PGP 7.0 User’s Guide

PGP Freeware for Windows 95, Windows 98, Windows NT, Windows 2000 & Windows Millennium

User’s Guide

Version 7.0

PGP*,Version7.0.3 01-2001.PrintedintheUnitedStatesofAmerica. PGP,PrettyGood,andPrettyGoodPrivacyareregisteredtrademarksofNetworkAssociates,

Inc.and/oritsAffiliatedCompaniesintheUSandothercountries.Allotherregisteredand unregisteredtrademarksinthisdocumentarethesolepropertyoftheirrespectiveowners.

PortionsofthissoftwaremayusepublickeyalgorithmsdescribedinU.S.Patentnumbers 4,200,770,4,218,582,4,405,829,and4,424,414,licensedexclusivelybyPublicKeyPartners;the IDEA(tm)cryptographiccipherdescribedinU.S.patentnumber5,214,703,licensedfrom AscomTechAG;andtheNorthernTelecomLtd.,CASTEncryptionAlgorithm,licensedfrom NorthernTelecom,Ltd.IDEAisatrademarkofAscomTechAG.NetworkAssociatesInc.may havepatentsand/orpendingpatentapplicationscoveringsubjectmatterinthissoftwareor itsdocumentation;thefurnishingofthissoftwareordocumentationdoesnotgiveyouany licensetothesepatents.ThecompressioncodeinPGPisbyMarkAdlerandJean-LoupGailly, usedwithpermissionfromthefreeInfo-ZIPimplementation.LDAPsoftwareprovided courtesyUniversityofMichiganatAnnArbor,Copyright©1992-1996Regentsofthe UniversityofMichigan.Allrightsreserved.Thisproductincludessoftwaredevelopedbythe ApacheGroupforuseintheApacheHTTPserverproject(http://www.apache.org/).Balloon helpsupportcourtesyofJamesW.Walker.Copyright©1995-1999TheApacheGroup.All rightsreserved.SeetextfilesincludedwiththesoftwareorthePGPwebsiteforfurther information.ThissoftwareisbasedinpartontheworkoftheIndependentJPEGGroup.Soft TEMPESTfontcourtesyofRossAndersonandMarcusKuhn.Biometricwordlistfor fingerprintverificationcourtesyofPatrickJuola.

Thesoftwareprovidedwiththisdocumentationislicensedtoyouforyourindividualuse underthetermsoftheEndUserLicenseAgreementandLimitedWarrantyprovidedwiththe software.Theinformationinthisdocumentissubjecttochangewithoutnotice.Network AssociatesInc.doesnotwarrantthattheinformationmeetsyourequirementsorthatthe informationisfreeoferrors.Theinformationmayincludetechnicalinaccuraciesor typographicalerrors.Changesmaybemadetotheinformationandincorporatedinnew editionsofthisdocument,ifandwhenmadeavailablebyNetworkAssociatesInc.

Exportofthissoftwareanddocumentationmaybesubjecttocompliancewiththerulesand regulationspromulgatedfromtimetotimebytheBureauofExportAdministration,United StatesDepartmentofCommerce,whichrestricttheexportandre-exportofcertainproducts andtechnicaldata.

NetworkAssociates,Inc. (972)308-9960main 3965FreedomCircle http://www.nai.com SantaClara,CA95054

*issometimesusedinsteadofthe®forregisteredtrademarkstoprotectmarksregisteredoutsideofthe U.S.

LIMITED WARRANTY

Limited Warranty. substantially in accordance with the accompanying written materials for a period of sixty (60) days from the date of original purchase. Tothe extent allowed by applicablelaw, implied warranties on the Software Product, if any, are limited to such sixty (60) day period. Some jurisdictions do not allow limitations on duration of an implied warranty, so the above limitation may not apply to you.

