PGP Command Line - 10.2 User’s Guide

4.6 (5)

PGP® Command Line

User's Guide

10.2

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Version 10.2.0. Last updated: July 2011.

Legal Notice

Symantec, the Symantec Logo, PGP, Pretty Good Privacy, and the PGP logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED"AS IS"AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. “Commercial Computer Software and Commercial Computer Software Documentation”, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation

350 Ellis Street

Mountain View, CA 94043

Symantec Home Page (http://www.symantec.com)

Printed in the United States of America.

10 9 8 7 6 5 4 3 2 1

Contents

About PGP Command Line	1
Important Concepts	1
Technical Support	2
Contacting Technical Support	3
Licensing and registration	3
Customer service	3
Support agreement resources	4

Installing	5

Install Location	5
Supported Platforms	6
System Requirements	6
Windows 7 and Vista	7
Windows Server 2008 and 2003	7
Windows XP	8
IBM AIX	9
HP-UX 11i	9
Solaris 9 and 10	9
Red Hat Enterprise Linux, SLES, and Fedora Core	10
Mac OS X	10
Installing on AIX	10
Installing on AIX	10
Changing the Home Directory on AIX	11
Uninstalling on AIX	12
Installing on HP-UX	12
Installing on HP-UX	12
Changing the Home Directory on HP-UX	13
Installing to a Non-Default Directory on HP-UX	13
Uninstalling on HP-UX	14
Installing on Mac OS X	14
Installing on Mac OS X	14
Changing the Home Directory on Mac OS X	15
Uninstalling on Mac OS X	15
Installing on Red Hat Enterprise Linux, SLES, or Fedora Core	15
Installing on Red Hat Enterprise Linux or Fedora Core	15
Changing the Home Directory on Linux or Fedora Core	16
Uninstalling on Linux or Fedora Core	17
Installing on Solaris	17
Installing on Solaris	17
Changing the Home Directory on Solaris	18
Uninstalling on Solaris	19
Installing on Windows	19
PGP Command Line for Windows and PGP Desktop on the Same System	19
To Install on Windows	19
Changing the Home Directory on Windows	20
Uninstalling on Windows	21

ii Contents

Upgrading	23

Relocating	23

Licensing	25

Overview	25
License Recovery	26
Using a License Number	26
Using a License Authorization	27
Re-Licensing	28
Through a Proxy Server	29
The Command-Line Interface	31
Overview	31
Flags and Arguments	32
Flags	33
Arguments	33
Configuration File	36
Keyserver Configuration File Settings	39
Environment Variables	40
Standard Input, Output, and Error	41
Redirecting an Existing File	41
Entering Data	42
Specifying a Key	42
'Secure' Options	43
First Steps	45
Overview	45
Creating Your Keypair	46
Protecting Your Private Key	47
Distributing Your Public Key	48
Posting Your Public Key to a Keyserver	48
Exporting Your Public Key to a Text File	49
Getting the Public Keys of Others	49
Finding a Public Key on a Keyserver	50
Importing a Public Key from a Keyserver	50
Verifying Keys	51
Cryptographic Operations	53
Overview	53
Commands	54
--armor (-a)	54
--clearsign	55
--decrypt	57

Contents iii

--detached (-b)	59
--dump-packets, --list-packets	60
--encrypt (-e)	61
--export-session-key	64
--list-sda	65
--list-archive	65
--sign (-s)	66
--symmetric (-c)	68
--verify	69

Key Listings	71
Overview	71
Commands	71
--fingerprint	72
--fingerprint-details	72
--list-key-details	74
--list-keys (-l)	75
--list-keys-xml	76
--list-sig-details	76
--list-sigs	77
--list-userids	77

Working with Keyservers	79
Overview	79
Commands	79
--keyserver-disable	79
--keyserver-recv	80
--keyserver-remove	81
--keyserver-search	82
--keyserver-send	82
--keyserver-update	83

