PGP Command Line - 10.3 User’s Guide

PGP™ Command Line

User's Guide

10.3

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Version 10.3.0. Last updated: January 2013.

Legal Notice

Copyright (c) 2013 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, PGP, Pretty Good Privacy, and the PGP logo are trademarks or registered trademarks of Symantec Corporation or its
affiliates in the U.S. and other countries. Java is a registered trademark of Oracle and/or its affiliates. Other names may be trademarks of their
respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering.
No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if
any.

THE DOCUMENTATION IS PROVIDED"AS IS"AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT
TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR
INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION.
THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights
as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. “Commercial Computer
Software and Commercial Computer Software Documentation”, as applicable, and any successor regulations. Any use, modification, reproduction
release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with
the terms of this Agreement.

Symantec Corporation
350 Ellis Street
Mountain View, CA 94043

Symantec Home Page (

Printed in the United States of America.

10 9 8 7 6 5 4 3 2 1

http://www.symantec.com)

Contents

About PGP Command Line

1

Important Concepts
Technical Support

Contacting Technical Support
Licensing and registration
Customer service
Support agreement resources

Installing

Install Location 5
Supported Platforms 6
System Requirements 6

Windows 7 and Vista 7
Windows Server 2008 and 2003 7
Windows XP 8
IBM AIX 9
HP-UX 11i 9
Solaris 9 and 10 9
Red Hat Enterprise Linux, SLES, and Fedora Core 10
Mac OS X 10

Installing on AIX 10

Installing on AIX 10
Changing the Home Directory on AIX 11
Uninstalling on AIX 12

Installing on HP-UX 12

Installing on HP-UX 12
Changing the Home Directory on HP-UX 13
Installing to a Non-Default Directory on HP-UX 13
Uninstalling on HP-UX 14

Installing on Mac OS X 14

Installing on Mac OS X 14
Changing the Home Directory on Mac OS X 15
Uninstalling on Mac OS X 15

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core 15

Installing on Red Hat Enterprise Linux or Fedora Core 16
Changing the Home Directory on Linux or Fedora Core 17
Uninstalling on Linux or Fedora Core 17

Installing on Solaris 17

Installing on Solaris 17
Changing the Home Directory on Solaris 18
Uninstalling on Solaris 19

Installing on Windows 19

PGP Command Line for Windows and Symantec Encryption Desktop on the Same System 19
To Install on Windows 19
Changing the Home Directory on Windows 20

Uninstalling on Windows 21
Upgrading 21
Relocating 21

1
2
3
3
3
4

5

ii Contents

Licensing 23

Overview
Using a License Number
Using a License Authorization
Re-Licensing

The Command-Line Interface

Overview 27
Flags and Arguments 28

Configuration File 32

Environment Variables 37
Standard Input, Output, and Error 38

Specifying a Key 39
'Secure' Options 40

First Steps 41

Overview 41
Creating Your Keypair 42
Protecting Your Private Key 44
Distributing Your Public Key 44

Getting the Public Keys of Others 46

Verifying Keys 48

23
24
24
25

27

Flags 29

Arguments 29

Keyserver Configuration File Settings 36

Redirecting an Existing File 38

Entering Data 38

Posting Your Public Key to a Keyserver 45

Exporting Your Public Key to a Text File 45

Finding a Public Key on a Keyserver 46

Importing a Public Key from a Keyserver 47

Cryptographic Operations 51

Overview 51
Commands 52

--armor (-a) 52

--clearsign 53

--decrypt 55

--detached (-b) 57

--dump-packets, --list-packets 58

--encrypt (-e) 59

--export-session-key 62

--list-sda 63

--list-archive 63

--sign (-s) 64

--symmetric (-c) 66

--verify 67

iii Contents

Key Listings 69

Overview
Commands

Working with Keyservers

Overview
Commands

Managing Keys

--fingerprint

--fingerprint-details

--list-key-details

--list-keys (-l)

