Pretty Good Privacy Windows Shell Version 1 User's Guide Prepared for: Project Manager, FAAD Project Office Attn: David C. Kennedy, P.E. SFAE-MSL-FAD-SE Redstone Arsenal, AL 35898 Commercial: (205) 876-2282 DSN: 746-2282 Prepared by: Mike Lyman AEgis Research Corporation 6703 Odyssey Dr., Suite 200 Huntsville, AL 35806 Phone: (205) 922-0802 Table of Contents Table of Contents 2 Introduction 4 Overview 4 Pretty Good Privacy Windows Shell (The Windows program PGPSHELL.EXE) 4 Pretty Good Privacy (The MS-DOS program PGP.EXE) 4 User's Guide Purpose 4 Differences Between Download and Floppy Disk Versions 4 Download 4 Floppy Disk 5 How To... 5 Setup from Download 5 Setup from Floppy 5 Installing Pretty Good Privacy Windows Shell 5 Windows 3.1 5 Windows 95 5 Both 6 Configuring Pretty Good Privacy Windows Shell 6 AUTOEXEC.BAT 6 PGPSHELL 6 Message Display Font 7 Using Pretty Good Privacy Windows Shell 7 Starting Pretty Good Privacy Windows Shell 7 Quitting Pretty Good Privacy Windows Shell 7 Encrypting a Message 7 Typing the Message 7 Selecting UserIDs to send the message to 8 Encrypting the message 8 Copying the encrypted message to paste into e-mail 8 Decrypting a message 8 Copy the encrypted message to the clipboard 9 Paste the message into the Paste You Encrypted Message Here text box 9 Decrypt the Message 9 Options 9 Admin 9 Generate Your Key 10 Add a Public Key 10 Send a Public Key 10 Rebuild UserID List 11 Set/Change Your UserID 11 Remove a Key/UserID 11 A Note from the Programmer 13 It's Freeware! 13 Why did I write this? 13 A living, breathing program 13 Let me hear from you 13 _Introduction Overview Pretty Good Privacy (PGP) is a freeware encryption/decryption program available on the Internet. It is designed to help you protect the privacy of your e-mail. It uses both public and secret keys to encrypt and decrypt text messages. Messages are encrypted to specific UserIDs using their public keys and only those specific people can decrypt the messages. This package is actually two programs interacting with each other to get your work done. The Pretty Good Privacy Windows Shell makes things easy for you and then has Pretty Good Privacy do the hard work. Pretty Good Privacy Windows Shell (The Windows program PGPSHELL.EXE) Pretty Good Privacy is not a Windows program and must be run from the DOS prompt with command line switches. This is inconvenient for most users and not something they want to do. I developed the Pretty Good Privacy Windows Shell to make Pretty Good Privacy easier to use. It provides you push button control and guides you through the steps needed to make Pretty Good Privacy work. This shell still needs to go to DOS to make Pretty Good Privacy work but the shell does this for you. The Pretty Good Privacy Windows Shell will start a DOS window and execute the commands that you requested when you clicked on a button. You will occasionally need to type things while the DOS window is opened but Pretty Good Privacy prompts you for what it needs and you do not have to remember anything (except for your pass phrase to decrypt messages to you.) Pretty Good Privacy (The MS-DOS program PGP.EXE) Pretty Good Privacy was written and modified by several different people. It does the hard work in this team but it does it as a DOS program rather than as a Windows program. You can go to DOS yourself and use Pretty Good Privacy directly but this manual does not cover that. If you want to use Pretty Good Privacy directly, read information in README.DOC, PGPDOC1.TXT and PGPDOC2.TXT in the directory where Pretty Good Privacy is installed. User's Guide Purpose This manual only describes the Pretty Good Privacy Window Shell interface, how to use it and how the shell interacts will Pretty Good Privacy. It does not describe the Pretty Good Privacy program or its features. It assumes you are familiar with Microsoft Windows and the Windows interface. Differences Between Download and Floppy Disk Versions Because Pretty Good Privacy is an encryption program and is export controlled, there are two different distribution versions of the Pretty Good Privacy Windows Shell provided: ú Pretty Good Privacy Windows Shell - download ú Pretty Good Privacy Windows Shell with Pretty Good Privacy (available on floppy disk only) Download Since there is no way for me to control who has access to a BBS, FTP site, Web page, etc., the download version of Pretty Good Privacy Windows Shell does not come with Pretty Good Privacy. I have included the Pretty Good Privacy documentation but have left out the executable. Finding Pretty Good Privacy on the Internet is not as straight forward as finding most files at FTP sites. You can start to find pgp262.zip at ftp.csn.net in the /mpj directory. Directions from there are contained in the README file. (The path to Pretty Good Privacy changes every thirty minutes. If you cannot find the indicated path, it may have changed in the time it took you to read the README. This happened to me and I had to reread the updated message.) There are also various other sites distributing Pretty Good Privacy and you can find them in several of the computer magazines. The other sites have different ways of protecting Pretty Good Privacy so be prepared for surprises. Floppy Disk Since there is some control over floppy disk distribution, the floppy disk for Pretty Good Privacy Windows Shell comes with Pretty Good Privacy and all of its documentation. When you install the Pretty Good