PGP Command Line - 10.1 User’s Guide

PGP® Command Line

User's Guide

Version Information

PGP Command Line User's Guide. Version 10.1. Released September 2010.

Copyright © 1991-2010 by PGP Corporation. All Rights Reserved. No part of this document can be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of PGP Corporation.

Trademark Information

PGP, Pretty Good Privacy, and the PGP logo are registered trademarks of PGP Corporation in the US and other countries. IDEA is a trademark of Ascom Tech AG. Windows and ActiveX are registered trademarks of Microsoft Corporation. AOL is a registered trademark, and AOL Instant Messenger is a trademark, of America Online, Inc. Red Hat and Red Hat Linux are trademarks or registered trademarks of Red Hat, Inc. Linux is a registered trademark of Linus Torvalds. Solaris is a trademark or registered trademark of Sun Microsystems, Inc. AIX is a trademark or registered trademark of International Business Machines Corporation. HP-UX is a trademark or registered trademark of Hewlett-Packard Company. SSH and Secure Shell are trademarks of SSH Communications Security, Inc. Rendezvous and Mac OS X are trademarks or registered trademarks of Apple Computer, Inc. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

Licensing and Patent Information

The IDEA cryptographic cipher described in U.S. patent number 5,214,703 is licensed from Ascom Tech AG. The CAST-128 encryption algorithm, implemented from RFC 2144, is available worldwide on a royalty-free basis for commercial and non-commercial uses. PGP Corporation has secured a license to the patent rights contained in the patent application Serial Number 10/655,563 by The Regents of the University of California, entitled Block Cipher Mode of Operation for Constructing a Wide-blocksize block Cipher from a Conventional Block Cipher. Some third-party software included in PGP Universal Server is licensed under the GNU General Public License (GPL). PGP Universal Server as a whole is not licensed under the GPL. If you would like a copy of the source code for the GPL software included in PGP Universal Server, contact PGP Support ( may have patents and/or pending patent applications covering subject matter in this software or its documentation; the furnishing of this software or documentation does not give you any license to these patents.

https://support.pgp.com). PGP Corporation

Acknowledgments

This product includes or may include:

-- The Zip and ZLib compression code, created by Mark Adler and Jean-Loup Gailly, is used with permission from the free Info-ZIP implementation, developed by zlib ( under the MIT License found at freely available high-quality data compressor, is copyrighted by Julian Seward, © 1996-2005. -- Application server (

http://www.apache.org/), Jakarta Commons (http://jakarta.apache.org/commons/license.html) and log4j, a Java-based library used to parse

server ( HTML, developed by the Apache Software Foundation. The license is at binding framework for moving data from XML to Java programming language objects and from Java to databases, is released by the ExoLab Group under an Apache 2.0-style license, available at Foundation that implements the XSLT XML transformation language and the XPath XML query language, is released under the Apache Software License, version 1.1, available at Protocol") used for communications between various PGP products is provided under the Apache license found at

http://www.apache.org/licenses/LICENSE-2.0.txt. -- mx4j, an open-source implementation of the Java Management Extensions (JMX), is released

under an Apache-style license, available at Independent JPEG Group. ( distributed under the MIT License distributed by University of Cambridge. ©1997-2006. The license agreement is at and Domain Name System (DNS) protocols developed and copyrighted by Internet Systems Consortium, Inc. ( implementation of daemon developed by The FreeBSD Project, © 1994-2006. -- Simple Network Management Protocol Library developed and copyrighted by Carnegie Mellon University © 1989, 1991, 1992, Networks Associates Technology, Inc, © 2001- 2003, Cambridge Broadband Ltd. © 2001- 2003, Sun Microsystems, Inc., © 2003, Sparta, Inc, © 2003-2006, Cisco, Inc and Information Network Center of Beijing University of Posts and Telecommunications, © 2004. The license agreement for these is at by Network Time Protocol and copyrighted to various contributors. -- Lightweight Directory Access Protocol developed and copyrighted by OpenLDAP Foundation. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP). Copyright © 1999-2003, The OpenLDAP Foundation. The license agreement is at OpenBSD project is released by the OpenBSD Project under a BSD-style license, available at

bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD. -- PC/SC Lite is a free implementation of PC/SC, a specification for SmartCard integration is released

under the BSD license. -- Postfix, an open source mail transfer agent (MTA), is released under the IBM Public License 1.0, available at

http://www.opensource.org/licenses/ibmpl.php. -- PostgreSQL, a free software object-relational database management system, is released under a

BSD-style license, available at PostgreSQL database using standard, database independent Java code, (c) 1997-2005, PostgreSQL Global Development Group, is released under a BSD-style license, available at database management system, is released under a BSD-style license, available at version of cron, a standard UNIX daemon that runs specified programs at scheduled times. Copyright © 1993, 1994 by Paul Vixie; used by permission. -