Managing Keys	85
Overview	87
Commands	87
--add-adk	87
--add-photoid	88
--add-preferred-cipher	88
--add-preferred-compression-algorithm	89
--add-preferred-email-encoding	89
--add-preferred-hash	90
--add-revoker	90
--add-userid	91
--cache-passphrase	91
--change-passphrase	92
--clear-key-flag	93
--disable	93
--enable	94
--export, --export-key-pair	94

iv Contents

--export-photoid	96
--gen-key	97
--gen-revocation	99
--gen-subkey	100
--get-email-encoding	100
--import	101
--join-key	102
--join-key-cache-only	105
--key-recon-send	106
--key-recon-recv-questions	107
--key-recon-recv	108
--remove	109
--remove-adk	109
--remove-all-adks	110
--remove-all-photoids	110
--remove-all-revokers	110
--remove-expiration-date	111
--remove-key-pair	111
--remove-photoid	111
--remove-preferred-cipher	112
--remove-preferred-compression-algorithm	112
--remove-preferred-email-encoding	113
--remove-preferred-hash	113
--remove-preferred-keyserver	114
--remove-revoker	114
--remove-sig	115
--remove-subkey	115
--remove-userid	116
--revoke	116
--revoke-sig	117
--revoke-subkey	117
--send-shares	118
--set-expiration-date	118
--set-key-flag	119
--set-preferred-ciphers	119
--set-preferred-compression-algorithms	120
--set-preferred-email-encodings	120
--set-preferred-hashes	121
--set-preferred-keyserver	121
--set-primary-userid	122
--set-trust	122
--sign-key	123
--sign-userid	124
--split-key	125

Working with Email	129
Overview	129
Encrypt Email	130
Sign Email	131
Decrypt Email	132
Verify Email	132
Annotate Email	132

Contents v

Working with a PGP Key Management Server	135

Overview	136
New Terms and Concepts	136
Relationship with a PGP KMS	137
Authentication for PGP KMS Operations	137
--decrypt	139
--encrypt (-e)	139
--create-mak	140
--export-mak	140
--export-mak-pair	141
Export Format	142
--import-mak	143
--request-cert	144
--edit-mak	144
--search-mak	145
--delete-mak	146
--create-mek-series	147
--edit-mek-series	147
--search-mek-series	148
--delete-mek-series	149
--create-mek	150
--import-mek	150
--export-mek	151
--edit-mek	151
--search-mek	152
--create-msd	153
--export-msd	154
--edit-msd	154
--search-msd	155
--delete-msd	156
--create-consumer	157
--search-consumer	157
--check-certificate-validity	158

Miscellaneous Commands	161
Overview	161
Commands	162
--agent	162
--create-keyrings	162
--help (-h)	163
--license-authorize	163
--purge-all-caches	163
--purge-keyring-cache	163
--purge-passphrase-cache	163
--speed-test	164
--version	164
--wipe	165
--check-sigs	165
--check-userids	165

vi Contents

Options	167

Using Options	167
Boolean Options	168
--alternate-format	168
--annotate	168
--archive	169
--banner	170
--biometric	170
--buffered-stdio	170
--compress, --compression	170
--details	171
--email	171
--encrypt-to-self	172
--eyes-only	172
--fast-key-gen	172
--fips-mode, --fips	173
--force (-f)	173
--halt-on-error	173
--import-certificates	173
--keyring-cache	173
--large-keyrings	174
--license-recover	174
--local-mode	175
--marginal-as-valid	175
--master-key	175
--pass-through	175
--passphrase-cache	176
--photo	176
--quiet (-q)	176
--recursive	176
--reverse-sort, --reverse	176
--sda	177
--skep	177
--text-mode, --text (-t)	177
--truncate-passphrase	178
--verbose (-v)	178
--warn-adk	178
--wrapper-key	178
--xml	178
Integer Options	179
--3des	180
--aes128, --aes192, --aes256	180
--bits, --encryption-bits	180
--blowfish	181
--bzip2	181
--cast5	181
--creation-days	182
--expiration-days	182
--idea	182
--index	183
--keyring-cache-timeout	183

Contents vii

--keyserver-timeout	183
--md5	184
--passphrase-cache-timeout	184
--partitioned	184
--pgp-mime	185
--ripemd160	185
--sha, --sha256, --sha384, --sha512	186
--signing-bits	187
--skep-timeout	187
--threshold	187
--trust-depth	187
--twofish	188
--wipe-input-passes	188
--wipe-overwrite-passes	188
--wipe-passes	188
--wipe-temp-passes	189
--zip	189
--zlib	189
Enumeration Options	189
--auto-import-keys	189
--cipher	190
--compression-algorithm	191
--compression-level	191
--email-encoding	192
--enforce-adk	192
--export-format	192
--hash	193
--import-format	194
--input-cleanup	194
--key-flag	195
--key-type	195
--manual-import-key-pairs	196
--manual-import-keys	196
--overwrite	196
--sig-type	197
--sort-order, --sort	197
--tar-cache-cleanup	198
--target-platform	198
--temp-cleanup	198
--trust	199
String Options	199
--basic-constraint	199
--city, --common-name, --contact-email, --country	199
--comment	199
--creation-date	200
--default-key	200
--expiration-date	200
--export-passphrase	201
--extended-key-usage	201
--home-dir	201
--key-usage	201
--local-user (-u), --user	202
--license-name, --license-number, --license-organization, --license-email	202
--new-passphrase	203