Customer Remedies. exclusive remedy shall be, at Network Associates Inc’s option, either (a) return of the purchase price paid for the license, if any or (b) repair o r replacement of the Software Product that does not meet Network Associates Inc’s limited warranty and which is returned at your expense to Network Associates Inc. with a copy of your receipt. This lim ited warranty is void if failure of the Software Product has resulted from accident, abuse, or misapplication. Any repaired or replacement Software Product will be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer. Outside the United States, neither these remedies nor any product support services offered by Network Associates Inc. are available without proof of purchase from an authorized internationalsource and may not be available from Network Associates Inc. to the extent they subject to restrictions under U.S. export control laws and regulations.

NO OTHER WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AND EXCEPT FOR THE LIMITED WARRANTIES SET FORTH HEREIN, THE SOFTWARE AND DOCUMENTATION ARE PROVIDED “AS IS” AND NETWORK ASSOCIATES, INC. AND ITS SUPPLIERS DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, CONFORMANCE WITH DESCRIPTION, TITLE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS, AND THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES. THIS LIMITED WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. YOU MAY HAVE OTHERS, WHICH VARY FROM JURISDICTION TO JURISDICTION.

Network Associates Inc. warrants that the Software Product will perform

Network Associates Inc’s and its suppliers’ entire liability and your

LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL NETWORK ASSOCIATES, INC. OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEM PLARY DAMAGES OR LOST PROFITS WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE PRODUCT OR THE FAILURE TO PROVIDE SUPPORT SERVICES, EVEN IF NETWORK ASSOCIATES, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, NETWORK ASSOCIATES, INC’S CUMULATIVE AND ENTIRE LIABILITY TO YOU OR ANY OTHER PARTY FOR ANY LOSS OR DAMAGES RESULTING FROM ANY CLAIMS, DEMANDS OR ACTIONS ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE PURCHASE PRICE PAID FOR THIS LICENSE. BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY, THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.

Part I: Overview

Preface.....................................................13

OrganizationofthisGuide.........................................14

HowtocontactPGPSecurityandNetworkAssociates .................16

Customerservice............................................16

Technical support ...........................................16

NetworkAssociatestraining...................................16

Comments and feedback . . . . . . . . ..............................17

Recommended readings . . . . . . . . . . . . ..............................17

Thehistoryofcryptography ...................................17

Technicalaspectsofcryptography .............................17

Politicsofcryptography ......................................19

Networksecurity ............................................20

Chapter1. PGPBasics .......................................21

PGPaspartofyoursecuritystructure...............................21

PGPfeatures ....................................................22

BasicstepsforusingPGP.........................................23

Chapter 2. A Quick Tour of PGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Startmenu ......................................................25

PGPtools .......................................................26

PGP within supported email applications . . . . . . . . . . . . . . ..............26

