since the output from PGP must go through e-mail,
-a option should also be used.
The first thing to do is to create a directory for PGP and
its files to live in. Unpack the
distribution files to this
directory. (If you are using PKUNZIP under the MSDOS program
loader, be sure to use the "-d" switch.)
Modify the PGPPATH and PATH variables.
PATH should point to the directory where the PGP
executable exists. PGPPATH should point to the directory
where the PGP data files are. The procedure for doing this
depends on your operating system and should be documented
the documentation that comes with your PGP distribution.
When using the MSDOS program loader, you would modify the
AUTOEXEC.BAT. when using OS/2 the file
CONFIG.SYS should be modified.
The first thing you want to do after installing
PGP is to generate keys using the
command. This will allow messages to encrypted for you, and
it will allow you to sign messages.
PGP will ask you for a key size. Unless your computer
is a klunker, choose 1024 bits. (If your computer is
fast, and you are extremely paranoid about the computers
in the NSA's basement, you may want to create
an additional key with 2047 bits, if you have PGP 2.6. But you
would not want to make that key your primary key, because
not all versions of PGP support keys with more than 1024 bits.)
Choose the key identifier for the key. From the point
of view of PGP, the key identifier can be any string of
characters, but to use the key identifier with mail programs,
follow the convention:
First Last <firstname.lastname@example.org>
Your internet mail address should be enclosed by the <>
Choose your pass phrase according to the following rules:
- Choose a pass phrase you can remember.
Choose a pass phrase that can not be guessed.
at least 128 characters.
- can not be deduced from your personal history.
- is not found in literature or popular culture.
- Do not use your pass phrase for any other function.
PGP needs to make itself unpredictable, so that a hostile
cryptanalist can not predict what it is doing. To do this
it is necessary for PGP to get some
. It is
difficult to get random numbers in a computer program, because
computers and operating systems are designed to be predictable.
To create random numbers, PGP will ask you to type some text
on your computer. PGP creates the random numbers by measuring
the timing of your keystrokes. It does not matter what you type,
but do not use the autorepeat feature of your keyboard if it has one.
You should always sign your own public key.
The following command will sign the key my-key-identifier:
pgp -ks my-key-identifier -u my-key-identifier
You may wish to adjust the file
to conform to your personal preferences. You can study
PGPDOC2.TXT that comes with your PGP
distribution to know how to do this. If you have more than
one secret key, you may wish to set the configuration variable
MYNAME to be your default secret key.
To allow others to send you encrypted messages, you must
give them your public key. To do this, you must extract
your public key to a file:
pgp -kx my-identifier file
If you must send your public key thru e-mail ,
you will want to add the
pgp -kxa my-identifier file
When someone sends you their public key, you can add it
to your public key ring.
pgp -ka file
After you have added a public key to your keyring,
you can encrypt a message using that key.
pgp -e file key-identifier
You may need to add the -a
and/or -t options to insure that
text is handled properly.
To decrypt a file, use the simple:
This command will also check digital signatures if any.
To display a file a screenful at a time use the
PGP can sign file
creating digital signatures:
pgp -s textfile -u my-key-identifier
You may need to add the -a
and/or -t options to insure that
text is handled properly.
Authentication can be combined with encryption, creating
an encrypted, signed file.
pgp -es textfile their-key-identifier -u my-key-identifier
This will create a file that the owner of their-key-identifier
can decrypt and signed by my-key-identifier . The encryption
is done after the signature, so that a person who can not decrypt
the file can not tell who signed the file.
Suppose you wish to post a message to a USENET
newsgroup. You want to sign the message, so that people
can check its signature with PGP, but you want the text
of the message to be readable by people that do not have PGP.
You want to create a clear signed message:
pgp +clearsig=on -sat textfile -u my-key-identifier
Be careful not to enter clear signed messages into FIDONET
systems without the permission of the sysop. Most of FIDONET
is extremely authoritarian, and does not allow encrypted or signed
messages. Although we can laugh at the rigid orthodoxy of FIDONET,
we should respect the property rights of the sysops.
You can create a signature certificate in a separate file:
pgp -sb textfile -u your-key-identifier
These certificates can be checked by specifying both
the certificate and the original file to PGP.
pgp certificate-file original-file
Detached certificates can be used to sign an executable file,
without modifying the file so that it remains executable.