--list-keys-xml

--list-sig-details

--list-sigs

--list-userids

--keyserver-disable

--keyserver-recv

--keyserver-remove

--keyserver-search

--keyserver-send

--keyserver-update

69
69
70
70
72
73
74
74
75
75

77

77
77
77
78
79
80
81
81

83

Overview 85
Commands 85

--add-adk 85

--add-photoid 86

--add-preferred-cipher 86

--add-preferred-compression-algorithm 87

--add-preferred-email-encoding 87

--add-preferred-hash 88

--add-revoker 88

--add-userid 89

--cache-passphrase 89

--change-passphrase 90

--clear-key-flag 91

--disable 91

--enable 92

--export, --export-key-pair 92

--export-photoid 94

--gen-key 95

--gen-revocation 97

--gen-subkey 98

--get-email-encoding 98

--import 99

--join-key 100

--join-key-cache-only 103

--key-recon-send 104

iv Contents

--key-recon-recv-questions 105

--key-recon-recv 106

--remove 107

--remove-adk 107

--remove-all-adks 108

--remove-all-photoids 108

--remove-all-revokers 108

--remove-expiration-date 109

--remove-key-pair 109

--remove-photoid 110

--remove-preferred-cipher 110

--remove-preferred-compression-algorithm 110

--remove-preferred-email-encoding 111

--remove-preferred-hash 111

--remove-preferred-keyserver 112

--remove-revoker 112

--remove-sig 113

--remove-subkey 113

--remove-userid 114

--revoke 114

--revoke-sig 115

--revoke-subkey 115

--send-shares 116

--set-expiration-date 116

--set-key-flag 117

--set-preferred-ciphers 117

--set-preferred-compression-algorithms 118

--set-preferred-email-encodings 118

--set-preferred-hashes 119

--set-preferred-keyserver 119

--set-primary-userid 120

--set-trust 120

--sign-key 121

--sign-userid 122

--split-key 123

Working with Email 127

Overview 127
Encrypt Email 128
Sign Email 129
Decrypt Email 130
Verify Email 130
Annotate Email 130

Working with a PGP Key Management Server 133

Overview 134

--decrypt 137

--encrypt (-e) 137

New Terms and Concepts 134

Relationship with a PGP KMS 135

Authentication for PGP KMS Operations 135

v Contents

--create-mak

--export-mak

--export-mak-pair

--import-mak

--request-cert

--edit-mak

--search-mak

--delete-mak

--create-mek-series

--edit-mek-series

--search-mek-series

--delete-mek-series

--create-mek

--import-mek

--export-mek

--edit-mek

--search-mek

--create-msd

--export-msd

--edit-msd

--search-msd

--delete-msd

--create-consumer

--search-consumer

--check-certificate-validity

Export Format

138
138
139
140
141
142
142
143
144
145
145
146
147
148
148
149
149
150
151
152
152
153
154
155
155
156

Miscellaneous Commands

Overview
Commands

--agent

--create-keyrings

--help (-h)