PGP from Windows Explorer . . . . . . . . . ..............................27

PGPtray ........................................................27

Using the Clipboard and Current Window options . . . ..............28

Takingshortcuts.................................................29

GettingHelp.....................................................29

User’s Guide 5

Table of Contents

Part II: Working with Keys

Chapter3. MakingandExchangingKeys ........................33

“Key”concepts..................................................33

Makingakeypair ................................................34

Creatingapassphrasethatyouwillremember ........................40

Changingyourkeypair ...........................................41

Backingupyourkeys.............................................41

Protectingyourkeys .............................................42

WhatifIforgetmypassphraseorlosemykey? .......................42

WhatisPGPkeyreconstruction?...............................43

Exchangingpublickeyswithothers.................................45

Distributingyourpublickey ...................................45

Placingyourpublickeyonakeyserver .....................45

Includingyourpublickeyinanemailmessage ...............46

Exportingyourpublickeytoafile..........................47

Obtainingthepublickeysofothers .............................47

Gettingpublickeysfromakeyserver.......................48

Gettingpublickeysfromemailmessages ...................49

Importing keys . . . . . . . . . . . . ..............................50

Verifyingtheauthenticityofakey ..............................50

Whyverifytheauthenticityofakey? .......................50

Verifywithadigitalfingerprint.............................51

Validatingapublickey........................................51

Workingwithtrustedintroducers...............................51

Whatisatrustedintroducer?..............................52

What is a meta-introducer? . ..............................52

Chapter4. ManagingKeys ....................................53

ManagingyourPGPkeyrings ......................................53

ThePGPkeyswindow ........................................54

PGPkeysattributedefinitions..............................54

Specifying a default key pair on your PGP keyring . . . . . . . . . . . .58

Importing and exporting keys on your PGP keyring . . . . . . . . . . .58

Deleting a key or signature on your PGP keyring . . . . . . . . . . . . .58

6 PGP Freeware

Table of Contents

DisablingandenablingkeysonyourPGPkeyring ............59

Examiningandsettingkeyproperties ...........................60

Generalkeyproperties ...................................60

Subkeys properties . . . . . . . . ..............................70

Designatedrevokerproperties.............................73

AdditionalDecryptionKeyproperties .......................75

AddinganX.509certificatetoyourPGPkey......................76

Splittingandrejoiningkeys ...................................81

Creatingasplitkey ......................................81

Rejoiningsplitkeys......................................83

Updatingyourkeyonakeyserver..............................88

Reconstructingyourkey ......................................90

Part III: Securing Your Files and Communications

Chapter5. SecuringEmail ....................................95

Securing email communications . . . . . . ..............................95

PGP/MIME ..................................................95

Encryptingandsigningemail ..................................96

Encrypting and signing email using the PGP plug-ins . . . . . . . . .96

Encrypting and signing email without PGP plug-in support . . . .100

Encryptingemailtogroupsofrecipients ...................101

Decryptingandverifyingemail................................103

Decrypting and verifying email using the PGP plug-ins . . . . . . .103

Decrypting and verifying email without PGP plug-in support . . .104

Chapter6. SecuringFiles ....................................107

SecuringyourfilesandfolderswithPGP ...........................107

Encryptingandsigningfiles ..................................107

Decryptingandverifyingfiles.................................109

Openingaself-decryptingarchive.........................110

Signinganddecryptingfileswithasplitkey .........................110

Permanentlyerasingfilesandfreediskspace .......................110

UsingPGPWipetopermanentlydeleteafile ....................111

Using the PGP Wipe Free Space Wizard to clean free disk space . . .112

Schedulingfolderandfreespacewiping .......................113

User’s Guide 7

Table of Contents

Chapter7. SecuringInstantMessages .........................117

ExchangingpublickeysinICQ................................118

EncryptingICQmessages....................................119

Part IV: Securing Your Network Communications with PGPnet

Chapter8. PGPnetBasics....................................123

Learning about PGPnet ..........................................123

WhatisaVirtualPrivateNetwork? .................................124

VPNterms .................................................125

Chapter 9. A Quick Tour of PGPnet . . . . . . . . . . . . . . . . . . . . . . . . . . . .127

DisplayingPGPnet ..............................................127

TurningPGPnetonandoff .......................................127

ExitingPGPnet .................................................128

PGPnetfeatures ................................................128

PGPtray’sicon .................................................129

The PGPnet window (at a glance) . . . . . .............................130

Menus ....................................................130

Panels ....................................................131

Statusbar .................................................132

ReviewingthestatusofexistingSAs ...............................133

EstablishingandterminatingSAs..................................135

Importing a host list . . . . . . . . . . . . .............................136

Exportingahostlist.........................................136

Blocking communications with other machines . . . . . . . . . .............136

Blocking a host and tracing the source of communications . . . . . . . .138

Tracinganattacker .........................................138

Removingahostfromthelistofblockedhosts ..................140

ReviewingPGPnet’slogentries ...................................140

Changingyoursecurenetworkinterface:SetAdapter.................141

8 PGP Freeware

Table of Contents

Chapter10. ConfiguringPGPnet’sVPNFeature..................143

ConfiguringPGPnet’sVPNfeature .................................144

Step1.DisplayingPGPnet ...................................144

Step2.Selectingyourauthenticationkeyorcertificate............144

Step 3a. Importing a host list . . . . .............................146

Step 3b. Adding a host, subnet, or gateway . . . . . . . . .............146

Step4.EstablishinganSA ...................................146

UsingtheAddHostWizard .......................................147

Whatyouneedtoknow......................................148

Addingahost ..............................................149

Adding a subnet or gateway . . . . . .............................151

Modifyingahost,subnet,orgatewayentry ..........................154

Removing a hos t, subnet, or ga teway entry . . . . . . . . . . . . . .............154

