Updated: Jan 6, 2000
Getting Started with PGP
PGP, which stands for Pretty Good Privacy, is a strong encryption program that is available world wide in freeware and commercial versions. PGP has a very loyal following on the Internet. The program was first written by Phil Zimmermann and released over the Internet in 1991. Phil started his own company, PGP Inc., to sell PGP-based products. PGP Inc. is now part of Network Associates, http://www.nai.com. Here are some things you should know about PGP:
See the chapter "Commonsense and Cryptography" in Internet Secrets for more on encryption in general.
On this Page, we describe how to use the freeware version of PGP.
Setting up PGP
Getting ready to use PGP is more complicated than setting up most application programs. Before you can start using PGP you must take the following steps:
Each of these steps takes some effort to get right. Make yourself comfortable and we'll go through them one at a time.
Encryption technology is beset by legal issues, both in the United States and in many -- if not most -- foreign countries. We believe that you have a legal right to use PGP in the United States, but we are not lawyers and cannot give legal advice. We suggest that you consult a lawyer if you have legal questions. But be aware that lawyers who are knowledgeable in this field are few and far between.
Form more on the politics of PGP see Francis Litterio's Cryptography, PGP, and Your Privacy.
How you can legally obtain a copy of PGP and which version to get depends on who and where you are. Before you blame the complexity of what you are about to read on the Byzantine minds of the developers of PGP, realize that this system is probably the best they could come up with, given U.S. export laws and the maze of patents and copyrights that apply to PGP.
If you are a U.S. citizen currently living in the United States
If you are a U.S. or Canadian citizen or permanent resident and live in the United States or Canada right now, you have the following three choices for obtaining PGP:
Sites that distribute PGP within the US take special precautions to verify that you live in the United States and agree to obey U.S. export restrictions.
The primary North American distribution site for free PGP is the Massachusetts Institute of Technology (MIT) in Cambridge, MA.You are asked to answer the following four questions:
2. Do you agree not to export PGP, or RSAREF to the extent incorporated therein, in violation of the export control laws of the United States of America as implemented by the United States Department of State Office of Defense Trade Controls?
3. Do you agree to the terms and conditions of the RSAREF license (in rsalicen.txt )?
4. Will you use PGP Freeware solely for non-commercial purposes?
If you said "yes" to all the above, if MIT can figure out from your Internet address that you are in the United States, and if you started at the right time, you can download PGP without much fuss.
Yes, that's right, we said "started at the right time." To make sure that you can get PGP only by going through the listed procedure, MIT changes the name of the directory where the PGP software is kept every 30 minutes. The name changes at the hour and on the half-hour. If you don't get everything you need before the name change, you must start over. So a good idea is to begin this little treasure hunt just after the hour (say, between 3 and 3:10 p.m.) or just after the half-hour (say, between 3:30 and 3:40 p.m.) to give yourself as much time as possible to download the program. The PGP files should download in under 12 minutes on a good day.
If you live in Canada
The method for Internet PGP distribution to Canada is a little bit different. Go to MIT's Canada page.
You are asked a set of questions oriented to Canadian residents. From there on, the procedure is the same as for the U.S. residents, as described in the preceding section.
If you live outside the U.S. and Canada
People living outside of the U.S. and Canada in countries that permit PGP use can obtain PGP over the Internet pretty much without restriction. The primary international distribution site is at the following address:
PGP is distributed in compressed format. The Windows version is usually transmitted in Zip format. You need a program such as WINZIP or pkunzip to extract the file. The Macintosh version is supplied as self-extracting archives in Binhex format.
PGP is shipped "double-wrapped" so that it can be signed. Follow the instructions that come with the distribution you have.
Pick a strong secret pass phrase
Before you make your public and secret keys, you need a pass phrase. Because just walking up to a computer and copying someone's secret key file is so easy, the designers of PGP added a feature that stores the secret key in a coded form. To unlock this coded secret key, you must type in the right pass phrase.
Pass phrases, as used in PGP, were invented by Sigmund Porter in 1982. They are usually longer than the typical 8 - to 10-character password and are used to give added security.
