PGP Command Line - 10.2 User’s Guide

PGP® Command Line

User's Guide

10.2

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Version 10.2.0. Last updated: July 2011.

Legal Notice

Copyright (c) 2011 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, PGP, Pretty Good Privacy, and the PGP logo are trademarks or registered trademarks of Symantec Corporation or its
affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering.
No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if
any.

THE DOCUMENTATION IS PROVIDED"AS IS"AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT
TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR
INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION.
THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights
as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. “Commercial Computer
Software and Commercial Computer Software Documentation”, as applicable, and any successor regulations. Any use, modification, reproduction
release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with
the terms of this Agreement.

Symantec Corporation
350 Ellis Street
Mountain View, CA 94043

Symantec Home Page (

Printed in the United States of America.

10 9 8 7 6 5 4 3 2 1

http://www.symantec.com)

Contents

About PGP Command Line 1

Important Concepts 1
Technical Support 2

Contacting Technical Support 3
Licensing and registration 3
Customer service 3
Support agreement resources 4

Installing

Install Location 5
Supported Platforms 6
System Requirements 6

Windows 7 and Vista 7
Windows Server 2008 and 2003 7
Windows XP 8
IBM AIX 9
HP-UX 11i 9
Solaris 9 and 10 9
Red Hat Enterprise Linux, SLES, and Fedora Core 10
Mac OS X 10

Installing on AIX 10

Installing on AIX 10
Changing the Home Directory on AIX 11
Uninstalling on AIX 12

Installing on HP-UX 12

Installing on HP-UX 12
Changing the Home Directory on HP-UX 13
Installing to a Non-Default Directory on HP-UX 13
Uninstalling on HP-UX 14

Installing on Mac OS X 14

Installing on Mac OS X 14
Changing the Home Directory on Mac OS X 15
Uninstalling on Mac OS X 15

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core 15

Installing on Red Hat Enterprise Linux or Fedora Core 15
Changing the Home Directory on Linux or Fedora Core 16
Uninstalling on Linux or Fedora Core 17

Installing on Solaris 17

Installing on Solaris 17
Changing the Home Directory on Solaris 18
Uninstalling on Solaris 19

Installing on Windows 19

PGP Command Line for Windows and PGP Desktop on the Same System 19
To Install on Windows 19
Changing the Home Directory on Windows 20
Uninstalling on Windows 21

5

ii Contents

Upgrading 23

Relocating

23

Licensing 25

Overview 25
License Recovery 26
Using a License Number 26
Using a License Authorization 27
Re-Licensing 28
Through a Proxy Server 29

The Command-Line Interface 31

Overview 31
Flags and Arguments 32

Flags 33
Arguments 33

Configuration File 36

Keyserver Configuration File Settings 39
Environment Variables 40
Standard Input, Output, and Error 41

Redirecting an Existing File 41

Entering Data 42
Specifying a Key 42
'Secure' Options 43

First Steps

Overview 45
Creating Your Keypair 46
Protecting Your Private Key 47
Distributing Your Public Key 48