Expert Mode: Bypassing the wizard to add hosts, gateways, and subnets 155

TurningExpertModeonandoff...............................156

DNS Lookup: Finding a host’s IP address . . . . . . . . . . .............157

SharedSecret ..............................................158

RemoteAuthentication ......................................158

Requiring a host to present a specific key or certificate . . . . . . . 158

AcquireVirtualIdentityandexclusivegateways .................160

Authenticationtype .....................................161

Enabling/DisablingtheVPNfeature............................162

UsingAggressiveMode......................................163

Part V: Appendices and Glossary

AppendixA. SettingOptions .................................167

SettingPGPoptions .............................................167

Settinggeneraloptions ......................................168

Settingfileoptions..........................................171

Settingemailoptions........................................173

SettingHotKeyoptions ......................................175

Settingserveroptions .......................................177

SettingCAoptions..........................................181

Settingadvancedoptions ....................................181

User’s Guide 9

Table of Contents

SettingVPNoptions.........................................185

Settingautomatickeyrenewalvalues......................187

SettingVPNauthenticationoptions............................188

SettingVPNadvancedoptions ................................190

Adding and r emoving Allowed Remote proposals . . . . . . . . . . . .195

WorkingwithIKEandIPsecproposals .....................195

Appendix B. Troubleshooting PGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Appendix C. Troubleshooting PGPnet . . . . . . . . . . . . . . . . . . . . . . . . . .203

PGPneterrormessages ..........................................203

Additionaltips..................................................204

Understandingauthentication.....................................205

TheVPNAuthenticationpanel ................................205

Host/Gatewaydialog:RemoteAuthentication ...................206

Appendix D. Transferring Files Between the MacOS and Windows . .207

Sending from the MacOS to Windows . .............................208

ReceivingWindowsfilesontheMacOS.............................210

Supportedapplications ......................................210

AppendixE. BiometricWordLists.............................213

BiometricWordLists ............................................213

Glossary...................................................219

Index......................................................231

10 PGP Freeware

Part I: Overview

•Preface

• Chapter 1: PGP Basics

• Chapter 2: A Quick Tour of PGP

Preface

PGP is part of your organization’s security toolkit for protecting one of your most important assets: information. Corporations have traditionally put locks on their doors and file cabinets and require employees to show identification to prove that they are permitted access into various parts of the business site. PGP is a valuable tool to help you protect the security and integrity of your organization’sdata andmessages.For many companies,lossof confidentiality meanslossofbusiness.

This guide describes how to use PGP Windows NT, and Windows Millennium. PGP Freeware (also referred to in this document simply as PGP) has many new features, which are described in the ReadMe.txt file that accompanies the product.

Freeware for Windows 95, 98, 2000,

NOTE: If you are new to cryptography and would like an overview of

the terminology and concepts you will encounter while using PGP, see

An Introduction to Cryptography, which is included with the product.

User’s Guide 13

Preface

Organization of this Guide

This Guide is divided into the following parts and chapters:

Part I, “The Basics”

This section introduces you to the features of PGP and gives you a quick look at the PGP user i nterface. Part I includes the following chapters:

• Chapter 1, “PGP Basics,” provides an overview of the capabilities of PGP and how PGP fits into the larger security structure of an organization.

• Chapter 2 , “A Quick Tour of PGP,” provides you with a brief introduction to accessing PGP utilities from your desktop.