A lot of mumbo-jumbo has been written on how to make up your pass phrase. We have a simple prescription: Just pick five words at random from a dictionary. A password chosen this way provides very good protection for your secret key -- better than most PGP users enjoy -- and five words is not too much to remember or too long to type in each time you need it. See the Diceware page http://www.diceware.com for instructions on how to do this.
Pass phrases are case sensitive, which means that the following two phrases are not the same:
Early Think Vy Haul Book
Some people encourage you to use weird capitalization in your pass phrase to make it more secure. We think that doing this just makes remembering and accurately typing your pass phrase too hard and is not worth the trouble. Add a sixth word if you are paranoid.
Should I write down my pass phrase?
Most authorities say that you should never write down your pass phrase. We don't agree. Most of us just are not that confident of our ability to memorize passwords and phrases, especially those for infrequently used accounts. The risk of someone trying to steal your secret key is theoretical for most of us. The risk of forgetting is all too real.
At best, losing a pass phrase means the hassle of creating a new key pair, revoking the old key, and distributing the new public key. At worst, the loss could result in your inability to read important mail in time to act on it -- or even losing valuable data files forever. As a result, even people who know better may choose a short pass phrase that is easy to remember -- and equally easy to guess.
If writing down your pass phrase spurs you to pick a stronger pass phrase, we say to go ahead and write it down -- but keep it in a safe place. What's a safe place? Your wallet; a secret hiding place at home; or, if you have a great many paper files, a random file folder ( but not one labeled "Pass Phrase"). For high-security situations, a bank safe-deposit box is a good choice. Never store your pass phrase on or near your computer.
Generating your own public and private (secret) keys
Before you make your keys, you must tell PGP where to put them. (If you have gotten this far, you may have some scatological ideas for this, but just take a deep breath and go on.) PGP stores keys in special files called keyrings. Normally, you keep your keyrings on your hard disk with the rest of PGP. If you like, you can keep PGP on your hard disk, but keep your keyrings on a floppy disk stored in a safe place.
PGP includes a utility program called PGPkeys for managing your keyring. Select PGPkeys from the Start Menu on Windows 95 and 98 or from the PGP menu on Macs.
Making your key pair
This is the big moment. you are now ready to create your very own public and private PGP key pair.
Select Keys @-> New Key from the PGPkeys menu. PGP's Key Wizard steps you through the process. You are asked to enter the following three items of information:
Signing your public key
The first thing you need to do is to sign your public key. Remember way back when we told you that can use PGP to sign documents? Well, you also sign public keys. Signing a public key is a way of saying, "I know the person to whom this key belongs." Signing a public key does not mean that you vouch for the person's integrity -- or even like the person. This action means only that you know that the person is who he or she claims to be.
Signing your own key just proves to the world that your public key comes from someone who has the matching secret key and prevents some of the arcane (no, not arcade -- arcane) games that cryptographers spend much of their time worrying about. (Remember the guy who was paranoid until the day they got him . . .?). To sign your key just enter the following at the DOS prompt, substituting your actual name for yourname:
To self-sign your key, highlight it in the PGPkeys window and select Keys @-> Sign
Save your secret key on a backup disk
Your private or secret key is stored in your secret keyring file. You need to make a backup copy of this file on a floppy disk of its own and keep the disk in a safe place. Better yet, make two backup copies and store them in different locations. If you lose your secret key, no one can recreate it for you.
To back up your secret key, copy the files pubring.pgp and secring.pgp from your PGP directory to a floppy disk or other backup medium. Protect this disk carefully. As its name implies, secring.pgp contains your secret PGP key. The secret key is encoded using your pass phrase, but you should still protect this file.
Enter the Web of Trust
A big problem with all this public key stuff is knowing that a public key really came from the person whose name is on it. Other advocates of public key technology are proposing complex hierarchies in which your key is registered with some big organization that signs your key. The big organization's key is signed by some bigger agency and so on up to some super-dooper master certifying agency, maybe at the UN or something.
