PGP Command Line - 9.5.2 Instruction Manual

December 2006

PGP® Command Line

User’s Guide

Rest Secured

Version Information

PGP Command Line 9.5.2 User’s Guide. Released December 2006.

Copyright © 1991–2006 by PGP Corporation. All Rights Reserved. No part of this document can be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of PGP Corporation.

Trademark Information

“PGP”, “Pretty Good Privacy”, and the PGP logo are registered trademarks and “Rest Secured” is a trademark of PGP Corporation in the U.S. and other countries. “IDEA” is a trademark of Ascom Tech AG. “Windows” is a registered trademark of Microsoft Corporation. “Red Hat” and “Red Hat Linux” are trademarks or registered trademarks of Red Hat, Inc. “Linux” is a registered trademark of Linus Torvalds. “Solaris” is a trademark or registered trademark of Sun Microsystems, Inc. “AIX” is a trademark or registered trademark of International Business Machines Corporation. “HP-UX” is a trademark or registered trademark of Hewlett-Packard Company. “Mac OS X” is a trademark or registered trademark of Apple Computer Corporation. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

Licensing and Patent Information

The IDEA cipher described in U.S. patent number 5,214,703 is licensed from Ascom Tech AG. The CAST algorithm is licensed from Northern Telecom, Ltd. PGP Corporation has secured a license to the patent rights contained in the patent application Serial Number 10/655,563 by The Regents of the University of California, entitled Block Cipher Mode of Operations for Constructing a Wide-blocksize block Cipher from a Conventional Block Cipher. PGP Corporation may have patents and/or pending patent applications covering subject matter in this software or its documentation; the furnishing of this software or documentation does not give you any license to these patents.

Acknowledgments

The Zip and ZLib compression code in PGP Command Line was created by Mark Adler and Jean-Loup Gailly; the Zip code is used with permission from the free Info-ZIP implementation. The BZip2 compression code in PGP Command Line was created by Julian Seward.

Export Information

Export of this software and documentation may be subject to compliance with the rules and regulations promulgated from time to time by the Bureau of Export Administration, U.S. Department of Commerce, which restrict the export and re-export of certain products and technical data.

Limitations

The software provided with this documentation is licensed to you for your individual use under the terms of the End User License Agreement provided with the software. The information in this document is subject to change without notice. PGP Corporation does not warrant that the information meets your requirements or that the information is free of errors. The information may include technical inaccuracies or typographical errors. Changes may be made to the information and incorporated in new editions of this document, if and when made available by PGP Corporation.

About PGP Corporation

Recognized worldwide as a leader in enterprise encryption technology, PGP Corporation develops, markets, and supports products used by more than 30,000 enterprises, businesses, and governments worldwide, including 90% of the Fortune® 100 and 75% of the Forbes® International 100. PGP products are also used by thousands of individuals and cryptography experts to secure proprietary and confidential information. During the past 15 years, PGP technology has earned a global reputation for standards-based, trusted security products. It is the only commercial security vendor to publish source code for peer review. The unique PGP encryption product suite includes PGP Universal—an automatic, self-managing, network-based solution for enterprises—as well as desktop, mobile, FTP/batch transfer, and SDK solutions. Contact PGP Corporation at www.pgp.com or +1 650 319 9000.

1 PGP Command Line Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Important Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Installing on AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Installing on HP-UX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Installing on Mac OS X. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Installing on Red Hat Enterprise Linux or Fedora Core . . . . . . . . . . . . . . . . 18

Installing on Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Installing on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

License Recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Using a License Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Using a License Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Re-Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Through a Proxy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

4 The Command-Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Flags and Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Environment Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Standard Input, Output, and Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Specifying a Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

‘Secure’ Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

5 First Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Creating Your Keypair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Protecting Your Private Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Distributing Your Public Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Getting the Public Keys of Others . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Verifying Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

iii

PGP Command Line User’s Guide Contents

6 Cryptographic Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

7 Key Listings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

8 Working with Keyservers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

9 Managing Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

10 Miscellaneous Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

11 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Boolean Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Integer Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Enumeration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

String Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

List Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

File Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

A Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Basic Key List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Detailed Key List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Key List in XML Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Detailed Signature List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

B Usage Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Secure Off-Site Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

PGP Command Line and PGP Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Compression Saves Money . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Surpasses Legal Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

C Quick Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

Environment Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

PGP Command Line User’s Guide Contents

Configuration File Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

D Command Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

E Codes and Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Messages Without Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Messages With Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Exit Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

F Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

G Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

PGP Command Line User’s Guide Contents

PGP Command Line Basics

Getting Started with PGP Command Line

This chapter describes some important PGP Command Line concepts and gives you a high-level overview of the things you need to do to set up and use PGP Command Line.

