LOCK & KEY Windows 95 Explorer PGP Interface Version 3.2 beta 2, April 23, 1997 *** PLEASE NOTE NEW EMAIL ADDRESS: *** BETA 2 ADDS A NEW FEATURE TO KEYCHAIN: IF YOU HAVE EUDORA (INCLUDING THE LITE VERSION) INSTALLED, YOU CAN RIGHT-CLICK ON ANY PUBLIC KEY TO COMPOSE AN ENCRYPTED MESSAGE WHICH WILL BE SENT USING EUDORA. Please note the following: - The install program will attempt to find Eudora by looking to see whether Eudora has captured the "mailto" url. If another mail program has captured the "mailto" url, Eudora won't be found. You can manually enter the path to eudora.exe to LOCK&KEY.INI under the entry MailPath under [Lock32], e.g. [Lock32] MailPath=d:\internet\eudora\eudora.exe - This feature is known to work with Eudora Lite version 3. I will be interested in hearing whether this feature works with other e-mail programs. - The recipient's public key User ID must state a valid e-mail address. This is customary for PGP public keys. Please note that the User ID on the public key is the address to which the message will be sent. - The sender's (your) e-mail address is the user name for your default secret key. This is found under "MyName" in CONFIG.TXT. If MyName has not been set, use KeyChain's secret key window, pick your default secret key, right-click and choose Make Default. - The message composition window can be resized and will remember its settings. - The message composition window supports signing messages (using the default secret key) as well as adding your public key to the message. These are toggled on the Option menu. The current setting is visible both on the menu and at the bottom of the message composition window: e.g. a key (if the append key option is checked); and the pass phrase box grayed out (if the signature option is not checked). - This beta release performs no error checking; e.g. if you enter a bad pass phrase for signature. This will be corrected in the final release. I also intend to add an option for choosing the editor font. - The message composition window supports standard Windows editing commands (Undo, Cut, Copy, Paste) including their keyboard shortcuts. - A message will appear after your message has been encrypted and queued into Eudora. I suggest that beta testers open their Eudora outbox and look at the message which has been created (it will be prefixed with a Q indicating the message is queued but not sent). I am particularly interested in feedback on this new feature. This is a few steps short of a Eudora plug-in, which is a longer term goal; but it does offer convenience in that KeyChain automatically maintains, in effect, the address book. Also, the editor is specially tailored for encryption of messages. Also fixed in this beta 2 release is a bug in Lock32 which caused the clipboard contents not to be found when saving a file. THE FOLLOWING CHANGES WERE MADE IN THE BETA 1 RELEASE: - LOCK & KEY uses PGP to read the public and secret keyrings in all cases. The key ring contents are stored in a cache (CACHE.KEY in the Lock & Key folder). When encrypting to a single recipient, the unique Key ID (rather than the user ID) is used to encrypt. This has three consequences. First, loading of the keyrings is almost instantaneous (except where the keyrings have changed and the cache needs to be updated). Second, since PGP functions are used to read the keyrings, compatibility problems experienced by some users will be avoided. Third, since the key ID is shorter than the key name, problems experienced by some users with an excessively long PGP command line are avoided. - Configuration settings are stored in LOCK&KEY.INI in the Lock & Key directory, rather than in the Registry. This makes user modification of configuration settings easier. - The viewer names are stored in LOCK&KEY.INI. Two viewers are supported: a binary viewer, and an ASCII viewer. The binary viewer is set to be QuickView if present. The ASCII viewer is by default set to NOTEPAD.EXE. The correct viewer is selected based on whether the file is binary or text. RTF and HTML files are treated as binary. - While the program will install by default to a subdirectory under the PGP directory, this location can be changed via a folder path dialog box. - When decrypting a signed file, KEY32 now reports bad signatures (altered contents) as well as good signatures. - RUNPGP.PIF has been modified to remove the name of the batch file. This bug had caused RUNPGP.BAT to be run twice on some (but not all) systems, resulting in various odd behavior, all related to Lock & Key being unable to find the PGP output. - The delay before KEY32 deletes temporary files has been increased from 5 to 12 seconds. This gives QuickView+ version 4.0 time to load (if it has not already been loaded in the session). I may make this delay user configurable in the final release. - Lock & Key temporarily renames files whose names contain accented characters, in order to permit PGP to properly process these files. Upon completion, the files are given their original names. This solves a bug which caused Lock & Key to fail when handling filenames with certain accented characters. I