viii Contents

--organization, --organizational-unit	203
--output (-o)	203
--output-file	204
--passphrase	204
--preferred-keyserver	204
--private-keyring	205
--proxy-passphrase, --proxy-server, --proxy-username	205
--public-keyring	205
--recon-server	206
--regular-expression	206
--random-seed	206
--root-path	207
--share-server	207
--state	207
--status-file	207
--subject-alternative-name	208
--symmetric-passphrase	208
--temp-dir	208
List Options	209
--additional-recipient	209
--adk	209
--input (-i)	209
--question / --answer	210
--keyserver	210
--recipient (-r)	211
--revoker	211
--share	211
File Descriptors	212
--auth-passphrase-fd, auth-passphrase-fd8	212
--export-passphrase-fd, --export-passphrase-fd8	213
--new-passphrase-fd, --new-passphrase-fd8	213
--passphrase-fd	213
--proxy-passphrase-fd, --proxy-passphrase-fd8	214
--symmetric-passphrase-fd, --symmetric-passphrase-fd8	214
Lists	215

Basic Key List	215
The Default Key Column	216
The Algorithm Column	216
The Type Column	217
The Size/Type Column	217
The Flags Column	218
The Key ID Column	219
The User ID Column	219
Detailed Key List	220
Main Key Details	221
Subkey Details	227
ADK Details	229
Revoker Details	230
Key List in XML Format	230
Elements with fixed settings	234
X.509 Signatures	236

Contents ix

Detailed Signature List

237

Usage Scenarios	243

Secure Off-Site Backup	243
PGP Command Line and PGP Desktop	243
Compression Saves Money	244
Surpasses Legal Requirements	245

Searching for Data on a PGP KMS	247
Overview	247
Operators	248
Types	248
Keyword Listing	248
Example Searches	250
For Linux and Mac OSX	250
For Windows	250
More About Types	251
Time Fields	251
Boolean Values	251
Open PGP Algorithms	252
Open PGP Key Usage Flags	252
Key Modes	252

Creating a Certificate Signing Request	255
About CSRs	255
Creating a CSR using PGP Command Line	256
Codes and Messages	259
Messages Without Codes	259
Messages With Codes	260
Parser	260
Keyrings	261
Wipe	262
Encrypt	262
Sign	262
Decrypt	263
Speed Test	263
Key edit	264
Keyserver	269
Key Reconstruction	270
Licensing	271
PGP Universal Server	272
General	272
Exit Codes	280

x Contents

Frequently Asked Questions	283

Key Used for Encryption	283
"Invalid" Keys	283
Maximum File Size	284
Programming and Scripting Languages	285
File Redirection	285
Protecting Passphrases	285

Quick Reference	287
Commands	287
Options	290
Environment Variables	294
Configuration File Variables	295
Index	299

1	About PGP Command Line
	PGP Command Line is a command line product for performing cryptography and key
	management tasks. It operate as a stand-alone product that performs those tasks
	locally. It can also operate as a client product that interacts PGP Universal Server to
	perform those tasks.
	With PGP Command Line, you can write command line scripts that use PGP technology
	to perform these tasks:
		Encrypt, sign, and decrypt individual files or collections of files
		Create and manage keys on a local keyring
		Access keys on PGP Universal Server and other keyservers
		Manage keys on PGP Universal Server
		Create consumer (user) accounts on PGP Universal Server
		Manage X.509 certificates, including requesting and validating a certificate
		Encrypt, sign, and decrypt email
	You can insert PGP Command Line commands into scripts for automating tasks. PGP
	Command Line commands are easily added to shell scripts or scripts written with
	scripting languages, such as Perl or Python.
	For example, consider a company that regularly backs up a large sensitive database to
	an off-site location. A script runs automatically to perform the backup. This company
	can add PGP Command Line commands to that script to compress and encrypt the
	database before transmitting it to the off-site location. It can also add commands to
	decrypt and uncompress the database when it arrives at its destination.
	In This Chapter
	Important Concepts ........................................................................................................		1
	Technical Support ...........................................................................................................		2

Important Concepts

The following concepts are important for you to understand:

environment variables: Environment variables control various aspects of PGP Command Line behavior; for example, the location of the PGP Command Line home directory. Environment variables are established on the computer running PGP Command Line.