Posting Your Public Key to a Keyserver 48

Exporting Your Public Key to a Text File 49
Getting the Public Keys of Others 49

Finding a Public Key on a Keyserver 50

Importing a Public Key from a Keyserver 50
Verifying Keys 51

45

Cryptographic Operations 53

Overview 53
Commands 54

--armor (-a) 54

--clearsign 55

--decrypt 57

Contents iii

--detached (-b) 59

--dump-packets, --list-packets 60

--encrypt (-e) 61

--export-session-key 64

--list-sda 65

--list-archive 65

--sign (-s) 66

--symmetric (-c) 68

--verify 69

Key Listings 71

Overview 71
Commands 71

--fingerprint 72

--fingerprint-details 72

--list-key-details 74

--list-keys (-l) 75

--list-keys-xml 76

--list-sig-details 76

--list-sigs 77

--list-userids 77

Working with Keyservers 79

Overview 79
Commands 79

--keyserver-disable 79

--keyserver-recv 80

--keyserver-remove 81

--keyserver-search 82

--keyserver-send 82

--keyserver-update 83

Managing Keys 85

Overview 87
Commands 87

--add-adk 87

--add-photoid 88

--add-preferred-cipher 88

--add-preferred-compression-algorithm 89

--add-preferred-email-encoding 89

--add-preferred-hash 90

--add-revoker 90

--add-userid 91

--cache-passphrase 91

--change-passphrase 92

--clear-key-flag 93

--disable 93

--enable 94

--export, --export-key-pair 94

iv Contents

--export-photoid 96

--gen-key 97

--gen-revocation 99

--gen-subkey 100

--get-email-encoding 100

--import 101

--join-key 102

--join-key-cache-only 105

--key-recon-send 106

--key-recon-recv-questions 107

--key-recon-recv 108

--remove 109

--remove-adk 109

--remove-all-adks 110

--remove-all-photoids 110

--remove-all-revokers 110

--remove-expiration-date 111

--remove-key-pair 111

--remove-photoid 111

--remove-preferred-cipher 112

--remove-preferred-compression-algorithm 112

--remove-preferred-email-encoding 113

--remove-preferred-hash 113

--remove-preferred-keyserver 114

--remove-revoker 114

--remove-sig 115

--remove-subkey 115

--remove-userid 116

--revoke 116

--revoke-sig 117

--revoke-subkey 117

--send-shares 118

--set-expiration-date 118

--set-key-flag 119

--set-preferred-ciphers 119

--set-preferred-compression-algorithms 120

--set-preferred-email-encodings 120

--set-preferred-hashes 121

--set-preferred-keyserver 121

--set-primary-userid 122

--set-trust 122

--sign-key 123

--sign-userid 124

--split-key 125

Working with Email 129

Overview 129
Encrypt Email 130
Sign Email 131
Decrypt Email 132
Verify Email 132
Annotate Email 132

