lotus



previous page: Windows NT Security FAQ
  
page up: Security
  
next page: PGP mini FAQ

PGP FAQ



Frequently Asked Questions about the Pretty Good Privacy (PGP) encryption program.

This FAQ about the Pretty Good Privacy (PGP) encryption program was compiled and written by Jeff Licquia jalicqui@prairienet.org with numerous contributions by others.

-1.1. What is PGP?
PGP is a program that gives your electronic mail something that ...
-1.2. Why should I encrypt my mail? I'm not doing anything illegal!
You should encrypt your e-mail for the same reason that you don'...
-1.3. What are public keys and private keys? (PGP)
With conventional encryption schemes, keys must be exchanged ...
-1.4. How much does PGP cost?
Nothing! (Compare to ViaCrypt PGP at $98!) ...
-1.5. Is encryption legal?
In much of the civilized world, encryption is either legal, or ...
-1.6. Is PGP legal?
In addition to the comments about encryption listed above, there are ...
-1.7. What's the current version of PGP?
You would think that's an easy question to answer!...
-1.8. Is there an archive site for alt.security.pgp?
laszlo@instrlab.kth.se (Laszlo Baranyi) says:...
-1.9. Is there a commercial version of PGP available?
Yes; by arrangement with the author of PGP, a company called ...
-1.10. Is PGP available as a programming library, so I can write programs that use it?
Not yet. PGP 3.0, when it is released, is supposed to have ...
-1.11. What platforms has PGP been ported to?
PGP has been ported successfully to many different platforms,...
-1.12. Where can I obtain PGP?
PGP is very widely available, so much so that a separate FAQ has ...
-1.13. I want to find out more! (PGP)
If this FAQ doesn't answer your question, there are several places ...
-2.1. Why can't a person using version 2.2 read my version 2.3 message? (PGP)
You might try adding +pkcs_compat=0 to your command line as follows:...
-2.2. Why can't a person using version 2.x read my version 2.6 message? (PGP)
You are probably using MIT PGP, or possibly some other version of ...
-2.3. Why does PGP complain about checking signatures every so often?
Version 2.3a introduced the pkcs_compat option, allowing the ...
-2.4. Why does it take so long to encrypt/decrypt messages? (PGP)
This problem can arise when you have placed the entire public key ...
-2.5. How do I create a secondary key file? (PGP)
First, let's assume that you have all of the mammoth public key ...
-2.6. How does PGP handle multiple addreses?
When encrypting a message to multiple addresses, you will notice ...
-2.7. Where can I obtain scripts to integrate pgp with my email or news reading system?
There are many scripts and programs available for making PGP easier ...
-2.8. How can I decrypt messages I've encrypted to others? (PGP)
With conventional encryption, you can read the message by running ...
-2.9. Why can't I generate a key with PGP for Unix?
Most likely this is caused because PGP can't create the public ...
-2.10. When I clearsign a document in PGP, it adds a "dash-space" to several of my lines. What gives?
PGP does this because of the -----BEGIN PGP MESSAGE----- (...
-3.1. How secure is PGP?
The big unknown in any encryption scheme based on RSA is whether ...
-3.2. Can't you break PGP by trying all of the possible keys?
This is one of the first questions that people ask when they are ...
-3.3. How secure is the conventional cryptography (-c) option? (PGP)
Assuming that you are using a good strong random pass phrase, it ...
-3.4. Can the NSA crack RSA?
This question has been asked many times. If the NSA were able to ...
-3.5. Has RSA ever been cracked publicly? What is RSA-129?
One RSA-encrypted message has been cracked publicly....
-3.6. How secure is the "for your eyes only" option (-m)? (PGP)
It is not secure at all. There are many ways to defeat it. ...
-3.7. What if I forget my pass phrase? (PGP)
In a word: DON'T. If you forget your pass phrase, there is ...
-3.8. Why do you use the term "pass phrase" instead of "password"? (PGP)
This is because most people, when asked to choose a password, ...
-3.9. What is the best way to crack PGP?
Currently, the best attack possible on PGP is a dictionary attack ...
-3.10. If my secret key ring is stolen, can my messages be read? (PGP)
No, not unless they have also stolen your secret pass phrase, or ...
-3.11. How do I choose a pass phrase? (PGP)
All of the security that is available in PGP can be made ...
-3.12. How do I remember my pass phrase? (PGP)
This can be quite a problem especially if you are like me and ...
-3.13. How do I verify that my copy of PGP has not been tampered with?
If you do not presently own any copy of PGP, use great care on ...
-3.14. I can't verify the signature on my new copy of MIT PGP with my old PGP 2.3a!
The reason for this, of course, is that the signatures generated ...
-3.15. How do I know that there is no trap door in the program? (PGP)
The fact that the entire source code for the free versions of PGP ...
-3.16. I heard that the NSA put a back door in MIT PGP, and that they only allowed it to be legal with the back door.
First of all, the NSA had nothing to do with PGP becoming legal....
-3.17. Can I put PGP on a multi-user system like a network or a mainframe?
Yes. PGP will compile for several high-end operating systems such ...
-3.18. Can I use PGP under a "swapping" operating system like Windows or OS/2?
Yes. PGP for DOS runs OK in most DOS windows for these systems, ...
-3.19. Why not use RSA alone rather than a hybrid mix of IDEA, MD5, & RSA?
Two reasons: First, the IDEA encryption algorithm used in PGP ...
-3.20. Aren't all of these security procedures a little paranoid? (PGP)