2About PGP Command Line Technical Support

configuration file variables: When PGP Command Line starts, it reads the configuration file, which includes special configuration variables and values for each variable. These settings affect how PGP Command Line operates. Configuration file variables can be changed permanently by editing the configuration file or overridden on a temporary basis by specifying a value for a configuration file variable on the command line.

Self-Decrypting Archives (SDAs): PGP Command Line lets you create SDAs, compressed and conventionally encrypted archives that require a passphrase to decrypt. SDAs contain an executable for the target platform, which means the recipient of an SDA does not need to have any PGP software installed to open the archive. You can thus securely transfer data to recipients with no PGP software installed. You will have to communicate the passphrase of the SDA to the recipient, however.

Additional Decryption Key (ADK): PGP Command Line supports the use of an ADK, which is an additional key to which files or messages are encrypted, thus allowing the keeper of the ADK to retrieve data or messages as well as the intended recipient. Use of an ADK ensures that your corporation has access to all its proprietary information even if employee keys are lost or become unavailable.

PGP Zip archives: The PGP Zip feature lets you encrypt/sign groups of files or entire directories into a single compressed archive file. The archive format is tar and the supported compression formats are Zip, BZip2, and Zlib.

Technical Support

Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantec’s support offerings include the following:

A range of support options that give you the flexibility to select the right amount of service for any size organization

Telephone and/or Web-based support that provides rapid response and up-to-the- minute information

Upgrade assurance that delivers software upgrades

Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis

Premium service offerings that include Account Management Services

For information about Symantec’s support offerings, you can visit our Web site at the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.

About PGP Command Line	3
Technical Support

Contacting Technical Support

Customers with a current support agreement may access Technical Support information at the following URL:

www.symantec.com/business/support/

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem.

When you contact Technical Support, please have the following information available:

Product release level

Hardware information

Available memory, disk space, and NIC information

Operating system

Version and patch level

Network topology

Router, gateway, and IP address information

Problem description:

Error messages and log files

Troubleshooting that was performed before contacting Symantec

Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical support Web page at the following URL:

www.symantec.com/business/support/

Customer service

Customer service information is available at the following URL:

www.symantec.com/business/support/

Customer Service is available to assist with non-technical questions, such as the following types of issues:

Questions regarding product licensing or serialization

Product registration updates, such as address or name changes

General product information (features, language availability, local dealers)

Latest information about product updates and upgrades

Information about upgrade assurance and support contracts

4About PGP Command Line Technical Support

Information about the Symantec Buying Programs

Advice about Symantec's technical support options

Nontechnical presales questions

Issues that are related to CD-ROMs or manuals

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows:

Asia-Pacific and Japan	customercare_apac@symantec.com
Europe, Middle-East, Africa	semea@symantec.com
North America, Latin America	supportsolutions@symantec.com

2 Installing

This chapter lists the system requirements for, and tells you how to install PGP Command Line onto, the supported platforms: AIX, HP-UX, Mac OS X, Linux, Solaris, and Windows. It also includes uninstall instructions.

In This Chapter
Install Location................................................................................................................	5
Supported Platforms.......................................................................................................	6
System Requirements.....................................................................................................	6
Installing on AIX............................................................................................................	10
Installing on HP-UX......................................................................................................	12
Installing on Mac OS X .................................................................................................	14
Installing on Red Hat Enterprise Linux, SLES, or Fedora Core ..............................	15
Installing on Solaris......................................................................................................	17
Installing on Windows..................................................................................................	19

Install Location

PGP Command Line uses a specific directory for the application data such as the configuration file, and a specific directory (called the home directory) for the files it creates, such as keyring files.

On any UNIX system, the application data and the home directory are identical and they are configured through the $HOME environment variable. For more information, refer to the installation instructions for the specific UNIX platform.

On Windows, the application data directory is used to store data such as the configuration file PGPprefs.xml. The home directory is called “My Documents” and is used to store keys. These two directories can be named differently, depending on the specific version on Windows. For more information, see To Install on Windows (on page 19).

Note: You can also use the --home-dir option on the command line to specify a different home directory. Using this option affects only the command it is used in and does not change the PGP_HOME_DIR environment variable.

Using --home-dir on the command line overrides the current setting of the

PGP_HOME_DIR environment variable.