Important Concepts

The following concepts are important for you to understand:

 PGP Command Line: A software product from PGP Corporation that automates the

processes of encrypting/signing, decrypting/verifying, and file wiping; it provides a command-line interface to PGP technology.

 command-line interface: An interface where you type commands at a command

prompt. PGP Command Line uses a command-line interface.

 keyboard input: PGP Command Line was designed so that all relevant information

can be entered at the command line, thus requiring no further input from the keyboard to implement the commands.

 scripting: PGP Command Line commands can be easily inserted into scripts to be

used for automating tasks. For example, if your company regularly copies a large database to an off-site backup and then stores it there, PGP Command Line commands can be added to the script that does this so that the database is encrypted before it is transmitted to the off-site location and then decrypted when it arrives. PGP Command Line commands are easily added to shell scripts or scripts written with scripting languages (such as Perl or Python, for example).

 environment variables: Environment variables control various aspects of PGP

Command Line behavior; for example, the location of the PGP Command Line home directory. Environment variables are established on the computer running PGP Command Line.

 configuration file variables: When PGP Command Line starts, it reads the

configuration file, which includes special configuration variables and values for each variable. These settings affect how PGP Command Line operates. Configuration file variables can be changed permanently by editing the configuration file or overridden on a temporary basis by specifying a value for a configuration file variable on the command line.

 Self-Decrypting Archives (SDAs): PGP Command Line lets you create SDAs,

compressed and conventionally encrypted archives that require a passphrase to decrypt. SDAs contain an executable for the target platform, which means the recipient of an SDA does not need to have any PGP software installed to open the archive. You can thus securely transfer data to recipients with no PGP software installed. You will have to communicate the passphrase of the SDA to the recipient, however.

PGP Command Line User’s Guide 1: PGP Command Line Basics

 Additional Decryption Key (ADK): PGP Command Line supports the use of an

ADK, which is an additional key to which files or messages are encrypted, thus allowing the keeper of the ADK to retrieve data or messages as well as the intended recipient. Use of an ADK ensures that your corporation has access to all its proprietary information even if employee keys are lost or become unavailable.

 PGP Zip archives: The PGP Zip feature lets you encrypt/sign groups of files or entire

directories into a single compressed archive file. The archive format is tar and the supported compression formats are Zip, BZip2, and Zlib.

Getting Started

Now that you know a little bit about PGP Command Line, let’s go deeper into what you need to do to get started using it:

1 Install PGP Command Line. Specific instructions for installing PGP Command Line

on the supported platforms are in Chapter 2, Installation.

2 License the software. PGP Command Line functionality is extremely limited until

you license the software. Refer to Chapter 3, Licensing for more information.

3 Create your default key pair. Most PGP Command Line operations require a key

pair (a private key and a public key). Refer to “Creating Your Keypair” on page 46 for more information.

4 Protect your private key. Because your private key can decrypt your protected

data, it is important that you protect it. Do not write down or tell someone the passphrase. It is a good idea to keep your private key on a machine that only you can access, and in a directory that is not accessible from the network. Also, you should make a backup of the private key and store it in a secure location.

Refer to “Protecting Your Private Key” on page 47 for more information.

5 Exchange public keys with others. In order to encrypt data to someone you need

their public key; and they need yours to encrypt data to you.

Refer to “Getting the Public Keys of Others” on page 50 for more information about how to obtain public keys.

6 Verify the public keys you get from the keyserver. Once you have a copy of

someone’s public key, you add it to your public keyring. When you get someone’s public key, you should make sure that it has not been tampered with and that it really belongs to the purported owner. You do this by comparing the unique fingerprint on your copy of someone’s public key to the fingerprint on that person’s original key.

For more information about validity and trust, refer to An Introduction to Cryptography (it was put onto your computer during installation). For instructions how to verify someone’s public key, see “--fingerprint” on page 72.

7 Start securing your data. After you have generated your key pair and have obtained

public keys, you can begin encrypting, signing, decrypting, and verifying your data.

Installation

Overview

Instructions for All Platforms

This chapter lists the system requirements for, and tells you how to install PGP Command Line onto, the six supported platforms: AIX, HP-UX, Mac OS X, Linux, Solaris, and Windows. It also includes uninstall instructions.

PGP Command Line can be installed on these platforms:

 Windows Server 2003 (SP 1), Windows XP (SP 2), Windows 2000 (SP 4)

 HP-UX 11i and above (PA-RISC only)

 IBM AIX 5.2 and above

 RedHat Enterprise Linux 3.0 and above (x86 only)

 Fedora Core 3 and above (x86_64)

 Sun Solaris 9 (SPARC only)

 Apple Mac OS X 10.4 and above (Universal binary)

PGP Command Line uses a specific directory for the application data such as the configuration file, and a specific directory (called the home directory) for the files it creates, such as keyring files.

On any UNIX system, the application data and the home directory are identical and they are configured through the $HOME environment variable. For more information, refer to the installation instructions for the specific UNIX platform.

