PGP NetShare Command Line - 10.1 Instruction Manual

PGP NetShare Command Line

User's Guide

Version Information

PGP NetShare Command Line User's Guide. 10.1. Released September 2010.

Copyright © 1991-2010 by PGP Corporation. All Rights Reserved. No part of this document can be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of PGP Corporation.

Trademark Information

PGP, Pretty Good Privacy, and the PGP logo are registered trademarks of PGP Corporation in the US and other countries. IDEA is a trademark of Ascom Tech AG. Windows and ActiveX are registered trademarks of Microsoft Corporation. AOL is a registered trademark, and AOL Instant Messenger is a trademark, of America Online, Inc. Red Hat and Red Hat Linux are trademarks or registered trademarks of Red Hat, Inc. Linux is a registered trademark of Linus Torvalds. Solaris is a trademark or registered trademark of Sun Microsystems, Inc. AIX is a trademark or registered trademark of International Business Machines Corporation. HP-UX is a trademark or registered trademark of Hewlett-Packard Company. SSH and Secure Shell are trademarks of SSH Communications Security, Inc. Rendezvous and Mac OS X are trademarks or registered trademarks of Apple Computer, Inc. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

Licensing and Patent Information

The IDEA cryptographic cipher described in U.S. patent number 5,214,703 is licensed from Ascom Tech AG. The CAST-128 encryption algorithm, implemented from RFC 2144, is available worldwide on a royalty-free basis for commercial and non-commercial uses. PGP Corporation has secured a license to the patent rights contained in the patent application Serial Number 10/655,563 by The Regents of the University of California, entitled Block Cipher Mode of Operation for Constructing a Wide-blocksize block Cipher from a Conventional Block Cipher. Some third-party software included in PGP Universal Server is licensed under the GNU General Public License (GPL). PGP Universal Server as a whole is not licensed under the GPL. If you would like a copy of the source code for the GPL software included in PGP Universal Server, contact may have patents and/or pending patent applications covering subject matter in this software or its documentation; the furnishing of this software or documentation does not give you any license to these patents.

PGP Support (https://support.pgp.com). PGP Corporation

Acknowledgments

This product includes or may include:

-- The Zip and ZLib compression code, created by Mark Adler and Jean-Loup Gailly, is used with permission from the free Info-ZIP implementation, developed by zlib ( under the MIT License found at freely available high-quality data compressor, is copyrighted by Julian Seward, © 1996-2005. -- Application server (

http://www.apache.org/), Jakarta Commons (http://jakarta.apache.org/commons/license.html) and log4j, a Java-based library used to parse

server ( HTML, developed by the Apache Software Foundation. The license is at binding framework for moving data from XML to Java programming language objects and from Java to databases, is released by the ExoLab Group under an Apache 2.0-style license, available at Foundation that implements the XSLT XML transformation language and the XPath XML query language, is released under the Apache Software License, version 1.1, available at Protocol") used for communications between various PGP products is provided under the Apache license found at

http://www.apache.org/licenses/LICENSE-2.0.txt. -- mx4j, an open-source implementation of the Java Management Extensions (JMX), is released

under an Apache-style license, available at Independent JPEG Group. ( distributed under the MIT License distributed by University of Cambridge. ©1997-2006. The license agreement is at and Domain Name System (DNS) protocols developed and copyrighted by Internet Systems Consortium, Inc. ( implementation of daemon developed by The FreeBSD Project, © 1994-2006. -- Simple Network Management Protocol Library developed and copyrighted by Carnegie Mellon University © 1989, 1991, 1992, Networks Associates Technology, Inc, © 2001- 2003, Cambridge Broadband Ltd. © 2001- 2003, Sun Microsystems, Inc., © 2003, Sparta, Inc, © 2003-2006, Cisco, Inc and Information Network Center of Beijing University of Posts and Telecommunications, © 2004. The license agreement for these is at by Network Time Protocol and copyrighted to various contributors. -- Lightweight Directory Access Protocol developed and copyrighted by OpenLDAP Foundation. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP). Copyright © 1999-2003, The OpenLDAP Foundation. The license agreement is at OpenBSD project is released by the OpenBSD Project under a BSD-style license, available at

bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD. -- PC/SC Lite is a free implementation of PC/SC, a specification for SmartCard integration is released

under the BSD license. -- Postfix, an open source mail transfer agent (MTA), is released under the IBM Public License 1.0, available at

http://www.opensource.org/licenses/ibmpl.php. -- PostgreSQL, a free software object-relational database management system, is released under a