Privacy Windows Shell, Pretty Good Privacy is installed to the same directory. How To... Setup from Download The download version comes as a self-extracting, zipped file. To unzip the setup routine, copy the pgpshlzp.exe to a temporary directory and run it. After the file unzips itself, follow the directions below except run setup from the temporary directory instead of the floppy drive. Setup from Floppy Installing Pretty Good Privacy Windows Shell Pretty Good Privacy Windows Shell comes with an automated setup program. To run the setup program put the setup disk in your 3« floppy drive. Windows 3.1 ú From the Program Manager click on the File Menu and select the run command. Type the 3« drive letter and setup.exe. ex: a:\setup.exe. Or ú From the File Manager switch to the 3« drive and double- click on setup.exe. Windows 95 ú Start the Control Panel ú Double Click on Add/Remove Programs ú Select the Install/Uninstall tab ú Click on the Install button and the Install Wizard will start ú The Wizard will scan your disks for setup programs ú When the Wizard finds the setup.exe on the 3« drive click on the Finish button Both The setup program will run and ask you for the directory you want to install to. Accept the default or type in another directory. The program will copy the necessary files to your hard disk. Some files will go into the directory you type in above, some will go to you Windows\Systems directories. The setup program will not overwrite any existing files unless the ones it is installing are newer. The setup program will then create a program icon. Three help icons will appear for three .hlp files. These files are not Windows help files and these icons should be deleted. (This glitch will eventually be removed from the setup program.) Configuring Pretty Good Privacy Windows Shell AUTOEXEC.BAT You can set an MS-DOS "environment variable" to let PGP know where to find its special files. Use your favorite text editor to add the following lines to your AUTOEXEC.BAT file (usually on your C: drive): SET PGPPATH=C:\PGP26 SET PATH=C:\PGP26;%PATH% Substitute your own directory name if different from "C:\PGP26". Another environmental variable you should set in MS-DOS is "TZ", which tells MS-DOS what time zone you are in, which helps PGP create GMT timestamps for its keys and signatures. If you properly define TZ in AUTOEXEC.BAT, then MS-DOS gives you good GMT timestamps, and will handle daylight savings time adjustments for you. Here are some sample lines to insert into AUTOEXEC.BAT, depending on your time zone: For Los Angeles: SET TZ=PST8PDT For Denver: SET TZ=MST7MDT For Arizona: SET TZ=MST7 (Arizona never uses daylight savings time) For Chicago: SET TZ=CST6CDT For New York: SET TZ=EST5EDT For London: SET TZ=GMT0BST For Amsterdam: SET TZ=MET-1DST For Moscow: SET TZ=MSK-3MSD For Aukland: SET TZ=NZT-13 Now reboot your system to run AUTOEXEC.BAT, which will set up PGPPATH and TZ for you. PGPSHELL The first time you run Pretty Good Privacy Windows Shell, it will attempt to configure itself. It will display a message box asking you if you want to configure it. You should answer yes. (The program may not work right if you do not.) The first thing it will ask you is if PGP.EXE is in the same directory as the PGP Windows Shell. If you installed from the included setup disk answer yes. If you already had Pretty Good Privacy installed on you machine before installing the Windows Shell, answer no and show the shell where Pretty Good Privacy is located. (If PGPShell cannot find PGP.EXE it will again ask you to help locate it.) After finding PGP.EXE the Windows Shell will ask you if you have generated your public and private keys yet. Answer yes or no. If you answer no, it will let you generate your keys. (See below) After dealing with your keys, the Pretty Good Privacy Windows Shell will build your initial list of UserIDs that you have keys for. (If this is the first time you have used Pretty Good Privacy the list will probably only contain your UserID.) After building the UserID list, the program will ask you to identify your UserID so that it can automatically encrypt messages so that you can decrypt them. The program will then tell you that it is configured. Message Display Font You can change the message display font by clicking on the Options menu and selecting the Display Font command. The system will show you a font dialog box. Choose the font and the size you want and click OK. Your choice will be saved and used from now on. Using Pretty Good Privacy Windows Shell Starting Pretty Good Privacy Windows Shell To start Pretty Good Privacy Windows Shell double click on the Pretty Good Privacy Windows Shell Icon. Quitting Pretty Good Privacy Windows Shell To quit Pretty Good Privacy Windows Shell you can use one of the following: ú click on the File menu and select the Exit command or, ú double click on the system menu box or, ú click on the sytem menu box and select the Close command or, ú press Alt + F4 or ú (Windows 95 only) click on the Window close button. Encrypting a Message Pretty Good Privacy encrypts messages so that only the person you are sending the message to can decrypt it. You can encrypt a single message to multiple people at the same time rather than re-encrypting the message for each person. The following sections will walk you through the encryption process. Start by selecting the Encrypt a Message tab if you are not already there. Typing the Message