--license-authorize

--purge-all-caches

--purge-keyring-cache

--purge-passphrase-cache

--speed-test

--version

--wipe

--check-sigs

--check-userids

Options

Using Options 165
Boolean Options 166

--alternate-format 166

--annotate 166

--archive 166

--banner 167

--biometric 168

159

159
160
160
160
161
161
161
161
162
162
162
163
163
164

165

vi Contents

--buffered-stdio 168

--compress, --compression 168

--details 169

--email 169

--encrypt-to-self 169

--eyes-only 170

--fast-key-gen 170

--fips-mode, --fips 170

--force (-f) 171

--halt-on-error 171

--import-certificates 171

--keyring-cache 171

--large-keyrings 172

--license-recover 172

--marginal-as-valid 172

--master-key 173

--pass-through 173

--passphrase-cache 173

--photo 173

--quiet (-q) 173

--recursive 174

--reverse-sort, --reverse 174

--sda 174

--skep 175

--text-mode, --text (-t) 175

--truncate-passphrase 175

--verbose (-v) 175

--warn-adk 175

--wrapper-key 176

--xml 176

Integer Options 177

--3des 177

--aes128, --aes192, --aes256 177

--bits, --encryption-bits 178

--blowfish 178

--bzip2 178

--cast5 179

--creation-days 179

--expiration-days 179

--idea 180

--index 180

--keyring-cache-timeout 180

--keyserver-timeout 181

--md5 181

--passphrase-cache-timeout 181

--partitioned 182

--pgp-mime 182

--ripemd160 182

--sha, --sha256, --sha384, --sha512 183

--signing-bits 184

--skep-timeout 184

--threshold 185

--trust-depth 185

--twofish 185

vii Contents

--wipe-input-passes 185

--wipe-overwrite-passes 186

--wipe-passes 186

--wipe-temp-passes 186

--zip 186

--zlib 187

Enumeration Options 187

--auto-import-keys 187

--cipher 187

--compression-algorithm 188

--compression-level 189

--email-encoding 189

--enforce-adk 189

--export-format 190

--hash 190

--import-format 191

--input-cleanup 192

--key-flag 192

--key-type 193

--manual-import-key-pairs 193

--manual-import-keys 193

--overwrite 194

--sig-type 194

--sort-order, --sort 194

--tar-cache-cleanup 195

--target-platform 195

--temp-cleanup 196

--trust 196

String Options 196

--auth-key 196

--auth-passphrase 197

--auth-username 197

--basic-constraint 197

--city, --common-name, --contact-email, --country 197

--comment 197

--creation-date 198

--default-key 198

--expiration-date 198

--export-passphrase 199

--extended-key-usage 199

--home-dir 199

--key-usage 199

--local-user (-u), --user 200

--license-name, --license-number, --license-organization, --license-email 200

--new-passphrase 201

--organization, --organizational-unit 201

--output (-o) 201

--output-file 202

--passphrase 202

--preferred-keyserver 202

--private-keyring 203

--proxy-passphrase, --proxy-server, --proxy-username 203

--public-keyring 203

--recon-server 204

viii Contents

--regular-expression 204

--random-seed 204

--root-path 205

--share-server 205

--state 205

--status-file 205

--subject-alternative-name 206

--symmetric-passphrase 206

--temp-dir 206

List Options 207

File Descriptors 211

--additional-recipient 207

--adk 207

--input (-i) 207

--question / --answer 208

--keyserver 208

--recipient (-r) 209

--revoker 209

--share 210

--auth-passphrase-fd, auth-passphrase-fd8 211

--export-passphrase-fd, --export-passphrase-fd8 211

--new-passphrase-fd, --new-passphrase-fd8 211

--passphrase-fd 211

--proxy-passphrase-fd, --proxy-passphrase-fd8 212

--symmetric-passphrase-fd, --symmetric-passphrase-fd8 212

Lists 213

Basic Key List 213

The Default Key Column 214

The Algorithm Column 214

The Type Column 215

The Size/Type Column 215

The Flags Column 216

The Key ID Column 217

The User ID Column 217
Detailed Key List 218

Main Key Details 219

Subkey Details 225

ADK Details 227

Revoker Details 228
Key List in XML Format 228

Elements with fixed settings 232

X.509 Signatures 234
Detailed Signature List 235

Usage Scenarios 241

Secure Off-Site Backup 241
PGP Command Line and Symantec Encryption Desktop 241
Compression Saves Money 242
Surpasses Legal Requirements 243

ix Contents

Searching for Data on a PGP KMS 245

Overview 245

Example Searches 248

More About Types 249

Operators 246

Types 246

Keyword Listing 246

For Linux and Mac OSX 248

For Windows 248

Time Fields 249

Boolean Values 249

Open PGP Algorithms 250

Open PGP Key Usage Flags 250

Key Modes 250

Creating a Certificate Signing Request 253

About CSRs 253
Creating a CSR using PGP Command Line 254

Codes and Messages 257

Messages Without Codes 257
Messages With Codes 258

Parser 258

Keyrings 259

Wipe 259

Encrypt 260

Sign 260

Decrypt 261

Speed Test 261

Key edit 262

Keyserver 266

Key Reconstruction 267

Licensing 268

Symantec Encryption Management Server 269

General 269
Exit Codes 277

Frequently Asked Questions 279

Key Used for Encryption 279
"Invalid" Keys 279
Maximum File Size 280
Programming and Scripting Languages 281
File Redirection 281
Protecting Passphrases 281

x Contents

Quick Reference 283

Commands 283
Options 286
Environment Variables 290
Configuration File Variables 291

Index 295

1

About PGP Command Line

PGP Command Line is a command line product for performing cryptography and key
management tasks. It operates as a stand-alone product that performs those tasks
locally. It can also operate as a client product that interacts with Symantec Encryption
Management Server to perform those tasks.

With PGP Command Line, you can write command line scripts that use Symantec
encryption technology to perform these tasks:

 Encrypt, sign, and decrypt individual files or collections of files

 Create and manage keys on a local keyring

 Access keys on Symantec Encryption Management Server and other keyservers

 Manage keys on Symantec Encryption Management Server

 Create consumer (user) accounts on Symantec Encryption Management Server

 Manage X.509 certificates, including requesting and validating a certificate

 Encrypt, sign, and decrypt email

You can insert PGP Command Line commands into scripts for automating tasks. PGP
Command Line commands are easily added to shell scripts or scripts written with
scripting languages, such as Perl or Python.

For example, consider a company that regularly backs up a large sensitive database to
an off-site location. A script runs automatically to perform the backup. This company
can add PGP Command Line commands to that script to compress and encrypt the
database before transmitting it to the off-site location. It can also add commands to
decrypt and uncompress the database when it arrives at its destination.

In This Chapter

Important Concepts ........................................................................................................ 1

Technical Support ........................................................................................................... 2

Important Concepts

The following concepts are important for you to understand:

 environment variables: Environment variables control various aspects of PGP

Command Line behavior; for example, the location of the PGP Command Line
home directory. Environment variables are established on the computer running
PGP Command Line.