BSD-style license, available at PostgreSQL database using standard, database independent Java code, (c) 1997-2005, PostgreSQL Global Development Group, is released under a BSD-style license, available at database management system, is released under a BSD-style license, available at version of cron, a standard UNIX daemon that runs specified programs at scheduled times. Copyright © 1993, 1994 by Paul Vixie; used by permission. -

- JacORB, a Java object used to facilitate communication between processes written in Java and the data layer, is open source licensed under the GNU Library General Public License (LGPL) available at is an open-source implementation of a CORBA Object Request Broker (ORB), and is used for communication between processes written in C/C++ and the data layer. Copyright (c) 1993-2006 by Douglas C. Schmidt and his research group at Washington University, University of California, Irvine, and Vanderbilt University. The open source software license is available at downloading files via common network services, is open source software provided under a MIT/X derivate license available at

under a BSD-style license, available at libpopt, a library that parses command line options, is released under the terms of the GNU Free Documentation License available at

to communicate with the Intel Corporation AMT chipset on a motherboard, is distributed under the gSOAP Public License version 1.3b, available at

http://www.zlib.net). -- Libxml2, the XML C parser and toolkit developed for the Gnome project and distributed and copyrighted

http://jakarta.apache.org/), web

www.apache.org/licenses/LICENSE-2.0.txt. -- Castor, an open-source, data-

http://www.castor.org/license.html. -- Xalan, an open-source software library from the Apache Software

http://xml.apache.org/xalan-j/#license1.1. -- Apache Axis is an implementation of the SOAP ("Simple Object Access

http://mx4j.sourceforge.net/docs/ch01s06.html. -- jpeglib version 6a is based in part on the work of the

http://www.ijg.org/) -- libxslt the XSLT C library developed for the GNOME project and used for XML transformations is

http://www.opensource.org/licenses/mit-license.html. -- PCRE Perl regular expression compiler, copyrighted and

http://www.pcre.org/license.txt. -- BIND Balanced Binary Tree Library

http://www.isc.org) -- Free BSD

http://net-snmp.sourceforge.net/about/license.html. -- NTP version 4.2 developed

http://www.openldap.org/software/release/license.html. Secure shell OpenSSH developed by

http://www.openbsd.org/cgi-

http://www.postgresql.org/about/licence. -- PostgreSQL JDBC driver, a free Java program used to connect to a

http://jdbc.postgresql.org/license.html. -- PostgreSQL Regular Expression Library, a free software object-relational

http://www.postgresql.org/about/licence. -- 21.vixie-cron is the Vixie

http://www.cs.wustl.edu/~schmidt/ACE-copying.html. -- libcURL, a library for

http://www.cs.fsu.edu/~engelen/license.html. -- Windows Template Library (WTL) is used for developing user interface components and is distributed

under the Common Public License v1.0 found at automate a variety of maintenance functions and is provided under the Perl Artistic License, found at

http://www.perl.com/pub/a/language/misc/Artistic.html. -- rEFIt - libeg, provides a graphical interface library for EFI, including image rendering, text

rendering, and alpha blending, and is distributed under the license found at

reserved. -- Java Radius Client, used to authenticate PGP Universal Web Messenger users via Radius, is distributed under the Lesser General Public License (LGPL) found at Copyright (c) 2009, Yahoo! Inc. All rights reserved. Released under a BSD-style license, available at

JSON-lib version 2.2.1, a Java library used to convert Java objects to JSON (JavaScript Object Notation) objects for AJAX. Distributed under the

Apache 2.0 license, available at available at available at available at common configuration file format used on Windows, on other platforms. Distributed under the MIT License found at

Standard Template Library functions and data structures and is distributed under the MIT License found at

format, are used to serialize structure data in the PGP SDK. Distributed under the BSD license found at