On Windows, the application data directory is used to store data such as the configuration file PGPprefs.xml. The home directory is called “My Documents” and is used to store keys. These two directories can be named differently, depending on the specific version on Windows. For more information, refer to “To Install on Windows” on page 22.

You can also use the --home-dir option on the command line to specify a different home

Caution

directory. Using this option affects only the command it is used in and does not change the PGP_HOME_DIR environment variable.

--home-dir on the command line overrides the current setting of the

Using PGP_HOME_DIR environment variable.

PGP Command Line User’s Guide 2: Installation

System Requirements

In general, system requirements for PGP Command Line are the same as the system requirements for the host operating system.

In addition to the hard drive space required by the base operating system, PGP Command Line requires additional space for both the data on which cryptographic operations (such as encryption, decryption, signing, and verifying) will be applied and temporary files created in the process of performing those operations.

For a given file being encrypted or decrypted, PGP Command Line can require several times the size of the original file in free hard drive space (depending on how much the file was compressed), enough to hold the original file or files and the final file resulting from the encryption or decryption operation.

In cases where PGP Zip functionality is used on a file, PGP Command Line may also require several times the size of the original file or files in free hard drive space, enough to hold the original file, a temporary file created when handling the archive, and the final file resulting from the encryption or decryption operation. Make sure you have adequate free hard drive space on your system before using PGP Command Line.

Windows Server 2003

Standard Edition

Component Requirement

Computer and processor

Memory 128 MB of RAM required; 256 MB or more recommended; 4 GB maximum

Hard disk 1.25 to 2 GB of available hard-disk space

Drive CD-ROM or DVD-ROM drive

Display VGA or hardware that supports console redirection required; Super VGA

PC with a 133-MHz processor required; 550-MHz or faster processor recommended (Windows Server 2003 Standard Edition supports up to four processors on one server)

supporting 800 x 600 or higher-resolution monitor recommended

PGP Command Line User’s Guide 2: Installation

Datacenter Edition

Component Requirement

Computer and processor

Memory Minimum: 512 MB of RAM; recommended: 1 GB of RAM

Hard disk 1.5 GB hard-disk space for x86-based computers

Other Minimum: 8-way capable multiprocessor machine required; maximum:

Minimum: 400 MHz processor for x86-based computers; recommended: 733 MHz processor

64-way capable multiprocessor machine supported

Enterprise Edition

These system requirements apply only to the 32-bit version of Windows Server 2003 Enterprise Edition; no support is provided for 64-bit versions of Windows Server 2003 Enterprise Edition.

Component Requirement

Computer and processor

133-MHz or faster processor for x86-based PCs; up to eight processors supported on either the 32-bit

Memory 128 MB of RAM minimum required; maximum: 32 GB for x86-based PCs

with the 32-bit version

Hard disk 1.5 GB of available hard-disk space for x86-based PCs; additional space is

required if installing over a network

Drive CD-ROM or DVD-ROM drive

Display VGA or hardware that supports console redirection required

Web Edition

Component Requirement

Computer and processor

Memory 128 MB of RAM (256 MB recommended; 2 GB maximum)

Hard disk 1.5 GB of available hard-disk space

133-MHz processor (550 MHz recommended)

Windows XP

Component Requirement

Computer and processor

Memory 128 megabytes (MB) of RAM or higher recommended (64 MB minimum

Hard disk 1.5 gigabyte (GB) of available hard disk space

PC with 300 megahertz (MHz) or higher processor clock speed recommended; 233-MHz minimum required; Intel Pentium/Celeron family, AMD K6/Athlon/Duron family, or compatible processor recommended

supported; may limit performance and some features)

PGP Command Line User’s Guide 2: Installation

Drive CD-ROM or DVD-ROM drive

Display Super VGA (800 × 600) or higher resolution video adapter and monitor

supporting 800 x 600 or higher-resolution monitor recommended

Windows 2000

Component Requirement

Computer and processor

Memory At least 64 megabytes (MB) of RAM; more memory generally improves

Hard disk 2 GB with 650 MB free space

Drive CD-ROM or DVD-ROM drive

Display VGA or higher resolution monitor

133 MHz or higher Pentium-compatible CPU

responsiveness

IBM AIX 5.2 and 5.3

PGP Command Line runs on the range of IBM eServer p5, IBM eServer pSeries, IBM eServer i5 and IBM RS/6000, as supported by IBM AIX 5.2 and 5.3.

HP-UX 11i

PGP Command Line runs on the list of PA-RISC workstation and servers supported by HP-UX 11i, as specified at http://docs.hp.com/en/5187-2239/ch03s01.html.