Well the developers of PGP don't like that concept. They believe that having such agencies for signing keys centralizes control of your electronic identity into the hands of big business and big government. (The U.S. Post Office, for example, is thinking of getting into the key certificate business.) So the PGP gang came up with a different, more organic approach called the Web of Trust.
The Web of Trust -- which has nothing to do with the Internet's World Wide Web, by the way -- works by having people sign the keys of people they know. If you have enough signers, and I have enough signers, and all the signers have enough signers, the chances are good that we may have a signer in common. If so, we can be pretty confident that we each are who we say we are. For example, Bill knows Bob who knows Sally. Bill also know Marko who knows Irena who knows Ofer. So Sally can know who Ofer is. The Web of Trust is a nice concept, and no one can revoke your keys because you didn't pay your parking tickets. We hope that it catches on.
The first thing you need to do is to copy your public key off your key ring and put it into a little text file of its own that you can give on a floppy disk to someone or paste into an e-mail message. Here is what Arnold's public key looks like:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP for Personal Privacy 5.0 mQCPAy9MyR0AAAEEANejhFb64tLhD1xa/kOmLHRPuXNW2vVvjaOluCX1Ntcu7EWA K8PnmWqruE0WflkBA42g6iwta9B/Bm8J0Yfkk6T7CrnAeBN/IuepQa4uJXXk7AqO whO3vF8TzPk6STIJAPTQ9CWQ+6MHnwmDk9RzDwxtnS8dMKGXiWtruC2sMYShABEB AAG0K0Fybm9sZCBHLiBSZWluaG9sZCA8cmVpbmhvbGRAd29ybGQuc3RkLmNvbT6J AJUDBRAwwLyzkGCWpQlZ7KkBARKaBADCggEzWe2tLvHn9/QkSfPnTMJhXiSDzz6V K2Xwzyo/TElV632ZNQ6yQ9IMRObQAs95LNwwd4iGPoeZ3OCqNvqaGkU4fJjz6gW9 v/szgw0fINa9lsRtf0JWvKyBiq9J9JC/q9mA6T7mmhDsoWXJZ6/h49AeNF2KCszE LyybOtAgAokAlQMFEC925FzVMiHPX2OluQEBxCMD/33cCtdo6yGPWdCddZlx+aBh tTrat81WwYc2QfIdSphryVeP5nK95YOmsR+94ESgKEzpJQGIYJsK8ZLsu7AaQrYE CNHkQhe6EkW/Oy4t4X36Yx3qufwKmP4jc5WCliT6o4T+RpCidbrGm3mw91oWJexV UBp4apxK/rRPaZX7AgoriQCVAwUQL0zKK2truC2sMYShAQELTAQAyOAbV87SYPAJ tzm3iJwBkcxDoBE/V0dY29H9ZgKSGnebVSySqKpeo5rJq+XFr1sDZ7cZyYac0paR FcCFE7sAZoy7bLTMBu6KbhX5YndWqRL+uT8xkNscugPi6O9RTo7lroMeA847TuQ7 fl9tYFB25HpDWeKh+CR2Gh3mf4LnvCeJAJUDBRAzWniAaOgxyw/5i8kBAVTnA/9s OkFJn3ud7yUyE0+IlsdXGhx2QcBMImZnedCr21nv5fPaf3q+SBpp0YXpANjpjULg tobODSkUyBghXUUR1sT5cAsuCynSiHiM2csgd9wH8d12LhNZ4YWvZ9fcvcMVqpfI Np5mKtZw6dkTv9QGyixZ1CjY/JqtyCX3o2oDW6T8Zg== =vcca -----END PGP PUBLIC KEY BLOCK-----
To save your public key, highlight it in the PGPkeys window and select Keys @-> Export Keys
If a friend who already has PGP is helping you set up, ask that friend to sign your public key, and then you can sign his or her key. See the section "Get Your Key Certified," later in this page.
While you're fussing with your keys, you should need to extract your key fingerprint as well. Suppose that someone who knows you calls you up and says, "Hey ol' buddy, I got this here public key that has your name on it. Is it really yours?" You could sit there on the phone while he reads your public key back to you:
"Small M, capital Q-C-P-A, small Y, number 9, capital M, <yawn> . . . ."