Contents v

Working with a PGP Key Management Server 135

Overview 136

New Terms and Concepts 136

Relationship with a PGP KMS 137

Authentication for PGP KMS Operations 137

--decrypt 139

--encrypt (-e) 139

--create-mak 140

--export-mak 140

--export-mak-pair 141

Export Format 142

--import-mak 143

--request-cert 144

--edit-mak 144

--search-mak 145

--delete-mak 146

--create-mek-series 147

--edit-mek-series 147

--search-mek-series 148

--delete-mek-series 149

--create-mek 150

--import-mek 150

--export-mek 151

--edit-mek 151

--search-mek 152

--create-msd 153

--export-msd 154

--edit-msd 154

--search-msd 155

--delete-msd 156

--create-consumer 157

--search-consumer 157

--check-certificate-validity 158

Miscellaneous Commands

Overview 161
Commands 162

--agent 162

--create-keyrings 162

--help (-h) 163

--license-authorize 163

--purge-all-caches 163

--purge-keyring-cache 163

--purge-passphrase-cache 163

--speed-test 164

--version 164

--wipe 165

--check-sigs 165

--check-userids 165

161

vi Contents

Options 167

Using Options 167
Boolean Options 168

--alternate-format 168

--annotate 168

--archive 169

--banner 170

--biometric 170

--buffered-stdio 170

--compress, --compression 170

--details 171

--email 171

--encrypt-to-self 172

--eyes-only 172

--fast-key-gen 172

--fips-mode, --fips 173

--force (-f) 173

--halt-on-error 173

--import-certificates 173

--keyring-cache 173

--large-keyrings 174

--license-recover 174

--local-mode 175

--marginal-as-valid 175

--master-key 175

--pass-through 175

--passphrase-cache 176

--photo 176

--quiet (-q) 176

--recursive 176

--reverse-sort, --reverse 176

--sda 177

--skep 177

--text-mode, --text (-t) 177

--truncate-passphrase 178

--verbose (-v) 178

--warn-adk 178

--wrapper-key 178

--xml 178

Integer Options 179

--3des 180

--aes128, --aes192, --aes256 180

--bits, --encryption-bits 180

--blowfish 181

--bzip2 181

--cast5 181

--creation-days 182

--expiration-days 182

--idea 182

--index 183

--keyring-cache-timeout 183

--keyserver-timeout 183

--md5 184

--passphrase-cache-timeout 184

--partitioned 184

--pgp-mime 185

--ripemd160 185

--sha, --sha256, --sha384, --sha512 186

--signing-bits 187

--skep-timeout 187

--threshold 187

--trust-depth 187

--twofish 188

--wipe-input-passes 188

--wipe-overwrite-passes 188

--wipe-passes 188

--wipe-temp-passes 189

--zip 189

--zlib 189

Enumeration Options 189

--auto-import-keys 189

--cipher 190

--compression-algorithm 191

--compression-level 191

--email-encoding 192

--enforce-adk 192

--export-format 192

--hash 193

--import-format 194

--input-cleanup 194

--key-flag 195

--key-type 195

--manual-import-key-pairs 196

--manual-import-keys 196

--overwrite 196

--sig-type 197

--sort-order, --sort 197

--tar-cache-cleanup 198

--target-platform 198

--temp-cleanup 198

--trust 199

String Options 199

--basic-constraint 199

--city, --common-name, --contact-email, --country 199

--comment 199

--creation-date 200

--default-key 200

--expiration-date 200

--export-passphrase 201

--extended-key-usage 201

--home-dir 201

--key-usage 201

--local-user (-u), --user 202

--license-name, --license-number, --license-organization, --license-email 202

--new-passphrase 203

Contents vii

viii Contents

List Options 209

File Descriptors 212

--organization, --organizational-unit 203

--output (-o) 203

--output-file 204

--passphrase 204

--preferred-keyserver 204

--private-keyring 205

--proxy-passphrase, --proxy-server, --proxy-username 205

--public-keyring 205

--recon-server 206

--regular-expression 206

--random-seed 206

--root-path 207

--share-server 207

--state 207

--status-file 207

--subject-alternative-name 208

--symmetric-passphrase 208

--temp-dir 208

--additional-recipient 209

--adk 209

--input (-i) 209

--question / --answer 210

--keyserver 210

--recipient (-r) 211

--revoker 211

--share 211

--auth-passphrase-fd, auth-passphrase-fd8 212

--export-passphrase-fd, --export-passphrase-fd8 213

--new-passphrase-fd, --new-passphrase-fd8 213

--passphrase-fd 213

--proxy-passphrase-fd, --proxy-passphrase-fd8 214

--symmetric-passphrase-fd, --symmetric-passphrase-fd8 214

Lists

Basic Key List 215

The Default Key Column 216

The Algorithm Column 216

The Type Column 217

The Size/Type Column 217

The Flags Column 218

The Key ID Column 219

The User ID Column 219
Detailed Key List 220

Main Key Details 221

Subkey Details 227

ADK Details 229

Revoker Details 230
Key List in XML Format 230

Elements with fixed settings 234

X.509 Signatures 236

215

Contents ix

Detailed Signature List 237

Usage Scenarios 243

Secure Off-Site Backup 243
PGP Command Line and PGP Desktop 243
Compression Saves Money 244
Surpasses Legal Requirements 245

Searching for Data on a PGP KMS 247

Overview 247

Operators 248

Types 248

Keyword Listing 248
Example Searches 250

For Linux and Mac OSX 250

For Windows 250
More About Types 251

Time Fields 251

Boolean Values 251

Open PGP Algorithms 252

Open PGP Key Usage Flags 252

Key Modes 252

Creating a Certificate Signing Request 255

About CSRs 255
Creating a CSR using PGP Command Line 256

Codes and Messages 259

Messages Without Codes 259
Messages With Codes 260

Parser 260

Keyrings 261

Wipe 262

Encrypt 262

Sign 262

Decrypt 263

Speed Test 263

Key edit 264

Keyserver 269

Key Reconstruction 270

Licensing 271

PGP Universal Server 272

General 272
Exit Codes 280

x Contents

Frequently Asked Questions 283

Key Used for Encryption 283
"Invalid" Keys 283
Maximum File Size 284
Programming and Scripting Languages 285
File Redirection 285
Protecting Passphrases 285

Quick Reference 287

Commands 287
Options 290
Environment Variables 294
Configuration File Variables 295

Index 299

1

About PGP Command Line

PGP Command Line is a command line product for performing cryptography and key
management tasks. It operate as a stand-alone product that performs those tasks
locally. It can also operate as a client product that interacts PGP Universal Server to
perform those tasks.

With PGP Command Line, you can write command line scripts that use PGP technology
to perform these tasks:

 Encrypt, sign, and decrypt individual files or collections of files
 Create and manage keys on a local keyring
 Access keys on PGP Universal Server and other keyservers
 Manage keys on PGP Universal Server
 Create consumer (user) accounts on PGP Universal Server
 Manage X.509 certificates, including requesting and validating a certificate
 Encrypt, sign, and decrypt email

You can insert PGP Command Line commands into scripts for automating tasks. PGP
Command Line commands are easily added to shell scripts or scripts written with
scripting languages, such as Perl or Python.

For example, consider a company that regularly backs up a large sensitive database to
an off-site location. A script runs automatically to perform the backup. This company
can add PGP Command Line commands to that script to compress and encrypt the
database before transmitting it to the off-site location. It can also add commands to
decrypt and uncompress the database when it arrives at its destination.

In This Chapter

Important Concepts ........................................................................................................1

Technical Support ........................................................................................................... 2

Important Concepts

The following concepts are important for you to understand:

 environment variables: Environment variables control various aspects of PGP

Command Line behavior; for example, the location of the PGP Command Line
home directory. Environment variables are established on the computer running
PGP Command Line.

