textfiles/programming/CRYPTOGRAPHY/pgpjump.txt

PGP JUMP START

If you hate reading manuals -- here is the easy way to get
started with PGP (Pretty Good Privacy).  PGP JUMP START helps you
get up and running fast with PGP, so that you can exchange encrypted
e-mail messages with your friends.  This document assumes basic familiarity
with DOS, Windows and Unzipping!


STEP ONE:    DOWNLOAD PGP
STEP TWO:    DOWNLOAD PGP QuickStart (for Windows users)
STEP TWO-A:  UNCOMPRESS PGP
STEP TWO-B:  EDIT AUTOEXEC.BAT
STEP THREE:  GENERATE YOUR PGP KEY PAIR
STEP FOUR:   SIGN YOUR KEY
STEP FIVE:   EXTRACT A COPY OF YOUR KEY
STEP SIX:    REGISTER YOUR PUBLIC KEY
STEP SEVEN:  OBTAIN A PERSON'S PUBLIC KEY
STEP EIGHT:  ADD A PERSON'S KEY TO YOUR PUBLIC KEYRING
STEP NINE:   ENCRYPT A MESSAGE
STEP TEN:    SEND AN ENCRYPTED MESSAGE AS E-MAIL
STEP ELEVEN: DECRYPT AN ENCRYPTED E-MAIL MESSAGE
STEP TWELVE: READ THE DOCUMENTATION
STEP THIRTEEN:PGP THE EASY WAY


STEP ONE: DOWNLOAD PGP

If you do not already have an official copy of Phil Zimmermann's
PGP 2.6.2, then download pgp262.zip now from one of the MIT sites:
ftp://net-dist.mit.edu/pub/PGP/
http://web.mit.edu/network/pgp.html

Go ahead ~ download PGP now! ~ It's only 276 K. We'll wait for you.


STEP TWO: DOWNLOAD PGP QuickStart (for Windows users)

PGP QuickStart is a PGP install program which will automatically
perform STEP TWO-A and TWO-B listed below.  This easy-to-use
Windows program, written by Joel McNamara, is highly recommended.

EITHER download PGP QuickStart and skip to STEP THREE,
OR continue with Step TWO-A below.

Note: If you decide to use PGP QuickStart, you may want to scan
STEP TWO-A and TWO-B to get an idea of what PGP QuickStart does.


STEP TWO-A: UNCOMPRESS PGP

Create a directory for the PGP files (e.g. C:\PGP).
UNZIP pgp262.zip to the PGP directory.

This will create the files pgp262i.zip, pgp262i.asc and setup.doc.
UNZIP pgp262i.zip into the same directory.


STEP TWO-B: EDIT AUTOEXEC.BAT

Add the following lines, after the PATH statement,
to your Autoexec.bat file:

   SET PGPPATH=C:\PGP
   SET PATH=C:\PGP;%PATH%
   SET TZ=**** (**** is the timezone you are in)

  Below are some examples:
Hawaii:      SET TZ=HST10 (Hawaii never uses daylight savings time)
Alaska:      SET TZ=AST9
Los Angeles: SET TZ=PST8PDT
Denver:      SET TZ=MST7MDT
Arizona:     SET TZ=MST7 (Arizona never uses daylight savings time)
Chicago:     SET TZ=CST6CDT
New York:    SET TZ=EST5EDT
London:      SET TZ=GMT0BST
Amsterdam:   SET TZ=MET-1DST
Moscow:      SET TZ=MSK-3MSD
Auckland:    SET TZ=NZT-13

Substitute your own directory name if different from "C:\PGP"
Now reboot your computer so that these changes will take effect.


STEP THREE: GENERATE YOUR PGP KEY PAIR

You are now ready to generate your PGP Key Pair.
At the DOS prompt type:
pgp -kg  and press Enter.

STEP THREE is divided into 4 Parts.
Answer the questions when prompted by the PGP program.

STEP THREE, Part 1.
*Pick your RSA key size*
We recommend Size 2 [768 bits - High commercial grade]
as the most practical for general use.

STEP THREE, Part 2.
*Enter a user ID for your public key*
Use your full name as your userID, because then there will be less
risk of people using the wrong Public Key to encrypt messages to you.
Spaces and punctuation are allowed in the userID.
Type your full name followed by your E-mail address
in <angle brackets> like so: John Q. Smith <jqs@xyzcorp.com>

Please note:  When you use PGP, you do not have to type your
full userID when requested.  You can type any part of the userID.
If your userID were John Q. Smith <jqs@xyzcorp.com>
any of the following would work:
John
Smith
jqs
"John Q."    (Note: If there is a space, the userID must be in quotes.)
"John Q. Smith"

STEP THREE, Part 3.
*Enter pass phrase*
PGP will ask for a "pass phrase" to protect your secret key in case
it falls into the wrong hands.  Nobody can use your secret key
without this pass phrase.  The pass phrase is like a password, except
that it can be a whole phrase or sentence with many words, spaces,
punctuation, or anything else you want in it.  The pass phrase is
case-sensitive, and should not be too short or easy to guess.  The
longer and more random your pass phrase is, the more secure your key
files and encrypted files will be.  Don't leave your pass phrase
written down where someone else can see it, and don't store it on
your computer if other people can access your computer.

