For questions not covered here, please read the documentation
that comes with PGP, get one of the books mentioned below, or search for
other relevant FAQ documents at rtfm.mit.edu and on the
alt.security.pgp
comp.security.pgp
comp.security.pgp.resources
The official FAQ for comp.security.pgp by Arnoud Galactus
(galactus@stack.nl) is available in HTML and ASCII at:
http://www.pgp.net/pgpnet/pgp-faq/
WHAT IS THE LATEST VERSION OF PGP?
PGPmail (commercial version): 5.0
http://www.pgp.com
MIT & Philip Zimmermann (freeware, USA-legal): 5.0
http://web.mit.edu/network/pgp.html
NOTE: The version 5.0 is not available for DOS and UNIX.
Staale Schumacher's International variant: 2.6.3i for non-USA
(2.6.3ai source code only); 2.6.3 for USA
http://www.ifi.uio.no/pgp/
(2.6.3 U.S. Compliant version for
(Macintosh and MS-DOS))
Version 2.63ui
(DOS) http://members.tripod.com/~Crompton/pgp.htm
WHERE CAN I GET THE COMMERCIAL PGP?
For further information see:
http://www.pgp.com
Pretty Good Privacy, Inc. (Headquarters)
2121 S. El Camino Real
Suite 902
San Mateo, CA 94403
Main: (415) 572-0430
Fax: (415) 572-1932
WHERE IS PGP ON THE WORLD WIDE WEB?
U.S. only availability:
PGP: http://web.mit.edu/network/pgp-form.html
PGPfone: http://web.mit.edu/network/pgpfone
International availability:
PGP and PGPfone: http://www.ifi.uio.no/pgp/
WHERE CAN I FTP PGP IN NORTH AMERICA?
If you are in the USA or Canada, you can get PGP by using one of these URLs:
ftp://net-dist.mit.edu/pub/PGP/README
http://www.sni.net/~mpj/crypto.htm
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp/
ftp://ftp.gibbon.com/pub/pgp/README.PGP
ftp://ftp.mindlink.net/pub/crypto/software/README
WHERE IS PGP ON COMPUSERVE?
GO NCSAFORUM. Follow the instructions there to gain access to Library 12:
Export Controlled.
AOL
>From AOL, you can access any of the WWW sites mentioned here, or search for
PGP in AOL's own libraries.
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp or another site listed above.
It is possible to get PGP from ftp sites with hidden directories with the
following trick: (1) View the README file with the hidden directory name in
it, then quickly (2) Start a new ftp connection, specifiying the hidden
directory name with the ftp site's address, like
ftp.csn.net/mpj/I_will_not_export/crypto_xxxxxxx (where the xxxxxxx is
replaced with the current character string).
WHAT BULLETIN BOARD SYSTEMS CARRY PGP?
MANY BBS carry PGP. The following carry recent versions of PGP and
allow free downloads of PGP.
US
303-516-9969.Hacker's Haven, Denver, CO
The Hacker's Haven has shut down.
303-772-1062 Colorado Catacombs BBS, Longmont CO
8 data bits, 1 stop, no parity, up to 28,800 bps.
Use ANSI terminal emulation.
For free access: log in with your own name, answer the questions.
314-896-9309 The KATN BBS
317-887-9568 Computer Virus Research Center (CVRC) BBS, Indianapolis, IN
Login First Name: PGP Last Name: USER Password: PGP
501-791-0124, 501-791-0125 The Ferret BBS, North Little Rock, AR
Login name: PGP USER Password: PGP
506-457-0483 Data Intelligence Group Corporation BBS
508-668-4441 Emerald City, Walpole, MA
601-582-5748 CyberGold BBS
612-690-5556, !CyBERteCH SeCURitY BBS! Minneapolis MN
914-667-4567 Exec-Net, New York, NY
915-587-7888, Self-Governor Information Resource, El Paso, Texas
909-681-6221 ATTENTION to Details (ATD BBS)
All lines v.32bis/14.4KBPS minimum
CH
+41-1-322-7129 MoonLight BBS, Zurich 28800 bps, V34 ZYXEL ELITE 2864
DE
+49-781-9483621 MAUS BBS, Offenburg - angeschlossen an das MausNet
+49-521-68000 BIONIC-BBS Login: PGP
NL
+31-26-3890037 Viber BBS, NOTB HOST Gelderland
8 data bits, 1 stop, no parity, up to 28,800 bps. (ISDN soon)
Use ANSI terminal emulation.