Part II, “Working With Keys”

This section introduces the important concept of keys,whicharefundamental to data encryption. Part II includes the following chapters:

• Chapter 3, “Making and Exchanging Keys,” explains the concept of a data encryption key and describes how you create, protect, exchange, and validate keys.

• Chapter 4, “Managing Keys,” provides you with more details of key maintenance, including managing your keyring,examining andchanging key properties, creating split keys.

14 PGP Freeware

Part III “Securing Your Files and Communications”

This section explains how to use your data encryption keys to secure data that you send from or store on your computer. Part III includes the following chapters:

• Chapter5,“SecuringEmail,”describeshowtosend encrypted email, and how to decrypt and verify email you receive.

• Chapter 6, “Securing Files,” describes how to use PGP to securely maintain files, either for email or for storage on your computer.

• Chapter 7, “Securing Instant Messages,”describes how you can use PGP’s plug-in for ICQ—an applicationfor real-time communication over the Internet—to secure your instant messages.

Preface

Part IV, “Securing Your Network Communications with PGPnet”

This section describes the features of PGPnet, a PGP tool that enables you to create Virtual Private Networks (VPNs) with trusted users not directly connected to your network. The chapters of Part IV also guide you through configuring the features of PGPnet to customize the security of your workstation. Part IV includes the following chapters:

• Chapter 8, “PGPnet Basics,” gives you an overview of Virtual Private Networks.

• Chapter9, “A QuickTourof PGPnet,”introducesyou to aspects of PGP’s user interface that are related to PGPnet.

• Chapter 10, “Configuring PGPnet’s VPN Feature,” describes how to use PGPnet to set up and customize a Virtual Private Network (VPN).

Part V, “Appendices and Glossary”

This section includes information on how to further customize PGP on your computer, as well as troubleshooting tips should you encounter problems using PGP. A Glossary is included as a convenient reference spot where you will find definitions of terms related to network security. Part V includes the following appendices:

• Appendix A, “Setting Options,” explains how to use the Options dialog box to create a version of PGP on your computer that best suits your needs.

• Appendix B, “Troubleshooting PGP,” guides you in solving problems you may encounter when using PGP.

• AppendixC,“Troubleshooting PGPnet,” guides you in solving problems you may encounter when using PGP’s PGPnet feature.

• Appendix D, “Transferring Files Between the MacOS and Windows,” explains how PGP translates files that are sent between two systems when one system operates using a Mac operating system (OS) and the othersystemoperatesusingaWindowsOS.

• Appendix E, “Biometric Word Lists,” explains biometric word lists and how they are used by PGP.

• Glossary,page219, provides you with definitions for many terms related to PGP and network security.

User’s Guide 15

Preface

How to contact PGP Security and Network Associates

Customer service

Network A ssociates continues to market and support the product lines from each of the new independent business units. You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to the Network Associates Customer Service department at the following address:

Network Associates Customer Service 4099 McEwen, Suite 500 Dallas, Texas 75244 U.S.A.

The department’s hours of operation are 8 through Friday.

Other contact information for corporate-licensed customers:

Phone: (972) 308-9960 E-Mail: services_corporate_division@nai.com World Wide Web: http://support.nai.com

Other contact information for retail-licensed customers:

Phone: (972) 308-9960 E-Mail: cust_care@nai.com World Wide Web: http://www.pgp.com/

Technical support

Network Associates does not provide technical support for freeware products.

Network Associates training

For information about scheduling on-site training for any PGP Security or Network Associates product, call Network Associates Customer Service at: (972) 308-9960.

A.M.to8P.M. Central time, Monday

16 PGP Freeware

Comments and feedback

PGP Security appreciates your comments and reserves the right to use any information you supply in any way it believes appropriate without incurring any obligation whatsoever. Please send any documentation comments to tns_documentation@nai.com.

PGPaspartofyoursecuritystructure

Your company has various means by which it can protect information. It can physically lock doors to the building and specific rooms in the building, making those places accessible only to authorized personnel. It can require employees to us e passwords to log on to the network. It can control the flow of information traffic between the corporate network and outside networks by setting up one computer as a firewall server that all information must pass through. These are all mechanisms by which a corporation can bolster the security of its information.