Special PGP commands that do not really fit anywhere.
When a file is deleted under most operating systems, the
data in the file is not necessarily destroyed. Usually,
the directory entry that points to the blocks of the file
is removed and the blocks of the file are returned to the disk's
free space. It is possible that someone could recover the data
of the file. There are the famous "undelete" programs that function
under the MSDOS program loader.
When PGP wipes a file, it overwrites the data so that the data
is DEAD, DEAD, DEAD and can never be recovered.
pgp -w datafile
The -w option can be used when encrypting a file to wipeout
the plaintext after encrypting.
pgp -esatw plaintextfile their-key-identifier -u my-key-identifier
If your operating system supports pipes, you can cause PGP
to take its input or output from a pipe by specifying the
option. (If you do not know what a pipe is, do not worry about it.
You can get along without pipes, and perhaps your operating system
does not support them.)
To cause the decrypted file to have its original filename,
pgp -p ciphertextfile
If you are encrypting a file to your self,
you can avoid fooling around with keyrings
by using conventional encryption:
pgp -c plaintextfile
PGP will ask for a pass phrase to use as a key.
The pass phrase will be required to decrypt the file.
You need to publish your public keys, so that
people who have not previously contacted you can
send you encrypted messages and check your signatures.
To publish your public keys, you should use a
PGP public keyserver
. These key servers are used by sending them e-mail
commands. These commands are described by the file
KEYSERV.DOC that comes with the PGP distribution.
To publish your public key, first extract the key as a
pgp -kxa my-key-identifier file
e-mail the resulting file to a public key server with subject "add".
It is only necessary to send your public key to one public key
server. They are like small town gossips. They all talk to each other.
To tell one is to tell them all.
To get somebody else's public key from a public key server,
send a null e-mail message to a server with subject
get key-identifier. The mail server will
mail you back a radix-64 encoded key file, which you can add to your
pgp -ka keyfile
list of keyservers changes from time to time.
FLASH now you can access
public key servers through the World Wide Web
the University of Paderborn.
The public key servers make no checks to insure that a given
keys in its database actually came from the person indicated
by the key identifier. This determination is your responsibility.
You can remove keys from your keyring with the
pgp -kr key-identifier
You can revoke keys, declaring that the keys have "gone bad"
and should not be used:
pgp -kd key-identifier
This will produce a revocation certificate, which should be sent to
the public key servers to declare that the key has gone bad.
Remember your pass phrase! You can not revoke a key without the
You can edit keys:
pgp -ke key-identifier
This will allow you to edit the pass phrase or key-identifier
of a secret key, and it will allow you to change the
trust parameters of a public key.
You might want to change your key identifier, when your
name, or your internet mail address changes.
Whenever you change a key identifier, you should always
sign your new public key.
pgp -ks my-key-identifier -u my-key-identifier
How do we know that a given key actually belongs
to the person indicated? A fraudulent key can be created
to trick us into accepting bad signatures.
It could be used to trick us into encrypting a message
that the wrong person can decrypt.
possible to forge an e-mail message, so we can not necessarily
trust that the e-mail message that brought us a public key was
As we have seen, the public keys servers
do not check that the keys stored in their databases are
The first and most basic way of checking a public
key is to contact the owner directly. You could
call the owner on the phone, and ask the owner if
the key you have really belongs to him. Then if you
recognized him by voice, you could be sure you had the right
key. But how would you know that you and the key owner were
talking about the same key? He could have a key with
key identifier and you could have
a fraudulent key with the same key identifier. How would you check
this? The answer is the
pgp -kvc key-identifier
This will cause pgp to print a fingerprint that looks
Key ring: 'E:\PGPDATA\pubring.pgp', looking for user ID "paul.elliott".
Type bits/keyID Date User ID
pub 1024/D4849879 1994/01/29 Paul Elliott (standard 1024 bit key)
Key fingerprint = F6 C7 33 D8 64 07 46 D7 FD 67 53 80 CE 7E 0B C8
Paul Elliott @hrnowl.lonestar.org>@hrnowl.lonestar.org>
The key fingerprint of a given key is designed to be unique. If
two people get the same key fingerprint for a given key, then they
know that they are dealing with the same key. Key fingerprints
can be used to verify the validity of keys over the phone.
We now pass on to more indirect methods of checking the validity
Key signatures are used to transfer the knowledge of the
"goodness" of a given key from one person to another.