Solaris 9

Component Requirement

Computer and processor

Memory 64 MB minimum (128 MB recommended)

Hard disk 600 MB for desktops; one GB for servers

SPARC (32- and 64-bit) platforms

Red Hat Enterprise Linux and Fedora Core

Component Requirement

Computer and processor

Memory 256 MB minimum

Hard disk 800 MB minimum

x86 for Red Hat Enterprise Linux, Fedora websites for hardware compatibility

x86_64 for Fedora Core; see Red Hat or

PGP Command Line User’s Guide 2: Installation

Mac OS X

Component Requirement

Computer and processor

Memory 128 MB of physical RAM

Macintosh computer with PowerPC G3, G4, or G5 processor

Installing on AIX

This section tells you how to install, change the home directory, and uninstall on AIX.

To Install on AIX

You need to have root or administrator privileges on the machine on which you are installing PGP Command Line.

To install PGP Command Line onto an AIX machine:

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer application called PGPCommandLine905AIX.tar to a known

location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine95AIX.rpm

4 Ty p e: rpm -ivh PGPCommandLine95AIX.rpm

5 Press Enter.

By default, the PGP Command Line application, pgp, is installed into the directory /opt/pgp/bin. You need to add this directory to your PATH environment variable in order for the application to be found.

For sh-based shells, use this syntax:

PATH=$PATH:/opt/pgp/bin

For csh-based shells, use this syntax:

set path = ($path /opt/pgp/bin)

Also, in order to access the PGP Command Line man page, you need to set the MANPATH environment variable appropriately.

For sh-based shells, use this syntax:

MANPATH=$MANPATH:/opt/pgp/man; export MANPATH

For csh-based shells, use this syntax:

setenv MANPATH "/opt/pgp/man"

PGP Command Line User’s Guide 2: Installation

By adding the option --prefix to the rpm command, you can install PGP Command Line in a location other than the default:

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer application called PGPCommandLine95AIX.tar to a known

location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine95AIX.rpm

4 Ty p e: rpm --prefix=/usr/pgp -ivh PGPCommandLine95AIX.rpm

5 Press Enter.

This command installs the application binary in the directory /usr/pgp/bin/pgp, libraries in /usr/pgp/lib, and so on.

You will need to edit the environmental variable LIBPATH to include the new library path (/usr/pgp/lib) so that PGP Command Line can function in a location other than the default.

Changing the Home Directory on AIX

The home directory is where PGP Command Line stores the files that it creates and uses; for example, keyring files.

By default, the PGP Command Line installer for AIX creates the PGP Command Line home directory at $HOME/.pgp. If this directory does not exist, it will be created. For example, if the value of $HOME for user “alice” is /usr/home/alice, PGP Command Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of the directory listed in the $HOME variable, only .pgp.

If you want the home directory changed on a permanent basis, you will need to create the $PGP_HOME_DIR environment variable and specify the path of the desired home directory.

Uninstalling on AIX

Uninstalling PGP Command LIne on AIX requires root privileges, either through su or sudo.

To uninstall PGP Command Line on AIX:

1 Type the following command and press Enter:

2 PGP Command Line is uninstalled.

rpm -e pgpcmdln

PGP Command Line User’s Guide 2: Installation

Installing on HP-UX

This section tells you how to install, change the home directory, and uninstall on HP-UX.

To Install on HP-UX

You need to have root or administrator privileges on the machine on which you are installing PGP Command Line.

To install PGP Command Line onto an HP-UX machine:

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer file called PGPCommandLine95HPUX.tar to a known

location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine95HPUX.depot

4 Ty p e: swinstall -s /absolute/path/to/PGPCommandLine95HPUX.depot

5 Press Enter.

The PGP Command Line application, pgp, is installed into the directory /opt/pgp/bin. You need to add this directory to your PATH environment variable in order for the application to be found.

For sh-based shells, use this syntax:

PATH=$PATH:/opt/pgp/bin

For csh-based shells, use this syntax:

set path = ($path /opt/pgp/bin)

Also, in order to access the PGP Command Line man page, you need to set the MANPATH environment variable appropriately.

For sh-based shells, use this syntax:

MANPATH=$MANPATH:/opt/pgp/man; export MANPATH

For csh-based shells, use this syntax:

setenv MANPATH "/opt/pgp/man"

You may encounter an issue generating 2048- or 4096-bit keys on HP-UX systems running

Caution

PGP Command Line if you have altered the maximum number of shared memory segments that can be attached to one process, as configured by the shmseg system parameter. If you encounter this issue, reset the shmseg system parameter to its default value of 120. Consult your HP-UX documentation for information on how to alter system parameters.

PGP Command Line User’s Guide 2: Installation

Changing the Home Directory on HP-UX

The home directory is where PGP Command Line stores the files that it creates and uses; for example, keyring files.

By default, the PGP Command Line installer for HP-UX creates the PGP Command Line home directory in $HOME/.pgp. If this directory does not exist, it will be created. For example, if the value of $HOME for user “alice” is /usr/home/alice, PGP Command Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of the directory listed in the $HOME variable, only .pgp.

If you want the PGP Command Line home directory changed on a permanent basis, you can define the $PGP_HOME_DIR environment variable and specify the path of the desired home directory.