Additional acknowledgements and legal notices are included as part of the PGP Universal Server.

http://ezmorph.sourceforge.net/license.html. -- Apache Commons Lang, used by JSON-lib, is distributed under the Apache 2.0 license, http://commons.apache.org/license.html. -- Apache Commons BeanUtils, used by JSON-lib, is distributed under the Apache 2.0 license, http://commons.apache.org/license.html. -- SimpleIni is an .ini format file parser and provides the ability to read and write .ini files, a

http://www.gnu.org/licenses/lgpl.html. -- Yahoo! User Interface (YUI) library version 2.5.2, a Web UI interface library for AJAX.

http://json-lib.sourceforge.net/license.html. -- EZMorph, used by JSON-lib, is distributed under the Apache 2.0 license,

http://opensource.org/licenses/cpl1.0.php. -- The Perl Kit provides several independent utilities used to

http://developer.yahoo.com/yui/license.html. --

http://www.opensource.org/licenses/mit-

http://www.opensource.org/licenses/bsd-

Export Information

Export of this software and documentation may be subject to compliance with the rules and regulations promulgated from time to time by the Bureau of Export Administration, United States Department of Commerce, which restricts the export and re-export of certain products and technical data.

Limitations

The software provided with this documentation is licensed to you for your individual use under the terms of the End User License Agreement provided with the software. The information in this document is subject to change without notice. PGP Corporation does not warrant that the information meets your requirements or that the information is free of errors. The information may include technical inaccuracies or typographical errors. Changes may be made to the information and incorporated in new editions of this document, if and when made available by PGP Corporation.

Unsupported Third Party Products

By utilizing third party products, software, drivers, or other components ("Unsupported Third Party Product") to interact with the PGP software and/or by utilizing any associated PGP command or code provided by to you by PGP at its sole discretion to interact with the Unsupported Third Party Product ("PGP Third Party Commands"), you acknowledge that the PGP software has not been designed for or formally tested with the Unsupported Third Party Product, and therefore PGP provides no support or warranties with respect to the PGP Third Party Commands or the PGP software's compatibility with Unsupported Third Party Products. THE PGP THIRD PARTY COMMANDS ARE PROVIDED "AS IS," WITH ALL FAULTS, AND THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH YOU. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PGP DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT, QUIET ENJOYMENT, AND ACCURACY WITH RESPECT TO THE PGP THIRD PARTY COMMANDS OR THE PGP SOFTWARE'S COMPATIBILITY WITH THE UNSUPPORTED THIRD PARTY PRODUCT.

Contents

Introduction 3

About PGP NetShare 3 About PGP NetShare Command Line 4 Audience 4 System Requirements 4 Installing and Uninstalling 4 Upgrading to Version 10.1 5

The Command-Line Interface 7

Overview 7 Scripting 8 Editing the Path on a System 8 Configuration File 9 Environment Variables 10

Creating Environment Variables 11 Passphrases 12 XML Output 12 Searching for Keys on Remote Servers 13

Commands 15

--version 16

--help (-h) 17

--encrypt (-e) 17

--decrypt 20

--reencrypt (-r) 21

--reencrypt-full 23

--reencrypt-delta 25

--reencrypt-clone 27

--list (-l) 28

--list-xml 29

--verify (-v) 29

--lock-all 30

--unlock 30

--set-driver 31

--get-driver 32

Options 33

--recipient (-r) 35

--recipient-owner 35

--recipient-operator 35

PGP NetShare Command Line Contents

--recipient-remove 35

--recipient-xml 36

--group (-g) 36

--group-operator 37

--signer (s) 37

--signer-passphrase 37

--signer-passphrase-fd 37

--passphrase (-p) 38

--passphrase-fd 38

--adk 39

--public-keyring 39

--private-keyring 39

--universal-server 40

--auth-username 40

--auth-passphrase 40

--auth-passphrase-fd 41

--input (-i) 41

--output (-o) 41

--output-file 41

--home-dir 42

Flags 43

--verbose 43

--remote 44

--force 44

--halt-on-error 44

--local-mode 44

--preserve 45

--quiet 45

Quick Reference 47

Commands 47 Options 48 Flags 48

Introduction

This User's Guide tells you how to use the PGP NetShare Command Line application.