Here are some examples of pass phrases:
QwErTy
Omaha, Bugaha, Rugaha, 1936XYZ
hdF6kjHd4f$w%@@K#^%5%RoEihefiUwe9/f/g77E5Q7$

Although the third pass phrase is strongest, don't make the pass
phrase too complicated, since you have to type your pass phrase
EVERY time you decrypt or sign a PGP message.

The first one, a simple pass"word" will work, but it is vulnerable
to attack and may compromise your security. If you can find the
phrase in any published work then don't use it. Don't use any phrases
from your personal history or popular culture. Using "0dd sp3LLing5
and CaPitaliZaTiOn" will make your pass phrase harder to guess or
attack. Also, you must remember which letters are capitalized,
since the pass phrase is case-sensitive.

Now type your pass phrase.

STEP THREE, Part 4.
*We need to generate ___ random bits*
PGP will ask you to enter some random text to help it accumulate
random bits for key generation.  When asked, you should provide some
keystrokes that have irregular timing between strokes, and that
utilize upper case and lower case letters as well as numerals. Type
this random text on the keyboard, until you are prompted to stop.
There will then be a delay (a few seconds to a few minutes) depending
upon the speed of your computer and the RSA key size you picked.

PGP will actually generate two keys [your key pair]; your Secret key
that you keep secret and a Public key that your friends and [if you
allow it] the general public may obtain and use to send you messages.

(The public key "locks" the message; the secret key "unlocks" it.)

Your Secret key will automatically be placed into the file
C:\pgp\secring.pgp which is your Secret keyring.
Your Public key will be automatically placed into the file
C:\pgp\pubring.pgp which is your Public keyring.

To view or verify your keyring, type:
pgp -kv and press Enter.


STEP FOUR: SIGN YOUR KEY

You must sign your key for added security.
At the DOS prompt type:
pgp -ks userID  and press Enter.
(The userID is what you decided on, back in STEP THREE, Part 2)

PGP will respond by showing your Key ID and your Key fingerprint.
You don't need to worry about such things at this point.

Press y and Enter when you are asked:
"to solemnly certify that the above public key actually belongs
to the user specified by the above userID <y/N>?"
Type in your pass phrase when asked.
(The pass phrase is what you decided on, back in STEP THREE, Part 2)
You will then see, "Key signature certificate added".


STEP FIVE: EXTRACT A COPY OF YOUR KEY TO A KEYFILE

To allow others to send you encrypted messages, you must give them
your public key. To do this, you should extract a copy of your key
to an ascii keyfile.  The keyfile name should start with your
initials, followed by the word "key", and the extension "asc",
which indicates that the keyfile is an ascii file.

For example, if your name were John Q. Smith, then you would name
your keyfile, jqskey.asc.

At the DOS prompt type:
pgp -kxa userID keyfile

Below is an example of how John Q. Smith
would extract a copy of his key at the DOS prompt:
pgp -kxa John jqskey.asc
He would then see: "Key extracted to file 'jqskey.asc'"

In STEP SEVEN you can see an example of a PGP PUBLIC KEY BLOCK
that is contained in a PGP keyfile.


STEP SIX: REGISTER YOUR PUBLIC KEY

In order to receive messages encrypted with PGP, you should submit
your public key to a PGP Public Key Server, which allows PGP users
to exchange their public keys with each other.

http://www-swiss.ai.mit.edu/~bal/pks-commands.html is the URL of a
PGP Public Key Server where you can submit your public key.

Follow the simple instructions found there to add your public key
to the PGP Public Key Server's keyring.  It's as easy as using the
copy and paste commands.

The keyserver processes ADD requests every 10 minutes. After your
key has been processed the server will send a confirmation message
to your e-mail address.

Note: It is not mandatory that you register your public key.
There are alternative methods available to exchange public keys.
These methods are mentioned at the end of STEP SEVEN.


STEP SEVEN: OBTAIN A PERSON'S PUBLIC KEY 

In order to send a message encrypted with PGP to a person, you must
first obtain that person's PGP Public Key.

Go to the http://www-swiss.ai.mit.edu/~bal/pks-commands.html Website.
This is the same URL of the PGP Public Key Server mentioned above,
and is where you can extract someone else's public key.