may make this feature user configurable in the final release, to improve performance and safety for those who don't need this feature. - A bug in LOCK32 which caused a message encrypted to the clipboard to fail to be copied to the clipboard has been corrected. LOCK & KEY is the first and foremost PGP interface to the Windows 95 Explorer, specifically designed to support key Windows 95 features: - Right-click on any file in Explorer to encrypt it. - Double-click on any encrypted file to decrypt it. - Decrypt files to QuickView/QuickView Plus if present. - Encrypt/decrypt to/from the Windows clipboard. - Preserve Windows 95 long file names when encrypting. ********************************************************************** Four stars - ZDNet (Ziff-Davis) Four cows - TUCOWS (The Ultimate Collection of Windows Shareware) 1001 Best Shareware - PC/Computing Magazine ********************************************************************** LOCK & KEY supports most common PGP functions, extending many of them: - Encrypt files as binary or armored. - Include your public key when sending messages. - Option to wipe original file after encryption. - Sign files when encrypting. - Choose a secret key for making signatures from a drop-down list. - View signatures in Windows 95 when decrypting. - View the public key ring and delete individual keys. - Pick a recipient's public key from a drop-down list. - Encrypt files to self. - Use conventional or public key cryptography. ********************************************************************** NEW!!! You can now register Lock & Key online using First Virtual™. First Virtual provides secure electronic commerce using your Visa or MasterCard. It is secure - you do not transmit your credit card information online. Annual registration as a buyer costs $2.00 - this fee will be deducted from all orders received before March 1, 1997! For information on registering as a First Virtual buyer, please follow the link to First Virtual on our web page. Once you have received your VirtualPIN, you can order LOCK & KEY online at our web site, http://www.voicenet.com/~wheindl/order.htm. ********************************************************************** NEW IN VERSION 3.1: - New module KEYCHAIN provides key management functions: view the public and secret keyrings, extract keys to files or to the clipboard, remove keys, check the fingerprint of a key, generate key pairs, and choose the default secret key for making signatures. - LOCK & KEY will handle multiple files and messages. Just select multiple files and send to LOCK & KEY. LOCK & KEY will run KEY32 if the input data contains encrypted files or messages; otherwise, LOCK32 will be run. - LOCK32 permits you to compose messages for encryption using your choice of editor and template file. - Updated help file featuring a Lock & Key tutorial and *live* links which you can use to access the Web or send tech support mail from the Help file. Now learning to use PGP is easier than ever! - For greater security, LOCK & KEY now passes the PGP pass phrase to PGP without writing it to disk. - KEY32 now automatically finds encrypted messages and keys in e-mail messages, checks formatting and even strips "quoting" characters which some mail programs add to mail messages, making it much easier to decrypt a PGP message that has been pasted into e-mail. - Decrypted messages can be copied to the Windows clipboard. - LOCK32 provides for the option of preserving the original file name when encrypting to the Clipboard. If the filename has been preserved with LOCK32, KEY32 will offer to save the decrypted file using the original filename. - You can now choose the filename for saving decrypted or encrypted messages where no filename is provided. Also, if the filename would overwrite an existing file, you are prompted and can choose another filename. - You may now choose to run PGP normal, minimized (default) or hidden. Right-click on the Help button in Lock32 and choose options. To install LOCK & KEY, follow these steps: 1. Unzip all files to a disk or directory. 2. Run INSTALL.EXE. LOCK & KEY is written in Microsoft Visual Basic and requires the Visual Basic 4/32 bit runtime (VB40032.DLL). If you do not have this file, see the Installation section of the Help file which will explain how to get this file. LOCK & KEY supports Windows 95 automatic uninstallation. LOCK & KEY is shareware. The shareware version is fully functional but includes a shareware delay and registration reminder. Registration is U.S. $19.95. To register, send U.S. $19.95 to: Walter E. Heindl 271 Misty Patch Road Coatesville, PA 19320 You may also register LOCK & KEY on CompuServe. Type GO SWREG. Registration number is 12438. Registered users will receive a password which will remove the shareware delay for this and future versions. Visit http://www.voicenet.com/~wheindl/order.htm to order online using your credit card and the First Virtual Internet payment system. You may freely distribute the shareware archive provided that all files are intact. For technical support, bug reports or suggestions, send email to: Walter E. Heindl