In This Chapter

About PGP NetShare ................................................................................. 3

About PGP NetShare Command Line ....................................................... 4

Audience.................................................................................................... 4

System Requirements ............................................................................... 4

Installing and Uninstalling .......................................................................... 4

Upgrading to Version 10.1......................................................................... 5

About PGP NetShare

PGP NetShare is a software product that lets a defined set of users access files in a shared, protected space (such as on a corporate file server, in a shared folder, or even removable media such as a thumb drive).

The files are protected by encryption, but continue to appear (to the users who have access rights) as normal application files. Anyone without access rights to the files, but who can access the shared space, can see the files but does not have access to the content.

PGP NetShare can be purchased as a standalone product, as one product among several products for example, PGP Desktop Email or PGP Whole Disk Encryption), or as part of PGP Desktop.

For more information about PGP NetShare, see the:

PGP Desktop User's Guide

 

PGP NetShare Quick Start Guide



PGP NetShare Data Sheet

PGP NetShare Command Line Introduction

About PGP NetShare Command Line

PGP NetShare Command Line gives you access to PGP NetShare functionality using a command-line interface.

Accessing PGP NetShare Command Line functions from the command line is useful for scripting PGP NetShare functions, troubleshooting problems, or if the graphical user interface is not available.

Note: Not all PGP NetShare functions are available via the command line.

PGP NetShare Command Line is always in one of two operation modes:

 desktop. PGP Desktop is also installed on the system.  standalone. PGP Desktop is not installed on the same system.

Run the

--version command to see what operation mode PGP NetShare

Command Line is in.

When you run the that are available in the current operation mode are displayed.

Audience

This User's Guide is for anyone who is going to be using PGP NetShare Command Line to perform PGP NetShare functions from the command line.

It assumes you are familiar with using PGP NetShare via the graphical user interface in the standalone product or as part of PGP Desktop.

System Requirements

The system requirements for PGP NetShare Command Line are the same as for PGP NetShare itself; if PGP NetShare (standalone or as part of PGP Desktop) installs on a system, PGP NetShare Command Line (pgpnetshare.exe) will also install and be usable.

--help command, only those commands, options, and flags

Installing and Uninstalling

PGP NetShare Command Line (pgpnetshare.exe) is installed automatically when PGP NetShare is installed on a system.

PGP NetShare Command Line Introduction

The default location for either installation is: C:\Program Files\PGP Corporation\PGP Desktop\pgpnetshare.exe

To uninstall PGP NetShare Command Line, simply uninstall PGP NetShare or PGP Desktop.

Upgrading to Version 10.1

Changes were made to PGP NetShare Command Line in Version 10.1, resulting in some commands, options, and flags from previous versions being removed.

If you scripted previous versions of PGP NetShare Command Line, make sure to check your scripts to ensure that they do not reference commands, options, or flags that are no longer in the product.

The Command-Line

Interface

This section describes the command-line interface of PGP NetShare Command Line.

In This Chapter

Overview ................................................................................................... 7

Scripting..................................................................................................... 8

Editing the Path on a System .................................................................... 8

Configuration File....................................................................................... 9

Environment Variables............................................................................. 10

Passphrases............................................................................................. 12

XML Output............................................................................................. 12

Searching for Keys on Remote Servers .................................................. 13

Overview

PGP NetShare Command Line uses a command-line interface. You enter a valid command at the command prompt and press Line responds appropriately based on what you entered (if you entered a valid command) or with an error message (if you entered an invalid or incorrectly structured command).

All PGP NetShare Command Line commands have a "pgpnetshare", a space, two hyphens "

For example:

C:\>pgpnetshare --help [Enter]

is the command to display the built-in help information.

(The command prompt, C:\>, and [Enter] will no longer be shown in examples.)

A few commands also have a that substitutes for the command name. For example:

pgpnetshare -h

is the short form of the command to access help.

short form: one hyphen and then a single letter

--", and then the command name.

Enter. PGP NetShare Command

long form: the text

PGP NetShare Command Line The Command-Line Interface

Scripting

Short forms of commands are noted where appropriate.