A public key can have a thousand letters in it. Sitting there listening to them is a big drag.
To solve this problem, PGP can make a short ``digest'' of your public key, called a key fingerprint. As with human fingerprints, the chance that two PGP users would ever have the same key fingerprints is so small as to be practically nonexistent. Key fingerprints contain only 32 letters and numbers, and the letters are all the same case. Arnold's PGP fingerprint, for example, looks like this:
Ugly, but if you were checking up on this key, you'd need to read only these 32 letters and numbers over the phone, which is only a minor drag.
PGP fanatics put their key fingerprints on their business cards, their stationary, their e-mail signatures, their front doors, and so on.
To see a key's fingerprint, highlight the key in the PGPkeys window and select Keys @->Info
Write down your fingerprint in a handy place, such as in your address book, so that you can help someone verify your public key at any time.
Give your public keys to anyone
Your friends need your public key to send you coded messages. (When we say friends, we really mean anyone with whom you want to communicate in private). You can safely give your public key to anyone -- friend, stranger or enemy. On the other hand, if someone knocks on your door and says that she is from the phone company, your bank, Dummies Central, or whatever and asks to see your secret key, you slam the door. Now. Got that?
You can get your public key to someone in the following ways:
In theory, you could mail or fax someone a hard copy printout of your key and have them type it in, but keys can be a few hundred characters long, so typing one exactly right is very difficult and very tedious.
Importing a key
If a friend gives you his or her public key, you need to add it to your public keyring file. Adding a new key to your public key ring is actually easier than adding a metal key to one of those circle rings, where you have to pry up one end, slip the hole in the key under that half of the circle, and slide the key all the way along until it snaps off the other end.
If you are given a file newfilename with a key in it that you want to add to your public key ring, choose Key@-->Import keys and select newfilename from the dialog box.
You are asked if you want to certify this key. Do not do so unless you know the person, and he or she personally handed you the key file on disk, or you have verified the key fingerprint over the phone with the person and you recognized her voice.
The PGP distribution should come with the public keys of several PGP honchos. Adding the keys in this file to your public key ring is good practice and you can use the keys to verify that the copy of PGP you have is valid. See the section "To Verify a Separate File," later in this page.
How do you know that the key file itself hasn't been tampered with? Highlight "Philip R. Zimmermann <firstname.lastname@example.org>" on the key list and select Keys @-> Info. PGP displays Phil's Key ID as C7A966DD and fingerprint as:
Because the other keys are signed by Phil, if the key fingerprint you get matches that in the preceding example, you (and your copy of PGP) are safe.
Well, you're sort of safe. Anyone clever enough to make a doctored version of PGP could have it recognize that you are checking its signature and print out the "all clear" message. You really ought to get PGP from two independent sources and use each to check the other. If you are a gentle, laid-back, trusting sort of soul, this crypto stuff should cure you of that really fast.
Get a friend to certify your key
To get your key certified, first extract a copy of your key by highlighting it and choosing Key@-->Extract keys from the PGPkeys menu.
Give the extracted file to a friend who has PGP. That person adds your key to her keyring by choosing Key@-->Import keys from the PGPkeys menu.
She then chooses Keys @-> Sign from the PGPkeys menu, and enters her personal pass phrase. She now extracts a fresh copy of your key from her keyring by choosing Key@-->Extract keys from the PGPkeys menu.
She then gives the key back to you on a floppy disk. You add it back into your keyring by choosing Key@-->Import keys from the PGPkeys menu.
You now have a signature on your key. From now on, anybody who knows your friend, trusts her, and has a copy of her public key knows that your public key is legitimate.
Naturally, you return the favor and sign her key.
Do it by remote control
Suppose that your friend is a long distance away, but you still want to exchange signatures. Simply send your key to your friend by e-mail. She adds your key to her keyring as before, but she doesn't certify it because she has no way to know that the key wasn't tampered with on the way.