PGP Freeware adds to this security system by offering information protection for individual computers. The types of added secu rity include:

1. data encryption, including email, stored files, and instant messaging

2. virtual private networking, for secure remote communications

Data encryption enables users to protect information that they send out—such as emails—as well as information that they store ontheir own computers. Files and messages are encrypted with a user’s key, which works in conjunction with scrambling algorithms to produce data that can be decrypted only by its intended recipients.

Data encryption is also an important part of a Virtual Private Network (VPN): information is first encrypted and then sent in this secure form over the Internet—an otherwise very insecure medium—to a remote host. Virtual Private Networks are a feature of PGPnet, which is a PGP tool used for setting up VPNs.

You should now be familiar with an overall picture of what PGP does. The next section lists the features of PGP and gives references to specific chapters in this User’s Guide for more detailed information.

User’s Guide 21

PGP Basics

PGP features

PGP offers several features and utilities to help you secure your email, files, disk, and network traffic with encryption and authentication.

Here is what you can do with PGP:

• Encrypt/sign and decrypt/verify within any application. With the PGP menus and email plug-ins, you can access PGP functions while in any application. To learn how to access PGP, see Chapter 2, “A Quick Tour of

PGP.” To learn how to encrypt/sign and decrypt/verify, see “Part III: Securing Your Files and Communications.”

• Create and manage keys. Use PGPkeys to create, view, and maintain your ownPGPkeypairaswellasanypublickeysofotherusersthatyouhave added to your public keyring. To learn how to create a key pair, see

Chapter3,“MakingandExchangingKeys.” To learn about managing your

keys, see Chapter 4, “Managing Keys.”

• Create self-decrypting archives (SDAs). You can create self-decrypting executable files that anyone can decrypt with the proper password. This feature is especially convenient for sending encrypted files to people who do not have PGP installed. For more informationabout SDAs, see Chapter

6, “Securing Files.”

22 PGP Freeware

• Permanently erase files,folders,andfreediskspace.You can use thePGP Wipe utility to thoroughly delete your sensitive files and folders without leaving fragments of their data behind. You can also use PGP Free Space Wiper to erase the free disk space on your hard drive that contains data from previously deleted files and programs. Both utilities ensure that your deleted data is unrecoverable. To learn about fil e , folder, and free space wiping, see “Permanently erasing files and free disk space” on page 110.

• Secure network traffic. You can use PGPnet, a Virtual Private Network (VPN), to communicate securely and economically with other PGPnet users over the internet. To l earn more about PGPnet and its components, see “Part IV: Securing Your Network Communications with PGPnet.”

Basic steps for using PGP

1. Install PGP on your computer.

Refer to the PGP Installation Guide or the ReadMe.txt file that accompanies the product for complete installation instructions.

2. Create a private and public key pair.

Before you can begin using PGP, you need to generate a key pair. You have the option of creating a new key pair during the PGP installation

procedure, or you can do so at any time by opening the PGPkeys application.

You n eed a key pair to:

• encrypt information

• decrypt information that has been encrypted to your key

• sign information

For more information about creating a private and public key pair, refer to

“Making a key pair” on page 34.

PGP Basics

3. Exchange public keys with others.

After you have created a key pair, you can begin corresponding with other PGP users. You will need a copy of their public key and they will need yours. Your public key is just a block of text, so it’s quite easy to trade keys with someone. You can include your public key in an email message, copy it to a file, or post it on a public or corporate key server where anyone can get a copy when he or she needs it.

For more information about exchanging public keys, refer to “Exchanging

public keys with others” on page 45.

4.Validate public keys.

Once you have a copy of someone’s public key, you can add it to your public keyring. You should then check to make sure that the key has not been tampered with and that it really belongs to the purported owner. You do this by comparing the unique fingerprint on your copy of someone’s public key to the fingerprint on that person’s original key. When you are sure that you have a valid public key, you sign it to indicate that you feel the key is safe to use. In addition, you can grant the owner of the key a level of trust indicating how much confidence you have in that person to vouch for the authenticity of someone else’s public key.

