PGP Command Line 10.1 User guide

  • Hello! I am an AI chatbot trained to assist you with the PGP Command Line 10.1 User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
PGP® Command Line
User's Guide
Version Information
PGP Command Line User's Guide. Version 10.1. Released September 2010.
Copyright Information
Copyright © 1991-2010 by PGP Corporation. All Rights Reserved. No part of this document can be reproduced or transmitted in any form or by any
means, electronic or mechanical, for any purpose, without the express written permission of PGP Corporation.
Trademark Information
PGP, Pretty Good Privacy, and the PGP logo are registered trademarks of PGP Corporation in the US and other countries. IDEA is a trademark of
Ascom Tech AG. Windows and ActiveX are registered trademarks of Microsoft Corporation. AOL is a registered trademark, and AOL Instant
Messenger is a trademark, of America Online, Inc. Red Hat and Red Hat Linux are trademarks or registered trademarks of Red Hat, Inc. Linux is a
registered trademark of Linus Torvalds. Solaris is a trademark or registered trademark of Sun Microsystems, Inc. AIX is a trademark or registered
trademark of International Business Machines Corporation. HP-UX is a trademark or registered trademark of Hewlett-Packard Company. SSH and
Secure Shell are trademarks of SSH Communications Security, Inc. Rendezvous and Mac OS X are trademarks or registered trademarks of Apple
Computer, Inc. All other registered and unregistered trademarks in this document are the sole property of their respective owners.
Licensing and Patent Information
The IDEA cryptographic cipher described in U.S. patent number 5,214,703 is licensed from Ascom Tech AG. The CAST-128 encryption algorithm,
implemented from RFC 2144, is available worldwide on a royalty-free basis for commercial and non-commercial uses. PGP Corporation has secured a
license to the patent rights contained in the patent application Serial Number 10/655,563 by The Regents of the University of California, entitled Block
Cipher Mode of Operation for Constructing a Wide-blocksize block Cipher from a Conventional Block Cipher. Some third-party software included in PGP
Universal Server is licensed under the GNU General Public License (GPL). PGP Universal Server as a whole is not licensed under the GPL. If you would
like a copy of the source code for the GPL software included in PGP Universal Server, contact PGP Support (
https://support.pgp.com). PGP Corporation
may have patents and/or pending patent applications covering subject matter in this software or its documentation; the furnishing of this software or
documentation does not give you any license to these patents.
Acknowledgments
This product includes or may include:
-- The Zip and ZLib compression code, created by Mark Adler and Jean-Loup Gailly, is used with permission from the free Info-ZIP implementation,
developed by zlib (
http://www.zlib.net). -- Libxml2, the XML C parser and toolkit developed for the Gnome project and distributed and copyrighted
under the MIT License found at
http://www.opensource.org/licenses/mit-license.html. Copyright © 2007 by the Open Source Initiative. -- bzip2 1.0, a
freely available high-quality data compressor, is copyrighted by Julian Seward, © 1996-2005. -- Application server (
http://jakarta.apache.org/), web
server (
http://www.apache.org/), Jakarta Commons (http://jakarta.apache.org/commons/license.html) and log4j, a Java-based library used to parse
HTML, developed by the Apache Software Foundation. The license is at
www.apache.org/licenses/LICENSE-2.0.txt. -- Castor, an open-source, data-
binding framework for moving data from XML to Java programming language objects and from Java to databases, is released by the ExoLab Group
under an Apache 2.0-style license, available at
http://www.castor.org/license.html. -- Xalan, an open-source software library from the Apache Software
Foundation that implements the XSLT XML transformation language and the XPath XML query language, is released under the Apache Software
License, version 1.1, available at
http://xml.apache.org/xalan-j/#license1.1. -- Apache Axis is an implementation of the SOAP ("Simple Object Access