2 About PGP Command Line

Technical Support

 configuration file variables: When PGP Command Line starts, it reads the

configuration file, which includes special configuration variables and values for
each variable. These settings affect how PGP Command Line operates.
Configuration file variables can be changed permanently by editing the
configuration file or overridden on a temporary basis by specifying a value for a
configuration file variable on the command line.

 Self-Decrypting Archives (SDAs): PGP Command Line lets you create SDAs,

compressed and conventionally encrypted archives that require a passphrase to
decrypt. SDAs contain an executable for the target platform, which means the
recipient of an SDA does not need to have any Symantec encryption software
installed to open the archive. You can thus securely transfer data to recipients
with no Symantec encryption software installed. You will have to communicate
the passphrase of the SDA to the recipient, however.

 Additional Decryption Key (ADK): PGP Command Line supports the use of an

ADK, which is an additional key to which files or messages are encrypted, thus
allowing the keeper of the ADK to retrieve data or messages as well as the
intended recipient. Use of an ADK ensures that your corporation has access to all
its proprietary information even if employee keys are lost or become unavailable.

 PGP Zip archives: The PGP Zip feature lets you encrypt/sign groups of files or

entire directories into a single compressed archive file. The archive format is tar
and the supported compression formats are Zip, BZip2, and Zlib.

Technical Support

Symantec Technical Support maintains support centers globally. Technical Support’s
primary role is to respond to specific queries about product features and functionality.
The Technical Support group also creates content for our online Knowledge Base. The
Technical Support group works collaboratively with the other functional areas within
Symantec to answer your questions in a timely fashion. For example, the Technical
Support group works with Product Engineering and Symantec Security Response to
provide alerting services and virus definition updates.

Symantec’s support offerings include the following:

 A range of support options that give you the flexibility to select the right amount

of service for any size organization

 Telephone and/or Web-based support that provides rapid response and up-to-the-

minute information

 Upgrade assurance that delivers software upgrades

 Global support purchased on a regional business hours or 24 hours a day, 7 days a

week basis

 Premium service offerings that include Account Management Services

For information about Symantec’s support offerings, you can visit our Web site at the
following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement and
the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support
information at the following URL:

www.symantec.com/business/support/

Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be at the
computer on which the problem occurred, in case it is necessary to replicate the
problem.

When you contact Technical Support, please have the following information available:

 Product release level

 Hardware information

 Available memory, disk space, and NIC information

 Operating system

 Version and patch level

 Network topology

 Router, gateway, and IP address information

 Problem description:

 Error messages and log files

 Troubleshooting that was performed before contacting Symantec

 Recent software configuration changes and network changes

Technical Support

3 About PGP Command Line

Licensing and registration

If your Symantec product requires registration or a license key, access our technical
support Web page at the following URL:

www.symantec.com/business/support/

Customer service

Customer service information is available at the following URL:

www.symantec.com/business/support/

Customer Service is available to assist with non-technical questions, such as the
following types of issues:

 Questions regarding product licensing or serialization

 Product registration updates, such as address or name changes

 General product information (features, language availability, local dealers)

 Latest information about product updates and upgrades

 Information about upgrade assurance and support contracts

4 About PGP Command Line

Technical Support

 Information about the Symantec Buying Programs

 Advice about Symantec's technical support options

 Nontechnical presales questions

 Issues that are related to CD-ROMs or manuals

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:

Asia-Pacific and Japan customercare_apac@symantec.com

Europe, Middle-East, Africa semea@symantec.com

North America, Latin America supportsolutions@symantec.com

2

Installing

This chapter lists the system requirements for, and tells you how to install PGP
Command Line onto, the supported platforms: AIX, HP-UX, Mac OS X, Linux, Solaris,
and Windows. It also includes uninstall instructions.

In This Chapter

Install Location................................................................................................................5

Supported Platforms....................................................................................................... 6

System Requirements.....................................................................................................6

Installing on AIX............................................................................................................10

Installing on HP-UX......................................................................................................12

Installing on Mac OS X .................................................................................................14

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core ..............................15

Installing on Solaris......................................................................................................17

Installing on Windows.................................................................................................. 19

Upgrading.......................................................................................................................21

Relocating.......................................................................................................................21

Install Location

PGP Command Line uses a specific directory for the application data such as the
configuration file, and a specific directory (called the home directory) for the files it
creates, such as keyring files.

On any UNIX system, the application data and the home directory are identical and
they are configured through the $HOME environment variable. For more information,
refer to the installation instructions for the specific UNIX platform.