You have a couple of options for generating your message: ú Type the message in the Step 1: Type or Paste Your Message Here: text box or, ú Type your message in another editor, copy the text to the Windows Clipboard and paste the message into the Step 1: Type or Paste Your Message Here: text box. The text box will automatically wrap your text to the next line. Then Enter key will end the current line and move to the next line. The Tab key will not work. Selecting UserIDs to send the message to To encrypt a message you must specify who you are sending the message to. Only the people you send the message to can read the encrypted message. (Pretty Good Privacy Windows Shell will automatically encrypt any message to your UserID so that you can also decrypt the encrypted text. If this was not done, you would not be able to decrypt the messages you created.) Selecting a single UserID To select a single UserID, find the UserID in the Select Recipients list box and click on it. The UserID that becomes highlighted is the one that the message will be encrypted to. Selecting multiple, continuous UserIDs To select more than one UserID from the list, when all the UserIDs are continuos, you can: ú Click on the first UserID Hold down the Shift key and click on the last UserID Or you can: ú Click on the first UserID and hold the mouse button down ú Drag the cursor over all the UserIDs you want ú Release the mouse button on the last UserID Selecting multiple, non-continuous UserIDs To select more than one UserID from the list, when all the UserIDs are not continuos, you can: Hold the Ctrl key and click on each UserID you want Or you can: ú Select a continous list of UserIDs as described about and ú Hold the Ctrl key and click on each UserID in the select list that you do not want Encrypting the message The Encrypt Message button will be disabled until there is a message in the text box and you have selected at least one UserID to encrypt the message to. Once the button is enabled, all you have to do is click on the button with the mouse. The Pretty Good Privacy Windows Shell shells out to DOS to encrypt the program and then returns to Windows. Your encrypted message will appear in the Your Encrypted Message text box. Copying the encrypted message to paste into e-mail To use the encrypted message you must copy it to the clipboard and paste it into you e-mail application. To copy the message click on the Copy Message Button. The Pretty Good Privacy Windows Shell will copy the encrypted message to the Windows clipboard. You can then past the encrypted message into the text of an e-mail message and send as you normally would. Decrypting a message To Decrypt a message you must click on the Decrypt a Message tab. Copy the encrypted message to the clipboard To decrypt a message you must bring the encrypted message into the Pretty Good Privacy Windows Shell. You must copy the encrypted message from the e-mail message to the clipboard. You must include the "-----BEGIN PGP MESSAGE-----" and the "-----END PGP MESSAGE- ----" for the decryption to work. Paste the message into the Paste You Encrypted Message Here text box Position the cursor into the Paste You Encrypted Message Here text box and past the encrypted message into it. (You can use Ctrl + v, the Paste command in the Edit menu, or under Windows 95, right click in the text box and select Paste.) Decrypt the Message The Decrypt Message button will be disabled until a message is in the encrypted message box. When it is enabled, click on it with the mouse. The program will shell out to DOS to decrypt the message. Pretty Good Privacy will ask you to enter you Pass Phase. Type your phrase in and Pretty Good Privacy will decrypt the message. The decrypted message will appear in the decrypted message box. If the message was not encrypted to you, the decryption will fail and no message will appear in the decrypted message box. Options Copy the Decrypted Message to the Clipboard You may copy the message into the Windows clipboard to paste it into another application. Save the Decrypted Message to a file You may save the decrypted message as a text file. Click on the Save Message button and a standard Save As file dialog box will open. Select a directory and type in the filename. Click OK and the message will be saved. Print the Decrypted Message The Print button will print the message to the default printer. Admin Key administration is an important part of Pretty Good Privacy. It is a detailed subject covered by Pretty Good Privacy's documentation (PGPDOC1.TXT and PGPDOC2.TXT) so I won't go into much detail here. Key administration functions are located on the Admin Tab. At this time I have include only the most important functions in the Pretty Good Privacy Windows Shell. Functions not found here have to executed manually from the DOS prompt. Eventually, the Windows Shell should handle all Pretty Good Privacy functions but I'm not there yet. Generate Your Key To generate you public and private keys, click on the Generate Your Key button. The shell will shell out to DOS and have PGP.EXE walk you through the key generation process. Follow the on screen prompts. Add a Public Key You can't encrypt a message to someone unless you have their public key. This button lets you add public keys to your keyring. You will usually receive somebody's public key as an e-mail message or as a file. The add a public key function allows you to use either one. To add