- JacORB, a Java object used to facilitate communication between processes written in Java and the data layer, is open source licensed under the GNU Library General Public License (LGPL) available at is an open-source implementation of a CORBA Object Request Broker (ORB), and is used for communication between processes written in C/C++ and the data layer. Copyright (c) 1993-2006 by Douglas C. Schmidt and his research group at Washington University, University of California, Irvine, and Vanderbilt University. The open source software license is available at downloading files via common network services, is open source software provided under a MIT/X derivate license available at

under a BSD-style license, available at libpopt, a library that parses command line options, is released under the terms of the GNU Free Documentation License available at

to communicate with the Intel Corporation AMT chipset on a motherboard, is distributed under the gSOAP Public License version 1.3b, available at

http://www.zlib.net). -- Libxml2, the XML C parser and toolkit developed for the Gnome project and distributed and copyrighted

http://jakarta.apache.org/), web

www.apache.org/licenses/LICENSE-2.0.txt. -- Castor, an open-source, data-

http://www.castor.org/license.html. -- Xalan, an open-source software library from the Apache Software

http://xml.apache.org/xalan-j/#license1.1. -- Apache Axis is an implementation of the SOAP ("Simple Object Access

http://mx4j.sourceforge.net/docs/ch01s06.html. -- jpeglib version 6a is based in part on the work of the

http://www.ijg.org/) -- libxslt the XSLT C library developed for the GNOME project and used for XML transformations is

http://www.opensource.org/licenses/mit-license.html. -- PCRE Perl regular expression compiler, copyrighted and

http://www.pcre.org/license.txt. -- BIND Balanced Binary Tree Library

http://www.isc.org) -- Free BSD

http://net-snmp.sourceforge.net/about/license.html. -- NTP version 4.2 developed

http://www.openldap.org/software/release/license.html. Secure shell OpenSSH developed by

http://www.openbsd.org/cgi-

http://www.postgresql.org/about/licence. -- PostgreSQL JDBC driver, a free Java program used to connect to a

http://jdbc.postgresql.org/license.html. -- PostgreSQL Regular Expression Library, a free software object-relational

http://www.postgresql.org/about/licence. -- 21.vixie-cron is the Vixie

http://www.cs.wustl.edu/~schmidt/ACE-copying.html. -- libcURL, a library for

http://www.cs.fsu.edu/~engelen/license.html. -- Windows Template Library (WTL) is used for developing user interface components and is distributed

under the Common Public License v1.0 found at automate a variety of maintenance functions and is provided under the Perl Artistic License, found at

http://www.perl.com/pub/a/language/misc/Artistic.html. -- rEFIt - libeg, provides a graphical interface library for EFI, including image rendering, text

rendering, and alpha blending, and is distributed under the license found at

reserved. -- Java Radius Client, used to authenticate PGP Universal Web Messenger users via Radius, is distributed under the Lesser General Public License (LGPL) found at Copyright (c) 2009, Yahoo! Inc. All rights reserved. Released under a BSD-style license, available at

JSON-lib version 2.2.1, a Java library used to convert Java objects to JSON (JavaScript Object Notation) objects for AJAX. Distributed under the

Apache 2.0 license, available at available at available at available at common configuration file format used on Windows, on other platforms. Distributed under the MIT License found at

Standard Template Library functions and data structures and is distributed under the MIT License found at

format, are used to serialize structure data in the PGP SDK. Distributed under the BSD license found at

Additional acknowledgements and legal notices are included as part of the PGP Universal Server.

http://ezmorph.sourceforge.net/license.html. -- Apache Commons Lang, used by JSON-lib, is distributed under the Apache 2.0 license, http://commons.apache.org/license.html. -- Apache Commons BeanUtils, used by JSON-lib, is distributed under the Apache 2.0 license, http://commons.apache.org/license.html. -- SimpleIni is an .ini format file parser and provides the ability to read and write .ini files, a

http://www.gnu.org/licenses/lgpl.html. -- Yahoo! User Interface (YUI) library version 2.5.2, a Web UI interface library for AJAX.

http://json-lib.sourceforge.net/license.html. -- EZMorph, used by JSON-lib, is distributed under the Apache 2.0 license,

http://opensource.org/licenses/cpl1.0.php. -- The Perl Kit provides several independent utilities used to

http://developer.yahoo.com/yui/license.html. --

http://www.opensource.org/licenses/mit-

http://www.opensource.org/licenses/bsd-

Export Information

Export of this software and documentation may be subject to compliance with the rules and regulations promulgated from time to time by the Bureau of Export Administration, United States Department of Commerce, which restricts the export and re-export of certain products and technical data.

Limitations

The software provided with this documentation is licensed to you for your individual use under the terms of the End User License Agreement provided with the software. The information in this document is subject to change without notice. PGP Corporation does not warrant that the information meets your requirements or that the information is free of errors. The information may include technical inaccuracies or typographical errors. Changes may be made to the information and incorporated in new editions of this document, if and when made available by PGP Corporation.

Unsupported Third Party Products

By utilizing third party products, software, drivers, or other components ("Unsupported Third Party Product") to interact with the PGP software and/or by utilizing any associated PGP command or code provided by to you by PGP at its sole discretion to interact with the Unsupported Third Party Product ("PGP Third Party Commands"), you acknowledge that the PGP software has not been designed for or formally tested with the Unsupported Third Party Product, and therefore PGP provides no support or warranties with respect to the PGP Third Party Commands or the PGP software's compatibility with Unsupported Third Party Products. THE PGP THIRD PARTY COMMANDS ARE PROVIDED "AS IS," WITH ALL FAULTS, AND THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH YOU. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PGP DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT, QUIET ENJOYMENT, AND ACCURACY WITH RESPECT TO THE PGP THIRD PARTY COMMANDS OR THE PGP SOFTWARE'S COMPATIBILITY WITH THE UNSUPPORTED THIRD PARTY PRODUCT.

