PGP - A suite of tools for encrypting, decrypting and ver-
ifying messages.
DESCRIPTION
There are two files in this package, but several addi-
tional modes of operation are available via symbolic
links:
pgp(1) is the main cryptographic engine of the PGP
package. However, invoking it as itself merely
prints a usage summary.
pgpe(1) is executed to encrypt, or encrypt and
sign, files. It is a link to pgp(1).
pgps(1) is executed to only sign files. It is a
link to pgp(1).
pgpv(1) is executed to only verify or decrypt
signed or encrypted files. It is a link to pgp(1).
pgpk(1) is the key management application, which is
used to generate, retrieve and send keys, as well
as manage trust.
Public key cryptography must be fully understood by the
user to be useful. A successful PGP user must be familiar
with public key cryptography in general, and some PGP-spe-
cific concepts (such as the web of trust). If you feel
comfortable with your own level of knowledge on this sub-
ject, your first step is probably going to be to invoke
pgpk(1) to generate a key. Additionally, a page by Phil
Zimmermann on the importance of cryptography is included
in pgp-intro(7).
FILES
~/.pgp/pgp.cfg
User-specific configuration file. In previous
releases, this file was called config.txt. See
pgp.cfg(5) for further details.
MIGRATION
Users migrating from earlier versions of PGP will need to
manually migrate the following configuration files:
~/.pgp/config.txt is now ~/.pgp/pgp.cfg. This file
may be copied manually. If not copied, internal
defaults will be used. This file is largely
unchanged in 5.0. See pgp.cfg(5) for more informa-
tion on this file.
~/.pgp/pubring.pgp is now ~/.pgp/pubring.pkr. You
~/.pgp/secring.pgp is now ~/.pgp/secring.skr. You
may copy your old private keyring. Even if you do
this, you are encouraged to generate a new
DSS/Diffie-Hellman key to allow communication with
all 5.0 users.
~/.pgp/language.txt is now ~/.pgp/language50.txt.
This file should not be copied from your previous
installation, as it is completely different in 5.0.
If this file is not present, internal defaults will
be used.
A cast of thousands. This is, of course, derived directly
from the work of Phil R. Zimmermann <prz@pgp.com>. Major
contributors to this release include:
Unix Development
Derek Atkins <warlord@MIT.EDU>
Hal Finney <hal@pgp.com>
Mark McArdle <markm@pgp.com>
Brett A. Thomas <quark@baz.com>
Mark Weaver <mhw@pgp.com>
Be Development
Mark Elrod <elrod@pgp.com>
Brett A. Thomas <quark@baz.com>
Library Development
Derek Atkins <warlord@MIT.EDU>
Colin Plumb <colin@pgp.com>
Hal Finney <hal@pgp.com>
Mark Weaver <mhw@pgp.com>
Unix Beta Testing
Steve Gilbert <darkelf@redcloud.org>
Mike Shappe <mshappe@jeeves.net>
Man Pages
Brett A. Thomas <quark@baz.com>
BUGS
Keyserver support should be more informative with unknown
protocols.
URL parsing uses static buffers and is vulnerable to over-
flow attacks.
The PAGER directive in pgp.cfg doesn't work.
The -b option to pgpv(1) is not implemented. This option
allowed the "breaking" of signed files into a signature
and a file (effectively, a retroactive detached signa-
ture).
pgpv -m ("more" mode) and "eyes-only" decryption is not
displaying properly. It is suggested that your pipe the
output of pgpv(1) into your pager of preference until this
is fixed.
pgpk(1) doesn't pay attention to the +force option to
force file overwrite; it stops to ask for confirmation.
Multipart armoring doesn't handle all possible permuta-
tions - specifically, it does not work properly if all the
There is currently no way to specify just a secret or pub-
lic keyring for an operation.
pgp --version doesn't work. Use pgpk --version or one of
the other commands, instead.
pgpv -p, to "preserve" the original input filename, is not
yet supported.
There are a number of bugs when specifying filenames end-
ing in digits; the general result is that the default out-
put filename is not what might be expected (i.e., pgpe -sa
foo1 results in an output suggestion of foo1.asc.1 instead
of foo1.asc, as expected). It is conjectured that the
user interface is becoming confused and invoking the rules
used to generate multi-part ASCII armor filenames.
Configuration option TZfix doesn't allow specifying non-
mainstream values, such as -420 or 30.
pgpk -e does not ask about marking a new userid as pri-
mary.
pgpk -a should accept a key on stdin, but does not.
pgpk is, in some instances, overwriting the "previously
encrypted to invalid key" flag on some keys.
SEE ALSO
pgpe(1), pgpv(1), pgps(1), pgpk(1), pgp.cfg(5), pgp-inte-
gration(7), pgp-intro(7), http://www.pgp.com (US versions)
and http://www.pgpi.com (International versions)
Man(1) output converted with
man2html