2 About PGP Command Line

Technical Support

 configuration file variables: When PGP Command Line starts, it reads the

configuration file, which includes special configuration variables and values for
each variable. These settings affect how PGP Command Line operates.
Configuration file variables can be changed permanently by editing the
configuration file or overridden on a temporary basis by specifying a value for a
configuration file variable on the command line.

 Self-Decrypting Archives (SDAs): PGP Command Line lets you create SDAs,

compressed and conventionally encrypted archives that require a passphrase to
decrypt. SDAs contain an executable for the target platform, which means the
recipient of an SDA does not need to have any PGP software installed to open the
archive. You can thus securely transfer data to recipients with no PGP software
installed. You will have to communicate the passphrase of the SDA to the
recipient, however.

 Additional Decryption Key (ADK): PGP Command Line supports the use of an

ADK, which is an additional key to which files or messages are encrypted, thus
allowing the keeper of the ADK to retrieve data or messages as well as the
intended recipient. Use of an ADK ensures that your corporation has access to all
its proprietary information even if employee keys are lost or become unavailable.

 PGP Zip archives: The PGP Zip feature lets you encrypt/sign groups of files or

entire directories into a single compressed archive file. The archive format is tar
and the supported compression formats are Zip, BZip2, and Zlib.

Technical Support

Symantec Technical Support maintains support centers globally. Technical Support’s
primary role is to respond to specific queries about product features and functionality.
The Technical Support group also creates content for our online Knowledge Base. The
Technical Support group works collaboratively with the other functional areas within
Symantec to answer your questions in a timely fashion. For example, the Technical
Support group works with Product Engineering and Symantec Security Response to
provide alerting services and virus definition updates.

Symantec’s support offerings include the following:

 A range of support options that give you the flexibility to select the right amount

of service for any size organization

 Telephone and/or Web-based support that provides rapid response and up-to-the-

minute information

 Upgrade assurance that delivers software upgrades
 Global support purchased on a regional business hours or 24 hours a day, 7 days a

week basis

 Premium service offerings that include Account Management Services

For information about Symantec’s support offerings, you can visit our Web site at the
following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement and
the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support
information at the following URL:

www.symantec.com/business/support/

Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be at the
computer on which the problem occurred, in case it is necessary to replicate the
problem.

When you contact Technical Support, please have the following information available:

 Product release level
 Hardware information
 Available memory, disk space, and NIC information
 Operating system
 Version and patch level
 Network topology
 Router, gateway, and IP address information
 Problem description:

 Error messages and log files
 Troubleshooting that was performed before contacting Symantec
 Recent software configuration changes and network changes

About PGP Command Line

Technical Support 3

Licensing and registration

If your Symantec product requires registration or a license key, access our technical
support Web page at the following URL:

www.symantec.com/business/support/

Customer service

Customer service information is available at the following URL:

www.symantec.com/business/support/

Customer Service is available to assist with non-technical questions, such as the
following types of issues:

 Questions regarding product licensing or serialization
 Product registration updates, such as address or name changes
 General product information (features, language availability, local dealers)
 Latest information about product updates and upgrades
 Information about upgrade assurance and support contracts

4 About PGP Command Line

Technical Support

 Information about the Symantec Buying Programs
 Advice about Symantec's technical support options
 Nontechnical presales questions
 Issues that are related to CD-ROMs or manuals

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:

Asia-Pacific and Japan customercare_apac@symantec.com

Europe, Middle-East, Africa

North America, Latin America

semea@symantec.com

supportsolutions@symantec.com

2

Installing

This chapter lists the system requirements for, and tells you how to install PGP
Command Line onto, the supported platforms: AIX, HP-UX, Mac OS X, Linux, Solaris,
and Windows. It also includes uninstall instructions.

In This Chapter

Install Location................................................................................................................ 5

Supported Platforms....................................................................................................... 6

System Requirements.....................................................................................................6

Installing on AIX............................................................................................................10

Installing on HP-UX......................................................................................................12

Installing on Mac OS X .................................................................................................14

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core .............................. 15

Installing on Solaris......................................................................................................17

Installing on Windows.................................................................................................. 19

Install Location

PGP Command Line uses a specific directory for the application data such as the
configuration file, and a specific directory (called the home directory) for the files it
creates, such as keyring files.

On any UNIX system, the application data and the home directory are identical and
they are configured through the $HOME environment variable. For more information,
refer to the installation instructions for the specific UNIX platform.