On Windows, the application data directory is used to store data such as the
configuration file PGPprefs.xml. The home directory is called “My Documents” and
is used to store keys. These two directories can be named differently, depending on the
specific version on Windows. For more information, see To Install on Windows (on page

19).

Note: You can also use the --home-dir option on the command line to specify a

different home directory. Using this option affects only the command it is used in
and does not change the PGP_HOME_DIR environment variable.

Using --home-dir on the command line overrides the current setting of the
PGP_HOME_DIR environment variable.

6 Installing

Supported Platforms

Supported Platforms

You can install PGP Command Line on these platforms:

 Windows XP Professional 32-bit (including Service Pack 2 or 3), Windows XP

Professional 64-bit (including Service Pack 2 or 3), Windows Vista 32-bit and 64­bit (including Service Pack 2), Windows 7 32-bit and 64-bit (including Service Pack

1), Windows Server 2003 32-bit and 64-bit (including Service Pack 1 or 2),
Windows Server 2008 32-bit (including Service Pack 1 and 2), Windows Server
2008 R2 64-bit

 HP-UX 11i and above for PA-RISC (32-bit) as well as Itanium 2 and similar

processors (64-bit)

 IBM AIX 5.3 (Technology Levels supported by IBM; as of July 2011, TL 11 and

greater) and 6.1 (TL 4 and greater) PowerPC

 Red Hat Enterprise Linux 5.4 (x86 and x86_64), Red Hat Enterprise Linux 5.5 (x86

and x86_64), and Red Hat Enterprise Linux 6.0 (x86 and x86_64)

 SLES (SUSE Linux Enterprise Server) 10 SP2 (x86)

 Solaris 9 (SPARC, 32-bit), Solaris 10 (SPARC, 32-bit), Solaris 10 (x86), Solaris 10

(x86_64)

 Apple Mac OS X 10.5.x (x86) and Mac OS X 10.6.x (x86)

Note: These platforms are no longer supported: Windows 2000, Red Hat Enterprise

Linux 5.0, SLES (SUSE Linux Enterprise Server) 9, Sun Solaris 9 (x86 and x86_64),
Fedora Core 6, AIX 5.2 and Mac OS X 10.4.

System Requirements

In general, system requirements for PGP Command Line are the same as the system
requirements for the host operating system.

In addition to the hard drive space required by the base operating system, PGP
Command Line requires additional space for both the data on which cryptographic
operations (such as encryption, decryption, signing, and verifying) will be applied and
temporary files created in the process of performing those operations.

For a given file being encrypted or decrypted, PGP Command Line can require several
times the size of the original file in free hard drive space (depending on how much the
file was compressed), enough to hold both the original file or files and the final file
resulting from the encryption or decryption operation.

In cases where PGP Zip functionality is used on a file, PGP Command Line may also
require several times the size of the original file or files in free hard drive space, enough
to hold the original file, a temporary file created when handling the archive, and the
final file resulting from the encryption or decryption operation. Make sure you have
adequate free hard drive space on your system before using PGP Command Line.

Windows 7 and Vista

System Requirements

7 Installing

Component

Computer and
processor

Memory 1 gigabyte (GB) of RAM or higher recommended (64 MB minimum supported;

Hard disk 15 GB of available space

Drive DVD-ROM drive

Display Support for DirectX 9 graphics with WDDM driver, 128 MB of graphics

Requirement

PC with 1 GHz 32-bit (x86) processor

may limit performance and some features)

memory (minimum), Pixel Shader 2.0 in hardware, 32 bits per pixel

Windows Server 2008 and 2003

PGP Command Line supports four editions of Windows Server 2008 and 2003:
Standard, Datacenter, Enterprise, and Web.

Standard Edition

Component Requirement

Computer and PC with a 133-MHz processor required; 550-MHz or faster processor
processor recommended (Windows Server 2003 Standard Edition supports up to four

processors on one server)

Memory 128 MB of RAM required; 256 MB or more recommended; 4 GB maximum

Hard disk 1.25 to 2 GB of available hard-disk space

Drive CD-ROM or DVD-ROM drive

Display VGA or hardware that supports console redirection required; Super VGA

supporting 800 x 600 or higher-resolution monitor recommended

Datacenter Edition

Component Requirement

Computer and Minimum: 400 MHz processor for x86-based computers Recommended: 733
processor MHz processor

Memory Minimum: 512 MB of RAM

Recommended: 1 GB of RAM

8 Installing

System Requirements

Hard disk 1.5 GB hard-disk space for x86-based computers

Other Minimum: 8-way capable multiprocessor machine required

Maximum: 64-way capable multiprocessor machine supported

Enterprise Edition

These system requirements apply only to the 32-bit version of Windows Server 2003
Enterprise Edition; 64-bit versions of Windows Server 2003 Enterprise Edition are not supported.