User’s Guide 23

PGP Basics

For more information about validating your keys, refer to “Verifying the

authenticity of a key” on page 50.

5. Start securing your email and files.

After you have generated your key pair and have exchanged public keys, you can begin encrypting, signing, decrypting and verifying your email messages and files.

To perform a PGP task, you must select the file or email message that you want to s ecure and then choose your task (Encrypt, Sign, Decrypt, or Verify) from a PGP menu. PGP menus are available from most applications. To learn how to access a PGP menu, see Chapter 2, “A Quick

Tour of PGP.”

For detailed instructions about securing email and files, refer to “Part III:

Securing Your Files and Communications.” For more information about

securing your network communications, refer to “Part IV: Securing Your

Network Communications with PGPnet.”

6. Wipe files.

When you need to permanently delete a file, you can use the Wipe feature to ensure that the file is unrecoverable. The file is immediately overwritten so that it cannot be retrieved using disk recovery software.

24 PGP Freeware

For more information about wiping files, refer to “Permanently erasing

files and free disk space” on page 110.

2A Quick Tour of PGP

The way in which you access PGP largely depends on your preference—what is easiest at the time. PGP works on the data generated by other applications. Therefore, the appropriate PGP functions are designed to be immediately available to you based on the task you are performing at any given moment.

Start menu

You can start many of the PGP utilities (PGPkeys, PGPtools, PGPtray, PGPnet, andPGPDocumentation) from theStartmenu(asshown in Figure 2-1,#1).On the Task bar, click the Start button, then click Programs and PGP to access these utilities.

1. Start menu

2. PGPtools

3. Email application

Figure 2-1. Accessing PGP

4. Windows Explorer

5. PGPtray

User’s Guide 25

A Quick Tour of PGP

PGPtools

If you are using an email application that is not supported by the plug-ins, or if you want to perform PGP functionsfromwithinotherapplications, you can encrypt and sign, decrypt and verify, or securely wipe messages and files directly from PGPtools. You can open PGPtools (as shown in Figure 2-1, #2) from your System tray (as shown in Figure 2-1, #5) or by clicking

Start—>Programs—>PGP—>PGPtools.

PGPkeys

encrypt

sign

encrypt

and sign

decrypt/ verify

wipe

free space

wipe

Figure 2-2. PGPtools

If you are working with text or files, you can encrypt, decrypt, sign, and verify by selecting the text or file and then dragging it onto the appropriate button in PGPtools.

If you are working with files, click on the appropriate button in PGPtools to choose a file or select the Clipboard data.

When you decrypt a file, a Save As dialogboxappearsandPGPcreatesanew plaintext file with a . txt extension; the encrypted file has a .txt.pgp extension.

PGP within supported email applications

NOTE: The Lotus Notes plug-in is not supported in PGP Freeware.

PGP “plugs in” to many popular email applications. With these plug-ins, you canperformmostPGPoperations withasimpleclickof a button whileyouare composing and reading your mail.

If you are using an email application that is not supported by the plug-ins, you can easily encrypt/decrypt messages using one of the other PGP utilities.

26 PGP Freeware

PGP has plug-ins for the following email applications:

• Qualcomm Eudora

• Microsoft Exchange

• Microsoft Outlook

• Microsoft Outlook Express

• Lotus Notes

When a PGP plug-in is installed, Encrypt and Sign buttons appear in your application’s toolbar (as shown in Figure 2-1, #3). You click the envelope and lock icon ( ) to indicate that you want to encrypt your message, and the pen and paper icon ( ) to indicate that you want to sign your message. Some applications also have an icon of both a lock and quill, which lets you encrypt and sign at once. For more information about using PGP within email applications, see Chapter 5, “Securing Email.”

