setup.doc

PGP 是一种混合密码系统。当用户使用PGP 来对纯文字加密的时候

-----BEGIN PGP SIGNED MESSAGE-----

                   Pretty Good Privacy Version 2.6.2
                           Installation Guide

              by Perry Metzger, Colin Plumb, Derek Atkins,
                     Jeffrey I. Schiller and others

How to Install PGP
==================

The first question is, what platform are you on?

The  base  PGP 2.6.2  distribution  runs on  several  varieties of Unix,
MS-DOS, OS/2 and VAX VMS (though we  haven't compiled it ourselves there
yet).  Ports  can be expected shortly to  the Atari, Amiga, and possibly
other systems.  Naturally, installation instructions differ depending on
your hardware.  Separate  instructions are provided  here for MSDOS  and
Unix.

See  the  section  below  for   your  system's  particular  installation
instructions.

If you do not have any  of  these  systems, you will either have to port
the sources to your machine or find someone who has already done so.

########################################################################

For MSDOS Installation
======================

PGP is distributed in a  compressed archive format, which keeps all  the
relevant  files  grouped  together,   and  also  saves  disk  space  and
transmission time.

The current version,  2.6.2, is archived  with the ZIP utility,  and the
PGP  executable binary  release system  is  in a file  named PGP262.ZIP.
This contains the executable program, the user documentation, the RSAREF
license,  and a few  keys and signatures.   There is also  a second file
available containing the C and assembly source code, called PGP262S.ZIP.
If you are a programmer, this may be of interest to you.  This should be
available from the same  source from which you  got PGP262.ZIP.  If not,
and you want it,  see the Licensing and Distribution  section of the PGP
User's Guide. There is also  an archive PGP262DC.ZIP,  which is just the
documentation,  if you just want   to see a  description  of PGP or have
misplaced the manual.

You will need PKUNZIP version 2.04g or later to uncompress and split the
PGP262.ZIP archive file into individual files.  PKUNZIP is shareware and
is widely available on MSDOS machines.

Each of  the  ZIP  files is actually  two   nested  zip files.    Inside
PGP262.ZIP is PGP262I.ZIP,  which   contains  most  of the  files,   and
PGP262I.ASC,  which is a PGP  signature on PGP262I.ASC.    If you have a
previous  version of PGP,  you can use it to  check the signature to see
that the distribution has not been tampered with.  Since a PGP signature
protects every    last bit in  a   file from change,   a BBS   adding an
advertising blurb or recompressing the archive would cause PGP to report
tampering.  Thus, only the inner ZIP file is signed.

Create a directory  for the PGP files.  For this description, let's  use
the directory C:\PGP26 as an example, but you should substitute your own
disk  and  directory name if  you use something  different.  Type  these
commands to make the new directory:

   c:
   md \pgp26
   cd \pgp26

Uncompress the distribution file  PGP262.ZIP to the directory.  For this
example,  we will assume the  file  is  on  floppy  drive  A -  if  not,
substitute your own file location.

   pkunzip -d a:pgp262

This  will   create   the  file  PGP262I.ZIP  and   PGP262I.ASC.   Unzip
PGP262I.ZIP with the command:

   pkunzip -d pgp262i

If you omit the -d flag, all the  files in the  doc subdirectory will be
deposited in the pgp directory.  This merely causes clutter.

Keep the PGP262I.ZIP file around. Once  you have PGP working you can use
PGP262I.ASC  to verify the  digital signature  on PGP262I.ZIP. It should
come from Jeffrey I.  Schiller (whose key is included in keys.asc).


 Setting the Environment
 -----------------------

Next,  you can set an MSDOS "environment variable" to let PGP know where
to find  its  special files,  in case you  use  it from  other than  the
default  PGP  directory.   Use  your favorite  text  editor to  add  the
following lines to your AUTOEXEC.BAT file (usually on your C: drive):

   SET PGPPATH=C:\PGP26
   SET PATH=C:\PGP26;%PATH%

Substitute your own directory name if different from "C:\PGP26".

The  CONFIG.TXT file contains various  user-defined preferences for PGP.
For example, you  can specify which of your   secret keys to  implicitly
select for creating  digital signatures.  See the  manual for details on
how  to fine-tune your  PGP configuration  file.  The  default values in
that file are good enough to get you started.

Another environmental variable you  should set in MSDOS is  "TZ",  which
tells  MSDOS  what time zone  you  are  in, which  helps  PGP create GMT
timestamps  for its  keys  and signatures.  If you properly define TZ in
AUTOEXEC.BAT, then MSDOS gives you good GMT timestamps, and  will handle
daylight savings  time adjustments for you.  Here are some  sample lines
to insert into AUTOEXEC.BAT, depending on your time zone:

For Los Angeles:  SET TZ=PST8PDT
For Denver:       SET TZ=MST7MDT
For Arizona:      SET TZ=MST7
   (Arizona never uses daylight savings time)
For Chicago:      SET TZ=CST6CDT
For New York:     SET TZ=EST5EDT
For London:       SET TZ=GMT0BST
For Amsterdam:    SET TZ=MET-1DST
For Moscow:       SET TZ=MSK-3MSD
For Aukland:      SET TZ=NZT-13

Now  reboot  your system to run AUTOEXEC.BAT, which will set  up PGPPATH
and TZ for you.

 Generating Your First Key
 -------------------------

One of the first things you  will want to  do  to really use PGP  (other
than to test  itself) is to generate your own key.  This is described in
more detail in the "RSA Key Generation" section of the PGP User's Guide.
Remember that your key becomes something like  your written signature or
your bank card code number or even a house key - keep it secret and keep
it secure!  Use a long, unguessable pass phrase and remember  it.  Right
after you generate  a key, put it on your key rings and copy your secret
keyring (SECRING.PGP) to a blank floppy and write protect the floppy.

If  you  are a first-time user of PGP,  it is a  good idea to generate a
short test key, with a short  passphrase, to play around with PGP for  a
little bit and  see  how  it  works,  or even  more  than one so you can
pretend  to be sending messages between two different people.  Since you
won't be guarding any secrets, this can be  short and have a simple pass
phrase.  But when you  generate your permanent  key, that  you intend to
give to  others so  they can send secure messages  to you, be  much more
careful.

After you generate your own key pair, you can add a few more public keys
to your key ring.  A collection of  sample public keys is  provided with
the release  in the file KEYS.ASC.  To add them to your public key ring,
see the PGP  User's  Guide, in  the section on adding  keys  to your key
ring.

 Verifying the PGP distribution
 ------------------------------

Now that you have PGP up and  running and have read in the KEYS.ASC file
you can now verify the  integrity of the original distribution.   To  do
this type:

   pgp pgp262i.asc

It will inform  you that  pgp262i.asc contains a signature but  no text.
It may then ask you to provide the name  of the file that it applies to.
Type in "pgp262i.zip", the internal ZIP file.

PGP should tell you that it has a Good Signature from:

Jeffrey I. Schiller <jis@mit.edu>

It  will also  tell  you  that it doesn't "trust"  my (jis@mit.edu) key.
This is because PGP does not *know* that the enclosed key really belongs
to me. Don't worry  about this now. Read  the  section "How  to  Protect
Public Keys from Tampering" in Volume 1 of the PGP manual.

 READ THE FINE MANUAL (RTFM)
 ---------------------------

READ THE DOCUMENTATION.  At least read Volume I of the PGP User's Guide.
Cryptography  software  is easy  to  misuse,  and if  you  don't  use it
properly much  of the security  you could gain by using it will be lost!
You might  also  be  unfamiliar  with  the  concepts  behind  public key