Uninstalling on HP-UX

Uninstalling PGP Command LIne on HP-UX requires root privileges, either su or sudo.

To uninstall PGP Command Line on HP-UX:

1 Type the following command and press Enter:

swremove pgpcmdln

2 PGP Command Line is uninstalled.

Installing on Mac OS X

To Install on Mac OS X

To install PGP Command Line onto a Mac OS X computer:

1 Close all applications.

2 Download the installer application, PGPCommandLine95MacOSX.tgz, to your

desktop.

3 Double-click on the file PGPCommandLine95MacOSX.tgz.

4 If you have Stuffit Expander, it will automatically first uncompress this file into

PGPCommandLine95MacOSX.tar, and then untar it into PGPCommandLine95MacOSX.pkg.

5 Double-click on the file PGPCommandLine95MacOSX.pkg.

6 Follow the on-screen instructions.

The Mac OS X PGP Command Line application, pgp, is installed into /usr/bin/.

After you run PGP Command Line for the first time, its home directory will be created automatically in the directory $HOME/.pgp.

PGP Command Line User’s Guide 2: Installation

Changing the Home Directory on Mac OS X

The home directory is where PGP Command Line stores the files that it creates and uses; for example, keyring files.

By default, the PGP Command Line installer for Mac OS X creates the PGP Command Line home directory at $HOME/.pgp. If this directory does not exist, it will be created. For example, if the value of HOME for user “alice” is /usr/home/alice, PGP Command Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of directory listed in the $HOME variable, only .pgp.

If you want the home directory changed permanently, you need to create the $PGP_HOME_DIR environment variable and specify the path of the desired home directory.

Uninstalling on Mac OS X

Uninstalling PGP Command LIne on Mac OS X requires administrative privileges.

If you have PGP Desktop for Mac OS X installed on the same system with PGP Command

Caution

Line, do not uninstall PGP Command Line unless you also plan to uninstall PGP Desktop. Uninstalling PGP Command Line will delete files that PGP Desktop requires to operate; you will have to reinstall PGP Desktop to return to normal operation.

To uninstall PGP Command Line on Mac OS X:

1 Using the Terminal application, enter the following commands:

rm -rf /usr/bin/pgp

rm -rf /Library/Frameworks/PGP*

rm -rf /Library/Receipts/PGP*

2 PGP Command Line is uninstalled.

Preferences and keyrings are not removed when PGP Command Line is uninstalled.

PGP Command Line User’s Guide 2: Installation

Installing on Red Hat Enterprise Linux or Fedora Core

To Install on Red Hat Enterprise Linux or Fedora Core

You need to have root or administrator privileges on the machine on which you are installing PGP Command Line.

If you want to use the XML key list functionality in PGP Command Line, you need to upgrade

Caution

libxml2 to Version 2.6.8; the default is Version 2.5.10. If you attempt to use the XML key list functionality without upgrading, you will receive an error.

To install PGP Command Line onto a Linux machine:

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer file called PGPCommandLine95Linux.tar to a known

location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine95Linux.rpm

4 Ty p e: rpm -ivh PGPCommandLine95Linux.rpm

5 Press Enter.

The PGP Command Line application, pgp, is installed by default into /usr/bin/.

By adding the option --prefix to the rpm command, you can install PGP Command Line in a location other than the default. Perform the following steps:

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer file called PGPCommandLine95Linux.tar to a known

location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine95Linux.rpm

4 Ty p e: rpm --prefix=/opt -ivh PGPCommandLine95Linux.rpm

5 Press Enter.

This command will install the application binary in the directory /opt/bin/pgp, libraries in /opt/lib, etc. You will need to edit the environment variable LD_LIBRARY_PATH to include the new library path for the software to function in any location other than the default.

PGP Command Line User’s Guide 2: Installation

Changing the Home Directory on Linux

The home directory is where PGP Command Line stores the files that it creates and uses; for example, keyring files.

By default, the PGP Command Line installer for Linux creates the PGP Command Line home directory at $HOME/.pgp. If this directory does not exist, it will be created. For example, if the value of $HOME for user “alice” is /usr/home/alice, PGP Command Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of the directory listed in the $HOME variable, only .pgp.

If you want the home directory changed on a permanent basis, you need to create the $PGP_HOME_DIR environment variable and specify the path of the desired home directory.

Uninstalling on Linux

Uninstalling PGP Command LIne on Linux requires root privileges, either su or sudo.

To uninstall PGP Command Line on Linux:

1 Type the following command and press Enter:

rpm -e pgpcmdln

2 PGP Command Line is uninstalled.

PGP Command Line User’s Guide 2: Installation

Installing on Solaris

This section tells you how to install, change the home directory, and uninstall on Solaris.

To Install on Solaris

You need to have root or administrator privileges on the machine on which you are installing PGP Command Line.