6Installing Supported Platforms

Supported Platforms

You can install PGP Command Line on these platforms:

Windows XP Professional 32-bit (including Service Pack 2 or 3), Windows XP Professional 64-bit (including Service Pack 2 or 3), Windows Vista 32-bit and 64bit (including Service Pack 2), Windows 7 32-bit and 64-bit (including Service Pack 1), Windows Server 2003 32-bit and 64-bit (including Service Pack 1 or 2), Windows Server 2008 32-bit (including Service Pack 1 and 2), Windows Server 2008 R2 64-bit

HP-UX 11i and above (PA-RISC 32-bit and Itanium2 32-bit)

IBM AIX 5.3 (Technology Levels supported by IBM; as of July 2011, TL 11 and greater) and 6.1 (TL 4 and greater) PowerPC

Red Hat Enterprise Linux 5.4 (x86 and x86_64), Red Hat Enterprise Linux 5.5 (x86 and x86_64), and Red Hat Enterprise Linux 6.0 (x86 and x86_64)

SLES (SUSE Linux Enterprise Server) 10 SP2 (x86)

Solaris 9 (SPARC, 32-bit), Solaris 10 (SPARC, 32-bit), Solaris 10 (x86), Solaris 10 (x86_64)

Apple Mac OS X 10.5.x (x86) and Mac OS X 10.6.x (x86)

Note: These platforms are no longer supported: Windows 2000, Red Hat Enterprise

Linux 5.0, SLES (SUSE Linux Enterprise Server) 9, Sun Solaris 9 (x86 and x86_64),

Fedora Core 6, AIX 5.2 and Mac OS X 10.4.

System Requirements

In general, system requirements for PGP Command Line are the same as the system requirements for the host operating system.

In addition to the hard drive space required by the base operating system, PGP Command Line requires additional space for both the data on which cryptographic operations (such as encryption, decryption, signing, and verifying) will be applied and temporary files created in the process of performing those operations.

For a given file being encrypted or decrypted, PGP Command Line can require several times the size of the original file in free hard drive space (depending on how much the file was compressed), enough to hold both the original file or files and the final file resulting from the encryption or decryption operation.

In cases where PGP Zip functionality is used on a file, PGP Command Line may also require several times the size of the original file or files in free hard drive space, enough to hold the original file, a temporary file created when handling the archive, and the final file resulting from the encryption or decryption operation. Make sure you have adequate free hard drive space on your system before using PGP Command Line.

Installing 7

System Requirements

Windows 7 and Vista

	Component		Requirement
	Computer and		PC with 1 GHz 32-bit (x86) processor
	processor

	Memory		1 gigabyte (GB) of RAM or higher recommended (64 MB minimum supported;
			may limit performance and some features)

	Hard disk		15 GB of available space

	Drive		DVD-ROM drive

	Display		Support for DirectX 9 graphics with WDDM driver, 128 MB of graphics
			memory (minimum), Pixel Shader 2.0 in hardware, 32 bits per pixel

Windows Server 2008 and 2003

PGP Command Line supports four editions of Windows Server 2008 and 2003:

Standard, Datacenter, Enterprise, and Web.

Standard Edition

	Component		Requirement
	Computer and		PC with a 133-MHz processor required; 550-MHz or faster processor
	processor		recommended (Windows Server 2003 Standard Edition supports up to four
			processors on one server)

	Memory		128 MB of RAM required; 256 MB or more recommended; 4 GB maximum

	Hard disk		1.25 to 2 GB of available hard-disk space

	Drive		CD-ROM or DVD-ROM drive

	Display		VGA or hardware that supports console redirection required; Super VGA
			supporting 800 x 600 or higher-resolution monitor recommended

Datacenter Edition

	Component		Requirement
	Computer and		Minimum: 400 MHz processor for x86-based computers Recommended: 733
	processor		MHz processor

	Memory		Minimum: 512 MB of RAM
			Recommended: 1 GB of RAM

8Installing

System Requirements

Hard disk	1.5 GB hard-disk space for x86-based computers

Other	Minimum: 8-way capable multiprocessor machine required
	Maximum: 64-way capable multiprocessor machine supported

Enterprise Edition

These system requirements apply only to the 32-bit version of Windows Server 2003

Enterprise Edition; 64-bit versions of Windows Server 2003 Enterprise Edition are not supported.