Follow the simple step-by-step instructions found there to extract
a public key from the PGP Public Key Server's keyring. Remember,
while viewing the keyfile, highlight the entire PGP PUBLIC KEY BLOCK
with your mouse and copy.

Then paste the KEY BLOCK into a text editor and save it as a keyfile
using the same keyfile naming convention as you used in STEP FIVE to
name your own keyfile. Thus the keyfile name for John Q. Smith (whose
initials are jqs) would be jqskey.asc

Below is an example of a PGP PUBLIC KEY BLOCK that would be copied.
Be sure to highlight all the dashes "-----" at the beginning and end
of the KEY BLOCK.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCtAzFdDD8AAAEFAPLLiJ+cmQEPDE7l7SFgJw/RZvRK8Z/dDprpBzTVmdGzSuwX
SORInqHH5/AADA6WWIrRctOHE5nkfaM/LUwz24NXMRXodUgreIHZQndFQz3oDe6c
eg5voBMft0NyAk23WMlU3FCiff8QW1duA0g3UXaD1ufuzYrX0avSrGbJoSS0Yw8w
5olqZkfWQtc6gWVdULyuuliZkRwOjnqxi1n7ThUABRG0KEpvaG4gV2hpdG1hbiA8
NzUyMTEuMjE0N0Bjb21wdXNlcnZlLmNvbT6JALUDBRAxXRtejnqxi1n7ThUBAQ7h
BQDAhm/C7WeH/QMhn2wePS46z86gN9Q2BmK4QnItN01yRw5unJgXhCxGF/R+RFid
m1ulc5thOCDYUktJWvUU7a+tNmwwL2rD4MZ6Z7AdTn5zeU00/FSh2B6PrWVoBZgJ
LB0TDBCQg1jkk3e9Tm0NFrjjG287GzIxyhbM4K8wq7wrXBCKJGLnjm7MnxZLD9dQ
9BfsBZvQtFvvUGxOxCHyt/yw
=KJOg
-----END PGP PUBLIC KEY BLOCK-----

If your web browser does not support the highlighting of text with a
mouse, then do a Save As command to download the keyfile to the PGP
directory on your computer.

There are alternative methods to obtain (or deliver) a PGP Public Key:

You can simply e-mail the keyfile that contains the PGP PUBLIC KEY BLOCK
instead of using a PGP Public Key Server.

You would e-mail your keyfile to your friend, so that your friend could
encrypt messages to you, with your public key. And, your friend would
e-mail their keyfile to you, so that you could encrypt messages to them,
with their public key.

You can post your PGP PUBLIC KEY BLOCK on your web site or ftp site.
A visitor need only highlight the entire PGP PUBLIC KEY BLOCK
with their mouse and copy. They would then paste the KEY BLOCK
into a text editor and save it as a keyfile. (See STEP FIVE
for instructions on naming a keyfile). You can obtain a person's
public key from their web site or ftp site in the same manner.


STEP EIGHT: ADD A PERSON'S KEY TO YOUR PUBLIC KEYRING

After you receive an individual's public key (as in STEP SEVEN),
you must add that person's key to your public keyring (pubring.asc),
so that PGP can use it.

At the DOS prompt type:
pgp -ka keyfile
This will automatically add the person's key to your public keyring.

For example, to add John Q. Smith's key to your keyring you would type:
pgp -ka jqskey.asc

To view your key ring and verify that the key was added properly, type:
pgp -kv  at the DOS prompt.


STEP NINE: ENCRYPT A MESSAGE

Type a short test message with a text editor and save it as an
ascii file, message.txt.

To encrypt and sign your message, go to the DOS prompt and type:
pgp -seat message.txt sender_userID recipient_userID

Remember that you don't have to type the full userID, but if the
userID has a space in it, then the userID must be in quotes.

Since the message is signed, you will be asked for your pass phrase.
Type in your pass phrase that you created in STEP THREE, Part 3, and
press Enter.

The program will then state:
Transport armor file: Message.asc
Message.asc is the name of the encrypted ascii file that you will
e-mail to your friend.

Note: to see what the individual letters (-seat) instruct PGP to do,
at the DOS prompt type:
pgp -h for online help.


STEP TEN: SEND AN ENCRYPTED MESSAGE AS E-MAIL

Open the encrypted ascii file, message.asc, with your text editor.
Copy/paste the entire PGP MESSAGE block into your e-mail client,
then send your e-mail in the usual way.

Below is an example of a PGP MESSAGE that would be copied. Be sure
to highlight all the dashes "-----" at both ends of the MESSAGE.