Protocol") used for communications between various PGP products is provided under the Apache license found at
http://www.apache.org/licenses/LICENSE-2.0.txt. -- mx4j, an open-source implementation of the Java Management Extensions (JMX), is released
under an Apache-style license, available at
http://mx4j.sourceforge.net/docs/ch01s06.html. -- jpeglib version 6a is based in part on the work of the
Independent JPEG Group. (
http://www.ijg.org/) -- libxslt the XSLT C library developed for the GNOME project and used for XML transformations is
distributed under the MIT License
http://www.opensource.org/licenses/mit-license.html. -- PCRE Perl regular expression compiler, copyrighted and
distributed by University of Cambridge. ©1997-2006. The license agreement is at
http://www.pcre.org/license.txt. -- BIND Balanced Binary Tree Library
and Domain Name System (DNS) protocols developed and copyrighted by Internet Systems Consortium, Inc. (
http://www.isc.org) -- Free BSD
implementation of daemon developed by The FreeBSD Project, © 1994-2006. -- Simple Network Management Protocol Library developed and
copyrighted by Carnegie Mellon University © 1989, 1991, 1992, Networks Associates Technology, Inc, © 2001- 2003, Cambridge Broadband Ltd. ©
2001- 2003, Sun Microsystems, Inc., © 2003, Sparta, Inc, © 2003-2006, Cisco, Inc and Information Network Center of Beijing University of Posts and
Telecommunications, © 2004. The license agreement for these is at
http://net-snmp.sourceforge.net/about/license.html. -- NTP version 4.2 developed
by Network Time Protocol and copyrighted to various contributors. -- Lightweight Directory Access Protocol developed and copyrighted by OpenLDAP
Foundation. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP). Copyright © 1999-2003, The
OpenLDAP Foundation. The license agreement is at
http://www.openldap.org/software/release/license.html. Secure shell OpenSSH developed by
OpenBSD project is released by the OpenBSD Project under a BSD-style license, available at
http://www.openbsd.org/cgi-
bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD. -- PC/SC Lite is a free implementation of PC/SC, a specification for SmartCard integration is released
under the BSD license. -- Postfix, an open source mail transfer agent (MTA), is released under the IBM Public License 1.0, available at
http://www.opensource.org/licenses/ibmpl.php. -- PostgreSQL, a free software object-relational database management system, is released under a
BSD-style license, available at
http://www.postgresql.org/about/licence. -- PostgreSQL JDBC driver, a free Java program used to connect to a
PostgreSQL database using standard, database independent Java code, (c) 1997-2005, PostgreSQL Global Development Group, is released under a
BSD-style license, available at
http://jdbc.postgresql.org/license.html. -- PostgreSQL Regular Expression Library, a free software object-relational
database management system, is released under a BSD-style license, available at
http://www.postgresql.org/about/licence. -- 21.vixie-cron is the Vixie
version of cron, a standard UNIX daemon that runs specified programs at scheduled times. Copyright © 1993, 1994 by Paul Vixie; used by permission. -
- JacORB, a Java object used to facilitate communication between processes written in Java and the data layer, is open source licensed under the
GNU Library General Public License (LGPL) available at
http://www.jacorb.org/lgpl.html. Copyright © 2006 The JacORB Project. -- TAO (The ACE ORB)
is an open-source implementation of a CORBA Object Request Broker (ORB), and is used for communication between processes written in C/C++ and
the data layer. Copyright (c) 1993-2006 by Douglas C. Schmidt and his research group at Washington University, University of California, Irvine, and
Vanderbilt University. The open source software license is available at
http://www.cs.wustl.edu/~schmidt/ACE-copying.html. -- libcURL, a library for
downloading files via common network services, is open source software provided under a MIT/X derivate license available at
http://curl.haxx.se/docs/copyright.html. Copyright (c) 1996 - 2007, Daniel Stenberg. -- libuuid, a library used to generate unique identifiers, is released
under a BSD-style license, available at
