The first thing you have to do is to get pgp. As of 1999 there seems to be a version 5.00 and a bunch of version 2.6’s. There is much confusion in general about which version does what due to legal nonsense pertaining to the USofA. I got my version of pgp in Europe and IMPORTED it into the USA. I feel perfectly ok with that. I’m using 2.6.3i right now.
Where you get your pgp is the next issue. This is a sensitive thing really since if some imposter/bad guy was going to do anything nefarious with any program, this would be it. And cryptography is a lot of fun as an academic exercise anyway, so here are the steps I took to have a clean copy.
-
I got my copy in rpm format from a Linux CD that I got out of a German Linux book. This does in no way guarantee that you have a "clean" copy of it.
-
I installed it with:
rpm -ivh pgp*
-
Typing this should tell you if the install went ok and what version:
pgp -h
-
Now, your copy could be totally bogus and planted by an imposter - how can you tell? In the distribution, there is a set of keys that I found at:
/usr/doc/pgp-2.6.3i-1/keys.asc
This set of keys has all the pgp bigshots on it like Phil Zimmerman himself, pgp’s main and original author.
-
Here’s the really evil part: if you were a bad guy, you would, of course, substitute a bogus public key for Phil so that you could keep up the appearance that everything was ok. Since you probably don’t know Phil personally, the keys that are listed are rather arbitrary. What needs to happen is that you need to link that key with reality in some way. Phil’s a busy guy and discussing the specifics of your pgp package is probably out of the question (and with driver’s licenses so easy to forge, how would you know him if you met him anyway?). The basis for my trust started with Simson Garfinkel and book publisher, O’Reilly. On page 262, Simson lists explicitly for this very reason, Phil’s public key fingerprint which appears to be:
pub 1024/C7A966DD 1993/05/21 Philip R. Zimmermann <prz@acm.org> Key fingerprint = 9E 94 45 13 39 83 5F 70 7B E7 D8 ED C4 BE 5A A6
Don’t take my word for it, hop on down to the book store and check it out yourself - that’s what a properly paranoid person would do.
Assuming that Phil Zimmerman is a real guy who is promoting proletariat privacy and not some construct of the NSA, we can assume that a book called PGP at Barnes&Noble would have caught his eye and he’d raise hell if his fingerprint was wrong.
-
So now you must check to make sure that your copy of pgp digests Phil’s key into what the printed universal version dictates. To do this, you have to pull all of the keys into a "keyring" (this is step 1):
$ pgp -ka /usr/doc/pgp-2.6.3i-1/keys.asc ~/temp.pgp
After creating this keyring in your home directory (or wherever you like):
$ pgp -kvc Zimmerman ~/temp.pgp
will give you an output of the key associated with Phil.
-
First off, that key should match the one in the online documentation as well as the printed book. Use this command:
grep -A 2 "Philip R. Zimmermann <" /usr/doc/pgp-2.6.3i-1/pgpdoc2.txt6.
-
Ok, off on another oddessy since Phil didn’t really have anything to do with the rpm. The above checks are pretty rough. Let’s get the source:
rpm -ivh pgp-2.6.3i.src.rpm cd /usr/src/redhat/SOURCES/ tar -xvzf pgp263is.tar.gz
Gnu Privacy Guard (GPG) Help commands
gpg (GnuPG) 1.0.0
Copyright (C) 1999 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Supported algorithms:
Cipher: 3DES, CAST5, BLOWFISH, TWOFISH
Pubkey: ELG-E, DSA, ELG
Hash: MD5, SHA1, RIPEMD160
Syntax: gpg [options] [files]
sign, check, encrypt or decrypt
default operation depends on the input data
Commands:
-s, --sign [file] make a signature
--clearsign [file] make a clear text signature
-b, --detach-sign make a detached signature
-e, --encrypt encrypt data
-c, --symmetric encryption only with symmetric cipher
--store store only
-d, --decrypt decrypt data (default)
--verify verify a signature
--list-keys list keys
--list-sigs list keys and signatures
--check-sigs check key signatures
--fingerprint list keys and fingerprints
--list-secret-keys list secret keys
--gen-key generate a new key pair
--delete-key remove key from the public keyring
--sign-key sign a key
--lsign-key sign a key locally
--edit-key sign or edit a key
--gen-revoke generate a revocation certificate
--export export keys
--send-keys export keys to a key server
--recv-keys import keys from a key server
--import import/merge keys
--list-packets list only the sequence of packets
--export-ownertrust export the ownertrust values
--import-ownertrust import ownertrust values
--update-trustdb update the trust database
--check-trustdb [NAMES] check the trust database
--fix-trustdb fix a corrupted trust database
--dearmor De-Armor a file or stdin
--enarmor En-Armor a file or stdin
--print-md algo [files] print message digests
Options:
-a, --armor create ascii armored output
-r, --recipient NAME encrypt for NAME
--default-recipient NAME use NAME as default recipient
--default-recipient-self use the default key as default recipient
-u, --local-user use this user-id to sign or decrypt
-z N set compress level N (0 disables)
--textmode use canonical text mode
-o, --output use as output file
-v, --verbose verbose
-q, --quiet be somewhat more quiet
--no-tty don't use the terminal at all
--force-v3-sigs force v3 signatures
--force-mdc always use a MDC for encryption
-n, --dry-run do not make any changes
--batch batch mode: never ask
--yes assume yes on most questions
--no assume no on most questions
--keyring add this keyring to the list of keyrings
--secret-keyring add this secret keyring to the list
--default-key NAME use NAME as default secret key
--keyserver HOST use this keyserver to lookup keys
--charset NAME set terminal charset to NAME
--options read options from file
--debug set debugging flags
--debug-all enable full debugging
--status-fd FD write status info to this FD
--no-comment do not write comment packets
--completes-needed (default is 1)
--marginals-needed (default is 3)
--load-extension FILE load extension module FILE
--rfc1991 emulate the mode described in RFC1991
--openpgp set all packet, cipher and digest options to OpenPGP behavior
--s2k-mode N use passphrase mode N
--s2k-digest-algo NAME use message digest algorithm NAME for passphrases
--s2k-cipher-algo NAME use cipher algorithm NAME for passphrases
--cipher-algo NAME use cipher algorithm NAME
--digest-algo NAME use message digest algorithm NAME
--compress-algo N use compress algorithm N
--throw-keyid throw keyid field of encrypted packets
-N, --notation-data NAME=VALUE use this notation data
Examples:
-se -r Bob [file] sign and encrypt for user Bob
--clearsign [file] make a clear text signature
--detach-sign [file] make a detached signature
--list-keys [names] show keys
--fingerprint [names] show fingerprints
Please report bugs to <gnupg-bugs@gnu.org>.