GETTING AND INSTALLING COMMAND LINE PGP FOR LINUX
Being Sneaky Pays Off
by Chuck Steele
sandspur@seii.net
http://www.pcola.com/sandspur/
PENSACOLA LINUX USER GROUP

OPENING REMARKS

This help file is to show Linux users in the United States how to get,  install, and get started with the Pretty Good Privacy program.

Many PGP users, like me, have wondered the whole world does not flock to using the program and why it has not become a "killer app."  In the December 2001 WIRED magazine (p. 52) WIRED asked Phil Zimmermann, PGP creator,  "...few people use PGP today.  Why is that?"  Here is part of his response.  "I think the biggest problem is ease of use."  It takes effort to get the program and to learn how to use it.

PGP takes a minimum of two to tango.  I hope that if this article gets you started with PGP that you will take it upon yourself to teach at least one other person to use Pretty Good Privacy.

GETTING PGP

PGP version 6.5.8 is readily available at the MIT download site:

   <http://www.web.mit.edu/network/pgp.html>

Remember into which directory you want to download the file.  I made a directory named "siva" after the Hindu god of destruction and creation, Siva, like this:

   mkdir siva

I downloaded the following file into the directory siva:

   PGPcmdln_6.5.8.Lnx_FW.rpm.tar

Now is the time to deal with the tarball.  As root use the following command while in your download directory:

   tar -xf PGPcmdln_6.5.8.Lnx_FW.rpm.tar

Type:

   ls

Behold the contents of the directory you are in.  There are some good README and WhatsNew files which you can read with vi or your favorite text editor.  The .rpm file we will use to install PGP is here too.

INSTALLING PGP

Still as root and in your download directory type:

   rpm -Uvh  PGPcmdln_6.5.8_Lnx_FW.rpm

The marvels of Linux will proceed and PGP will be installed on your hard  drive.  Gee whiz, no instant gratification!  Lets quit being root and become a lowly user.  Type:

   exit

Lets go back to our login (or home) directory:

   cd~

PGP, when it is all going, is available in the background as one of those "hidden" files.

Looking for signs of PGP type:

   ls -a

No signs of PGP yet.  Darn!  After GETTING STARTED WITH PGP it will be a different story.

GETTING STARTED WITH PGP

We are going to generate our public and private key pair.  PGP can be evoked in any directory but lets stay where we are and type:

   pgp -kg

You will be prompted to make some choices and generate some keystrokes that will make your keys unique.  I chose a 2048 bit key and the RSA algorithm because that is what most of my fellow conspirators use.

When you are finished generating your keys type:

   ls -a

Now a directory ".pgp" should be visible.  In it reside your public and private keyrings, pubring.pkr and secring.skr.  Let us proceed.

   cd .pgp

Note:  At any time now you can type "pgp -h" for the basic PGP commands available for your use.  Also, in the /usr/doc/pgp-6.5.8 directory there are some excellent .txt and .pdf files you can read with vi, xpdf, or the Adobe Acrobat Reader.

In the /usr/doc/pgp-6.5.8 directory is a file named SampleKeys.asc.  We are going to add a public key block to your public keyring --- in a minute we are going to check to see if the .rpm file we used to install PGP was good.

   cd /usr/doc/pgp-6.5.8

Type:

   pgp -ka SampleKeys.asc

Lets check to see if we have a good version of the .rpm file.  Type:

   rpm --checksig  PGPcmdln_6.5.8_Lnx_FW.rpm

If we have a good copy we will get a response which looks like this:

    PGPcmdln_6.5.8_Lnx_FW.rpm:  md5 OK

We need to extract a copy of your public key so that you can exchange keys with other PGP users.  I am going to use the -a option to get an ASCII armored file.  This is useful because you can view the output of the file with a text editor.  You can demonstrate to others the uniqueness of public keys and win PGP converts, hopefully.

   cd .pgp

  pgp -kxa Chuck <userid> moose.asc <name of the  public key file> pubring.pkr
 

   vi moose.asc <Chuck Steele's public key>

moose.asc will look something like this when viewed with vi
  

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.8

mQENAzyiCa8AAAEIAMzeOhDS0y4pURNO0+iGuQUZuoZISLwCF4ZM/jZDOXwv403I
Ka9ITcOw2SLN+UF9yUXqwznYRk5xE1GZuc6wOe6RZH8pK2DWQ1mZR1bsLP1ZC1Z9
QNSrzZ4qMYatidQwUE5+iKmxpYJmeVX0gRV5MshHPGuXgsazvT4/TecuBw73F6oS
YLz33H/y7EzovasqWxgOBc7t2lEZTcsMJN+/2W6OEyH5jNdFA0VUtaHsnxH35KCL
HRh37GorkeMwrw80JOTHoFkbSk8do+6X54CnA42RReo8n4t1KZxNdQLq51dRXCN6
1qLdI8iiN70NOyts6ZGOVK3KogTtuSHUqX3aPKsABRG0IENodWNrIFN0ZWVsZSA8
c2FuZHNwdXJAc2VpaS5uZXQ+iQEVAwUQPKIJr7kh1Kl92jyrAQFcRwf/bFYzGaVz
e/QKTE97i1orPrfJMBpbbHvkdV1vm1gVQDEM7O7NYy5kYef57lI55yNqdjI4eowc
xoYRWNRUsnIMps2xy0RbjIhAJ5XUBT1tTrdTrQHQuV1QkV+Etbl7zXRbFnctORvl
e7N+BrL9gh4kE256NAFQpbBdCoZ30xudukGliBMAeb97RQmhbyey9JTooftm2Vuo
Izcsan/LlpWCToOiBHyyjYY3a6fdryvuDJePsxJNAoPsA02WPIH6Y7Tcnz/02Im5
R+URyl99cW6lj55WHn/p3PdCQpyJNKOfPjzRxY5j9WohuZU3H3YEV++8yI712xr0
TJNAQMR708/BXw==
=LdjR
-----END PGP PUBLIC KEY BLOCK-----


The rest is up to you.  You will need to exchange public keys with other
users and add their keys to your public keyring.  This can be done via e-mail
attachments, on a floppy, or by posting your key on a keyserver.


CONCLUSION


Being able to encrypt files on your own computer and exchange information
securely with others over the Internet is inherently cool.  Some governments
think otherwise.  With unencrypted e-mail you can tell your sweetie of your
affection.  With PGP you can be a lot more specific as to how you would like
to demonstrate your affection.


If you see any glaring errors or need some clarification do not hesitate
to contact me by e-maiil <sandspur@seii.net>.  Also, if you get started
with PGP add my public key to your keyring, send me yours, and we can try
an exchange of encrypted text.  Have fun...be sneaky...