Contents

PGP Command Line Basics 1

Important Concepts 1 Getting Started 2

Installation 5

Overview 5 System Requirements 6

Windows 7 and Vista 6 Windows Server 2008 and 2003 7 Windows XP 9 Windows 2000 10 IBM AIX 10 HP-UX 11i 10 Solaris 9 and 10 10 Red Hat Enterprise Linux, SLES, and Fedora Core 11 Mac OS X 11

Installing on AIX 11

Installing on AIX 11 Changing the Home Directory on AIX 13 Uninstalling on AIX 13

Installing on HP-UX 14

Installing on HP-UX 14 Changing the Home Directory on HP-UX 15 Installing to a Non-Default Directory on HP-UX 15 Uninstalling on HP-UX 16

Installing on Mac OS X 16

Installing on Mac OS X 16 Changing the Home Directory on Mac OS X 17 Uninstalling on Mac OS X 17

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core 18

Installing on Red Hat Enterprise Linux or Fedora Core 18 Changing the Home Directory on Linux or Fedora Core 19 Uninstalling on Linux or Fedora Core 19

Installing on Solaris 20

Installing on Solaris 20 Changing the Home Directory on Solaris 21 Uninstalling on Solaris 22

Installing on Windows 22

PGP Command Line for Windows and PGP Desktop on the Same System 22 To Install on Windows 22 Changing the Home Directory on Windows 23 Uninstalling on Windows 24

PGP® Command Line 10.1 Contents

Licensing 25

Overview 25 License Recovery 26 Using a License Number 27 Re-Licensing 28 Through a Proxy Server 29

The Command-Line Interface 31

Overview 31 Flags and Arguments 33

Flags 33 Arguments 34

Configuration File 36

Keyserver Configuration File Settings 40 Environment Variables 41 Standard Input, Output, and Error 42

Redirecting an Existing File 42

Entering Data 43 Specifying a Key 44 'Secure' Options 44 Passphrases 45

First Steps 47

Overview 47 Creating Your Keypair 48 Protecting Your Private Key 49 Distributing Your Public Key 50