http://thunk.org/hg/e2fsprogs/?file/fe55db3e508c/lib/uuid/COPYING. Copyright (C) 1996, 1997 Theodore Ts'o. --
libpopt, a library that parses command line options, is released under the terms of the GNU Free Documentation License available at
http://directory.fsf.org/libs/COPYING.DOC. Copyright © 2000-2003 Free Software Foundation, Inc. -- gSOAP, a development tool for Windows clients
to communicate with the Intel Corporation AMT chipset on a motherboard, is distributed under the gSOAP Public License version 1.3b, available at
4
http://www.cs.fsu.edu/~engelen/license.html. -- Windows Template Library (WTL) is used for developing user interface components and is distributed
under the Common Public License v1.0 found at
http://opensource.org/licenses/cpl1.0.php. -- The Perl Kit provides several independent utilities used to
automate a variety of maintenance functions and is provided under the Perl Artistic License, found at
http://www.perl.com/pub/a/language/misc/Artistic.html. -- rEFIt - libeg, provides a graphical interface library for EFI, including image rendering, text
rendering, and alpha blending, and is distributed under the license found at
http://refit.svn.sourceforge.net/viewvc/*checkout*/refit/trunk/refit/LICENSE.txt?revision=288. Copyright (c) 2006 Christoph Pfisterer. All rights
reserved. -- Java Radius Client, used to authenticate PGP Universal Web Messenger users via Radius, is distributed under the Lesser General Public
License (LGPL) found at
http://www.gnu.org/licenses/lgpl.html. -- Yahoo! User Interface (YUI) library version 2.5.2, a Web UI interface library for AJAX.
Copyright (c) 2009, Yahoo! Inc. All rights reserved. Released under a BSD-style license, available at
http://developer.yahoo.com/yui/license.html. --
JSON-lib version 2.2.1, a Java library used to convert Java objects to JSON (JavaScript Object Notation) objects for AJAX. Distributed under the
Apache 2.0 license, available at
http://json-lib.sourceforge.net/license.html. -- EZMorph, used by JSON-lib, is distributed under the Apache 2.0 license,
available at
http://ezmorph.sourceforge.net/license.html. -- Apache Commons Lang, used by JSON-lib, is distributed under the Apache 2.0 license,
available at
http://commons.apache.org/license.html. -- Apache Commons BeanUtils, used by JSON-lib, is distributed under the Apache 2.0 license,
available at
http://commons.apache.org/license.html. -- SimpleIni is an .ini format file parser and provides the ability to read and write .ini files, a
common configuration file format used on Windows, on other platforms. Distributed under the MIT License found at
http://www.opensource.org/licenses/mit-license.html. Copyright 2006-2008, Brodie Thiesfield. -- uSTL provides a small fast implementation of common
Standard Template Library functions and data structures and is distributed under the MIT License found at
http://www.opensource.org/licenses/mit-
license.html. Copyright (c) 2005-2009 by Mike Sharov <[email protected]ceforge.net>. -- Protocol Buffers (protobuf), Google's data interchange
format, are used to serialize structure data in the PGP SDK. Distributed under the BSD license found at
http://www.opensource.org/licenses/bsd-
license.php. Copyright 2008 Google Inc. All rights reserved.
Additional acknowledgements and legal notices are included as part of the PGP Universal Server.
Export Information
Export of this software and documentation may be subject to compliance with the rules and regulations promulgated from time to time by the Bureau
of Export Administration, United States Department of Commerce, which restricts the export and re-export of certain products and technical data.
Limitations
The software provided with this documentation is licensed to you for your individual use under the terms of the End User License Agreement provided
with the software. The information in this document is subject to change without notice. PGP Corporation does not warrant that the information meets
your requirements or that the information is free of errors. The information may include technical inaccuracies or typographical errors. Changes may be
made to the information and incorporated in new editions of this document, if and when made available by PGP Corporation.
