PGP: Program or Filter?

PGP is a program that takes input files, performs a set of operations, and writes an output file. Although this process resembles the functions of a program, PGP can also be thought of as a filter—you give it some input, it processes it and gives you some output. By looking at PGP this way you can see how easily it can be integrated into other programs.

Because PGP 2.6.2 is only distributed as an application program, not as a library, this chapter describes only the application user interface. Some applications that use PGP as a filter are mentioned at the end of this chapter, but most of the effort is spent in explaining the PGP user interface.

To use PGP in filter-mode, PGP should be run with the -f option. This tells PGP to use standard input and standard output for its main functional I/O. The use of filter-mode can change the arguments to various PGP functions because input and/or output files are no longer required. Command examples in this chapter try to explain what happens when PGP is used as a filter.

Compressing the Message

Whenever possible, PGP attempts to compress a message before sending it. This reduces the size of most messages sent by PGP. Of course, PGP compresses messages inside encryption, although it compresses outside a signature, thereby nesting the various operations on a message in the best possible order.

In other words, a PGP signed message first is signed, and then compressed; a PGP encrypted message first is compressed and then encrypted. When PGP combines signatures and encryption, compression happens between the two operations, after the signature is created but before the encryption takes place.

Compression is turned on by default and can be turned off using the COMPRESS option in the configuration file or by using the command-line option:

+compress=off

Processing Text and Binary Files

Files PGP creates are inherently in binary format, although PGP can process both binary and text files. Binary files are easy to work with because PGP can process the file byte-by-byte. When a text file must be processed, PGP needs to process the file with some special operations for it to transfer properly.

PGP has a canonical format for text files using a special character set and line ending convention. When processing a text file, PGP automatically converts messages from the local character set to ISO Latin-1, an international standard character set. It also uses a carriage return and newline at the end of each line. These text transformations are done before other processing can proceed.

When the PGP file is decrypted and verified, PGP converts the canonical message back into the local character set and local line ending convention. This way a message will never lose its characteristics across various platforms and interoperability can be achieved.

PGP requires you to specify when a text file is the desired file to process and which text-filtering options should be performed. PGP attempts to verify that a file is actually a text file and not a binary file by reading a few bytes of data and testing it. Therefore, it is safe to turn on textmode for non-text files.

To turn on textmode, you add the -t option to PGP. This option specifies that PGP should attempt to process the input file as a text file. If the input is binary, PGP will treat it as binary without the textmode filters.

The TEXTMODE configuration option can also be turned on in the configuration file so that PGP always attempts to use textmode when possible. When this setup is used, you can turn off textmode on the command line:

+textmode=off

Sending PGP Messages Via E-Mail

The files that PGP produces are generally binary files because the PGP protocol is inherently a binary protocol. However, PGP provides a mechanism to encode its binary output in ASCII armor, to protect it from transmission over links that require ASCII data, such as e-mail and netnews. This armor protects a PGP file during transport so that it will not be modified in transit.

Whenever PGP is asked to output PGP data, be it a message or a key, and the -a option is used, PGP will encode the output in ASCII armor. Usually you should use the -a option when creating messages for transmission to other users. Whenever you use ASCII armor, you should remember to use a MIME Transfer-Encoding of 7 bits.

Armor mode can be turned on by default using the ARMOR option in the configuration file. When this is done, Armor mode will always be used. To get binary output, you can turn off Armor mode on the command line:

+armor=off

You can also control the number of lines of armor that will be put in a single file. Because armorlines are 64 characters wide, you can effectively control the size of the output files. This is useful because some mailer software refuses to allow large messages through; large data need to be broken into multiple files to be sent successfully.

The number of lines of ASCII armor is controlled by the ARMORLINES configuration option. By default, armorlines is set to 720 lines per file. Users can set the number of armorlines to any non-negative integer value. A value of zero (0) will force PGP to output into a single armor file no matter how large the data size. Sometimes it is useful to set the ARMORLINES value in the configuration file to a useful size (if 720 lines does not suffice) and specify zero lines on the command line when a single output file is required:

+armorlines=0