On Windows, the application data directory is used to store data such as the
configuration file PGPprefs.xml. The home directory is called “My Documents” and
is used to store keys. These two directories can be named differently, depending on the
specific version on Windows. For more information, see To Install on Windows (on page

19).

Note: You can also use the --home-dir option on the command line to specify a

different home directory. Using this option affects only the command it is used in
and does not change the PGP_HOME_DIR environment variable.

Using --home-dir on the command line overrides the current setting of the
PGP_HOME_DIR environment variable.

6 Installing

Supported Platforms

Supported Platforms

You can install PGP Command Line on these platforms:

 Windows XP Professional 32-bit (including Service Pack 2 or 3), Windows XP

Professional 64-bit (including Service Pack 2 or 3), Windows Vista 32-bit and 64­bit (including Service Pack 2), Windows 7 32-bit and 64-bit (including Service Pack

1), Windows Server 2003 32-bit and 64-bit (including Service Pack 1 or 2),
Windows Server 2008 32-bit (including Service Pack 1 and 2), Windows Server
2008 R2 64-bit

 HP-UX 11i and above (PA-RISC 32-bit and Itanium2 32-bit)
 IBM AIX 5.3 (Technology Levels supported by IBM; as of July 2011, TL 11 and

greater) and 6.1 (TL 4 and greater) PowerPC

 Red Hat Enterprise Linux 5.4 (x86 and x86_64), Red Hat Enterprise Linux 5.5 (x86

and x86_64), and Red Hat Enterprise Linux 6.0 (x86 and x86_64)

 SLES (SUSE Linux Enterprise Server) 10 SP2 (x86)
 Solaris 9 (SPARC, 32-bit), Solaris 10 (SPARC, 32-bit), Solaris 10 (x86), Solaris 10

(x86_64)

 Apple Mac OS X 10.5.x (x86) and Mac OS X 10.6.x (x86)

Note: These platforms are no longer supported: Windows 2000, Red Hat Enterprise

Linux 5.0, SLES (SUSE Linux Enterprise Server) 9, Sun Solaris 9 (x86 and x86_64),
Fedora Core 6, AIX 5.2 and Mac OS X 10.4.

System Requirements

In general, system requirements for PGP Command Line are the same as the system
requirements for the host operating system.

In addition to the hard drive space required by the base operating system, PGP
Command Line requires additional space for both the data on which cryptographic
operations (such as encryption, decryption, signing, and verifying) will be applied and
temporary files created in the process of performing those operations.

For a given file being encrypted or decrypted, PGP Command Line can require several
times the size of the original file in free hard drive space (depending on how much the
file was compressed), enough to hold both the original file or files and the final file
resulting from the encryption or decryption operation.

In cases where PGP Zip functionality is used on a file, PGP Command Line may also
require several times the size of the original file or files in free hard drive space, enough
to hold the original file, a temporary file created when handling the archive, and the
final file resulting from the encryption or decryption operation. Make sure you have
adequate free hard drive space on your system before using PGP Command Line.

Windows 7 and Vista

Component Requirement

Computer and
processor

PC with 1 GHz 32-bit (x86) processor

System Requirements 7

Installing

Memory 1 gigabyte (GB) of RAM or higher recommended (64 MB minimum supported;

Hard disk 15 GB of available space

Drive DVD-ROM drive

Display Support for DirectX 9 graphics with WDDM driver, 128 MB of graphics

may limit performance and some features)

memory (minimum), Pixel Shader 2.0 in hardware, 32 bits per pixel

Windows Server 2008 and 2003

PGP Command Line supports four editions of Windows Server 2008 and 2003:
Standard, Datacenter, Enterprise, and Web.

Standard Edition

Component Requirement

Computer and
processor

Memory 128 MB of RAM required; 256 MB or more recommended; 4 GB maximum

PC with a 133-MHz processor required; 550-MHz or faster processor
recommended (Windows Server 2003 Standard Edition supports up to four
processors on one server)

Hard disk 1.25 to 2 GB of available hard-disk space

Drive CD-ROM or DVD-ROM drive

Display VGA or hardware that supports console redirection required; Super VGA

supporting 800 x 600 or higher-resolution monitor recommended

Datacenter Edition

Component Requirement

Computer and
processor

Memory Minimum: 512 MB of RAM

Minimum: 400 MHz processor for x86-based computers Recommended: 733
MHz processor

Recommended: 1 GB of RAM

8 Installing

System Requirements

Hard disk 1.5 GB hard-disk space for x86-based computers

Other Minimum: 8-way capable multiprocessor machine required

Maximum: 64-way capable multiprocessor machine supported

Enterprise Edition

These system requirements apply only to the 32-bit version of Windows Server 2003
Enterprise Edition; 64-bit versions of Windows Server 2003 Enterprise Edition are not supported.