	Component		Requirement
	Computer and		133-MHz or faster processor for x86-based PCs; up to eight processors
	processor		supported on either the 32-bit

	Memory		128 MB of RAM minimum required
			Maximum: 32 GB for x86-based PCs with the 32-bit version

	Hard disk		1.5 GB of available hard-disk space for x86-based PCs; additional space is
			required if installing over a network

	Drive		CD-ROM or DVD-ROM drive

	Display		VGA or hardware that supports console redirection required

Web Edition

	Component		Requirement
	Computer and		133-MHz processor (550 MHz recommended)
	processor

	Memory		128 MB of RAM (256 MB recommended; 2 GB maximum)

	Hard disk		1.5 GB of available hard-disk space

Windows XP

PGP Command Line supports the 32-bit and 64-bit versions of Windows XP.

32-bit Windows XP

	Component		Requirement
	Computer and		PC with 300 megahertz (MHz) or higher processor clock speed recommended;
	processor		233-MHz minimum required; Intel Pentium/Celeron family, AMD
			K6/Athlon/Duron family, or compatible processor recommended

Installing 9

System Requirements

Memory	128 megabytes (MB) of RAM or higher recommended (64 MB minimum
	supported; may limit performance and some features)

Hard disk	1.5 gigabyte (GB) of available hard disk space

Drive	CD-ROM or DVD-ROM drive

Display	Super VGA (800 × 600) or higher resolution video adapter and monitor
	supporting 800 x 600 or higher-resolution monitor recommended

64-bit Windows XP

	Component		Requirement
	Computer and		PC with AMD Athlon 64, AMD Opteron, Intel Xeon with Intel EM64T support,
	processor		Intel Pentium 4 with Intel EM64T support

	Memory		256 megabytes (MB) of RAM or higher recommended

	Hard disk		1.5 gigabyte (GB) of available hard disk space

	Drive		CD-ROM or DVD-ROM drive

	Display		Super VGA (800 × 600) or higher resolution video adapter and monitor
			supporting 800 x 600 or higher-resolution monitor recommended

IBM AIX

PGP Command Line runs on the range of IBM eServer p5, IBM eServer pSeries, IBM eServer i5 and IBM RS/6000, as supported by IBM AIX 5.3 and 6.1.

HP-UX 11i

PGP Command Line runs on the list of PA-RISC workstation and servers supported by HP-UX 11i, as specified at http://docs.hp.com/ http://docs.hp.com/en/51872239/ch03s01.html.

Solaris 9 and 10

	Component		Requirement
	Computer and		SPARC (32and 64-bit) platforms
	processor

	Memory		64 MB minimum (128 MB recommended)

	Hard disk		600 MB for desktops; one GB for servers

10Installing Installing on AIX

Red Hat Enterprise Linux, SLES, and Fedora Core

	Component		Requirement
	Computer and		x86 for Red Hat Enterprise Linux and SLES, x86_64 for Fedora Core; see Red
	processor		Hat or Fedora websites for hardware compatibility.

	Memory		256 MB minimum

	Hard disk		800 MB minimum

Mac OS X

	Component		Requirement
	Computer and		Macintosh computer, Intel-based system only
	processor

	Memory		128 MB of physical RAM

Installing on AIX

This section tells you how to install, change the home directory, and uninstall on AIX.

Installing on AIX

You need to have root or administrator privileges on the machine on which you are installing PGP Command Line.

To install PGP Command Line on an AIX system:

1If you have an existing version of PGP Command Line installed on the computer, uninstall it.

2Download the installer application called PGPCommandLine10IX.tar to a known location on your system.

3Untar the package first. You will get the following file:

PGPCommandLine100AIX.rpm

4Type: rpm -ivh PGPCommandLine10IX.rpm

5Press Enter.

Installing 11

Installing on AIX

By default, the PGP Command Line application, pgp, is installed into the directory /opt/pgp/bin. You need to add this directory to your PATH environment variable in order for the application to be found.

For sh-based shells, use this syntax:

PATH=$PATH:/opt/pgp/bin

For csh-based shells, use this syntax:

set path = ($path /opt/pgp/bin)

Also, in order to access the PGP Command Line man page, you need to set the

MANPATH environment variable appropriately.

For sh-based shells, use this syntax:

MANPATH=$MANPATH:/opt/pgp/man; export MANPATH

For csh-based shells, use this syntax:

setenv MANPATH "/opt/pgp/man"

By adding the option --prefix to the rpm command, you can install PGP Command

Line to a location other than the default.

Type rpm --prefix=/usr/pgp -ivh PGPCommandLine10AIX.rpm and press

Enter.

This command installs the application binary in the directory /usr/pgp/bin/pgp, libraries in /usr/pgp/lib, and so on.

You will need to edit the environmental variable LIBPATH to include the new library path (/usr/pgp/lib) so that PGP Command Line can function in a location other than the default.