To install PGP Command Line onto a Solaris machine in the default directory:

1 If you have an existing version of PGP Command Line installed on the computer,

uninstall it.

2 Download the installer file called PGPCommandLine95Solaris.tar to a known

location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine95Solaris.pkg

4 Ty p e pkgadd -d PGPCommandLine95Solaris.pkg and press Enter.

5 At the first prompt, enter “1” or “all” to install the package.

If the directories /usr/bin and /usr/lib are not owned by root:bin, the install application pkgadd will ask if you want to change the ownership/group on these directories. It is not necessary to change them, but as an admin you may do so if you wish.

For sh-based shells, use this syntax:

PATH=$PATH:/opt/pgp/bin

For csh-based shells, use this syntax:

set path = ($path /opt/pgp/bin)

Also, in order to access the PGP Command Line man page, you need to set the MANPATH environment variable appropriately.

For sh-based shells, use this syntax:

MANPATH=$MANPATH:/opt/pgp/man; export MANPATH

For csh-based shells, use this syntax:

setenv MANPATH "/opt/pgp/man"

PGP Command Line User’s Guide 2: Installation

To install PGP Command Line on Solaris into a directory other than the default location:

1 If you have an existing version of PGP Command Line installed, uninstall it.

2 Download the installer application PGPCommandLine95Solaris.tar to a known

location on your system.

3 Untar the package first. You will get the following file:

PGPCommandLine95Solaris.pkg

4 Ty p e: pkgadd -a none -d PGPCommandLine95Solaris.pkg

(This will force an interactive installation).

5 Press Enter.

6 At the first prompt, enter “1” or “all” to install the package.

7 You will be asked to enter the path to the package’s base directory.

If you enter /usr/pgp, the binary will be installed to /usr/pgp/bin/pgp, libraries will be installed to /usr/pgp/lib, and so on.

You need to edit the environment variable LD_LIBRARY_PATH to include the new library path (/usr/pgp/lib) so that PGP Command Line can function in this location.

Changing the Home Directory on Solaris

The home directory is where PGP Command Line stores the files that it creates and uses; for example, keyring files.

By default, the PGP Command Line installer for Solaris creates the PGP Command Line home directory in $HOME/.pgp. If this directory does not exist, it will be created. For example, if the value of $HOME for user “alice” is /usr/home/alice, PGP Command Line will attempt to create /usr/home/alice/.pgp.

The PGP Command Line installer will not try to create any other part of the directory listed in the $HOME variable, only .pgp.

If you want the PGP Command Line home directory changed on a permanent basis, you can define the $PGP_HOME_DIR environment variable and specify the path of the desired home directory.

Uninstalling on Solaris

Uninstalling PGP Command LIne on Solaris requires root privileges, either su or sudo.

To uninstall PGP Command Line on Solaris:

1 Type the following command and press Enter:

pkgrm PGPcmdln

To uninstall with no confirmation, use: pkgrm -n PGPcmdln

2 PGP Command Line is uninstalled.

PGP Command Line User’s Guide 2: Installation

Installing on Windows

This section tells you how to install, change the home directory, and uninstall on Windows.

To Install on Windows

To install PGP Command Line onto a supported Windows system:

1 Close all Windows applications.

2 Download the installer application, PGPCommandLine95Win32.zip, to a known

location on your system.

3 Unzip the file PGPCommandLine95Win32.zip. You will get the following file:

PGPCommandLine95Win32.msi.

4 Double click on PGPCommandLine95Win32.msi.

5 Follow the on-screen instructions.

6 If prompted, restart your machine. A restart is needed only if other PGP products are

also installed on the same machine.

The Windows PGP Command Line application, pgp.exe, is installed into:

C:\Program Files\PGP Corporation\PGP Command Line\

After you run PGP Command Line for the first time, its home directory will be created automatically in the user’s home directory:

C:\Documents and Settings\<user>\My Documents\PGP\

Application data is stored in the directory:

C:\Documents and Settings\<user>\Application Data\PGP Corporation\PGP

Locations may be different for the different Windows versions.

Changing the Home Directory on Windows

The home directory is where PGP Command Line stores its keyring files. If a different PGP product has already created this directory, PGP Command Line will also use it (thus, PGP Command Line can automatically use existing PGP keys).

PGP Command Line data files, such as keys, are stored in the home directory:

C:\Documents and Settings\<user>\My Documents\PGP\

PGP Command Line application files, such as the configuration file PGPprefs.xml, are stored in:

C:\Documents and Settings\<user>\Application Data\PGP Corporation\PGP\

PGP Command Line User’s Guide 2: Installation

If you want the home directory changed on a permanent basis, you need to create the PGP_HOME_DIR environment variable and specify the path of the desired home directory.

To create the PGP_HOME_DIR environment variable on a supported Windows system:

1 Click Start, select Settings, select Control Panel, and then select System.

The System Properties dialog appears.