Posting Your Public Key to a Keyserver 51

Exporting Your Public Key to a Text File 51 Getting the Public Keys of Others 52

Finding a Public Key on a Keyserver 52

Importing a Public Key from a Keyserver 53 Verifying Keys 54

Cryptographic Operations 57

Overview 57 Commands 58

--armor (-a) 58

--clearsign 60

--decrypt 62

--detached (-b) 64

--dump-packets, --list-packets 65

--encrypt (-e) 66

--export-session-key 70

PGP® Command Line 10.1 Contents

--list-sda 71

--list-archive 71

--sign (-s) 72

--symmetric (-c) 74

--verify 76

Key Listings 79

Overview 79 Commands 80

--fingerprint 80

--fingerprint-details 81

--list-key-details 82

--list-keys (-l) 84

--list-keys-xml 84

--list-sig-details 85

--list-sigs 86

--list-userids 86

Working with Keyservers 89

Overview 89 Commands 90

--keyserver-disable 90

--keyserver-recv 91

--keyserver-remove 92

--keyserver-search 92

--keyserver-send 93

--keyserver-update 94

Managing Keys 97

Overview 99 Commands 99

--add-adk 99

--add-photoid 100

--add-preferred-cipher 101

--add-preferred-compression-algorithm 101

--add-preferred-email-encoding 102

--add-preferred-hash 102

--add-revoker 103

--add-userid 103

--cache-passphrase 104

--change-passphrase 105

--clear-key-flag 106

--disable 106

--enable 107

--export, --export-key-pair 107

--export-photoid 110

iii

PGP® Command Line 10.1 Contents

--gen-key 111

--gen-revocation 113

--gen-subkey 114

--get-email-encoding 115

--import 115

--join-key 117

--join-key-cache-only 120

--key-recon-send 121

--key-recon-recv-questions 123

--key-recon-recv 124

--remove 124

--remove-adk 125

--remove-all-adks 125

--remove-all-photoids 126

--remove-all-revokers 126

--remove-expiration-date 127

--remove-key-pair 127

--remove-photoid 127

--remove-preferred-cipher 128

--remove-preferred-compression-algorithm 128

--remove-preferred-email-encoding 129

--remove-preferred-hash 129

--remove-preferred-keyserver 130

--remove-revoker 130

--remove-sig 131

--remove-subkey 132

--remove-userid 132

--revoke 133

--revoke-sig 133

--revoke-subkey 134

--send-shares 135

--set-expiration-date 135

--set-key-flag 136

--set-preferred-ciphers 136

--set-preferred-compression-algorithms 137

--set-preferred-email-encodings 137

--set-preferred-hashes 138

--set-preferred-keyserver 139

--set-primary-userid 139

--set-trust 140

--sign-key 140

--sign-userid 141

--split-key 142

Working with Email 147

Overview 147 Encrypt Email 149 Sign Email 150 Decrypt Email 150

PGP® Command Line 10.1 Contents

Verify Email 151 Annotate Email 151

Working with a PGP Key Management Server

Overview 154

New Terms and Concepts 154

Relationship with a PGP KMS 155

Authentication for PGP KMS Operations 155

--create-mak 157

--import-mak 158

--export-mak 159

--export-mak-pair 159

--request-cert 160

--edit-mak 161

--search-mak 162

--delete-mak 163

--create-mek-series 163

--edit-mek-series 164

--search-mek-series 165

--delete-mek-series 166

--create-mek 167

--import-mek 167

--export-mek 168

--edit-mek 168

--search-mek 169

--create-msd 170

--export-msd 171

--edit-msd 172

--search-msd 173

--delete-msd 174

--create-consumer 174

--search-consumer 175

153

Miscellaneous Commands

Overview 177 Commands 178

--create-keyrings 178

--help (-h) 179

--license-authorize 179

--purge-all-caches 179

--purge-keyring-cache 179

--purge-passphrase-cache 180

--speed-test 180

--version 180

--wipe 181

--check-sigs 182

--check-userids 182

177

PGP® Command Line 10.1 Contents

Options 185

Using Options 185 Boolean Options 186

--alternate-format 186

--annotate 186

--archive 187

--banner 188

--biometric 188

--buffered-stdio 188

--compress, --compression 189

--details 189

--email 190

--encrypt-to-self 190

--eyes-only 190

--fast-key-gen 191

--fips-mode, --fips 191

--force (-f) 191

--halt-on-error 192

--keyring-cache 192

--large-keyrings 193

--license-recover 193

--local-mode 194

--marginal-as-valid 194

--master-key 194

--pass-through 194

--passphrase-cache 195

--photo 195

--quiet (-q) 195

--recursive 195

--reverse-sort, --reverse 196

--sda 196

--skep 196

--text-mode, --text (-t) 197

--truncate-passphrase 197

--verbose (-v) 197

--warn-adk 198

--wrapper-key 198

--xml 198

Integer Options 200

--3des 200

--aes128, --aes192, --aes256 200

--bits, --encryption-bits 201

--blowfish 201

--bzip2 201

--cast5 202

--creation-days 202

--expiration-days 202

--idea 203

PGP® Command Line 10.1 Contents

--index 203

--keyring-cache-timeout 204

--keyserver-timeout 204

--md5 204

--passphrase-cache-timeout 205

--partitioned 205

--pgp-mime 205

--ripemd160 206

--sha, --sha256, --sha384, --sha512 206

--signing-bits 208

--skep-timeout 208

--threshold 208

--trust-depth 208

--twofish 209

--wipe-input-passes 209

--wipe-overwrite-passes 209

--wipe-passes 210

--wipe-temp-passes 210

--zip 210

--zlib 210

Enumeration Options 211

--auto-import-keys 211

--cipher 211

--compression-algorithm 212

--compression-level 213

--email-encoding 213

--enforce-adk 213

--export-format 214

--hash 215

--import-format 215

--input-cleanup 216

--key-flag 216

--key-type 217

--manual-import-key-pairs 218

--manual-import-keys 218

--overwrite 218

--sig-type 219

--sort-order, --sort 219

--tar-cache-cleanup 220

--target-platform 220

--temp-cleanup 221

--trust 221

String Options 221

--city, --common-name, --contact-email, --country 221

--comment 221

--creation-date 222

--default-key 222

--expiration-date 223

--export-passphrase 223

--home-dir 223

vii

PGP® Command Line 10.1 Contents

--local-user (-u), --user 224

--license-name, --license-number, --license-organization, --license-email 224

--new-passphrase 225

--organization, --organizational-unit 225

--output (-o) 225

--output-file 226

--passphrase 226

--preferred-keyserver 227

--private-keyring 227

--proxy-passphrase, --proxy-server, --proxy-username 228

--public-keyring 228

--recon-server 229

--regular-expression 229

--random-seed 229

--root-path 230

--share-server 230

--state 230

--status-file 230

--symmetric-passphrase 231

--temp-dir 231

List Options 232

--additional-recipient 232

--adk 232

--input (-i) 232

--question / --answer 233

--keyserver 233

--recipient (-r) 234

--revoker 234

--share 235

File Descriptors 236

--auth-passphrase-fd, auth-passphrase-fd8 236

--export-passphrase-fd, --export-passphrase-fd8 236

--new-passphrase-fd, --new-passphrase-fd8 237

--passphrase-fd, --passphrase-fd8 237

--proxy-passphrase-fd, --proxy-passphrase-fd8 237

--symmetric-passphrase-fd, --symmetric-passphrase-fd8 237

Lists

Basic Key List 239

The Default Key Column 240

The Algorithm Column 240

The Type Column 241

The Size/Type Column 241

The Flags Column 242

The Key ID Column 243

The User ID Column 244 Detailed Key List 244

Main Key Details 246

Subkey Details 253

viii

239

PGP® Command Line 10.1 Contents

ADK Details 255

Revoker Details 255 Key List in XML Format 256

Elements with fixed settings 260

X.509 Signatures 262 Detailed Signature List 263

Usage Scenarios

Secure Off-Site Backup 269 PGP Command Line and PGP Desktop 270 Compression Saves Money 270 Surpasses Legal Requirements 271