a public key: ú Click on the Add a Public Key button (the PGPShell will display the Add A Public Key dialog box.) If the key came as an e-mail message: ú Copy the key signature to the clipboard, include the "- ----BEGIN PGP PUBLIC KEY BLOCK-----" and "-----END PGP PUBLIC KEY BLOCK-----" ú Paste the key signature into the Option 1 text box Or if the key came a file on a disk: ú Type the name and path to the file in the Option 2 text box ú Or, click on Browse and locate the file in the Open File dialog box Next: ú Click on the Add Key button If you have additional keys to add continue to paste the keys into the Option 1 box or type the filename into the Option 2 box and clicking the Add Key button. When you are done: ú Click on Close When the system asks you to standby while it rebuilds your UserID list: ú Click OK ú Or Click Cancel (if you do this you save a few seconds but you will not be able to encrypt messages to those new public keys until you rebuild the UserID list) Send a Public Key For people to encrypt messages to you, you must send them your public key. You can also share other people's public keys. To send a public key: ú Click on the Send a Public Key button ú Select the UserID for the key you wish to send ú Click on the Extract Key button (if will be disabled until you select a UserID) The Windows Shell will shell out to DOS and extract the key from your keyring. When it is done, the key is displayed in a text box. ú Click on the Copy Key button to copy the key to the clipboard ú Paste the key into you e-mail messages Rebuild UserID List Pretty Good Privacy automatically maintains its UserID lists in your keyrings. Pretty Good Privacy Windows Shell can not directly access that list and must ask Pretty Good Privacy for the list so that the Windows Shell can maintain its list properly. Every time you make a change to the keys and UserIDs from the Windows Shell, it will automatically rebuild the UserID list (unless you click on the Cancel button). If you make changes to the keys and UserIDs using Pretty Good Privacy directly from the DOS prompt, you will have to rebuild the Windows Shell's UserID list. To do this: ú Click on the Rebuild UserID List button ú Click on the OK button on the dialog box that pops up Set/Change Your UserID Set/Change Your UserID is strictly a PGPShell function. By setting you UserID, the Pretty Good Privacy Windows Shell will automatically encrypt all of your messages so that you decrypt them. If your UserID is not set, you will not be able to decrypt messages you send. Setting your UserID is usually done when you first configure PGPShell. This button is included incase you change your key and UserID. To set your UserID ú Click on the Set/Change Your UserID button A list box and two buttons will appear. ú Select your UserID from the UserIDs displayed ú Click on the Set UserID button (it is disabled until you select a UserID in the list box) Remove a Key/UserID Sometimes you will have to remove keys and UserIDs from your keyrings and UserID list. To remove keys and UserIDs: ú Click on the Remove a Key/UserID button A list box and two buttons will appear. ú Select the UserID to remove ú Click on the Delete button (it is disabled until you select a UserID in the list box) The system will then rebuild your UserID list. A Note from the Programmer It's Freeware! Pretty Good Privacy Windows Shell and Pretty Good Privacy are freeware so use them and don't feel guilty. Why did I write this? Dave Kennedy at the FAAD Project Office at Redstone Arsenal needed a way to e-mail information that needs a little security than unencrypted e-mail could provide so he had us get Pretty Good Privacy for him and make it easy to use. I used Microsoft's Visual Basic to give him a Windows interface to Pretty Good Privacy so that he would not have to go to DOS to make it work. The Pretty Good Privacy Windows Shell is the result. This seemed like a utility that many people might like to have and since the FAAD Project Office is a DOD office and the American taxpayer paid for this program, we have released it as a freeware utility. A living, breathing program This is a living, breathing program. Bugs (what bugs??, not in my software) will be fixed and the product will be improved. This first version offers only the most necessary features to be useful. Eventually it will offer access to all of Pretty Good Privacy's features. As these additional features are added, new versions will become available. Improvements will continue to be made as long as the FAAD Project Office needs them to be done. The long-term goal is for this program to be able to send and receive encrypted e-mail directly with most major e-mail systems. As this becomes a more complicated and complete program, a pay as you go support program may be put into place. Let me hear from you This is freeware so there is no need to register the program but I would like to hear from you. If you are using this program let me know (just to inflate my ego). If you give me an e-mail address, I will try to let you know when and where new versions are available. If you have problems or suggestions, let me know. I probably will not get back to you directly but I will try to fix the problems and incorporate suggestions in the next version. You can reach me at: Mike Lyman AEgis Research Corporation 6703 Odyssey Dr., Suite 200 Huntsville, AL 35806 Phone: (205) 922-0802 e-mail: Mike_Lyman@msn.com CompuServe: 71563,526