Unsupported Third Party Products
By utilizing third party products, software, drivers, or other components ("Unsupported Third Party Product") to interact with the PGP software and/or by
utilizing any associated PGP command or code provided by to you by PGP at its sole discretion to interact with the Unsupported Third Party Product
("PGP Third Party Commands"), you acknowledge that the PGP software has not been designed for or formally tested with the Unsupported Third Party
Product, and therefore PGP provides no support or warranties with respect to the PGP Third Party Commands or the PGP software's compatibility with
Unsupported Third Party Products. THE PGP THIRD PARTY COMMANDS ARE PROVIDED "AS IS," WITH ALL FAULTS, AND THE ENTIRE RISK AS TO
SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH YOU. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE
LAW, PGP DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, INCLUDING ANY
WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT, QUIET
ENJOYMENT, AND ACCURACY WITH RESPECT TO THE PGP THIRD PARTY COMMANDS OR THE PGP SOFTWARE'S COMPATIBILITY WITH THE
UNSUPPORTED THIRD PARTY PRODUCT.
i
Contents
PGP Command Line Basics 1
Important Concepts 1
Getting Started 2
Installation 5
Overview 5
System Requirements 6
Windows 7 and Vista 6
Windows Server 2008 and 2003 7
Windows XP 9
Windows 2000 10
IBM AIX 10
HP-UX 11i 10
Solaris 9 and 10 10
Red Hat Enterprise Linux, SLES, and Fedora Core 11
Mac OS X 11
Installing on AIX 11
Installing on AIX 11
Changing the Home Directory on AIX 13
Uninstalling on AIX 13
Installing on HP-UX 14
Installing on HP-UX 14
Changing the Home Directory on HP-UX 15
Installing to a Non-Default Directory on HP-UX 15
Uninstalling on HP-UX 16
Installing on Mac OS X 16
Installing on Mac OS X 16
Changing the Home Directory on Mac OS X 17
Uninstalling on Mac OS X 17
Installing on Red Hat Enterprise Linux, SLES, or Fedora Core 18
Installing on Red Hat Enterprise Linux or Fedora Core 18
Changing the Home Directory on Linux or Fedora Core 19
Uninstalling on Linux or Fedora Core 19
Installing on Solaris 20
Installing on Solaris 20
Changing the Home Directory on Solaris 21
Uninstalling on Solaris 22
Installing on Windows 22
PGP Command Line for Windows and PGP Desktop on the Same System 22
To Install on Windows 22
Changing the Home Directory on Windows 23
Uninstalling on Windows 24
ii
PGP® Command Line 10.1 Contents
Licensing 25
Overview 25
License Recovery 26
Using a License Number 27
Re-Licensing 28
Through a Proxy Server 29
The Command-Line Interface 31
Overview 31
Flags and Arguments 33
Flags 33
Arguments 34
Configuration File 36
Keyserver Configuration File Settings 40
Environment Variables 41
Standard Input, Output, and Error 42
Redirecting an Existing File 42
Entering Data 43
Specifying a Key 44
'Secure' Options 44
Passphrases 45
First Steps 47
Overview 47
Creating Your Keypair 48
Protecting Your Private Key 49
Distributing Your Public Key 50
Posting Your Public Key to a Keyserver 51
Exporting Your Public Key to a Text File 51
Getting the Public Keys of Others 52
Finding a Public Key on a Keyserver 52
Importing a Public Key from a Keyserver 53
Verifying Keys 54
Cryptographic Operations 57
Overview 57
Commands 58
--armor (-a) 58
--clearsign 60
--decrypt 62
--detached (-b) 64
--dump-packets, --list-packets 65
--encrypt (-e) 66
--export-session-key 70
iii
PGP® Command Line 10.1 Contents
--list-sda 71
--list-archive 71
--sign (-s) 72
--symmetric (-c) 74
--verify 76
Key Listings 79
Overview 79
Commands 80
--fingerprint 80
--fingerprint-details 81
--list-key-details 82
--list-keys (-l) 84
--list-keys-xml 84