269

Quick Reference 273

Commands 273 Options 277 Environment Variables 281 Configuration File Variables 282

Codes and Messages 285

Messages Without Codes 285 Messages With Codes 286

Parser 286

Keyrings 287

Wipe 288

Encrypt 289

Sign 289

Decrypt 289

Speed Test 290

Key edit 290

Keyserver 296

Key Reconstruction 297

Licensing 298

PGP Universal Server 300

General 300 Exit Codes 309

Frequently Asked Questions 311

Key Used for Encryption 311 "Invalid" Keys 311 Maximum File Size 313 Programming and Scripting Languages 313 File Redirection 314 Protecting Passphrases 314

PGP® Command Line 10.1 Contents

Searching for Data on a PGP KMS 317

Overview 317 Keyword Listing 318 Example Searches 320 More About Types 320

Time Fields 320

Boolean Values 321

Open PGP Algorithms 321

Open PGP Key Usage Flags 321

Key Modes 322

Index

323

PGP Command Line Basics

This chapter describes some important PGP Command Line concepts and gives you a high-level overview of the things you need to do to set up and use PGP Command Line.

In This Chapter

Important Concepts....................................................................................1

Getting Started ...........................................................................................2

Important Concepts

The following concepts are important for you to understand:

 PGP Command Line: A software product from PGP Corporation that

automates the processes of encrypting/signing, decrypting/verifying, and file wiping; it provides a command-line interface to PGP technology.

 command-line interface: An interface where you type commands at a

command prompt. PGP Command Line uses a command-line interface.

 keyboard input: PGP Command Line was designed so that all relevant

information can be entered at the command line, thus requiring no further input from the keyboard to implement the commands.

 scripting: PGP Command Line commands can be easily inserted into

scripts to be used for automating tasks. For example, if your company regularly copies a large database to an off-site backup and then stores it there, PGP Command Line commands can be added to the script that does this so that the database is encrypted before it is transmitted to the off-site location and then decrypted when it arrives. PGP Command Line commands are easily added to shell scripts or scripts written with scripting languages (such as Perl or Python, for example).

 environment variables: Environment variables control various aspects of

PGP Command Line behavior; for example, the location of the PGP Command Line home directory. Environment variables are established on the computer running PGP Command Line.

PGP® Command Line 10.1 PGP Command Line Basics

 configuration file variables: When PGP Command Line starts, it reads the

configuration file, which includes special configuration variables and values for each variable. These settings affect how PGP Command Line operates. Configuration file variables can be changed permanently by editing the configuration file or overridden on a temporary basis by specifying a value for a configuration file variable on the command line.

 Self-Decrypting Archives (SDAs): PGP Command Line lets you create

SDAs, compressed and conventionally encrypted archives that require a passphrase to decrypt. SDAs contain an executable for the target platform, which means the recipient of an SDA does not need to have any PGP software installed to open the archive. You can thus securely transfer data to recipients with no PGP software installed. You will have to communicate the passphrase of the SDA to the recipient, however.

 Additional Decryption Key (ADK): PGP Command Line supports the use

of an ADK, which is an additional key to which files or messages are encrypted, thus allowing the keeper of the ADK to retrieve data or messages as well as the intended recipient. Use of an ADK ensures that your corporation has access to all its proprietary information even if employee keys are lost or become unavailable.

 PGP Zip archives: The PGP Zip feature lets you encrypt/sign groups of

Getting Started

Now that you know a little bit about PGP Command Line, let’s go deeper into what you need to do to get started using it:

1 Install PGP Command Line. Specific instructions for installing PGP

2 License the software. PGP Command Line functionality is extremely

3 Create your default key pair. Most PGP Command Line operations

4 Protect your private key. Because your private key can decrypt your

files or entire directories into a single compressed archive file. The archive format is tar and the supported compression formats are Zip, BZip2, and Zlib.

Command Line on the supported platforms are in Installation.

limited until you license the software. Refer to Licensing for more information.

require a key pair (a private key and a public key). Refer to Creating Your Keypair for more information.

protected data, it is important that you protect it. Do not write down or tell someone the passphrase. It is a good idea to keep your private key on a machine that only you can access, and in a directory that is not accessible from the network. Also, you should make a backup of the private key and store it in a secure location. Refer to Protecting Your Private Key for more information.

PGP® Command Line 10.1 PGP Command Line Basics

5 Exchange public keys with others. In order to encrypt data to someone

you need their public key; and they need yours to encrypt data to you. Refer to Getting the Public Keys of Others for more information about how to obtain public keys.

6 Verify the public keys you get from the keyserver. Once you have a

copy of someone’s public key, you add it to your public keyring. When you get someone’s public key, you should make sure that it has not been tampered with and that it really belongs to the purported owner. You do this by comparing the unique fingerprint on your copy of someone’s public key to the fingerprint on that person’s original key. For more information about validity and trust, refer to An Introduction to Cryptography (it was put onto your computer during installation). For instructions how to verify someone’s public key, see --fingerprint (page

80).