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

pgAAATVqaqdNzOXCQBI/XNhE9nOZSUBbhGr6UuiSKty2jT/aP8/VhY8/WxLkfmsm
H1AlD5TBzoBwDMqLLQCT9SU0NozeAFCMRMzMl0c1AFB2dT/YNE5Y2hE00TfkHecM
ddggHzxVur+Xcon6C1tN0TUAQqLK+l0+aomtYBeRghVGAqTHB3nA71yK9MXeEcz2
lzEqUJuhKORCMYy6GfeW5ZRKmKloggJXHIafisF82Fw9FZXKHjbsUKtQZCYWxADR
XSs6QzedojKNu33MvxNzjqX4JGUr4w7rYSCY6L2SJWz0MROop1EsHNb0AS/cdd0t
eKNFi6JrHfG3aSBkL9QNcfqsQZiyeAjxv9/YsbJGC4h0Nxlu+Dlfq5nXajARaJNG
szmrPNYxwIO7waKIeB6Y84OE9CcMXd7TriY=
=5+NR
-----END PGP MESSAGE-----


STEP ELEVEN: DECRYPT AN ENCRYPTED E-MAIL MESSAGE

When you receive an encrypted e-mail message save the message to
your hard drive using "asc" as the extension to the file name.
(e.g., message.asc)

To decrypt the message that you received, type:
pgp message.asc -o message.txt.

The file name "message.txt", after the -o indicates the name of the
output file that you will create and read.  You will be asked for
your secret pass phrase to decrypt the message.  After creating the
file "message.txt", read it in a text editor.

Assuming you have installed PGP, you can go back to STEP TEN,
and try to decrypt the actual PGP Message shown there. Remember,
highlight the entire PGP MESSAGE block with your mouse and copy.

Then paste the PGP MESSAGE block into a text editor and save the message
to your hard drive as "practice.asc". To decrypt the file type:
pgp practice.asc -o practice.txt at the DOS prompt.

When asked for the pass phrase type in "Zimmermann Rules", without the
quotes, and press enter. Then view the newly created file "practice.txt"
with a text editor or your favorite file viewer.


STEP TWELVE: READ THE DOCUMENTATION

PGP JUMP START is not a substitute for your reading the files,
pgpdoc1.txt and pgpdoc2.txt, which contain documentation for PGP.
Before using PGP, at least read Volume I of the PGP User's Guide,
pgpdoc1.txt. Reading the manual tends to get neglected with most
computer software, but Cryptography software is easy to misuse.
If you don't use it properly much of the security you could gain
by using it will be lost!

You might also be unfamiliar with the concepts behind public key
cryptography; the manual explains these ideas.  Even if you are
already familiar with public key cryptography, it is important that
you understand the various security issues associated with using PGP.
PGP may be an unpickable lock, but you have to install it in the door
properly or it won't provide security.

Below is a list of PGP Documentation files which come with the program:
setup.doc    - Installation guide
pgpdoc1.txt  - PGP User's Guide, Vol I: Essential Topics
pgpdoc2.txt  - PGP User's Guide, Vol II: Special Topics
pgp.hlp      - Online help file for PGP
To display the online help file, type:
pgp -h  at the DOS prompt.

You may prefer to read the hypertext version of
Phil Zimmermann's PGP Documentation files at
http://www.pegasus.esprit.ec.org/people/arne/pgp.html

After reading all the PGP documentation if you still have a
specific question you can ask the noble PGP Help Team at
http://www.well.com/user/ddt/crypto/pgp-help-team.html


STEP THIRTEEN: PGP THE EASY WAY

PGP is a DOS command line program, surviving in a Windows world.
Many computer users have no interest in using arcane DOS commands.
PGP The Easy Way means using a Windows Front-End program.

You may download a PGP Windows Front-End program
(or a PGP DOS Shell) (or even a UNIX or OS/2 or Mac Front-End)
from Scott Hauert's Website at http://www.primenet.com/~shauert/

To incorporate PGP with your e-mail client try Joel McNamara's
Private Idaho at http://www.eskimo.com/~joelm/pi.html the Windows
PGP Front-End, which facilitates sending/receiving encrypted email
messages. There's even a Windows Front-End which runs as an extension
to Eudora, called PgpEudra at http://www.xs4all.nl/~comerwel/


The most recent version of PGP JUMP START, which is always found at 
http://tucson.com/2001/pgpjumps.html, may be freely distributed for
non-commercial purposes, by any electronic means. Please leave
intact, unaltered, and fully credited. However, neither the author of this
document, nor any of its distributors are liable for any loss, damage, or
breach of security which may result from its use.


Copyright 1996
Author: John Whitman <75211.2147@compuserve.com>
Editor: William Johnson <wtj@primenet.com>