PGP NetShare Command Line commands can easily be inserted into scripts for automating common tasks, such as creating a Protected Folder, re-encrypting a Protected Folder, or verifying files and folders in a Protected Folder.

PGP NetShare Command Line commands can easily be added to scripts written with scripting languages such as Perl or Python.

Editing the Path on a System

By default, the PGP NetShare Command Line application, pgpnetshare.exe, is installed in C:\Program Files\PGP Corporation\PGP Desktop\.

To use PGP NetShare Command Line using the Windows Command Prompt application, you need to navigate to the PGP NetShare Command Line directory to execute commands (or the commands will fail).

If you wish to be able to execute PGP NetShare Command Line commands from any location when using Windows Command Prompt, you need to change the path on the system to include the location of the PGP NetShare Command Line application.

To add the PGP NetShare Command Line application to your path on a Windows 7 or Vista system:

1 On the Windows desktop, right click the

Computer icon, then select

Properties.

2 On the left side of the

System Settings

System Control Panel screen, click Advanced

3 If you are prompted for permission to continue, click Continue. 4 At the bottom of the System Properties screen, click Environment

Variables

5 In the

Variables

6 At the end of the existing

System Variables section at the bottom of the Environment

screen, select Path, then click Edit.

Variable value line, enter a semicolon (;), then

add the path to the PGP NetShare Command Line application

7 Click OK to save the change, then close the windows you opened.

PGP NetShare Command Line The Command-Line Interface

To add the PGP NetShare Command Line application to your path on a Windows XP or 2000 system:

1 On the Windows desktop, right click the

2 On the 3 At the bottom of the 4 In the

5 At the end of the existing Variable value line, enter a semicolon (;), then

6 Click

Configuration File

The PGP NetShare Command Line configuration file holds settings that affect how PGP NetShare Command Line works.

The PGP NetShare Command Line configuration file (PGPprefs.xml) cannot be changed by PGP NetShare Command Line itself: any changes need to be edited manually.

The PGP NetShare Command Line configuration file is located:

My Computer icon, then select

Properties.

System Properties dialog, click the Advanced tab.

Advanced tab, click Environment Variables.

System Variables section at the bottom of the Environment

Variables

screen, select Path, then click Edit.

add the path to the PGP NetShare Command Line application.

OK to save the change, then close the windows you opened.

 Windows XP:

Data\PGP Corporation\PGP\

C:\Documents and Settings\[Local User]\Application

 Windows 7 and Vista: C:\Users\[Local User]\AppData\Roaming\PGP

Corporation\PGP\

Note: Configuration file settings in PGPprefs.xml are shared among all PGP

Corporation applications on the system.

Configuration file settings you can use with PGP NetShare Command Line are:



Output File (CLoutputFile). Specifies the output file (default is not set in the configuration file; defaults to stdout). The output file is used for output messages. See



Private keyring file (privateKeyringFile). The filename or path and filename to the private keyring file. The default is the default PGP NetShare Command Line home directory. See

keyring

for more information.

--output-file for more information.

secring.skr, located in

--private-

 Public keyring file (publicKeyringFile). The filename or path and

filename to the public keyring file. The default is the default PGP NetShare Command Line home directory. See

keyring

for more information.

pubring.pkr, located in

--public-

PGP NetShare Command Line The Command-Line Interface

 Keyservers (keyservers). Specifies the keyserver(s) to be searched for

keys.



Always encrypt to keys (alwaysEncryptToKeys). Specifies keys that should always be added implicitly when encrypting and re-encrypting.



Configured Universal Server (adminGroupServer). Specifies the PGP Universal Server used for activity logging, key and Active Directory group queries. Only available in configured installs with PGP Desktop.

Enrollment Cookie (adminConfigCookie). Authenticates the user



against a PGP Universal Server for an operation. Only available in configured installs with PGP Desktop.



Location Blacklist (blackListContent, enableBlackList). Entries in the Blacklist specify those locations that should never be encrypted by PGP NetShare Command Line.



Organization ADK (ADKKeyID, useADK). Specifies the centralized organization ADK (Additional Decryption Key). Usually only available in configured installs with PGP Desktop.



