Eric Maryniak - Installing PGP 2.6.3i on Unix

Here follows some step-by-step instructions on how to compile and set up PGP 2.6.3i on a typical Unix system.


Compiling PGP 2.6.3i on SunOS 4.1.3 with gcc

by
Eric Maryniak
e.maryniak@pobox.com

This document gives extra installation information not present or not clear (to me, anyway) in the existing documents and FAQs. The hints below are a result of some trial and error! Also note that there is a hot and new PGP version (5.0). Check out The International PGP Home Page.

Disclaimer: usage of this information is completely at your own risk. I have tried to be as accurate as possible but can not be held responsible for it in any way. I was pretty new in the PGP area, when I wrote this ;-). Questions should NOT be emailed to me, but to pgp-bugs@ifi.uio.no.

  1. Move the gnu-zipped (or compressed) PGP tar file to a working directory.

  2. Extract the tar file from the gnu-zipped file ($ is the prompt):
           $ gunzip pgp263is.tar.gz
           
  3. Extract the files from the tar archive:
           $ tar xvf pgp263is.tar
           
  4. Extract the source tar file (pgp263ii.tar):
           $ tar xvf pgp263ii.tar
           
  5. Go to the source directory en do a make for SunOS with gcc. A make for the standard Sun C compiler (cc), which is of inferior quality, requires Wietse Venema's "unproto" package. Just use gcc like forty million sensible people on the Internet do!
           $ cd src
           $ make sun4gcc
           
  6. If the make was successfull, there should be a binary 'pgp' in the src directory. Before installing 'pgp', run a test with a temporary key (use 'test' as userid/password). PGP will complain about a 'config.txt' file missing, ignore this. First create a directory '.pgp' in your home directory (note the dot!). It is a good idea to protect this directory from access by others, if not already so. The 700 mode does not protect your directory from access by the super-user (root) or from a hacker who has gained root privileges. Keep this in mind on a multi-user system like Unix. Note: replace the tilde (~) with $HOME if you're not using bash or a C-shell.
           $ mkdir ~/.pgp
           $ chmod 700 ~/.pgp
           $ ./pgp -kg
           
    Add the keys from the file 'keys.asc' to your public key ring and sign at least one key:
           $ ./pgp -ka ../keys.asc
           
    Do a keyring check:
           $ ./pgp -kc
           
    Encrypt and decrypt the file 'pgpdoc1.txt' in the 'doc' subdirectory and compare (diff) afterwards. There should be no differences:
           $ ./pgp -e ../doc/pgpdoc1.txt test -o testfile.pgp
           $ ./pgp testfile.pgp
           $ diff ../doc/pgpdoc1.txt testfile
           
  7. If the tests were successfull, install 'pgp' in a suitable bin directory and put the man page in a man1 directory. Move the doc (documentation) directory to a suitable place as well. At least study the 'pgpdoc1.txt' document. You may want to copy and/or print out the readme.1st, setup.doc and pgp.hlp (handy 1-page overview of PGP commands) files as well.
           $ mv pgp /usr/local/bin
           $ mv ../doc/pgp.1 /usr/local/man/man1
           $ mv ../doc /usr/local/info/pgp
           
  8. Now the finishing touch! First completely remove the bogus key rings:
           $ cd ~/.pgp
           $ rm pubring.* secring.*
           
    Generate your true key now (pgp -kg). Military grade (1024 bits) is best. The userid should be something like:
               James Bond <j.bond@dept00.mi5.gov.uk>
           
    Copy the 'config.txt' to the ~/.pgp PGP directory and replace the entry 'MyName' appropiately with a substring of the userid you entered above, e.g. "James Bond". You may have to change the permissions first with:
           $ chmod u+w config.txt
           
    But don't forget to set them back afterwards:
           $ chmod u-w config.txt
           
    What to do with existing public and/or secret key rings: Existing key rings (e.g. from your Dos PGP version) can be added to the Unix PGP version by extracting the keys to an ascii file. Important note: if you want to use the same secret key under Unix, you must add the 'secring.pgp' key ring to your (empty) Unix secret key ring _before_ adding the public keys! In that case, answer 'yes' when this question pops up:
               ...
               also appears in the secret key ring.
               Use this key as an ultimately-trusted introducer (y/N)?
           
    It is questionable to put your secret key ring on a multi-user system (such as Unix). For more info, consult one of the PGP FAQs.

    We continue with our example for the public keys (when adding secret key(s) replace 'pubring' with 'secring'). Under Dos do this (PGP is in 'c:\pgp' and 'c:\>' is the prompt):

           c:\> pgp -at c:\pgp\pubring.pgp
           
    Add the generated file 'pubring.asc' to the Unix key ring. The file 'pubring.asc' should NOT be in your PGP home directory (~/.pgp); use a working directory for this. It is a good idea to protect this directory from access by others ('chmod 700 the_dir').
           $ pgp ./pubring.asc
           
    Answer 'yes' (simply give a return) to the rename question and then re-run pgp:
           $ pgp ./pubring.pgp
           
    Answer 'yes' to the adding question.

  9. Finally, clean up the working directory where the PGP files are. Also clean up the working directory where you any key rings from step 7. You don't want to have your secret key rings lying around.

Happy and secure e-mailing!

Eric Maryniak

RFC-822: e.maryniak@pobox.com

 There's no page like home page.


Permanent URL: http://pobox.com/~e.maryniak/publications/pgp.2.6.3i.html
Page last modified on 2012-02-05, by Eric Maryniak (e.maryniak@pobox.com).