By adding the option --prefix to the rpm command, you can install PGP Command

Line in a location other than the default:

1If you have an existing version of PGP Command Line installed on the computer, uninstall it.

2Download the installer application called PGPCommandLine10AIX.tar to a known location on your system.

3Untar the package first. You will get the following file:

PGPCommandLine10AIX.rpm

4 Type: rpm --prefix=/opt -ivh PGPCommandLine10AIX.rpm

5 Press Enter.

This command will install the application binary, pgp, in the directory

/usr/pgp/bin/pgp, libraries in /usr/pgp/lib, and so on.

You will need to edit the environment variable LIBPATH to include the new library path (/usr/pgp/lib), so that PGP Command Line can function in any location other than the default.

Changing the Home Directory on AIX

The home directory is where PGP Command Line stores the files that it creates and uses; for example, keyring files.

12Installing Installing on HP-UX

By default, the PGP Command Line installer for AIX creates the PGP Command Line home directory at $HOME/.pgp. If this directory does not exist, it will be created. For example, if the value of $HOME for user "alice"is /usr/home/alice, PGP Command Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of the directory listed in the $HOME variable, only .pgp.

If you want the home directory changed on a permanent basis, you will need to create the $PGP_HOME_DIR environment variable and specify the path of the desired home directory.

Uninstalling on AIX

Uninstalling PGP Command Line on AIX requires root privileges, either through su or sudo.

To uninstall PGP Command Line on AIX

1Type the following command and press Enter: rpm -e pgpcmdln

2PGP Command Line is uninstalled.

Installing on HP-UX

This section tells you how to install, change the home directory, and uninstall on HP-

UX.

Installing on HP-UX

You need to have root or administrator privileges on the machine on which you are installing PGP Command Line.

To install PGP Command Line on an HP-UX system

1If you have an existing version of PGP Command Line installed on the computer, uninstall it.

2Download the installer file called PGPCommandLine10HPUX.tar to a known location on your system.

3Untar the package first. You will get the following file:

PGPCommandLine10HPUX.depot

4Type: swinstall -s /absolute/path/to/PGPCommandLine10HPUX.depot

5Press Enter.

Installing 13

Installing on HP-UX

For sh-based shells, use this syntax:

PATH=$PATH:/opt/pgp/bin

For csh-based shells, use this syntax:

set path = ($path /opt/pgp/bin)

Also, in order to access the PGP Command Line man page, you need to set the

MANPATH environment variable appropriately.

For sh-based shells, use this syntax:

MANPATH=$MANPATH:/opt/pgp/man; export MANPATH

For csh-based shells, use this syntax:

setenv MANPATH "/opt/pgp/man"

Note: You may encounter an issue generating 2048or 4096-bit keys on HP-UX systems running PGP Command Line if you have altered the maximum number of shared memory segments that can be attached to one process, as configured by the shmseg system parameter. if you encounter this issue, reset the shmseg system parameter to its default value of 120. Consult your HP-UX documentation for information about how to alter system parameters.

Changing the Home Directory on HP-UX

The home directory is where PGP Command Line stores the files that it creates and uses; for example, keyring files.

By default, the PGP Command Line installer for HP-UX creates the PGP Command Line home directory in $HOME/.pgp. If this directory does not exist, it will be created. For example, if the value of $HOME for user "alice" is /usr/home/alice, PGP Command Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of the directory listed in the $HOME variable, only .pgp.

If you want the PGP Command Line home directory changed on a permanent basis, you can define the $PGP_HOME_DIR environment variable and specify the path of the desired home directory.

Installing to a Non-Default Directory on HP-UX

This procedure describes how to install PGP Command Line for HP-UX into a nondefault directory. The information provided is in addition to the information provided in Installing on HP-UX.

Note: This procedure uses /opt/pgp_alt as the non-default directory. Be sure to substitute the desired directory in place of /opt/pgp_alt.

To install PGP Command Line for HP-UX to a non-default directory

1Add the following extra argument to the swinstall command:

swinstall -s /path/to/pgpcmdln.depot pgpcmdln,l=/opt/pgp_alt

2Set all libraries to respect the SHLIB_PATH environment variable:

14Installing

Installing on Mac OS X

chatr +s enable /opt/pgp_alt/lib/*

3Set the SHLIB_PATH environment variable to the new library directory when starting PGP Command Line:

export SHLIB_PATH=/opt/pgp_alt/lib

Uninstalling on HP-UX

Uninstalling PGP Command Line on HP-UX requires root privileges, either su or sudo.