7 Start securing your data. After you have generated your key pair and

have obtained public keys, you can begin encrypting, signing, decrypting, and verifying your data.

Installation

This chapter lists the system requirements for, and tells you how to install PGP Command Line onto, the supported platforms: AIX, HP-UX, Mac OS X, Linux, Solaris, and Windows. It also includes uninstall instructions.

In This Chapter

Overview ................................................................................................... 5

System Requirements............................................................................... 6

Installing on AIX....................................................................................... 11

Installing on HP-UX.................................................................................. 13

Installing on Mac OS X ............................................................................ 16

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core................ 17

Installing on Solaris.................................................................................. 20

Installing on Windows ............................................................................. 22

Overview

PGP Command Line can be installed on these platforms:

 Windows 7 (32- and 64-bit), Windows Server 2008, Windows Vista (32- and

64-bit) SP2, Windows Server 2003 (32- and 64-bit) SP2, Windows XP (32and 64-bit) SP3, Windows 2000 SP4

 HP-UX 11i and above (PA-RISC and Itanium)  IBM AIX 5.3 and 6.1  RedHat Enterprise Linux 5.0 (x86 and x86_64)  SLES (SUSE Linux Enterprise Server 9 SP4 and 10 SP2 (x86)  Fedora Core 6 (x86_64 only)  Sun Solaris 9 (SPARC) and Solaris 10 (SPARC, x86, and x86_64)  Apple Mac OS X 10.5.x and 10.6.x (Intel-based systems only)

PGP Command Line uses a specific directory for the application data such as the configuration file, and a specific directory (called the home directory) for the files it creates, such as keyring files.

PGP® Command Line 10.1 Installation

On any UNIX system, the application data and the home directory are identical and they are configured through the $HOME environment variable. For more information, refer to the installation instructions for the specific UNIX platform.

On Windows, the application data directory is used to store data such as the configuration file PGPprefs.xml. The home directory is called “My Documents” and is used to store keys. These two directories can be named differently, depending on the specific version on Windows. For more information, see To Install on Windows (on page

22).

Note: You can also use the --home-dir option on the command line to

specify a different home directory. Using this option affects only the command it is used in and does not change the PGP_HOME_DIR environment variable.

Using --home-dir on the command line overrides the current setting of the PGP_HOME_DIR environment variable.

System Requirements

In general, system requirements for PGP Command Line are the same as the system requirements for the host operating system.

In addition to the hard drive space required by the base operating system, PGP Command Line requires additional space for both the data on which cryptographic operations (such as encryption, decryption, signing, and verifying) will be applied and temporary files created in the process of performing those operations.

For a given file being encrypted or decrypted, PGP Command Line can require several times the size of the original file in free hard drive space (depending on how much the file was compressed), enough to hold both the original file or files and the final file resulting from the encryption or decryption operation.

In cases where PGP Zip functionality is used on a file, PGP Command Line may also require several times the size of the original file or files in free hard drive space, enough to hold the original file, a temporary file created when handling the archive, and the final file resulting from the encryption or decryption operation. Make sure you have adequate free hard drive space on your system before using PGP Command Line.

Windows 7 and Vista

Component Requirement

Computer and

PC with 1 GHz 32-bit (x86) processor

processor

Memory 1 gigabyte (GB) of RAM or higher recommended (64 MB

PGP® Command Line 10.1 Installation

minimum supported; may limit performance and some features)

Hard disk 15 GB of available space

Drive DVD-ROM drive

Display Support for DirectX 9 graphics with WDDM driver, 128 MB of

graphics memory (minimum), Pixel Shader 2.0 in hardware, 32 bits per pixel

Windows Server 2008 and 2003

PGP Command Line supports four editions of Windows Server 2008 and 2003: Standard, Datacenter, Enterprise, and Web.

Standard Edition

Component Requirement

Computer and processor

PC with a 133-MHz processor required; 550-MHz or faster processor recommended (Windows Server 2003 Standard Edition supports up to four processors on one server)

Memory 128 MB of RAM required; 256 MB or more recommended; 4

GB maximum

Hard disk 1.25 to 2 GB of available hard-disk space

Drive CD-ROM or DVD-ROM drive

Display VGA or hardware that supports console redirection required;

Super VGA supporting 800 x 600 or higher-resolution monitor recommended

Datacenter Edition

Component Requirement

Computer and processor

Memory Minimum: 512 MB of RAM

Minimum: 400 MHz processor for x86-based computers Recommended: 733 MHz processor

Recommended: 1 GB of RAM

Hard disk 1.5 GB hard-disk space for x86-based computers

PGP® Command Line 10.1 Installation

Other Minimum: 8-way capable multiprocessor machine required

Maximum: 64-way capable multiprocessor machine supported

Enterprise Edition

These system requirements apply only to the 32-bit version of Windows Server

2003 Enterprise Edition; 64-bit versions of Windows Server 2003 Enterprise Edition are not supported.

Component

Computer and processor

Requirement

133-MHz or faster processor for x86-based PCs; up to eight processors supported on either the 32-bit

Memory 128 MB of RAM minimum required

Maximum: 32 GB for x86-based PCs with the 32-bit version

Hard disk 1.5 GB of available hard-disk space for x86-based PCs;

additional space is required if installing over a network

Drive CD-ROM or DVD-ROM drive

Display VGA or hardware that supports console redirection required

Web Edition

Component Requirement

Computer and processor

Memory 128 MB of RAM (256 MB recommended; 2 GB maximum)

Hard disk 1.5 GB of available hard-disk space

133-MHz processor (550 MHz recommended)

PGP® Command Line 10.1 Installation

Windows XP

PGP Command Line supports the 32-bit and 64-bit versions of Windows XP.