--list-sig-details 85
--list-sigs 86
--list-userids 86
Working with Keyservers 89
Overview 89
Commands 90
--keyserver-disable 90
--keyserver-recv 91
--keyserver-remove 92
--keyserver-search 92
--keyserver-send 93
--keyserver-update 94
Managing Keys 97
Overview 99
Commands 99
--add-adk 99
--add-photoid 100
--add-preferred-cipher 101
--add-preferred-compression-algorithm 101
--add-preferred-email-encoding 102
--add-preferred-hash 102
--add-revoker 103
--add-userid 103
--cache-passphrase 104
--change-passphrase 105
--clear-key-flag 106
--disable 106
--enable 107
--export, --export-key-pair 107
--export-photoid 110
iv
PGP® Command Line 10.1 Contents
--gen-key 111
--gen-revocation 113
--gen-subkey 114
--get-email-encoding 115
--import 115
--join-key 117
--join-key-cache-only 120
--key-recon-send 121
--key-recon-recv-questions 123
--key-recon-recv 124
--remove 124
--remove-adk 125
--remove-all-adks 125
--remove-all-photoids 126
--remove-all-revokers 126
--remove-expiration-date 127
--remove-key-pair 127
--remove-photoid 127
--remove-preferred-cipher 128
--remove-preferred-compression-algorithm 128
--remove-preferred-email-encoding 129
--remove-preferred-hash 129
--remove-preferred-keyserver 130
--remove-revoker 130
--remove-sig 131
--remove-subkey 132
--remove-userid 132
--revoke 133
--revoke-sig 133
--revoke-subkey 134
--send-shares 135
--set-expiration-date 135
--set-key-flag 136
--set-preferred-ciphers 136
--set-preferred-compression-algorithms 137
--set-preferred-email-encodings 137
--set-preferred-hashes 138
--set-preferred-keyserver 139
--set-primary-userid 139
--set-trust 140
--sign-key 140
--sign-userid 141
--split-key 142
Working with Email 147
Overview 147
Encrypt Email 149
Sign Email 150
Decrypt Email 150
v
PGP® Command Line 10.1 Contents
Verify Email 151
Annotate Email 151
Working with a PGP Key Management Server
153
Overview 154
New Terms and Concepts 154
Relationship with a PGP KMS 155
Authentication for PGP KMS Operations 155
--create-mak 157
--import-mak 158
--export-mak 159
--export-mak-pair 159
--request-cert 160
--edit-mak 161
--search-mak 162
--delete-mak 163
--create-mek-series 163
--edit-mek-series 164
--search-mek-series 165
--delete-mek-series 166
--create-mek 167
--import-mek 167
--export-mek 168
--edit-mek 168
--search-mek 169
--create-msd 170
--export-msd 171
--edit-msd 172
--search-msd 173
--delete-msd 174
--create-consumer 174
--search-consumer 175
Miscellaneous Commands
177
Overview 177
Commands 178
--create-keyrings 178
--help (-h) 179
--license-authorize 179
--purge-all-caches 179
--purge-keyring-cache 179
--purge-passphrase-cache 180
--speed-test 180
--version 180
--wipe 181
--check-sigs 182
--check-userids 182
vi
PGP® Command Line 10.1 Contents
Options 185
Using Options 185
Boolean Options 186
--alternate-format 186
--annotate 186
--archive 187
--banner 188
--biometric 188
--buffered-stdio 188
--compress, --compression 189
--details 189
--email 190
--encrypt-to-self 190
--eyes-only 190
--fast-key-gen 191
--fips-mode, --fips 191
--force (-f) 191
--halt-on-error 192
--keyring-cache 192
--large-keyrings 193
--license-recover 193
--local-mode 194
--marginal-as-valid 194
--master-key 194
--pass-through 194
--passphrase-cache 195
--photo 195
--quiet (-q) 195
--recursive 195
--reverse-sort, --reverse 196
--sda 196
--skep 196
--text-mode, --text (-t) 197
--truncate-passphrase 197
--verbose (-v) 197
--warn-adk 198
--wrapper-key 198
--xml 198
Integer Options 200
--3des 200
--aes128, --aes192, --aes256 200
--bits, --encryption-bits 201
--blowfish 201
--bzip2 201
--cast5 202
--creation-days 202
--expiration-days 202
--idea 203
vii