Component Requirement

Computer and
processor

Memory 128 MB of RAM minimum required

Hard disk 1.5 GB of available hard-disk space for x86-based PCs; additional space is

133-MHz or faster processor for x86-based PCs; up to eight processors
supported on either the 32-bit

Maximum: 32 GB for x86-based PCs with the 32-bit version

required if installing over a network

Drive CD-ROM or DVD-ROM drive

Display VGA or hardware that supports console redirection required

Web Edition

Component Requirement

Computer and
processor

Memory 128 MB of RAM (256 MB recommended; 2 GB maximum)

Hard disk 1.5 GB of available hard-disk space

133-MHz processor (550 MHz recommended)

Windows XP

PGP Command Line supports the 32-bit and 64-bit versions of Windows XP.

32-bit Windows XP

Component Requirement

Computer and
processor

PC with 300 megahertz (MHz) or higher processor clock speed recommended;
233-MHz minimum required; Intel Pentium/Celeron family, AMD
K6/Athlon/Duron family, or compatible processor recommended

System Requirements 9

Installing

Memory 128 megabytes (MB) of RAM or higher recommended (64 MB minimum

Hard disk 1.5 gigabyte (GB) of available hard disk space

Drive CD-ROM or DVD-ROM drive

Display Super VGA (800 × 600) or higher resolution video adapter and monitor

supported; may limit performance and some features)

supporting 800 x 600 or higher-resolution monitor recommended

64-bit Windows XP

Component Requirement

Computer and
processor

Memory 256 megabytes (MB) of RAM or higher recommended

Hard disk 1.5 gigabyte (GB) of available hard disk space

Drive CD-ROM or DVD-ROM drive

Display Super VGA (800 × 600) or higher resolution video adapter and monitor

PC with AMD Athlon 64, AMD Opteron, Intel Xeon with Intel EM64T support,
Intel Pentium 4 with Intel EM64T support

supporting 800 x 600 or higher-resolution monitor recommended

IBM AIX

PGP Command Line runs on the range of IBM eServer p5, IBM eServer pSeries, IBM
eServer i5 and IBM RS/6000, as supported by IBM AIX 5.3 and 6.1.

HP-UX 11i

PGP Command Line runs on the list of PA-RISC workstation and servers supported by
HP-UX 11i, as specified at
2239/ch03s01.html.

Solaris 9 and 10

Component Requirement

Computer and
processor

Memory 64 MB minimum (128 MB recommended)

Hard disk 600 MB for desktops; one GB for servers

SPARC (32- and 64-bit) platforms

http://docs.hp.com/ http://docs.hp.com/en/5187-

10 Installing

Installing on AIX

Red Hat Enterprise Linux, SLES, and Fedora Core

Component Requirement

Computer and
processor

Memory 256 MB minimum

Hard disk 800 MB minimum

x86 for Red Hat Enterprise Linux and SLES, x86_64 for Fedora Core; see Red
Hat or Fedora websites for hardware compatibility.

Mac OS X

Component Requirement

Computer and
processor

Memory 128 MB of physical RAM

Macintosh computer, Intel-based system only

Installing on AIX

This section tells you how to install, change the home directory, and uninstall on AIX.

Installing on AIX

You need to have root or administrator privileges on the machine on which you are
installing PGP Command Line.

To install PGP Command Line on an AIX system:

1 If you have an existing version of PGP Command Line installed on the computer,

2 Download the installer application called PGPCommandLine10IX.tar to a known

3 Untar the package first. You will get the following file:

4 Type: rpm -ivh PGPCommandLine10IX.rpm
5 Press Enter.

uninstall it.

location on your system.

PGPCommandLine100AIX.rpm

Installing

Installing on AIX

11

By default, the PGP Command Line application, pgp, is installed into the directory
/opt/pgp/bin. You need to add this directory to your PATH environment variable in
order for the application to be found.

For sh-based shells, use this syntax:

PATH=$PATH:/opt/pgp/bin

For csh-based shells, use this syntax:

set path = ($path /opt/pgp/bin)

Also, in order to access the PGP Command Line man page, you need to set the
MANPATH environment variable appropriately.

For sh-based shells, use this syntax:

MANPATH=$MANPATH:/opt/pgp/man; export MANPATH

For csh-based shells, use this syntax:

setenv MANPATH "/opt/pgp/man"

By adding the option --prefix to the rpm command, you can install PGP Command
Line to a location other than the default.

