|
|
| Previous | Table of Contents | Next |
When you receive a PGP message, you usually want to use PGP to unpackage it and retrieve the data. This might involve decrypting the message, or verifying the signature on the message. This is the default operation with PGP. It will try to decode the PGP message and decrypt and/or verify the message as necessary and capable.
~> pgp message.asc Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses. (c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Distributed by the Massachusetts Institute of Technology. Export of this software may be restricted by the U.S. government. Current time: 1995/11/27 19:52 GMT File is encrypted. Secret key is required to read it. Key for user ID: Ruth Thomas <tara@mail.Free.NET> 1024-bit key, Key ID D0C6326D, created 1995/11/14 You need a pass phrase to unlock your RSA secret key. Enter pass phrase:
PGP first attempts to decrypt the example message because it is encrypted. The message was encrypted for Ruth; she can enter her secret key pass phrase to decrypt the message. The pass phrase opens the secret key, and the secret key opens the message. With a successful pass phrase, PGP can continue processing the message.
Pass phrase is good. Just a moment...... File has signature. Public key is required to check signature.. Good signature from user “Derek Atkins <warlord@MIT.EDU>“. Signature made 1995/11/27 19:52 GMT Plaintext filename: message
The message was signed, so PGP attempts to verify the signature with the private key, assuming it is on the public key ring. In this case, the message was signed by Derek Atkins, and the message was not modified during transport. PGP will report the validity of the signature as best it can.
Finally, PGP deposits the decrypted, validated message into the output file. In this case, the file message contains the original message that was encrypted and signed. You can then read, process, or use the file.
Sometimes it is not possible to read a message. The message may have been encrypted using a key or set of keys you don’t have. In this case, PGP tries to tell you who can decrypt the message.
~> pgp -m message.asc Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses. (c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Distributed by the Massachusetts Institute of Technology. Export of this software may be restricted by the U.S. government. Current time: 1995/11/29 19:01 GMT File is encrypted. Secret key is required to read it. This message can only be read by: Philip R. Zimmermann <prz@acm.org> Jeffrey I. Schiller <jis@mit.edu> Derek Atkins <warlord@MIT.EDU> You do not have the secret key needed to decrypt this file. For a usage summary, type: pgp -h For more detailed help, consult the PGP User’s Guide.
Another situation in which you might not be able to decrypt a message is when the message is signed by a key that is not on the key ring. In this case, PGP asks for an alternate key ring, and if one is not supplied PGP will not verify the signature. It still attempts to output the message, if possible.
~> pgp -m message.asc Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses. (c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Distributed by the Massachusetts Institute of Technology. Export of this software may be restricted by the U.S. government. Current time: 1995/11/29 19:10 GMT File has signature. Public key is required to check signature. Key matching expected Key ID 82FF3459 not found in file ‘/tmp/pubring.pgp’. Enter public key filename: <Enter> WARNING: Can’t find the right public key--can’t check signature integrity. Plaintext message follows... ------------------------------ This is a signed message which is signed by an unknown key Done...hit any key Save this file permanently (y/N)? <Enter>
PGP tries to report any error conditions, although it is not perfect. It probably will inform you of an invalid signature, a signature by an untrusted key, or reveal other types of problems. To understand the cause of encryption and decryption problems, you need to be aware of the types of messages PGP supplies.
Some functions of PGP are slightly more advanced and intricate. Although the concepts mentioned in this section might be simple, their application and implication are much more difficult to grasp. The most important thing to remember is that whenever PGP operates on a file, the output is a PGP file. Table 11.3 lists most of the useful advanced commands.
| Command Parameters | Description |
|---|---|
| pgp -sat text file | Clearsigns a text message |
| pgp -sb text file | Creates a separate signature for a file |
| pgp -m | For Her Eyes Only mode |
| pgp -w filename | Wipes file clean |
| Previous | Table of Contents | Next |