PGP® Command Line 10.1 Contents
--index 203
--keyring-cache-timeout 204
--keyserver-timeout 204
--md5 204
--passphrase-cache-timeout 205
--partitioned 205
--pgp-mime 205
--ripemd160 206
--sha, --sha256, --sha384, --sha512 206
--signing-bits 208
--skep-timeout 208
--threshold 208
--trust-depth 208
--twofish 209
--wipe-input-passes 209
--wipe-overwrite-passes 209
--wipe-passes 210
--wipe-temp-passes 210
--zip 210
--zlib 210
Enumeration Options 211
--auto-import-keys 211
--cipher 211
--compression-algorithm 212
--compression-level 213
--email-encoding 213
--enforce-adk 213
--export-format 214
--hash 215
--import-format 215
--input-cleanup 216
--key-flag 216
--key-type 217
--manual-import-key-pairs 218
--manual-import-keys 218
--overwrite 218
--sig-type 219
--sort-order, --sort 219
--tar-cache-cleanup 220
--target-platform 220
--temp-cleanup 221
--trust 221
String Options 221
--city, --common-name, --contact-email, --country 221
--comment 221
--creation-date 222
--default-key 222
--expiration-date 223
--export-passphrase 223
--home-dir 223
viii
PGP® Command Line 10.1 Contents
--local-user (-u), --user 224
--license-name, --license-number, --license-organization, --license-email 224
--new-passphrase 225
--organization, --organizational-unit 225
--output (-o) 225
--output-file 226
--passphrase 226
--preferred-keyserver 227
--private-keyring 227
--proxy-passphrase, --proxy-server, --proxy-username 228
--public-keyring 228
--recon-server 229
--regular-expression 229
--random-seed 229
--root-path 230
--share-server 230
--state 230
--status-file 230
--symmetric-passphrase 231
--temp-dir 231
List Options 232
--additional-recipient 232
--adk 232
--input (-i) 232
--question / --answer 233
--keyserver 233
--recipient (-r) 234
--revoker 234
--share 235
File Descriptors 236
--auth-passphrase-fd, auth-passphrase-fd8 236
--export-passphrase-fd, --export-passphrase-fd8 236
--new-passphrase-fd, --new-passphrase-fd8 237
--passphrase-fd, --passphrase-fd8 237
--proxy-passphrase-fd, --proxy-passphrase-fd8 237
--symmetric-passphrase-fd, --symmetric-passphrase-fd8 237
Lists
239
Basic Key List 239
The Default Key Column 240
The Algorithm Column 240
The Type Column 241
The Size/Type Column 241
The Flags Column 242
The Key ID Column 243
The User ID Column 244
Detailed Key List 244
Main Key Details 246
Subkey Details 253
ix
PGP® Command Line 10.1 Contents
ADK Details 255
Revoker Details 255
Key List in XML Format 256
Elements with fixed settings 260
X.509 Signatures 262
Detailed Signature List 263
Usage Scenarios
269
Secure Off-Site Backup 269
PGP Command Line and PGP Desktop 270
Compression Saves Money 270
Surpasses Legal Requirements 271
Quick Reference 273
Commands 273
Options 277
Environment Variables 281
Configuration File Variables 282
Codes and Messages 285
Messages Without Codes 285
Messages With Codes 286
Parser 286
Keyrings 287
Wipe 288
Encrypt 289
Sign 289
Decrypt 289
Speed Test 290
Key edit 290
Keyserver 296
Key Reconstruction 297
Licensing 298
PGP Universal Server 300
General 300
Exit Codes 309
Frequently Asked Questions 311
Key Used for Encryption 311
"Invalid" Keys 311
Maximum File Size 313
Programming and Scripting Languages 313
File Redirection 314
Protecting Passphrases 314
x
PGP® Command Line 10.1 Contents
Searching for Data on a PGP KMS 317
Overview 317
Keyword Listing 318
Example Searches 320
More About Types 320
Time Fields 320
Boolean Values 321
Open PGP Algorithms 321
Open PGP Key Usage Flags 321
Key Modes 322
Index
323
1
This chapter describes some important PGP Command Line concepts and gives
you a high-level overview of the things you need to do to set up and use PGP
Command Line.