Both of you get the key's fingerprint. Remember that a PGP key fingerprint is a string of 32 letters and numbers. (See the section "Leave Fingerprints," earlier in this page.) Now call your friend on the phone, make sure that you recognize her voice, and read her the 32 letters and numbers in the fingerprint. If the fingerprint matches what she has, she knows that she has a legitimate copy of your key. She can now sign your key, extract it, and e-mail it back to you. You then add it to your public keyring as before.
Inspect your key ring
The PGPkeys utility lets you view all the keys in your public key ring. To see who has certified a key, click on the small icon (not the key icon) to the left of that key in the PGPkeys display, or choose Edit @--> Expand Selection from the PGPkeys menu. Double-click on a key to view its fingerprint and trust level.
A number of universities and other organizations around the world operate public PGP key servers on a volunteer basis. These key servers enable you to submit your key and look for keys submitted by others. You can submit and search for keys by Internet FTP or by e-mail.
Most of the organizations that run these key servers make no attempt whatsoever to verify the keys.
To send a key to the key servers, highlight in the PGPkeys display and choose Keys @--> Keyserver @--> Send Selected Keys from the PGPkeys menu. You only need to send your key to only one server. That server forwards your request to the other servers automatically.
To find someone's key on the key servers, choose Keys @--> Keyserver @--> Find New Key from the PGPkeys menu. Then enter the persons e-mail address or user name when asked.
Most key also servers processes also requests from you that are sent as e-mail messages. You give the server one command per message. Commands are entered on the subject line of your message, as in the following example:
From: Arnold Reinhold@world.std.com
Most key servers accept the commands shown in the following table:
You should normally send e-mail key server requests to the following address:
Or send them to your national server at one of the following addresses:
What if your secret key is stolen?
If you have reason to believe that your secret key was compromised, the only thing you can do is revoke your public key, create a new pair of PGP keys, and circulate the revocation file containing your new public key as widely as possible. To revoke your public key, choose Key @-->Revoke from the PGPkeys menu.
PGP asks if you really want to do this and then prompts for your pass phrase. You then extract an ASCII copy of your now-revoked key and distribute it widely, just as you did after you first made it. You also need to make a new key pair for yourself, extract the public key, and distribute the new public key at the same time. After you revoke your own key, you cannot re-enable it.
Notice that you need both your secret key and pass phrase to revoke your key. If you lose either of them, you 're stuck. This situation is why we recommend that you make at least two backup copies of your secret key and why we think that writing your pass phrase down and keeping it somewhere safe is okay.
Using PGP to exchange private messages
This section tells you how you actually use PGP to send and receive encoded messages (at last!).
A secret message for Irene
Assume that you have Irene's public key on your keyring. (See the section "Adding a key," earlier in this page, if you don't). First, type your message in PGP friendly application or e-mail program such as Eudora. Now choose Encrypt from the PGP menu.
PGP prompts you for your pass phrase and then encrypts your message, suitable for mailing.
PGP handles the file's end-of-line characters, which vary from computer to computer, in a way that should work on any computer.
Sign on the dotted line
You can sign a document as part of the encryption process, or you can sign a document while leaving the body of the document unencrypted. You can even produce a signature file that is independent of the document.
To sign a text file without encrypting it, choose Sign from the PGP menu.
To sign a text file and encrypt it, choose Encrypt/Sign from the PGP menu.
PGP asks for your pass phrase and then adds a PGP signature, similar to the one in the following example, to the end of the text file, as follows:
-----BEGIN PGP SIGNATURE----- Version: 5.0 iQCVAwUBMArBSGtruC2sMYShAQEwEwQAzNIpRm29UXQwpT9AGctbnn/4GrRibWCt rgSUJaCYn+fP3NMalYUbEbljd+AbWXACuLSUCagKPEoC2vu6fzpO7h2q6TAFewrn JAHFLJHIfvhUXKsQF84BbWdvK6u+qaDjJeTlvTrD4L2dUlEA0OtOVa9ntwPmzt+l dHzeD3JBHFY= =akuU -----END PGP SIGNATURE-----
Decrypting files and verifying signatures
To read an encrypted file using a PGP friendly application or e-mail program such as Eudora, or to just check message's signature, choose Decrypt/Verify from the PGP menu. You are asked for your pass phrase if the file is encrypted.