2 Select the Advanced tab, then click Environment Variables.

The Environment Variables screen appears.

3 In the User Variables section, click New.

The New User Variable dialog appears.

4 In the Variable name field, enter PGP_HOME_DIR. In the Variable value field, enter

the path of the home directory you want to use. For example:

C:\PGP\PGPhomedir\

5 Click OK.

The Environment Variables screen reappears. PGP_HOME_DIR appears in the list of user variables.

Uninstalling on Windows

To uninstall PGP Command Line on a supported Windows system:

1 Navigate to the Add or Remove Programs Control Panel.

2 Select PGP Command Line from the list of installed programs.

3 Click Remove, then follow the on-screen instructions.

PGP Command Line is uninstalled.

PGP Command Line User’s Guide 2: Installation

Licensing

Overview

Instructions for Licensing PGP Command Line

PGP Command Line requires a valid license to operate. This chapter describes how to license your copy of PGP Command Line.

PGP Command Line requires a valid license to support full functionality. If you use PGP Command Line without entering a license or after your license has expired, only basic functionality will be available; you will only be able to get help and version information; perform a speed test; list keys, user IDs, fingerprints, and signatures; export public keys and keypairs; and license PGP Command Line.

As PGP Command Line will not operate normally until licensed, you should license it

Caution

immediately after installation.

When your license gets within 60 days of expiration, PGP Command Line begins issuing warnings that license expiration is nearing. There is no grace period once the license expiration date has been reached.

PGP Command Line supports the following licensing scenarios:

 Using a license number: This is the normal method to license PGP Command Line.

You must have your license number and a working connection to the Internet.

 Using a license authorization file: This licensing method uses licensing information

in a file that was obtained from PGP Corporation. This method does not require a working connection to the Internet.

 Re-licensing: If you have already licensed PGP Command Line on a system but want

to re-license it with a new license number (to support additional functionality, for example), use this method. You must have your new license number and a working connection to the Internet.

 Through a proxy server: If you connect to the Internet through a proxy server, use

this method to license PGP Command Line. You must have your license number and the appropriate proxy server information.

All of these scenarios are described in detail below.

PGP Command Line User’s Guide 3: Licensing

License Recovery

When you first enter your PGP Command Line license, one option is --license-email, which takes a valid email address.

You are not required to use --license-email to license your copy of PGP Command Line, but it is required if you want to take advantage of the license recovery feature.

The license recovery feature provides an automated mechanism for retrieving your original licensing information for those occasions when you need to enter it again.

Here is how the license recovery feature works: When you first license your copy of PGP Command Line, you enter a License Name, License Organization, your License Number, and a License Email. The license authorizes, and you begin using PGP Command Line.

Several months pass. The hardware hosting PGP Command Line fails and it is no longer usable. You need to reinstall PGP Command Line on a new system. You still have your PGP Command Line license number, but you enter your company name differently in License Organization; you didn’t remember exactly how you entered it several months ago, and this time you picked a slightly different form (or maybe you even mis-typed it by mistake).

Not a big deal, you think; what difference could it make? But when you attempt to authorize the license, it doesn’t work.

What happened is that when you re-license PGP Command Line, you must enter the same information exactly as you did the first time or it will not license correctly.

At this point the license recovery feature kicks in. When you attempt to re-license PGP Command Line, and you enter a valid license, but the License Name or License Organization you enter is different, the license recovery feature sends an email message to the License Email you entered the first time you licensed PGP Command Line.

The email message includes the License Name and License Organization you used when you first licensed PGP Command Line. You can now license PGP Command Line on the new system using the information in the message.

The key to the license recovery feature is entering a valid email address when you first license PGP Command Line. The license recovery feature will only use the email address you enter when you first license a specific PGP Command Line license. You can’t add or change the email address at a later time; if you don’t enter it the first time you license, the license recovery feature won’t work for that particular PGP Command Line license.

If the license recovery feature isn’t available for a PGP Command Line license, but you need your original License Name or License Organization, you need to contact PGP Support. Refer to pgpsupport.com for more information.

PGP Command Line User’s Guide 3: Licensing

Using a License Number

If you have a license number and a working Internet connection you can license your copy of PGP Command Line.

Use --license-authorize to license PGP Command Line.

The following options are required:

 --license-name <Name>

Where <Name> is your name or a descriptive name.

 --license-organization <Org>

Where <Org> is the name of your company.

 --license-number <Number>

Where <Number> is a valid license number.

The following option is not required but is recommended:

 --license-email <EmailAddress>

Where <EmailAddress> is a valid email address, generally the email address of the PGP Command Line administrator.

Before deciding not to enter a license email, be sure to refer to “License Recovery” on

page 26. Not entering a license email when you first license your copy of PGP Command

Line negates the license recovery feature for your PGP Command Line license. If you decide not to enter a license email, you will see a warning message but your license will authorize.