Type rpm --prefix=/usr/pgp -ivh PGPCommandLine10AIX.rpm and press
Enter.

This command installs the application binary in the directory /usr/pgp/bin/pgp,
libraries in /usr/pgp/lib, and so on.

You will need to edit the environmental variable LIBPATH to include the new library
path (/usr/pgp/lib) so that PGP Command Line can function in a location other than the
default.

By adding the option --prefix to the rpm command, you can install PGP Command
Line in a location other than the default:

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer application called PGPCommandLine10AIX.tar to a

known location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine10AIX.rpm

4 Type: rpm --prefix=/opt -ivh PGPCommandLine10AIX.rpm
5 Press Enter.

This command will install the application binary, pgp, in the directory
/usr/pgp/bin/pgp, libraries in /usr/pgp/lib, and so on.

You will need to edit the environment variable LIBPATH to include the new library path
(/usr/pgp/lib), so that PGP Command Line can function in any location other than
the default.

Changing the Home Directory on AIX

The home directory is where PGP Command Line stores the files that it creates and
uses; for example, keyring files.

12 Installing

Installing on HP-UX

Uninstalling on AIX

By default, the PGP Command Line installer for AIX creates the PGP Command Line
home directory at $HOME/.pgp. If this directory does not exist, it will be created. For
example, if the value of $HOME for user "alice"is /usr/home/alice, PGP Command
Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of the directory
listed in the $HOME variable, only .pgp.

If you want the home directory changed on a permanent basis, you will need to create
the $PGP_HOME_DIR environment variable and specify the path of the desired home
directory.

Uninstalling PGP Command Line on AIX requires root privileges, either through su or
sudo.

To uninstall PGP Command Line on AIX

1 Type the following command and press Enter:

rpm -e pgpcmdln

2 PGP Command Line is uninstalled.

Installing on HP-UX

This section tells you how to install, change the home directory, and uninstall on HP­UX.

Installing on HP-UX

You need to have root or administrator privileges on the machine on which you are
installing PGP Command Line.

To install PGP Command Line on an HP-UX system

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer file called PGPCommandLine10HPUX.tar to a known

location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine10HPUX.depot

4 Type: swinstall -s /absolute/path/to/PGPCommandLine10HPUX.depot
5 Press Enter.

By default, the PGP Command Line application, pgp, is installed into the directory
/opt/pgp/bin. You need to add this directory to your PATH environment variable in
order for the application to be found.

Installing on HP-UX

For sh-based shells, use this syntax:

PATH=$PATH:/opt/pgp/bin

For csh-based shells, use this syntax:

set path = ($path /opt/pgp/bin)

Also, in order to access the PGP Command Line man page, you need to set the
MANPATH environment variable appropriately.

For sh-based shells, use this syntax:

MANPATH=$MANPATH:/opt/pgp/man; export MANPATH

For csh-based shells, use this syntax:

setenv MANPATH "/opt/pgp/man"

Note: You may encounter an issue generating 2048- or 4096-bit keys on HP-UX
systems running PGP Command Line if you have altered the maximum number of
shared memory segments that can be attached to one process, as configured by the
shmseg system parameter. if you encounter this issue, reset the shmseg system
parameter to its default value of 120. Consult your HP-UX documentation for
information about how to alter system parameters.

Installing

13

Changing the Home Directory on HP-UX

The home directory is where PGP Command Line stores the files that it creates and
uses; for example, keyring files.

By default, the PGP Command Line installer for HP-UX creates the PGP Command Line
home directory in $HOME/.pgp. If this directory does not exist, it will be created. For
example, if the value of $HOME for user "alice" is /usr/home/alice, PGP Command
Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of the directory
listed in the $HOME variable, only .pgp.

If you want the PGP Command Line home directory changed on a permanent basis, you
can define the $PGP_HOME_DIR environment variable and specify the path of the
desired home directory.

Installing to a Non-Default Directory on HP-UX

This procedure describes how to install PGP Command Line for HP-UX into a non­default directory. The information provided is in addition to the information provided
in Installing on HP-UX.

Note: This procedure uses /opt/pgp_alt as the non-default directory. Be sure to

substitute the desired directory in place of /opt/pgp_alt.

To install PGP Command Line for HP-UX to a non-default directory

1 Add the following extra argument to the swinstall command:

swinstall -s /path/to/pgpcmdln.depot pgpcmdln,l=/opt/pgp_alt

2 Set all libraries to respect the SHLIB_PATH environment variable:

14 Installing

Installing on Mac OS X

Uninstalling on HP-UX

chatr +s enable /opt/pgp_alt/lib/*

3 Set the SHLIB_PATH environment variable to the new library directory when

starting PGP Command Line:

export SHLIB_PATH=/opt/pgp_alt/lib

Uninstalling PGP Command Line on HP-UX requires root privileges, either su or sudo.

