Installing PGP 2.6.3i on Unix

Here follows some step-by-step instructions on how to compile and set up PGP 2.6.3i on a typical Unix system.

This document gives extra installation information not present or not clear (to me, anyway) in the existing documents (like 'readme.1st' and 'setup.doc') or FAQ's. The hints below are a result of some trial and error!

Disclaimer: usage of this information is completely at your own risk. I have tried to be as accurate as possible but can not be held responsible for it in any way. I'm pretty new in the PGP area ;-). Questions should NOT be emailed to me, but to pgp-bugs@ifi.uio.no.

1. Move the gnu-zipped (or compressed) PGP tar file to a working directory.

2. Extract the tar file from the gnu-zipped file ($ is the prompt):

          $ gunzip pgp263is.tar.gz
          

3. Extract the files from the tar archive:

          $ tar xvf pgp263is.tar
          

4. Extract the source tar file (pgp263ii.tar):

          $ tar xvf pgp263ii.tar
          

5. Go to the source directory en do a make for SunOS with gcc. A make for the standard Sun C compiler (cc), which is of inferior quality, requires Wietse Venema's "unproto" package. Just use gcc like forty million sensible people on the Internet do!

          $ cd src
          $ make sun4gcc
          

6. If the make was successfull, there should be a binary 'pgp' in the src directory. Before installing 'pgp', run a test with a temporary key (use 'test' as userid/password). PGP will complain about a 'config.txt' file missing, ignore this. First create a directory '.pgp' in your home directory (note the dot!). It is a good idea to protect this directory from access by others, if not already so. The 700 mode does not protect your directory from access by the super-user (root) or from a hacker who has gained root privileges. Keep this in mind on a multi-user system like Unix.

          $ mkdir ~/.pgp
          $ chmod 700 ~/.pgp
          $ ./pgp -kg
          

   Add the keys from the file 'keys.asc' to your public key ring and sign at least one key:

          $ ./pgp -ka ../keys.asc
          

   Do a keyring check:

          $ ./pgp -kc
          

   Encrypt and decrypt the file 'pgpdoc1.txt' in the 'doc' subdirectory and compare (diff) afterwards. There should be no differences:

          $ ./pgp -e ../doc/pgpdoc1.txt test -o testfile.pgp
          $ ./pgp testfile.pgp
          $ diff ../doc/pgpdoc1.txt testfile
          

7. If the tests were successfull, install 'pgp' in a suitable bin directory and put the man page in a man1 directory. Move the doc (documentation) directory to a suitable place as well. At least study the 'pgpdoc1.txt' document. You may want to copy and/or print out the 'readme.1st', 'setup.doc' and 'pgp.hlp' (handy 1-page overview of PGP commands) files as well.

          $ mv pgp /usr/local/bin
          $ mv ../doc/pgp.1 /usr/local/man/man1
          $ mv ../doc /usr/local/info/pgp
          

8. Now the finishing touch! First completely remove the bogus key rings:

          $ cd ~/.pgp
          $ rm pubring.* secring.*
          

   Generate your true key now (pgp -kg). Military grade (1024 bits) is best. The userid should be something like:

              James Bond <j.bond@dept00.mi5.gov.uk>
          

   Copy the 'config.txt' to the ~/.pgp PGP directory and replace the entry 'MyName' appropiately with a substring of the userid you entered above, e.g. "James Bond". You may have to change the permissions first with:

          $ chmod u+w config.txt
          

   But don't forget to set them back afterwards:

          $ chmod u-w config.txt
          

   What to do with existing public and/or secret key rings: Existing key rings (e.g. from your Dos PGP version) can be added to the Unix PGP version by extracting the keys to an ascii file. Important note: if you want to use the same secret key under Unix, you must add the 'secring.pgp' key ring to your (empty) Unix secret key ring _before_ adding the public keys! In that case, answer 'yes' when this question pops up:

              ...
              also appears in the secret key ring.
              Use this key as an ultimately-trusted introducer (y/N)?
          

   It is questionable to put your secret key ring on a multi-user system (such as Unix). See question 3.17 ("Can I put PGP on a multi-user system like a network or a mainframe?") in the PGP FAQ.

   We continue with our example for the public keys (when adding secret key(s) replace 'pubring' with 'secring'). Under Dos do this (PGP is in 'c:\pgp' and 'c:\>' is the prompt):

          c:\> pgp -at c:\pgp\pubring.pgp
          

   Add the generated file 'pubring.asc' to the Unix key ring. The file 'pubring.asc' should NOT be in your PGP home directory (~/.pgp); use a working directory for this. It is a good idea to protect this directory from access by others ('chmod 700 the_dir').

          $ pgp ./pubring.asc
          

   Answer 'yes' (simply give a return) to the rename question and then re-run pgp:

          $ pgp ./pubring.pgp
          

   Answer 'yes' to the adding question.

9. Finally, clean up the working directory where the PGP files are. Also clean up the working directory where you any key rings from step 7. You don't want to have your secret key rings lying around.

Happy and secure e-mail fun!

Eric Maryniak
June 6, 1995

eric@cv.ruu.nl

Última atualização em 10/06/1997 07:50:06 -03 por Henrique Holschuh, <henriqmh@dca.fee.Unicamp.br>