Policy ADK (policyADK, usePolicyADK). Specifies a policy-specific ADK. Usually only available in configured installs with PGP Desktop.



Manage Individual Files (allowAdvancedUserMode). Controls whether the user is allowed to manage (encrypt, decrypt, or re-encrypt) single files, as opposed to folders that might contain files.

Environment Variables

PGP NetShare Command Line behavior can be changed using environment variables.

Environment variables have the lowest priority compared to the command line and the configuration file. Settings for either will override environment variables. However, if a value for an item is not specified on the command line or in the configuration file, the environment variable will be used. Environment variables cannot be disabled; if they are present, they are implemented. To disable an environment variable, remove it. Setting a Boolean environment variable will activate it, regardless of the value to which it is set.

Environment variables that can be implemented for PGP NetShare Command Line are:

PGP_LOCAL_MODE. This is a Boolean environment variable that forces



PGP NetShare Command Line to run in local mode. The default is unset.

--local-mode for more information.

See

Usage:

PGP_LOCAL_MODE=1

PGP NetShare Command Line The Command-Line Interface

 PGP_HOME_DIR. This is a string environment variable that overrides the

default home directory, pointing it to the path supplied in the variable. The default is unset. See

--home-dir for more information.

Usage:

PGP_HOME_DIR=C:\Documents and Settings\<current

user>\Application Data\PGP Corporation\PGP\

 PGP_PASSPHRASE. This is a string environment variable that lets you set

your passphrase. The default is unset. See information.

Usage:

PGP_PASSPHRASE="1Killer*Whale"

Creating Environment Variables

PGP NetShare Command Line lets you create environment variables to control certain behaviors.

 To create

1 Right click the 2 On the System window, click on Advanced system settings in the left

pane.

3 On the

click on

4 In the

New.

an environment variable on a Windows 7 system:

System Properties window, select the Advanced tab and then

Environment Variables near the bottom of the window.

User Variables section of the Environment Variables screen, click

--passphrase for more

Computer icon on your desktop and choose Properties.

5 In the Variable name field, enter a name for the variable you are creating.

For example, if you were setting the PGP_HOME_DIR environment variable, you would enter:

PGP_HOME_DIR

6 In the Variable value field, enter a value appropriate for the variable you

are creating.

For example, if you were setting the PGP_HOME_DIR environment variable, you could enter:

C:\PGP\PGPhomedir\

7 Click OK.

The Environment Variables screen reappears. The environment variable you created displays in the

User variables list.

8 Click OK. 9 On the System Properties window, click Apply then click OK. 10 Close the

System window.

PGP NetShare Command Line The Command-Line Interface

Passphrases

For consistency, all example passphrases in this guide are shown in single quotation marks ('). Putting passphrases between single quotation marks ensures that reserved characters and spaces are interpreted correctly when entered on the command line.

If you do not use any reserved characters or spaces in your passphrases, then you do not have to enclose them in single quotation marks.

On Windows systems, if you have a space in a passphrase, you must enclose the passphrase in single or double quotation marks when you enter it on the command line. Also, double quotation marks (") as part of the passphrase must be escaped with a preceding double quotation mark.

For example, if you want to use

Thomas "Stonewall" Jackson

as your passphrase, you would have to enter it as

'Thomas ""Stonewall"" Jackson'

on the command line. You need the quotation marks at the beginning and end for the spaces and you need to escape each double quotation mark used in the passphrase with another double quotation mark.

XML Output

Note: If you are having problems entering certain characters in your

passphrases, check the information about how to handle reserved characters for the operating system or shell interpreter you are using.

PGP NetShare Command Line gives you the option to save some output in XML format.

If you desire properly formatted XML output, do not copy the XML output from the console window and then paste it; this could introduce extraneous newline characters into the output.

Instead, use either of these two methods:

 Use the

--output-file option.

pgpnetshare --list-xml <XMLcontent> output-file 'c:\acllist-xml'

Pipe the output directly to a file: pgpnetshare --list-xml <XMLcontent> > 'c:\acllist-xml'

+ 37 hidden pages