Component Requirement

Computer and 133-MHz or faster processor for x86-based PCs; up to eight processors
processor supported on either the 32-bit

Memory 128 MB of RAM minimum required

Maximum: 32 GB for x86-based PCs with the 32-bit version

Hard disk 1.5 GB of available hard-disk space for x86-based PCs; additional space is

required if installing over a network

Drive CD-ROM or DVD-ROM drive

Display VGA or hardware that supports console redirection required

Web Edition

Component Requirement

Computer and 133-MHz processor (550 MHz recommended)
processor

Memory 128 MB of RAM (256 MB recommended; 2 GB maximum)

Hard disk 1.5 GB of available hard-disk space

Windows XP

PGP Command Line supports the 32-bit and 64-bit versions of Windows XP.

32-bit Windows XP

Component Requirement

Computer and PC with 300 megahertz (MHz) or higher processor clock speed recommended;
processor 233-MHz minimum required; Intel Pentium/Celeron family, AMD

K6/Athlon/Duron family, or compatible processor recommended

System Requirements

9 Installing

Memory 128 megabytes (MB) of RAM or higher recommended (64 MB minimum

Hard disk 1.5 gigabyte (GB) of available hard disk space

Drive CD-ROM or DVD-ROM drive

Display Super VGA (800 × 600) or higher resolution video adapter and monitor

supported; may limit performance and some features)

supporting 800 x 600 or higher-resolution monitor recommended

64-bit Windows XP

Component Requirement

Computer and PC with AMD Athlon 64, AMD Opteron, Intel Xeon with Intel EM64T support,
processor Intel Pentium 4 with Intel EM64T support

Memory 256 megabytes (MB) of RAM or higher recommended

Hard disk 1.5 gigabyte (GB) of available hard disk space

Drive CD-ROM or DVD-ROM drive

Display Super VGA (800 × 600) or higher resolution video adapter and monitor

supporting 800 x 600 or higher-resolution monitor recommended

IBM AIX

PGP Command Line runs on the range of IBM eServer p5, IBM eServer pSeries, IBM
eServer i5 and IBM RS/6000, as supported by IBM AIX 5.3 and 6.1.

HP-UX 11i

PGP Command Line runs on the list of PA-RISC workstation and servers supported by
HP-UX 11i, as specified at http://docs.hp.com/ http://docs.hp.com/en/5187-
2239/ch03s01.html.

Solaris 9 and 10

Component Requirement

Computer and SPARC (32- and 64-bit) platforms
processor

Memory 64 MB minimum (128 MB recommended)

Hard disk 600 MB for desktops; one GB for servers

10 Installing

Installing on AIX

Red Hat Enterprise Linux, SLES, and Fedora Core

Component Requirement

Computer and x86 for Red Hat Enterprise Linux and SLES, x86_64 for Fedora Core; see Red
processor Hat or Fedora websites for hardware compatibility.

Memory 256 MB minimum

Hard disk 800 MB minimum

Mac OS X

Component Requirement

Computer and Macintosh computer, Intel-based system only
processor

Memory 128 MB of physical RAM

Installing on AIX

This section tells you how to install, change the home directory, and uninstall on AIX.

Installing on AIX

You need to have root or administrator privileges on the machine on which you are
installing PGP Command Line.

To install PGP Command Line on an AIX system:

1 If you have an existing version of PGP Command Line installed on the computer,

2 Download the installer application called PGPCommandLine[version]IX.tar to

3 Untar the package first. You will get the following file:

4 Type: rpm -ivh PGPCommandLine[version]IX.rpm

5 Press Enter.

uninstall it.

a known location on your system.

PGPCommandLine[version]AIX.rpm

Installing on AIX

11 Installing

By default, the PGP Command Line application, pgp, is installed into the directory
/opt/pgp/bin. You need to add this directory to your PATH environment variable in
order for the application to be found.

For sh-based shells, use this syntax:

PATH=$PATH:/opt/pgp/bin

For csh-based shells, use this syntax:

set path = ($path /opt/pgp/bin)

Also, in order to access the PGP Command Line man page, you need to set the
MANPATH environment variable appropriately.

For sh-based shells, use this syntax:

MANPATH=$MANPATH:/opt/pgp/man; export MANPATH

For csh-based shells, use this syntax:

setenv MANPATH "/opt/pgp/man"

By adding the option --prefix to the rpm command, you can install PGP Command
Line to a location other than the default.