In This Chapter
Important Concepts....................................................................................1
Getting Started ...........................................................................................2
Important Concepts
The following concepts are important for you to understand:
PGP Command Line: A software product from PGP Corporation that
automates the processes of encrypting/signing, decrypting/verifying, and
file wiping; it provides a command-line interface to PGP technology.
command-line interface: An interface where you type commands at a
command prompt. PGP Command Line uses a command-line interface.
keyboard input: PGP Command Line was designed so that all relevant
information can be entered at the command line, thus requiring no further
input from the keyboard to implement the commands.
scripting: PGP Command Line commands can be easily inserted into
scripts to be used for automating tasks. For example, if your company
regularly copies a large database to an off-site backup and then stores it
there, PGP Command Line commands can be added to the script that does
this so that the database is encrypted before it is transmitted to the off-site
location and then decrypted when it arrives. PGP Command Line
commands are easily added to shell scripts or scripts written with scripting
languages (such as Perl or Python, for example).
environment variables: Environment variables control various aspects of
PGP Command Line behavior; for example, the location of the PGP
Command Line home directory. Environment variables are established on
the computer running PGP Command Line.
1
PGP Command Line Basics
2
PGP® Command Line 10.1 PGP Command Line Basics
configuration file variables: When PGP Command Line starts, it reads the
configuration file, which includes special configuration variables and values
for each variable. These settings affect how PGP Command Line operates.
Configuration file variables can be changed permanently by editing the
configuration file or overridden on a temporary basis by specifying a value
for a configuration file variable on the command line.
Self-Decrypting Archives (SDAs): PGP Command Line lets you create
SDAs, compressed and conventionally encrypted archives that require a
passphrase to decrypt. SDAs contain an executable for the target platform,
which means the recipient of an SDA does not need to have any PGP
software installed to open the archive. You can thus securely transfer data
to recipients with no PGP software installed. You will have to communicate
the passphrase of the SDA to the recipient, however.
Additional Decryption Key (ADK): PGP Command Line supports the use
of an ADK, which is an additional key to which files or messages are
encrypted, thus allowing the keeper of the ADK to retrieve data or
messages as well as the intended recipient. Use of an ADK ensures that
your corporation has access to all its proprietary information even if
employee keys are lost or become unavailable.
PGP Zip archives: The PGP Zip feature lets you encrypt/sign groups of
files or entire directories into a single compressed archive file. The archive
format is tar and the supported compression formats are Zip, BZip2, and
Zlib.
Getting Started
Now that you know a little bit about PGP Command Line, let’s go deeper into
what you need to do to get started using it:
1 Install PGP Command Line. Specific instructions for installing PGP
Command Line on the supported platforms are in Installation.
2 License the software. PGP Command Line functionality is extremely
limited until you license the software. Refer to Licensing for more
information.
3 Create your default key pair. Most PGP Command Line operations
require a key pair (a private key and a public key). Refer to Creating Your
Keypair for more information.
4 Protect your private key. Because your private key can decrypt your
protected data, it is important that you protect it. Do not write down or tell
someone the passphrase. It is a good idea to keep your private key on a
machine that only you can access, and in a directory that is not accessible
from the network. Also, you should make a backup of the private key and
store it in a secure location. Refer to Protecting Your Private Key for more
information.
3
PGP® Command Line 10.1 PGP Command Line Basics
5 Exchange public keys with others. In order to encrypt data to someone
you need their public key; and they need yours to encrypt data to you.
Refer to Getting the Public Keys of Others for more information about how
to obtain public keys.