PGP has a handy option that decrypts to PGP's display window. This option enables you to view a message without writing an unencrypted version to disk.
A bug was found in older versions of PGP that affects plaintext signatures. The following line is meant to be followed by a blank line:
-----BEGIN PGP SIGNED MESSAGE-----
A signed document can be tampered with by adding text in front of that blank line.
Always examine the output of PGP when verifying a document signed with versions before 2.6.2. The input may be tampered with, but the output cannot be.
Can the Spooks Crack PGP?
This question, regarding the ability of government codebreaking agencies like NSA to undo PGP encryption, is a perennial one on Internet newsgroups such as sci.crypt and alt.security.pgp. The NSA, of course, is the United States National Security Agency. NSA is the largest code-breaking outfit in the world, getting a big piece of the United States' $29 billion annual budget for intelligence. The days when the NSA's mere existence was a secret, however, are long gone. The agency has a museum and a nice World Wide Web home page at the following address:
The NSA certainly can crack PGP if you use a key length of 512 bits or less. But what if you use the 1,024-bit key size we recommend? The truth is that no one outside the NSA can say for sure. No techniques that have been published are even remotely close to breaking keys that big. And the 128-bit session keys seem equally impregnable. Our gut feeling -- for what it is worth -- is that the NSA cannot crack the codes used in PGP.
If the NSA or some other large organization really wants to obtain data encrypted with PGP, can they do so? More often than not, we think, they can. Isn't that a contradiction? Well, read the section "Other ways that they can get your data," in the section "Commonsense and Cryptography." The documentation that comes with PGP also has a section on "Vulnerabilities" that is well worth reading. The NSA knows all the tricks described in those documents and probably a few we haven't thought of. To achieve the level of security PGP is capable of takes discipline. Remember, however, that PGP promises only "pretty good privacy." Without more attention to security than an average person is likely to stand for, that is all PGP can provide. It's a tough world.
A new alternative to PGP is a web site called HushMail, http://www.hushmail.com. HushMail is similar to other advertising supported free e-mail sites, like HotMail or Yahoo, but with one very big difference: HushMail offers strong encryption.
HushMail uses public key encryption, but keeps your secret key on its server in encrypted form. This means you can use HushMail from anywhere. HushMail utilizes the latest Java technology, so you need a fairly recent browser to access their site. HushMail's requirements are as follows:
HushMail is not currently compatible with the Macintosh operating system, though they hope to have it working on Macs very soon.
HushMail is new could have some unnoticed flaws, but the designers seem committed to doing things the right way and they have published the source code for the Java applet that performs encryption on your computer.
The biggest potential weakness in HushMail is that its security depends entirely on the passphrase you select. We strongly recommend that you use a Diceware passphrase of at least five words with hushMail. Six or seven words would be better.
HushMail turns your passphrase into an encryption key with no "salt." That means a snoop can attack many keys at once. You can correct this problem to by choosing a longer passphrase, even if part of it is not secret. For example you might select a five word diceware secret passphrase and then add you HushMail user name at the end.
Remember that the secrecy of the message you send depends upon the security measures that you receipient uses, so make sure he is using a strong Diceware passphrase as well.
To learn moreFor more information about PGP and computer cryptography in general, get Internet Secrets, 2nd edition, to be published in Spring of 2000, which has a whole section on the topic.
If you'd like to be notified when we update this area of Internet Gurus Central, leave your e-mail address here. (We'll only use this to send you updates about this site, and will not give your address to anyone else, not even our beloved publisher. We'll send you a message to which you must respond to confirm that you want updates, which also tells you how to get off the list if you change your mind later.)
|Internet Gurus Home||Search This Site||Our Books|
|Internet Gurus Central
"...For Dummies" is a registered trademark of Wiley Publishing, Inc.
© Copyright 1998-2011 I.E.C.C. Last update August 5, 2009.