instructs for using PGP 5 freeware with Eudora and 2.6.2 keys
Since I grew impatient navigating geocities' UI, I am sending this in the hope that it will be useful. Propogate at will. Using Eudora+PGP 5 with 2.6.2-Compatible RSA Keys for Win95 for Dummies 4/3/98 honig@alum.mit.edu Intro I explain how to install and use the slick Eudora and PGP 5 freeware on Windows95 while maintaining full back-compatability with PGP v. 2.6.2 users. The installation path for compatability with 262 is not the obvious one a new user would take. Thus this document. The install takes about 10 minutes and the software is free. The strength of your key is the same. What is Eudora? PGP? Eudora is a popular, powerful, easy to use GUI POP3 email client. Free versions are available. PGP is a public-key encryption package. PGP 5 freeware includes a plug-in for Eudora, making secure email not only possible, but nearly transparent. That is key to widespread use which is key to the success of any protocol. But some people use only PGP 2.6.2, or 262 it is built into their MacOS. The problem is that 262 uses "RSA" keys only, but PGP 5 can also use "Diffie-Hellman" keys. In fact, the freeware version of PGP 5 does not allow the creation of RSA keys. These instructions tell you how to set up Eudora + PGP so you can painlessly use these tools with all popular PGP versions. The newer PGP does not generate keys that the earlier PGP can use; but the newer version imports them. So if we take the trouble to use the older version of PGP to make our key, we can use our slick GUI email tools with everyone, even the 2.6.2 throwbacks who probably use rotary phones, carburators, etc. I use "PGP 2.6.2 key" to mean the RSA key version supported by PGP 2.6.2, and "PGP 5 key" to mean the Diffie-Hellman key supported by the freeware version. Both variants are based on the ease of multiplying two numbers and difficulty of factoring the product of large indivisible ("prime") numbers. Installation Instructions You will use defaults everywhere. 1. Download and install Eudora lite 3.05 (eul305.exe) from http://eudora.qualcomm.com/eudoralight/ This creates c:\Eudora by default. Use Tools | Options | Getting Started and Hosts to specify your POP email account (e.g., joe@xyz.com) and your SMTP (outgoing) host (e.g., mail.isp.com). TEST: Run Eudora, send yourself email, wait a minute, retrieve it, exit. 2. Download and install PGP 5 freeware (pgpinstall.exe) Do NOT create a key if asked to do so. PGP 5 makes keys incompatible with PGP 2.6.2. You will use a 2.6.2-compatible key you make later on. This creates c:\Program Files\PGP\PGP5.0 and installs a plug-in to Eudora. TEST: Start Eudora, look for PGP tools in toolbar. Easier Setup If You Can: 1 & 2. Download Eudora + PGP together from http://eudora.qualcomm.com/eudoralight/ and install. (I can't access this so I don't know about installing it.) TEST: send yourself email as above. Check for PGP tools as above. HERE'S THE RETRO-COMPATABILITY PART 3. Download pgp262.zip. Create new directory c:\pgp262. Go there. Unzip the file there. Read the instructions, you may have to set some variables before using PGP262 SET PGPPATH=C:\PGP262 SET PATH=C:\PGP262;%PATH% SET TZ=PST8PDT While in that directory: 4. Create a 2.6.2 key with PGP 2.6.2: Run "pgp -kg" and do what it says. You will provide a username. Use your email address. You will also provide a passphrase to hide your private key. Pick a phrase you can remember, that others can't guess. You'll have to type your passphrase to prove who you are (when you use your private key). 5. Export your 2.6.2 key to a file: Run "pgp -kxa yourname mykey" where "yourname" is the username you used above. This creates a file mykey.asc which is your public key suitable for emailing. 6. Import your key into PGP 5: Double click on the file "mykey.asc" that you just created. 7. Make sure your PGP262 key is your Default (e.g., if you made a PGP 5 key): Run PGPKeys, e.g., from Eudora. Select your key with the blue icon. Right-click to see its properties. Its key type should be "RSA". Right-click and select Set As Default. TO TEST PGP Send yourself a regular email addressed to the username you used above, which should be your email address, to verify that functionality didn't break. Then send a second letter, this time, select Eudora's PGP MIME button AND the PGP Encrypt button. Then send your letters. Wait a bit, and retrieve your mail as you did before. To read the encrypted version run the Plug-in. You will be prompted for your passphrase. If one of your dinosaur 2.6.2 associates sends you a block of text, use the PGP Decrypt button. You will be prompted for your passphrase. To send email to other people, you will have to import their public keys. Security Note Your private key is hidden in the \Program Files\PGP\PGP50\SECRING.SCR file. Its also in the c:\pgp262\SECRING.PGP file. If threse files are copied by opponents, only your passphrase stands between them and your secret key. Your mykey.asc file is the opposite: it should be published so people can send messages to you (and verify that you signed and sent what was received by them, etc.) PGPKeys lets you export your key to a well-known server which functions like a phone directory. honig@alum.mit.edu ------------------ "Are we going after their tax returns? I can only hope that we are, frankly, doing a little persecuting" ---Nixon to Erlichman, on tax audits of wealth Jewish contributors to the Democrats. -LA Times 1.4.98
participants (1)
-
David Honig