32-bit Windows XP

Component Requirement

Computer and processor

PC with 300 megahertz (MHz) or higher processor clock speed recommended; 233-MHz minimum required; Intel Pentium/Celeron family, AMD K6/Athlon/Duron family, or compatible processor recommended

Memory 128 megabytes (MB) of RAM or higher recommended (64 MB

minimum supported; may limit performance and some features)

Hard disk 1.5 gigabyte (GB) of available hard disk space

Drive CD-ROM or DVD-ROM drive

Display Super VGA (800 × 600) or higher resolution video adapter and

monitor supporting 800 x 600 or higher-resolution monitor recommended

64-bit Windows XP

Component Requirement

Computer and processor

PC with AMD Athlon 64, AMD Opteron, Intel Xeon with Intel EM64T support, Intel Pentium 4 with Intel EM64T support

Memory 256 megabytes (MB) of RAM or higher recommended

Hard disk 1.5 gigabyte (GB) of available hard disk space

Drive CD-ROM or DVD-ROM drive

Display Super VGA (800 × 600) or higher resolution video adapter and

monitor supporting 800 x 600 or higher-resolution monitor recommended

PGP® Command Line 10.1 Installation

Windows 2000

Component Requirement

Computer and

133 MHz or higher Pentium-compatible CPU

processor

Memory At least 64 megabytes (MB) of RAM; more memory generally

improves responsiveness

Hard disk 2 GB with 650 MB free space

Drive CD-ROM or DVD-ROM drive

Display VGA or higher resolution monitor

IBM AIX

PGP Command Line runs on the range of IBM eServer p5, IBM eServer pSeries, IBM eServer i5 and IBM RS/6000, as supported by IBM AIX 5.3 and 6.1.

HP-UX 11i

PGP Command Line runs on the list of PA-RISC workstation and servers supported by HP-UX 11i, as specified at http://docs.hp.com/en/5187-2239/ch03s01.html.

http://docs.hp.com/

Solaris 9 and 10

Component Requirement

Computer and processor

Memory 64 MB minimum (128 MB recommended)

Hard disk 600 MB for desktops; one GB for servers

SPARC (32- and 64-bit) platforms

PGP® Command Line 10.1 Installation

Red Hat Enterprise Linux, SLES, and Fedora Core

Component Requirement

Computer and processor

x86 for Red Hat Enterprise Linux and SLES, x86_64 for Fedora Core; see Red Hat or Fedora websites for hardware compatibility.

Memory 256 MB minimum

Hard disk 800 MB minimum

Mac OS X

Component Requirement

Computer and

Macintosh computer, Intel-based system only

processor

Memory 128 MB of physical RAM

Installing on AIX

This section tells you how to install, change the home directory, and uninstall on AIX.

Installing on AIX

You need to have root or administrator privileges on the machine on which you are installing PGP Command Line.

 To install PGP Command Line on an AIX system:

1 If you have an existing version of PGP Command Line installed on the

computer, uninstall it.

2 Download the installer application called PGPCommandLine101AIX.tar

to a known location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine101AIX.rpm

4 Type: rpm -ivh PGPCommandLine101AIX.rpm

PGP® Command Line 10.1 Installation

5 Press Enter.

By default, the PGP Command Line application, pgp, is installed into the directory /opt/pgp/bin. You need to add this directory to your PATH environment variable in order for the application to be found.

For sh-based shells, use this syntax:

PATH=$PATH:/opt/pgp/bin

For csh-based shells, use this syntax:

set path = ($path /opt/pgp/bin)

Also, in order to access the PGP Command Line man page, you need to set the MANPATH environment variable appropriately.

For sh-based shells, use this syntax:

MANPATH=$MANPATH:/opt/pgp/man; export MANPATH

For csh-based shells, use this syntax:

setenv MANPATH "/opt/pgp/man"

By adding the option --prefix to the rpm command, you can install PGP Command Line to a location other than the default.

Type rpm --prefix=/usr/pgp -ivh PGPCommandLine101AIX.rpm and press Enter.

This command installs the application binary in the directory /usr/pgp/bin/pgp, libraries in /usr/pgp/lib, and so on.

You will need to edit the environmental variable LIBPATH to include the new library path (/usr/pgp/lib) so that PGP Command Line can function in a location other than the default.

By adding the option --prefix to the rpm command, you can install PGP Command Line in a location other than the default:

1 If you have an existing version of PGP Command Line installed on the

computer, uninstall it.

2 Download the installer application called PGPCommandLine101AIX.tar

to a known location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine10AIX.rpm

4 Type: rpm --prefix=/opt -ivh PGPCommandLine101AIX.rpm 5 Press Enter.

This command will install the application binary, pgp, in the directory /usr/pgp/bin/pgp, libraries in /usr/pgp/lib, and so on.