PGP from Windows Explorer

You can encrypt and sign or decrypt and verify files such as word processing documents, spreadsheets, and video clips directly from Windows Explorer.

A Quick Tour of PGP

PGPtray

To access PGP functions from Windows Explorer, choose the appropriate option from the PGP submenu of the File menu (as shown in Figure 2-1, #4). The options that appear depend on the current state of the file you have selected. If the file has not yet been encrypted or signed, then the options for performingthesefunctionsappearonthemenu.Ifthefileisalreadyencrypted or signed, then options for decrypting and verifying the contents of the file are displayed.

NOTE: You can access many of the main PGP functions by clicking the gray lock icon ( ), which is normally located in the System tray (as shown in Figure 2-1, #5), and then choosing the appropriate menu item.(If you can’t find this icon in your System tray, run PGPtray from the Start menu or see “Setting general options” on page 168 for additional instructions.) This feat ure gives you im mediate access to the PGP functions regardless of which application you are using.

User’s Guide 27

A Quick Tour of PGP

NOTE: The look of the PGPtray icon tells you if PGPnet is off or not installed (gray lock on a network), or installed but not working (gray lock on a netwo rk wi th a red X). If you did not install PGPnet, this gray lock icon ( ) will appear in your System tray instead of the PGPnet lock icon. For more information about the lock icons in PGPtray, see “PGPtray’s

icon” on page 129.

Using the Clipboard and Current Window options

If you are using an email application that is not supported by the PGP plug-ins, or if you are working with text generated by some other application, you can perform your encryption/decryption and signature/verification functions via the Windows Clipboard or within the current application window.

Via the Windows Clipboard

For instance, to encrypt or sign text, you copy it from your word processing application to the Clipboard ( appropriate PGP functions, then paste ( before sending it to the intended recipients. You can also reverse the process and copy the encrypted text—known as ciphertext—from your application to theClipboard,decryptandverifytheinformation,andthenviewthecontents. After y ou vi ew the decrypted message, you can decide whether to save the information or retain it in its encrypted form.

CTRL+C), encrypt and sign it using the

CTRL+V) it back into your application

28 PGP Freeware

Within the Current Window

You can perform the same cryptographic tasks using the Current Window menu item, which copies t he text in the current window to the Clipboard and then perform s the selected task .

Figure 2-3. PGPtray’s Current Window feature

Taking shortcuts

Although you will find that PGP is quite easy to use, a number of shortcuts are available to help you accomplish your encryption tasks even quicker. For example, while you are managing your keys in the PGPkeys window, you can right-click to perform all the necessary PGP functions rather than accessing them from the menu bar. You can also drag a file containing a key into the PGPkeys window to add it to your keyring.

Keyboard shortcuts, or hotkeys, are also available for most menu operations. For informationaboutcreatingPGPhotkeys,see“Setting HotKey options” on

page 175.

Getting Help

When you choose Help from PGPtray or from the Help menu within PGPkeys, you access the PGP Help system, which provides a general overview and instructions for all of the procedures you are likely to perform. Many of the dialog boxes also have context-sensitive help, which you access by clicking the question mark in the right corner of the window and then pointing to the area of interest on the screen. A short explanation appears.

A Quick Tour of PGP

User’s Guide 29

A Quick Tour of PGP

30 PGP Freeware

+ 216 hidden pages

PGP 7.0 User’s Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

PGP Freeware for Windows 95, Windows 98, Windows NT, Windows 2000 & Windows Millennium

User’s Guide

Version 7.0

Table of Contents

Part I: Overview

Preface

Organization of this Guide

How to contact PGP Security and Network Associates

Customer service

Technical support

Network Associates training

Comments and feedback

Recommended readings

The history of cryptography

Technical aspects of cryptography

Politics of cryptography

Network security

PGPaspartofyoursecuritystructure

PGP features

Basic steps for using PGP

Start menu

PGPtools

PGP within supported email applications

PGP from Windows Explorer

PGPtray

Using the Clipboard and Current Window options

Taking shortcuts

Getting Help