Let us do a thought experiment. Suppose that Judy
has received a key from Fred through e-mail, and
she needs to verify that it is really Fred's key.
She does not know how to contact Fred directly, but
she has a friend, Sally, who does. She already has
Sally's valid key. She (Judy) could get Sally to send
her a PGP signed message like this:
-----BEGIN PGP SIGNED MESSAGE-----
I know of my own personal knowledge that the key
with key fingerprint:
F6 C7 33 D8 64 07 46 D7 FD 67 53 80 CE 7E 0B C8
Really does belong to Fred!
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Judy can run this message through PGP to verify
that it really came from Sally. She can check the fingerprint
against the fingerprint she has. If the fingerprints
match, and she trusts Sally, then she can be sure that
the key really is Fred's key.
It is never necessary to actually send or create messages like the above.
PGP supports the same functionally through the concept of
"Key signatures". When one signs a key, one is essentially creating
a message like the above, and attaching it to the key itself
on the key ring! Then, when a key is extracted
from a keyring, and
sent to someone else, and added to another keyring, the
"key signature" goes with it! Thus key signatures propagate
from user to user in the same way that keys do. To sign a key:
pgp -ks the_key_id_you_are_signing -u the_key_doing_the_signing
Whenever you sign a key, you should re-send the key to the
public key servers so that other PGP
users can use the signature to determine the validity of the key.
You can view the signatures that are attached to a key
pgp -kvv key_identifier
When PGP uses a key for encryption or signing,
it determines if in PGP's opinion, the key can be trusted.
If PGP does not trust the key, it will print an
message warning you that the key is not to be trusted. You can
tell PGP to use the key anyway. PGP
determines trust on the basis of signatures from trusted keys.
When you add a key to your public keyring
you are asked if the key can be trusted to introduce other
keys. If a PGP notes a signature from a trusted key, it
tends to trust the key bearing the signature. You can
change the trust parameters on a key using the -ke
pgp -ke key_identifier
If you trust a person, you do not necessarily trust everyone
that that person trusts! You can believe that the person you
trust is naive and that therefore the persons that he
trusts is not necessarily trustworthy. Thus the PGP
should be set to 2.
Furthermore, you should not expect other people to trust your
inferences. If you infer that a given key is good
on the basis of key signatures, you should not sign that
key. You should only sign
a key when you know of your own
personal knowledge that a key is valid.
Always, use PGP when the person you are corresponding
with has it. This establishes that you are a regular PGP
user. It asserts your right to use PGP. If you make it
a habit to always use PGP then you will not draw attention
to any sensitive messages you might wish to send.
Use conventional encryption, the -c
option, when you are encrypting files to yourself. This
avoids the RSA algorithm and is slightly stronger.
It avoids the necessity to muck around with keyrings.
Every PGP encrypted file contains header
information that identifies it as a PGP
encrypted file, even to someone who can not decrypt it.
If you wish it to remain a open question if your encrypted
file is in fact encrypted, you should use a raw conventional or
symmetric cipher. You can remove the PGP headers
from an conventionaly encrypted PGP using a program
There have been recent rumblings about government plans
to outlaw private strong encryption.
I believe in the right to use encryption for a number of
Read my rant opposing the regulation of private
It is very well to support the right to private encryption, and
everyone can do so for their own reasons, but what can be
practically done to protect the right to use encryption?
- As a member of EFH, I am for free speech in cyberspace and am
for the advance in network culture that PGP represents.
- As a member of the
Libertarian Party, I oppose any unnecessary
governmental interference in our lives.
As a supporter of the right To keep and bear arms,
I wish the people to be armed with powerfull weapons, such
- Use a defensive formulation when discussing the uses of encryption.
Choose examples that show encryption being used for good and
Even though other
uses of encryption are possible, the
widespread availability of legal encryption is
progressive and we need to be careful to talk that way.
- Take political action. You can contact your political
representatives and inform them of your views on the
issue of strong encryption.
- Spread the use of encryption. Make PGP commonly available.
Upload it to BBSes. Teach other people how to use PGP.
Get many powerful people routinely using PGP and other
strong encryption, so that it becomes politically impossible to ban it.
We want to accurately source this information, we are pretty good and sure it comes from Paul Elliot, if you have more specific souring information, please let us know.