You will need to edit the environment variable LIBPATH to include the new library path (/usr/pgp/lib), so that PGP Command Line can function in any location other than the default.

PGP® Command Line 10.1 Installation

Changing the Home Directory on AIX

The home directory is where PGP Command Line stores the files that it creates and uses; for example, keyring files.

By default, the PGP Command Line installer for AIX creates the PGP Command Line home directory at $HOME/.pgp. If this directory does not exist, it will be created. For example, if the value of $HOME for user "alice"is

/usr/home/alice, PGP Command Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of the directory listed in the $HOME variable, only .pgp.

If you want the home directory changed on a permanent basis, you will need to create the $PGP_HOME_DIR environment variable and specify the path of the desired home directory.

Uninstalling on AIX

Uninstalling PGP Command Line on AIX requires root privileges, either through su or sudo.

 To uninstall PGP Command Line on AIX

1 Type the following command and press Enter:

rpm -e pgpcmdln

2 PGP Command Line is uninstalled.

PGP® Command Line 10.1 Installation

Installing on HP-UX

This section tells you how to install, change the home directory, and uninstall on HP-UX.

Installing on HP-UX

You need to have root or administrator privileges on the machine on which you are installing PGP Command Line.

 To install PGP Command Line on an HP-UX system

1 If you have an existing version of PGP Command Line installed on the

computer, uninstall it.

2 Download the installer file called PGPCommandLine101HPUX.tar to a

known location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine101HPUX.depot

4 Type: swinstall -s

/absolute/path/to/PGPCommandLine101HPUX.depot

5 Press Enter.

For sh-based shells, use this syntax:

PATH=$PATH:/opt/pgp/bin

For csh-based shells, use this syntax:

set path = ($path /opt/pgp/bin)

Also, in order to access the PGP Command Line man page, you need to set the MANPATH environment variable appropriately.

For sh-based shells, use this syntax:

MANPATH=$MANPATH:/opt/pgp/man; export MANPATH

For csh-based shells, use this syntax:

setenv MANPATH "/opt/pgp/man"

PGP® Command Line 10.1 Installation

Note: You may encounter an issue generating 2048- or 4096-bit keys on HP-

UX systems running PGP Command Line if you have altered the maximum number of shared memory segments that can be attached to one process, as configured by the shmseg system parameter. if you encounter this issue, reset the shmseg system parameter to its default value of 120. Consult your HP-UX documentation for information about how to alter system parameters.

Changing the Home Directory on HP-UX

The home directory is where PGP Command Line stores the files that it creates and uses; for example, keyring files.

By default, the PGP Command Line installer for HP-UX creates the PGP Command Line home directory in $HOME/.pgp. If this directory does not exist, it will be created. For example, if the value of $HOME for user "alice" is

/usr/home/alice, PGP Command Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of the directory listed in the $HOME variable, only .pgp.

If you want the PGP Command Line home directory changed on a permanent basis, you can define the $PGP_HOME_DIR environment variable and specify the path of the desired home directory.

Installing to a Non-Default Directory on HP-UX

This procedure describes how to install PGP Command Line for HP-UX into a non-default directory. The information provided is in addition to the information provided in Installing on HP-UX.

Note: This procedure uses /opt/pgp_alt as the non-default directory. Be sure

to substitute the desired directory in place of /opt/pgp_alt.

 To install PGP Command Line for HP-UX to a non-default directory

1 Add the following extra argument to the swinstall command:

swinstall -s /path/to/pgpcmdln.depot pgpcmdln,l=/opt/pgp_alt

2 Set all libraries to respect the SHLIB_PATH environment variable:

chatr +s enable /opt/pgp_alt/lib/*

3 Set the SHLIB_PATH environment variable to the new library directory

when starting PGP Command Line:

export SHLIB_PATH=/opt/pgp_alt/lib

PGP® Command Line 10.1 Installation

Uninstalling on HP-UX

Uninstalling PGP Command Line on HP-UX requires root privileges, either su or sudo.

 To uninstall PGP Command Line on HP-UX:

1 Type the following command and press Enter:

swremove pgpcmdln

2 PGP Command Line is uninstalled.

Installing on Mac OS X

This section tells you how to install, change the home directory, and uninstall on Mac OS X.

Installing on Mac OS X

 To install PGP Command Line on a Mac OS X system:

1 Close all applications. 2 Download the installer application, PGPCommandLine101MacOSX.tgz,

to your desktop.

3 Double-click on the file PGPCommandLine101MacOSX.tgz. 4 If you have Stuffit Expander, it will automatically first uncompress this file

into PGPCommandLine101MacOSX.tar, and then untar it into PGPCommandLine101MacOSX.pkg.

5 Double-click on the file PGPCommandLine101MacOSX.pkg. 6 Follow the on-screen instructions.

The Mac OS X PGP Command Line application, pgp, is installed into /usr/bin/.

After you run PGP Command Line for the first time, its home directory will be created automatically in the directory $HOME/Documents/PGP. This directory may already exist if PGP Desktop for Mac OS X is already installed on the system.

+ 311 hidden pages