For example:

pgp --license-authorize --license-name "Alice Cameron"

--license-organization "Example Corporation"

--license-number "aaaaa-bbbbb-ccccc-ddddd-eeeee-fff"

--license-email "acameron@example.com"

(When entering this text, it all goes on a single line.)

PGP Command Line User’s Guide 3: Licensing

Using a License Authorization

If you have both a license number and a license authorization (a text file) from PGP Corporation instead of just a license number, you need to list the name of the license authorization file in the command.

You may need a license authorization if you are having problems authorizing your license number or if the system hosting PGP Command Line is not connected to the Internet.

Use --license-authorize to license PGP Command Line using a license authorization.

The following options are required:

 --license-name <Name>

Where <Name> is your name or a descriptive name.

 --license-organization <Org>

Where <Org> is the name of your company.

 --license-number <Number>

Where <Number> is a valid license number.

The following option is not required but is recommended:

 --license-email <EmailAddress>

Where <EmailAddress> is a valid email address, generally the email address of the PGP Command Line administrator.

Before deciding not to enter a license email, be sure to refer to “License Recovery” on

page 26. Not entering a license email when you first license your copy of PGP Command

Line negates the license recovery feature for your PGP Command Line license. If you decide not to enter a license email, you will see a warning message but your license will authorize.

For example:

pgp --license-authorize --license-name "Alice Cameron"

--license-organization "Example Corporation"

--license-number "aaaaa-bbbbb-ccccc-ddddd-eeeee-fff" license-auth.txt --license-email "acameron@example.com"

(When entering this text, it all goes on a single line.)

In this example, the text file “license-auth.txt” is shown after the license number.

PGP Command Line User’s Guide 3: Licensing

Re-Licensing

If you have already licensed your copy of PGP Command Line on a system, but you need to re-license it on the same system (if you have purchased a new license with additional capabilities, for example), you must use the <force> option to override the existing license.

You can use a license number or a license authorization when you are re-licensing.

Use --license-authorize to re-license PGP Command Line.

The following options are required:

 --license-name <Name>

Where <Name> is your name or a descriptive name.

 --license-organization <Org>

Where <Org> is the name of your company.

 --license-number <Number>

Where <Number> is a valid license number.

 --force

The following option is not required but is recommended:

 --license-email <EmailAddress>

Where <EmailAddress> is a valid email address, generally the email address of the PGP Command Line administrator.

The following option is optional:

 <LicenseAuthFilename>

Where <LicenseAuthFilename> is the name of the text file from PGP Corporation that includes license authorization information.

Before deciding not to enter a license email, be sure to refer to “License Recovery” on

page 26. Not entering a license email when you first license your copy of PGP Command

Line negates the license recovery feature for your PGP Command Line license. If you decide not to enter a license email, you will see a warning message but your license will authorize.

For example:

pgp --license-authorize --license-name "Alice Cameron"

--license-organization "Example Corporation"

--license-number "aaaaa-bbbbb-ccccc-ddddd-eeeee-fff"

--license-email "acameron@example.com" --force

(When entering this text, it all goes on a single line.)

PGP Command Line User’s Guide 3: Licensing

Through a Proxy Server

If the Internet access of the system hosting PGP Command Line is via an HTTP proxy connection, you can still license your copy of PGP Command Line directly; you simply need to add the necessary proxy information.

Use --license-authorize to license PGP Command Line via a proxy server.

The following options are required:

 --license-name <Name>

Where <Name> is your name or a descriptive name.

 --license-organization <Org>

Where <Org> is the name of your company.

 --license-number <Number>

Where <Number> is a valid PGP Command Line license number.

 --proxy-server <Server>

Where <Server> is the IP address or fully qualified domain name of the proxy server PGP Command Line must go through to reach the Internet.

The following options are not required; they are only needed when the proxy server requires authentication:

 --proxy-username <Username>

Where <Username> is a valid username on the proxy server.

 --proxy-passphrase <Passphrase>

Where <Passphrase> is the passphrase for the username you entered.

The following option is not required but is recommended:

 --license-email <EmailAddress>

Where <EmailAddress> is a valid email address, generally the email address of the PGP Command Line administrator.

Before deciding not to enter a license email, refer to “License Recovery” on page 26. Not entering a license email when you first license your copy of PGP Command Line negates the license recovery feature for your PGP Command Line license. If you decide not to enter a license email, you will see a warning message but your license will authorize.

For example:

pgp --license-authorize --license-name "Alice Cameron"

--license-organization "Example Corporation"

--license-number "aaaaa-bbbbb-ccccc-ddddd-eeeee-fff"

--proxy-server "proxyserver.example.com"

--proxy-username "acameron"

--proxy-passphrase "a_cameron1492sailedblue"

--license-email "acameron@example.com"

(When entering this text, it all goes on a single line.)

+ 246 hidden pages