To uninstall PGP Command Line on HP-UX:

1 Type the following command and press Enter:

swremove pgpcmdln

2 PGP Command Line is uninstalled.

Installing on Mac OS X

This section tells you how to install, change the home directory, and uninstall on Mac
OS X.

Installing on Mac OS X

To install PGP Command Line on a Mac OS X system:

1 Close all applications.
2 Download the installer application, PGPCommandLine10MacOSX.tgz, to your

desktop.

3 Double-click on the file PGPCommandLine10MacOSX.tgz.
4 If you have Stuffit Expander, it will automatically first uncompress this file into

PGPCommandLine10MacOSX.tar, and then untar it into
PGPCommandLine10MacOSX.pkg.

5 Double-click on the file PGPCommandLine10MacOSX.pkg.
6 Follow the on-screen instructions.

The Mac OS X PGP Command Line application, pgp, is installed into /usr/bin/.

After you run PGP Command Line for the first time, its home directory will be created
automatically in the directory $HOME/Documents/PGP. This directory may already
exist if PGP Desktop for Mac OS X is already installed on the system.

Changing the Home Directory on Mac OS X

The home directory is where PGP Command Line stores the files that it creates and
uses; for example, keyring files.

By default, the PGP Command Line installer for Mac OS X creates the PGP Command
Line home directory at $HOME/Documents/PGP. If this directory does not exist, it will
be created.

The PGP Command Line installer will not try to create any other part of directory listed
in the $HOME variable, only .pgp.

If you want the home directory changed permanently, you need to create the
$PGP_HOME_DIR environment variable and specify the path of the desired home
directory.

Uninstalling on Mac OS X

Uninstalling PGP Command Line on Mac OS X requires administrative privileges.

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core

Installing

15

Caution: If you have PGP Desktop for Mac OS X installed on the same system with

PGP Command Line, do not uninstall PGP Command Line unless you also plan to
uninstall PGP Desktop. Uninstalling PGP Command Line will delete files that PGP
Desktop requires to operate; you will have to reinstall PGP Desktop to return to
normal operation.

To uninstall PGP Command Line on Mac OS X:

1 Using the Terminal application, enter the following commands:

rm -rf /usr/bin/pgp

rm -rf /Library/Frameworks/PGP*

rm -rf /Library/Receipts/PGP*

2 PGP Command Line is uninstalled.

Preferences and keyrings are not removed when PGP Command Line is uninstalled.

Installing on Red Hat Enterprise Linux, SLES, or Fedora
Core

This section tells you how to install, change the home directory, and uninstall on a
Linux or Fedora Core system.

Installing on Red Hat Enterprise Linux or Fedora Core

You need to have root or administrator privileges on the machine on which you are
installing PGP Command Line.

16 Installing

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core

Linux installations now default to /opt/pgp, which matches the default installation
location on other UNIX platforms. To install PGP Command Line on Linux to the
previous installation location (/usr/bin/), use the "--prefix=/usr" option.

If you have an existing Linux installation of PGP Command Line and do not install the
new version using the "--prefix=/usr" option, you will need to update your path to
include /opt/pgp/bin and you will need to update any scripts accordingly.

Caution: If you want to use the XML key list functionality in PGP Command Line, you

need to upgrade libxml2 to Version 2.6.8; the default is Version 2.5.10. If you attempt
to use the XML key list functionality without upgrading, you will receive an error.

To install PGP Command Line on a Linux system:

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer file called PGPCommandLine10Linux.tar to a known

location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine10Linux.rpm

4 Type: rpm -ivh PGPCommandLine10Linux.rpm
5 Press Enter.

The PGP Command Line application, pgp, is installed by default into /opt/pgp/.

By adding the option --prefix to the rpm command, you can install PGP Command
Line in a location other than the default.

To install PGP Command Line into a different directory:

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer file called PGPCommandLine10Linux.tar to a known

location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine10Linux.rpm

4 Type: rpm --prefix=/opt -ivh PGPCommandLine10Linux.rpm
5 Press Enter.

This command will install the application binary in the directory /opt/bin/pgp,
libraries in /opt/lib, etc. You will need to edit the environment variable
LD_LIBRARY_PATH to include the new library path for the software to function in any
location other than the default.

Changing the Home Directory on Linux or Fedora Core

The home directory is where PGP Command Line stores the files that it creates and
uses; for example, keyring files.