For free access: log in with your own name, answer the questions.
Latest vesion and other tools: FILE AREA: [NOTB] - PGP
+31-71-5768914 Insanity Systems III
Just logon and answer some questions about where you live and get
PGP as well as a lot of PGP-tools for free.
The system also has an offline and online PGP-server
available for your public keys.
WHERE CAN I FTP PGP CLOSE TO ME?
BR
ftp://ftp.ibilce.unesp.br/pgp
The last avaliable version is PGP 2.6ui
DE
ftp://ftp.cert.dfn.de/pub/pgp/
IT
ftp://idea.sec.dsi.unimi.it/pub/security/crypt/PGP
FI
ftp://ftp.funet.fi/pub/crypt/pgp/
NL
ftp://ftp.nl.net/pub/crypto/pgp
ftp://ftp.nic.surfnet.nl/surfnet/net-security/encryption/pgp
NO
ftp://menja.ifi.uio.no/pub/pgp/
NZ
ftp://ftphost.vuw.ac.nz
SE
ftp://leif.thep.lu.se
TW
ftp://nctuccca.edu.tw/PC/wuarchive/pgp/
GB
ftp://ftp.ox.ac.uk/pub/crypto/pgp
HOW CAN I GET PGP BY EMAIL?
If you have access to email, but not to ftp, send a message saying
"help" to ftpmail@decwrl.dec.com or mailserv@nic.funet.fi
WHERE CAN I GET MORE PGP INFORMATION?
http://www.sni.net/~mpj
http://www.mit.edu:8001/people/warlord/pgp-faq.html
ftp://ds.internic.net/internet-drafts/draft-pgp-pgpformat-01.txt
http://www-mitpress.mit.edu/mitp/recent-books/comp/pgp-source.html
http://web.cnam.fr/Network/Crypto/(c'est en francais)
http://web.cnam.fr/Network/Crypto/survey.html(en anglais)
http://www.pgp.net/pgpnet/
http://inet.uni-c.dk/~pethern/privacy.html
http://www.stack.nl/~goofy/PGP
The PGP-Users Mailing List home page at
http://pgp.rivertown.net
contains many, many PGP related resources, including resources on privacy,
anonymous remailers, and other related fields.
The PGP-Users list archives are also linked to the page as is an
HTML version of the PGP-FAQ (may not be the most recent), the PGP
documentation,
resources for MacPGP, links to another mailing list dedicated to PGPfone
(which includes one of its authors, Will Price) and the one of a kind,
PGPfone Registry, where PGPfone users who would like to test PGPfone with
each other can leave messages in a browsable data base to let others find
them to connect with each other.
CAN I GET PGP DOCUMENTATION IN MY OWN LANGUAGE?
Yes.
You can get the official PGP documentation in several languages.
GERMAN
http://www.geocities.com/Athens/1802/
Thanks to Florian Helmberg (helmberg@via.at) for making it
available.
WHAT COMPATIBILITY ISSUES EXIST BETWEEN PGP 5.0 AND EARLIER VERSIONS
PGP 5.0 introduces some new algorithms for both public key and conventional
encryption. These changes are good from both technical (security &
efficiency) and political (patent) standpoints. With the death of the
Diffie-Hellman key exchange patent, the freeware PGP new algorithms are 100%
free of patent problems, and free of legaleze such as come with the RSAREF
toolkit. The Diffie-Hellman key exchange key size limit is also larger than
the old RSA limit, so PGP encryption is actually more secure, now. The new
SHA1 hash function is better than MD5, so signatures are more secure, now,
too. The conventional encryption used is all sound, and definitely not the
weak link in the chain. This much is good news.
The bad news, of course, is that there will be some interoperability
problems, since no earlier versions of PGP can handle these algorithms. How
this affects you depends on the PGP version that you have.
There are really 3 versions of PGP called PGP 5.0. The freeware
edition can only generate and use the new (faster, more secure,
patent-problem-free) algorithms. There is a really cheap (cheaper than one
S/MIME key certificate) upgrade to PGP 5.0 for Eudora users that will let you
use the old RSA keys as well. Then, of course, the full commercial version of
PGP 5.0 can handle both old and new algorithms and message formats equally
well. If you want to handle both, you need to either keep both an old and new
freeware PGP around, upgrade to one of the versions of PGP 5.0 that can
handle the old keys.