6 Verify the public keys you get from the keyserver. Once you have a
copy of someone’s public key, you add it to your public keyring. When you
get someone’s public key, you should make sure that it has not been
tampered with and that it really belongs to the purported owner. You do
this by comparing the unique fingerprint on your copy of someone’s public
key to the fingerprint on that person’s original key. For more information
about validity and trust, refer to An Introduction to Cryptography (it was put
onto your computer during installation). For instructions how to verify
someone’s public key, see --fingerprint (page
80).
7 Start securing your data. After you have generated your key pair and
have obtained public keys, you can begin encrypting, signing, decrypting,
and verifying your data.
5
This chapter lists the system requirements for, and tells you how to install PGP
Command Line onto, the supported platforms: AIX, HP-UX, Mac OS X, Linux,
Solaris, and Windows. It also includes uninstall instructions.
In This Chapter
Overview ................................................................................................... 5
System Requirements............................................................................... 6
Installing on AIX....................................................................................... 11
Installing on HP-UX.................................................................................. 13
Installing on Mac OS X ............................................................................ 16
Installing on Red Hat Enterprise Linux, SLES, or Fedora Core................ 17
Installing on Solaris.................................................................................. 20
Installing on Windows ............................................................................. 22
Overview
PGP Command Line can be installed on these platforms:
Windows 7 (32- and 64-bit), Windows Server 2008, Windows Vista (32- and
64-bit) SP2, Windows Server 2003 (32- and 64-bit) SP2, Windows XP (32-
and 64-bit) SP3, Windows 2000 SP4
HP-UX 11i and above (PA-RISC and Itanium)
IBM AIX 5.3 and 6.1
RedHat Enterprise Linux 5.0 (x86 and x86_64)
SLES (SUSE Linux Enterprise Server 9 SP4 and 10 SP2 (x86)
Fedora Core 6 (x86_64 only)
Sun Solaris 9 (SPARC) and Solaris 10 (SPARC, x86, and x86_64)
Apple Mac OS X 10.5.x and 10.6.x (Intel-based systems only)
PGP Command Line uses a specific directory for the application data such as
the configuration file, and a specific directory (called the home directory) for the
files it creates, such as keyring files.
2
Installation
6
PGP® Command Line 10.1 Installation
On any UNIX system, the application data and the home directory are identical
and they are configured through the $HOME environment variable. For more
information, refer to the installation instructions for the specific UNIX platform.
On Windows, the application data directory is used to store data such as the
configuration file PGPprefs.xml. The home directory is called “My
Documents” and is used to store keys. These two directories can be named
differently, depending on the specific version on Windows. For more
information, see To Install on Windows (on page
22).
Note: You can also use the --home-dir option on the command line to
specify a different home directory. Using this option affects only the
command it is used in and does not change the PGP_HOME_DIR
environment variable.
Using --home-dir on the command line overrides the current setting of
the PGP_HOME_DIR environment variable.
System Requirements
In general, system requirements for PGP Command Line are the same as the
system requirements for the host operating system.
In addition to the hard drive space required by the base operating system, PGP
Command Line requires additional space for both the data on which
cryptographic operations (such as encryption, decryption, signing, and verifying)
will be applied and temporary files created in the process of performing those
operations.
For a given file being encrypted or decrypted, PGP Command Line can require
several times the size of the original file in free hard drive space (depending on
how much the file was compressed), enough to hold both the original file or
files and the final file resulting from the encryption or decryption operation.
In cases where PGP Zip functionality is used on a file, PGP Command Line may
also require several times the size of the original file or files in free hard drive
space, enough to hold the original file, a temporary file created when handling
the archive, and the final file resulting from the encryption or decryption
operation. Make sure you have adequate free hard drive space on your system
before using PGP Command Line.
Windows 7 and Vista
Component Requirement
Computer and
processor
PC with 1 GHz 32-bit (x86) processor
Memory 1 gigabyte (GB) of RAM or higher recommended (64 MB
/