Type rpm --prefix=/usr/pgp -ivh PGPCommandLine[version]AIX.rpm and
press Enter.

This command installs the application binary in the directory /usr/pgp/bin/pgp,
libraries in /usr/pgp/lib, and so on.

You will need to edit the environmental variable LIBPATH to include the new library
path (/usr/pgp/lib) so that PGP Command Line can function in a location other than the
default.

By adding the option --prefix to the rpm command, you can install PGP Command
Line in a location other than the default:

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer application called PGPCommandLine[version]AIX.tar

to a known location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine[version]AIX.rpm

4 Type: rpm --prefix=/opt -ivh PGPCommandLine[version]AIX.rpm

5 Press Enter.

This command will install the application binary, pgp, in the directory
/usr/pgp/bin/pgp, libraries in /usr/pgp/lib, and so on.

You will need to edit the environment variable LIBPATH to include the new library path
(/usr/pgp/lib), so that PGP Command Line can function in any location other than
the default.

Changing the Home Directory on AIX

The home directory is where PGP Command Line stores the files that it creates and
uses; for example, keyring files.

12 Installing

Installing on HP-UX

Uninstalling on AIX

By default, the PGP Command Line installer for AIX creates the PGP Command Line
home directory at $HOME/.pgp. If this directory does not exist, it will be created. For
example, if the value of $HOME for user "alice"is /usr/home/alice, PGP Command
Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of the directory
listed in the $HOME variable, only .pgp.

If you want the home directory changed on a permanent basis, you will need to create
the $PGP_HOME_DIR environment variable and specify the path of the desired home
directory.

Uninstalling PGP Command Line on AIX requires root privileges, either through su or
sudo.

To uninstall PGP Command Line on AIX

1 Type the following command and press Enter:

rpm -e pgpcmdln

2 PGP Command Line is uninstalled.

Installing on HP-UX

This section tells you how to install, change the home directory, and uninstall on HP­UX.

Installing on HP-UX

You need to have root or administrator privileges on the machine on which you are
installing PGP Command Line.

To install PGP Command Line on an HP-UX system

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer file called PGPCommandLine[version]HPUX.tar to a

known location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine[version]HPUX.depot

4 Type: swinstall -s

/absolute/path/to/PGPCommandLine[version]HPUX.depot

5 Press Enter.

By default, the PGP Command Line application, pgp, is installed into the directory
/opt/pgp/bin. You need to add this directory to your PATH environment variable in
order for the application to be found.

For sh-based shells, use this syntax:

PATH=$PATH:/opt/pgp/bin

For csh-based shells, use this syntax:

set path = ($path /opt/pgp/bin)

Also, in order to access the PGP Command Line man page, you need to set the
MANPATH environment variable appropriately.

For sh-based shells, use this syntax:

MANPATH=$MANPATH:/opt/pgp/man; export MANPATH

For csh-based shells, use this syntax:

setenv MANPATH "/opt/pgp/man"

Note: You may encounter an issue generating 2048- or 4096-bit keys on HP-UX
systems running PGP Command Line if you have altered the maximum number of
shared memory segments that can be attached to one process, as configured by the
shmseg system parameter. if you encounter this issue, reset the shmseg system
parameter to its default value of 120. Consult your HP-UX documentation for
information about how to alter system parameters.

Installing on HP-UX

13 Installing

Changing the Home Directory on HP-UX

The home directory is where PGP Command Line stores the files that it creates and
uses; for example, keyring files.

By default, the PGP Command Line installer for HP-UX creates the PGP Command Line
home directory in $HOME/.pgp. If this directory does not exist, it will be created. For
example, if the value of $HOME for user "alice" is /usr/home/alice, PGP Command
Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of the directory
listed in the $HOME variable, only .pgp.

If you want the PGP Command Line home directory changed on a permanent basis, you
can define the $PGP_HOME_DIR environment variable and specify the path of the
desired home directory.

Installing to a Non-Default Directory on HP-UX

This procedure describes how to install PGP Command Line for HP-UX into a non­default directory. The information provided is in addition to the information provided
in Installing on HP-UX.

Note: This procedure uses /opt/pgp_alt as the non-default directory. Be sure to

substitute the desired directory in place of /opt/pgp_alt.

14 Installing

Installing on Mac OS X

Uninstalling on HP-UX

To install PGP Command Line for HP-UX to a non-default directory

1 Add the following extra argument to the swinstall command:

swinstall -s /path/to/pgpcmdln.depot pgpcmdln,l=/opt/pgp_alt

2 Set all libraries to respect the SHLIB_PATH environment variable:

chatr +s enable /opt/pgp_alt/lib/*

3 Set the SHLIB_PATH environment variable to the new library directory when

starting PGP Command Line:

export SHLIB_PATH=/opt/pgp_alt/lib

Uninstalling PGP Command Line on HP-UX requires root privileges, either su or sudo.