WHAT ARE SOME GOOD PGP BOOKS?
Protect Your Privacy: A Guide for PGP Users
by William Stallings
Prentice Hall PTR
ISBN 0-13-185596-4
US $19.95
PGP: Pretty Good Privacy
by Simson Garfinkel
O'Reilly & Associates, Inc.
ISBN 1-56592-098-8
US $24.95
_E-Mail_Security_,
_How To Keep Your Electronic Messages Private_ (covers PGP & PEM)
by Bruce Schneier
365 pages
c.1995
pub: John Wiley & Sons, Inc.
ISBN 0-471-05318-X
$24.95 US
pace.
The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data
Protection, and PGP PRivacy Software
by André Bacard
Peachpit Press
ISBN 1-56609-171-3
US $24.95
800-283-9444 or 510-548-4393
THE OFFICIAL PGP USER'S GUIDE
by Philip R. Zimmerman
MIT Press
April 1995 - 216 pp. - paper - US $14.95 - ISBN 0-262-74017-6 ZIMPP
Standard PGP documentation neatly typeset and bound.
PGP SOURCE CODE AND INTERNALS
by Philip R. Zimmerman
April 1995 - 804 pp. -
US $55.00 - 0-262-24039-4 ZIMPH
How to Use PGP, 61 pages, (Pub #121) from the Superior Broadcasting Company,
Box 1533-N, Oil City, PA 16301, phone: (814) 678-8801 (about US $10-$13).
IS PGP LEGAL?
Pretty Good Privacy is legal if you follow these rules:
Don't export PGP from the USA except to Canada, or from Canada except to the
USA, without a license (except that printed books containing source code are
OK to export).
If you are in the USA, use either Viacrypt PGP (licensed for commercial use)
or MIT PGP using RSAREF (limited to personal, noncommercial use). Outside of
the USA, where RSA is not patented, you may prefer to use a version of PGP
(2.6.3i) that doesn't use RSAREF to avoid the restrictions of that license.
If you are in a country where the IDEA cipher patent holds in
software (including the USA and some countries in Europe), make
sure you are licensed to use the IDEA cipher commercially before using
PGP commercially. (No separate license is required to use the freeware
PGP for personal, noncommercial use). For direct IDEA licensing, contact
Ascom Systec:
Erhard Widmer, Ascom Systec AG, Dep't. CMVV Phone +41 64 56 59 83
Peter Hartmann, Ascom Systec AG, Dep't. CMN Phone +41 64 56 59 45
Fax: +41 64 56 59 90
e-mail: IDEA@ascom.ch
Mail address: Gewerbepark, CH-5506 Maegenwil (Switzerland)
Viacrypt has an exclusive marketing agreement for commercial
distribution of Philip Zimmermann's copyrighted code. (Selling
shareware/freeware disks or connect time is OK). This restriction does
not apply to PGP 3.0, since it is a complete rewrite by Colin Plumb.
If you modify PGP (other than porting it to another platform, fixing a bug,
or adapting it to another compiler), don't call it PGP (TM) or Pretty Good
Privacy (TM) without Philip Zimmermann's permission.
IMPORTANT:
Please note that there is an official distribution site for MIT
PGP and another for the International version:
WorldWideWeb references:
U.S/Canada non-commercial use: http://web.mit.edu/network/pgp-form.html
Norway/International non-commercial use: http://www.ifi.uio.no/pgp/
U.S. commercial use: http://www.pgp.com
WHAT IS PHILIP ZIMMERMANN'S LEGAL STATUS?
Philip Zimmermann was under investigation for alleged violation of export
regulations, with a grand jury hearing evidence for about 28 months, ending
11 January 1996. The Federal Government chose not to comment on why it
decided to not prosecute, nor is it likely to. The Commerce Secretary stated
that he would seek relaxed export controls for cryptographic products, since
studies show that U. S. industry is being harmed by current regulations.
Philip endured some serious threats to his livelihood and freedom, as well as
some very real legal expenses, for the sake of your right to electronic
privacy.
The battle is won, but the war is not over. The regulations that
caused him so much grief and which continue to dampen cryptographic
development, harm U. S. industry, and do violence to the U. S. National
Security by eroding the First Ammendment of the U. S. Constitution and
encouraging migration of cryptographic industry outside of the U. S. A. are
still on the books.
If you are a U. S. Citizen, please write to your U. S. Senators,
Congressional Representative, President, and Vice President
pleading for a more sane and fair cryptographic policy.