That all depends on how much your privacy means to you! Even ...
-3.21. Can I be forced to reveal my pass phrase in any legal proceedings? (PGP)
Gary Edstrom reported the following in earlier versions of this FAQ:...
-4.1. Which key size should I use? (PGP)
PGP gives you three choices for key size: 512, 768, or 1024 bits. ...
-4.2. Why does PGP take so long to add new keys to my key ring?
The time required to check signatures and add keys to your public ...
-4.3. How can I extract multiple keys into a single armored file? (PGP)
A number of people have more than one public key that they would ...
-4.4. I tried encrypting the same message to the same address two different times and got completely different outputs. Why is this? (PGP)
Every time you run PGP, a different session key is generated. ...
-4.5. How do I specify which key to use when an individual has 2 or more public keys and the very same user ID on each, or when 2 different users have the same name? (PGP)
Instead of specifying the user's name in the ID field of the ...
-4.6. What does the message "Unknown signator, can't be checked" mean? (PGP)
It means that the key used to create that signature does not exist ...
-4.7. How do I get PGP to display the trust parameters on a key?
You can only do this when you run the -kc option by itself on ...
-4.8. How can I make my key available via finger? (PGP)
The first step is always to extract the key to an ASCII-armored ...
-5.1. What is message signing? (PGP)
Let's imagine that you received a letter in the mail from someone you ...
-5.2. How do I sign a message while still leaving it readable? (PGP)
Sometimes you are not interested in keeping the contents of a ...
-5.3. Can't you just forge a signature by copying the signature block to another message? (PGP)
No. The reason for this is that the signature contains ...
-5.4. Are PGP signatures legally binding?
It's still too early to tell. At least one company is using ...
-6.1. What is key signing? (PGP)
OK, you just got a copy of John Smith's public encryption key. How ...
-6.2. How do I sign a key? (PGP)
Execute the following command from the command prompt:...
-6.3. Should I sign my own key? (PGP)
Yes, you should sign each personal ID on your key. This will help ...
-6.4. Should I sign X's key? (PGP)
Signing someone's key is your indication to the world that you ...
-6.5. How do I verify someone's identity? (PGP)
It all depends on how well you know them. Relatives, friends ...
-6.6. How do I know someone hasn't sent me a bogus key to sign? (PGP)
It is very easy for someone to generate a key with a false ID and ...
-6.7. What's a key signing party? (PGP)
A key signing party is a get-together with various other users of ...
-6.8. How do I organize a key signing party? (PGP)
Though the idea is simple, actually doing it is a bit complex, ...
-7.1. My secret key ring has been stolen or lost, what do I do? (PGP)
Assuming that you selected a good solid random pass phrase to ...
-7.2. I forgot my pass phrase. Can I create a key revocation certificate? (PGP)
YOU CAN'T, since the pass phrase is required to create ...
-8.1. What are the Public Key Servers? (PGP)
Public Key Servers exist for the purpose of making your public ...
-8.2. What public key servers are available? (PGP)
The following is a list of all of the known public key servers ...
-8.3. What is the syntax of the key server commands? (PGP)
The key server expects to see one of the following commands placed ...
-9.1 Where should I send bug reports? (PGP)
Bugs related to MIT PGP should be sent to pgp-bugs@mit.edu. You ...
-10. Recommended Reading (PGP)
Stallings, William, Protect Your Privacy: A Guide for PGP Users,...
-11. General Tips (PGP)
> Some BBS sysops may not permit you to place encrypted mail or files ...
-99. Appendix I - PGP add-ons and Related Programs p1
Due to the enormous size this FAQ has begun to take, I have ...
-99. Appendix I - PGP add-ons and Related Programs p2
-99. Appendix I - PGP add-ons and Related Programs p3
-99. Glossary of Cryptographic Terms: MD5 (Message Digest Algorithm #5)
-99. Glossary of Cryptographic Terms: DES (Data Encryption Standard)
-99. Glossary of Cryptographic Terms: One Time Pad
-99. Glossary of Cryptographic Terms: PEM (Privacy Enhanced Mail)
The following was taken from the sci.crypt FAQ:...
-99. Glossary of Cryptographic Terms: TEMPEST
-99. Glossary of Cryptographic Terms: p1
========
-99. Glossary of Cryptographic Terms: p2
========
-99. Appendix III - Cypherpunks (PGP)
========
-99. Testimony of Philip Zimmermann to Congress
Reproduced by permission....
-99. Testimony of Philip Zimmermann to Congress I. The information ageis here.
Computers were developed in secret back in World War II mainly ...
-99. Testimony of Philip Zimmermann to Congress II. Export controlsare outdated and are a threat to privacy and economic competitivness.
The current export control regime makes no sense anymore, ...
-99. Testimony of Philip Zimmermann to Congress III. People want theirprivacy very badly.
PGP has spread like a prairie fire, fanned by countless people ...
-99. Testimony of Philip Zimmermann to Congress Appendix -- HowPublic-Key Cryptography Works
-99. The Philip Zimmermann Defense Fund.
All articles reproduced by permission....
-99. The Philip Zimmermann Defense Fund. Fund announcement
Here's the original article announcing the fund:...
-99. The Philip Zimmermann Defense Fund. Call for donations
=====
-99. Appendix VI - A Statement from ViaCrypt Concerning ITAR (PGP)
Reproduced by ...









TOP
previous page: Windows NT Security FAQ
  
page up: Security
  
next page: PGP mini FAQ