To uninstall PGP Command Line on HP-UX:

1 Type the following command and press Enter:

swremove pgpcmdln

2 PGP Command Line is uninstalled.

Installing on Mac OS X

This section tells you how to install, change the home directory, and uninstall on Mac
OS X.

Installing on Mac OS X

To install PGP Command Line on a Mac OS X system:

1 Close all applications.

2 Download the installer application, PGPCommandLine[version]MacOSX.tgz,

to your desktop.

3 Double-click on the file PGPCommandLine[version]MacOSX.tgz.

4 If you have Stuffit Expander, it will automatically first uncompress this file into

PGPCommandLine[version]MacOSX.tar, and then untar it into
PGPCommandLine[version]MacOSX.pkg.

5 Double-click on the file PGPCommandLine[version]MacOSX.pkg.

6 Follow the on-screen instructions.

The Mac OS X PGP Command Line application, pgp, is installed into /usr/bin/.

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core

After you run PGP Command Line for the first time, its home directory will be created
automatically in the directory $HOME/Documents/PGP. This directory may already
exist if Symantec Encryption Desktop for Mac OS X is already installed on the system.

15 Installing

Changing the Home Directory on Mac OS X

The home directory is where PGP Command Line stores the files that it creates and
uses; for example, keyring files.

By default, the PGP Command Line installer for Mac OS X creates the PGP Command
Line home directory at $HOME/Documents/PGP. If this directory does not exist, it will
be created.

The PGP Command Line installer will not try to create any other part of directory listed
in the $HOME variable, only .pgp.

If you want the home directory changed permanently, you need to create the
$PGP_HOME_DIR environment variable and specify the path of the desired home
directory.

Uninstalling on Mac OS X

Uninstalling PGP Command Line on Mac OS X requires administrative privileges.

Caution: If you have Symantec Encryption Desktop for Mac OS X installed on the

same system with PGP Command Line, do not uninstall PGP Command Line unless
you also plan to uninstall Symantec Encryption Desktop. Uninstalling PGP
Command Line will delete files that Symantec Encryption Desktop requires to
operate; you will have to reinstall Symantec Encryption Desktop to return to normal
operation.

To uninstall PGP Command Line on Mac OS X:

1 Using the Terminal application, enter the following commands:

rm -rf /usr/bin/pgp

rm -rf /Library/Frameworks/PGP*

rm -rf /Library/Receipts/PGP*

2 PGP Command Line is uninstalled.

Preferences and keyrings are not removed when PGP Command Line is uninstalled.

Installing on Red Hat Enterprise Linux, SLES, or Fedora
Core

This section tells you how to install, change the home directory, and uninstall on a
Linux or Fedora Core system.

16 Installing

Installing on Red Hat Enterprise Linux, SLES, or Fedora Core

Installing on Red Hat Enterprise Linux or Fedora Core

You need to have root or administrator privileges on the machine on which you are
installing PGP Command Line.

Linux installations now default to /opt/pgp, which matches the default installation
location on other UNIX platforms. To install PGP Command Line on Linux to the
previous installation location (/usr/bin/), use the "--prefix=/usr" option.

If you have an existing Linux installation of PGP Command Line and do not install the
new version using the "--prefix=/usr" option, you will need to update your path to
include /opt/pgp/bin and you will need to update any scripts accordingly.

Caution: If you want to use the XML key list functionality in PGP Command Line, you

need to upgrade libxml2 to Version 2.6.8; the default is Version 2.5.10. If you attempt
to use the XML key list functionality without upgrading, you will receive an error.

To install PGP Command Line on a Linux system:

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer file called PGPCommandLine[version]Linux.tar to a

known location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine[version]Linux.rpm

4 Type: rpm -ivh PGPCommandLine[version]Linux.rpm

5 Press Enter.

The PGP Command Line application, pgp, is installed by default into /opt/pgp/.

By adding the option --prefix to the rpm command, you can install PGP Command
Line in a location other than the default.

To install PGP Command Line into a different directory:

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer file called PGPCommandLine[version]Linux.tar to a

known location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine[version]Linux.rpm

4 Type: rpm --prefix=/opt -ivh PGPCommandLine[version]Linux.rpm
5 Press Enter.

This command will install the application binary in the directory /opt/bin/pgp,
libraries in /opt/lib, etc. You will need to edit the environment variable
LD_LIBRARY_PATH to include the new library path for the software to function in any
location other than the default.