To uninstall PGP Command Line on HP-UX:

1Type the following command and press Enter: swremove pgpcmdln

2PGP Command Line is uninstalled.

Installing on Mac OS X

This section tells you how to install, change the home directory, and uninstall on Mac

OS X.

Installing on Mac OS X

To install PGP Command Line on a Mac OS X system:

1Close all applications.

2Download the installer application, PGPCommandLine10MacOSX.tgz, to your desktop.

3Double-click on the file PGPCommandLine10MacOSX.tgz.

4If you have Stuffit Expander, it will automatically first uncompress this file into

PGPCommandLine10MacOSX.tar, and then untar it into PGPCommandLine10MacOSX.pkg.

5Double-click on the file PGPCommandLine10MacOSX.pkg.

6Follow the on-screen instructions.

The Mac OS X PGP Command Line application, pgp, is installed into /usr/bin/.

After you run PGP Command Line for the first time, its home directory will be created automatically in the directory $HOME/Documents/PGP. This directory may already exist if PGP Desktop for Mac OS X is already installed on the system.

Installing 15

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core

Changing the Home Directory on Mac OS X

The home directory is where PGP Command Line stores the files that it creates and uses; for example, keyring files.

By default, the PGP Command Line installer for Mac OS X creates the PGP Command Line home directory at $HOME/Documents/PGP. If this directory does not exist, it will be created.

The PGP Command Line installer will not try to create any other part of directory listed in the $HOME variable, only .pgp.

If you want the home directory changed permanently, you need to create the $PGP_HOME_DIR environment variable and specify the path of the desired home directory.

Uninstalling on Mac OS X

Uninstalling PGP Command Line on Mac OS X requires administrative privileges.

Caution: If you have PGP Desktop for Mac OS X installed on the same system with PGP Command Line, do not uninstall PGP Command Line unless you also plan to uninstall PGP Desktop. Uninstalling PGP Command Line will delete files that PGP Desktop requires to operate; you will have to reinstall PGP Desktop to return to normal operation.

To uninstall PGP Command Line on Mac OS X:

1Using the Terminal application, enter the following commands: rm -rf /usr/bin/pgp

rm -rf /Library/Frameworks/PGP* rm -rf /Library/Receipts/PGP*

2PGP Command Line is uninstalled.

Preferences and keyrings are not removed when PGP Command Line is uninstalled.

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core

This section tells you how to install, change the home directory, and uninstall on a

Linux or Fedora Core system.

Installing on Red Hat Enterprise Linux or Fedora Core

You need to have root or administrator privileges on the machine on which you are installing PGP Command Line.

16Installing

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core

Linux installations now default to /opt/pgp, which matches the default installation location on other UNIX platforms. To install PGP Command Line on Linux to the previous installation location (/usr/bin/), use the "--prefix=/usr" option.

If you have an existing Linux installation of PGP Command Line and do not install the new version using the "--prefix=/usr" option, you will need to update your path to include /opt/pgp/bin and you will need to update any scripts accordingly.

Caution: If you want to use the XML key list functionality in PGP Command Line, you need to upgrade libxml2 to Version 2.6.8; the default is Version 2.5.10. If you attempt to use the XML key list functionality without upgrading, you will receive an error.

To install PGP Command Line on a Linux system:

1If you have an existing version of PGP Command Line installed on the computer, uninstall it.

2Download the installer file called PGPCommandLine10Linux.tar to a known location on your system.

3Untar the package first. You will get the following file:

PGPCommandLine10Linux.rpm

4Type: rpm -ivh PGPCommandLine10Linux.rpm

5Press Enter.

The PGP Command Line application, pgp, is installed by default into /opt/pgp/.

By adding the option --prefix to the rpm command, you can install PGP Command

Line in a location other than the default.

To install PGP Command Line into a different directory:

1If you have an existing version of PGP Command Line installed on the computer, uninstall it.

2Download the installer file called PGPCommandLine10Linux.tar to a known location on your system.

3Untar the package first. You will get the following file:

PGPCommandLine10Linux.rpm

4Type: rpm --prefix=/opt -ivh PGPCommandLine10Linux.rpm

5Press Enter.

This command will install the application binary in the directory /opt/bin/pgp, libraries in /opt/lib, etc. You will need to edit the environment variable LD_LIBRARY_PATH to include the new library path for the software to function in any location other than the default.

Changing the Home Directory on Linux or Fedora Core

The home directory is where PGP Command Line stores the files that it creates and uses; for example, keyring files.

+ 287 hidden pages