Several legislative efforts will if successful relax the export controls
of cryptographic software from the U.S.
See:
http://www.epic.org
http://www.crypto.com
CAN I USE ENCRYPTION LEGALY?
Within the U.S. there is no legal obstacle for use of strong
encryption.
In an ideal world everyone would have the right to use encryption.
Unfortunately, your right to use encryption may be restricted
or does not exist.
In France, the goverment prohibits the use of encryption without prior
permission, that you won't get if you are a private citizen.
Germany is said to consider banning the use
and distribution of strong cryptographic software in the name of "national
security."
United Kingdom may adopt a key escrow system.
For a recent update on the legal situation see The Crypto Law Survey
http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm
HOW DO I SELECT A GOOD SECURE PASSPHRASE?
See:
http://world.std.com/~reinhold/diceware.page.html
http://colossus.net/wepinsto/wsft_f/wspp_f/passfraz.html
WHERE CAN I GET WINDOWS & DOS SHELLS FOR PGP?
I don't use Windows, so I cannot verify the stability
and reliability of this software.
Your comments are welcome.
http://www.dayton.net/~cwgeib
ftp://menja.ifi.uio.no/pub/pgp/pc/msdos/apgp22b3.zip
http://alpha.netaccess.on.ca/~spowell/crypto/pwf31.zip
ftp://ftp.netcom.com/pub/dc/dcosenza/pgpw40.zip
ftp://ftp.firstnet.net/pub/windows/winpgp/pgpw40.zip
http://www.eskimo.com/~joelm(Private Idaho)
ftp://ftp.eskimo.com/~joelm
http://www.xs4all.nl/~paulwag/security.htm
http://www.LCS.com/winpgp.html
http://netaccess.on.ca/~rbarclay/index.html
http://netaccess.on.ca/~rbarclay/pgp.html
ftp://ftp.leo.org/pub/comp/os/os2/crypt/gcppgp10.zip
ftp://ftp.leo.org/pub/comp/os/os2/crypt/pmpgp.zip
http://www.aegisrc.com
http://www.ncinter.net/~rewilson/PGPClick/
For the Pegasus Mail System:
http://www.incrypt.com/imail01.html Invincible Mail for Pegasus
For Eudora and Netscape Mail:
http://www.pgp.com/products/PGPmail.cgi [PGPmail by PGP Inc. for Eudora
and Netscape Mail]
WHAT OTHER FILE ENCRYPTION (DOS, MAC) TOOLS ARE THERE?
PGP can do conventional encryption only of a file (-c) option, but
you might want to investigate some of the other alternatives if you do
this a lot.
Alternatives include Quicrypt and Atbash2 for DOS, DLOCK for
DOS & UNIX, Curve Encrypt (for the Mac), HPACK (many platforms), and a
few others.
Quicrypt is interesting in that it comes in two flavors: shareware
exportable and registered secure. Atbash2 is interesting in that it generates
ciphertext that can be read over the telephone or sent by Morse code. DLOCK
is a no-frills strong encryption program with complete source code. Curve
Encrypt has certain user-friendliness advantages. HPACK is an archiver (like
ZIP or ARC), but with strong encryption. A couple of starting points for your
search are:
U.S. only availability:
ftp://ftp.csn.net/mpj/qcrypt11.zip
ftp://ftp.csn.net/mpj/README
ftp://ftp.miyako.dorm.duke.edu/pub/GETTING_ACCESS
International availability:
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/file/
ftp://idea.sec.dsi.unimi.it/pub/crypt/code/
HOW DO I SECURELY DELETE FILES (DOS)?
If you have the Norton Utilities, Norton WipeInfo is pretty good. I
use DELETE.EXE in del110.zip, which is really good at deleting existing
files, but doesn't wipe "unused" space.
US
ftp://ftp.csn.net/mpj/public/del121.zip
NL
ftp://basement.replay.com/pub/replay/pub/security/del120.zip
UK
ftp://ftp.demon.co.uk/pub/ibmpc/security/realdeal.zip
WHAT DO I DO ABOUT THE PASS PHRASE IN MY WINDOWS SWAP FILE?
The nature of Windows is that it can swap any memory to disk at any
time, meaning that all kinds of interesting things could end up in your
swap file.
WHERE DO I GET PGPfone(tm)?
PGPfone is in beta test for Macintosh and Windows'9 users.
The MIT has shut down their ftp distribution of PGPfone