Emoticon's Guide to PGP - Pretty Good Privacy

PGP is a Public Key Encryption system which you can use to encrypt your emails so that only the intended recipient can read it. It was developed by Phillip Zimmerman and - it's Free

This document provides an overview of the PGP encryption software. It outlines:

This document only provides an overview of the PGP system and we would recomend that you read the documentation that comes with the software - its only two volumes!

What is PGP?

Simply, PGP is an encryption system - it 'garbles' your message so that only the person you're sending your email to can read it, and not any other nosey so and so who might just intercept it.

Encryption works with a 'key' - you need the key to encrypt a message and you need the key to decrypt it. Normal encryption requires that both the sender and receiver have the same 'key' - which means you have to somehow get the 'key' you are going to use to the other person ... without it falling into the wrong hands on the way. PGP overcomes this problem by using what is called a Public Key System.

Now, this is really clever stuff! You have one key to encrypt a message AND a different one to decrypt it. So, what you do is send the encryption key to all those people who you want to write to you - this is your Public Key and you keep the decryption key - your Private Key safely on your hard disk.

Your Public Key can't be used to decrypt the message, or to work out your Secret Key ... even if you know the key generation algorithm! In fact, PGP uses an algorithm called Rivest-Shamir-Adleman (RSA) public key cryptosystem which you can download. You can even download the PGP source code if you really like ... but it won't help much in decoding someone elses key.

Why use it?

There's a lot of talk around about 'if you use encryption you must have something to hide'. Well, that needn't be the case, I mean do you really want anybody reading your mail, no matter how innocent it is. You use envelopes for snail mail don't you.

On the other hand you have got things to hide - your personal affairs (in more than one sense) and your credit card number when you are buying things over the Net. It may not be anymore risky than normal credit card usage, but you don't have to take the risk.

Where can you get it?

PGP is available from a number of anonymous ftp sites, a few are listed below. Read the index or redme file to identify the latest version, currently 2.6.

UNIX


This is available from unix.hensa.ac.uk/pub/uunet/pub/security/pgp/

IBM PC


This is available from ftp.demon.co.uk/pub/ibmpc/pgp

Apple Mac


This is available from ftp.demon.co.uk/public/pub/mac/macpgp

To get a fully licensed version of PGP for use in the USA or Canada, contact ViaCrypt in Phoenix, Arizona. Their phone number is 602-944-0773. ViaCrypt has obtained all the necessary licenses from PKP, Ascom-Tech AG, and Philip Zimmermann to sell PGP for use in commercial or Government environments. ViaCrypt PGP is every bit as secure as the freeware PGP, and is entirely compatible in both directions with the freeware version of PGP.

What does PGP consists of?

PGP consists of a program and data files. The data files are called 'key rings' and you have two of these - a Public Key Ring and a Secret Key Ring. The Public Key Ring is where you keep all the 'Public Keys' sent to you and the Secret Key Ring is where you keep YOUR decryption 'keys'.

One thing, you need to know that a Public Key is genuine and so it has to be 'signed' or 'certified', either by yourself or by another authorised Public Key on your Public Key Ring, before it can be used to encrypt messages.

How do I use it?

Once you have downloaded and installed PGP, these are the basic commands that you will need to use: (read the 'setup' document, if nothing else. This will tell you what environment variables to set yo make your life easier)

pgp -kg
this generates your public/secret key combination - the larger the key bit size you choose, the more secure the encryption, but the slower encryption/decryption takes.

pgp -ka filename
this extracts someone elses public key and adds it to your Public Keyring. Filename is an ASCII file that contained their public key.

pgp -ea filename
to encrypt a file with someone's public key.

pgp -kxa
this will generate your public key file for those who request it.

pgp filename
to decrypt a file that has been encrypted with one of your Public Keys.

Step by Step

Step by step to using PGP with Emoticon's Order Form

1. Download the correct PGP for your system (see above).

   - now a few of things you need to do:

     a. set up the suggested environment variables, so you can use PGP
        from any directory.

     b. create your own key - in the pgp directory:

	type pgp -kg   and follow the instructions on the screen
                       you'll have to enter a username, pass phrase
                       not its phrase not word) and bash the keyboard 
                       a bit.

     c. create an ascii file of your public key so you can send it to 
        people: 
        
        type pgp -kxa  and follow the instructions on the screen it will 
                       create a file called .asc

2. Complete our orderform and choose the "create an orderform with PGP Key":

   - When the response appears on your screen you should save it to disk 
     (usually File then Save from the menu), let's say you save it to 
     c:\temp and call it emoticon.ord.

3. Now add emoticon's public key to your public key ring:

   - switch to c:\temp

     type pgp -ka emoticon.ord   note you do not have to strip the key out
                                 of the file to extract the key. 

   Once you have typed this the following happens:

	a. PGP reports on the number of keys it has found - in this 
           case 1.

	b. You are asked if you want to certify any keys yourself - 
           answer 'y'.

        c. You are now asked if you want to certify emoticon's key yourself 
           answer 'y'.

        d. You are now asked to think very long and hard about this - 
           answer 'y' again.

        e. You are now asked to enter your pass phrase (remember step 1b 
           above?)

        f. Now you're asked if you trust emoticon to introduce other keys, 
           answer '2' which is no (we are trustworthy, but you should only 
           accept introduced keys from sources you know well).

4. Open up an ascii text editor and load emoticon.ord
    
   a. read the instructions.

   b. delete the bit between the lines marked 'delete from here' to 
      'delete to here' (you don't need these lines for the order).
    
   c. fill in the order form and save the file.

5. Encrypt the order form file:

   a. type pgp -ea emoticon.ord

   b. you will be asked to enter the recipient's user ID

       type 'emoticon'

   this will create a file called emoticon.asc

6. Open your email package and create a message:

   a. address the email to pgporder@emoticon.com
   
   b. import emoticon.asc into the email body.

   c. send the email

Click here for Emoticon's Order Form

| Emoticon's Home Page || The Emoticon Shop || Secure Order || Standard Order |
Top of Page || Feedback |
smile@ukindex.co.uk
Copyright © 1995 Emoticon Limited
last updated 13th March 1995
site managed by Systematic Marketing