PGP and SurfacesPGP and SurfacesPGP stands for "Pretty Good Privacy" and is a cryptography software, releaased in the public domain. It uses both "public key" and "conventional" (secret keys) cryptography.
With PGP, you can achieve these results:
Text encryption: this way, only the person you are sending the text to can decrypt the message and read it. It means that the content is confidential.
Signing texts: it lets people know where a text comes from, and if it has been altered. Signing texts assures anthenticity and integrity of the content.
For this, a user must obtain a pair of "keys", one public and one secret. The first one is distributed everywhere, by any means, but the second one is only known by its proprietary. A file encrypted with a public key can only be decrypted with the corresponding secret key. Reverse is also true.
Once someone has these two keys, you can perform the two preceding operations this way:
To encrypt a message (making it confidential), you use the public key of the person who will receive it. Only the corresponding secret key can decrypt the message, so only that person can "read" it.
To sign a message, you use your own secret key. So if someone wants to check if the message really comes from you, it has to decrypt it with your public key. If it works, it anthentifies that the message comes form you. PGP also adds information about the content of the message, so if this content has been altered, it will tell the receiving end.
All Surfaces articles are signed with PGP, both HTML and SGML versions. It is thus possible for the readers to check if they are really reading the original articles, as published by Surfaces, without any modification.
This signature is transparent for the readers, if they don't want to use this feature. Web browsers or Panorama won't be affected by the signature and will display the documents in the usual manner. Readers can thus continue to read Surfaces articles as always.
But if a reader wants to verify the articles signatures, he needs first to get and install PGP. Then, he has to save the article source (HTML or SGML) locally, and use PGP to verify the signature.
You will find how to use PGP shortly, but first lets take a look at how to save Surfaces articles locally, on your computer:
To save an HTML article that you are reading, just choose the "Save as..." item in the "File" menu of your browser. Be sure to save the file in HTML format.
To save an SGML article, you must do it before reading it with Panorama. You have to right-click (hold down the mouse button on a Macintosh) on a link to the SGML version of the article and choose "Save link as..." in the contextual menu. Be sure to save the file in "Original format" (SGML).
Once you have done that, you have a local copy of the article, on your hard disk, or anywhere you decided to save it. You can then use PGP to check for its integrity and anthenticity, and we will show you how to do this in a few moments.
PGP is in public domain , but the power of its algorithm has given a lot of trouble to its author with american laws. It is therefore a little more difficult to distribute, and you should check with your local laws if you really can use this software.
We must mention that the use of PGP in France, Irak, and Iran is illegal. There may be other countries where there are restrictions, so please verify before.
You can get PGP from different sources, depending on where is located the computer where you will install it.
For Canada and United States, you must firts answer some short questions, then you choose the right platform for you (DOS, UNIX, Macintosh).
For the international version, you only need to choose the right platform. Althoug there seems to be a Windows version of PGP, you should really get the DOS version, even if you're running Windows.
Installing PGP is probably the most difficult step. We will try to give instructions with as much details as possible. As always, instructions differ if you use DOS/Windows or a Macintosh.
Create a directory named "PGP26" at the root of your hard disk. You should use the file manager or Windows Explorer to do this.
Copy the file "PGP262.ZIP" (that you got before) in the directory just created (C:\PGP26). Once again, you should use the file manager or Windows Explorer to do this.
Open a DOS window.
Go to the directory "C:\PGP26", by typing "cd \PGP26".
PGP262.ZIP. To do it, use the PKZIP utility, or any other similar program. If you have PKZIP installed, you can uncompress the file by typing "pkunzip -d PGP262.ZIP".
Add a few lines to your "autoexec.bat" file. To edit this file, type "edit c:\autoexec.bat". Add the following lines at the end of the file:
SET PGPPATH=C:\PGP26
SET PATH=C:\PGP26;%PATH%
SET TZ=GMT-nn
For the last line, replace "nn" by the number of hours before GMT of your time zone. For instance, in eastern Canada and United States, you must type "SET TZ=GMT-5".
Reboot your computer, or execute your command file by typing "autoexec".
PGP should now be installed, and you can run it from anywhere since it is in your "PATH".
To install PGP on a Macintosh (MacPGP), you must follow these intructions:
Uncompress the file you downloaded ("MacPGP2.6.2-130v1.hqx") with Stuffit Expander or any other compatible software.
You will get a folder named "MacPGP2.6.2-Installation Folder". in this folder, you will find a file called "MacPGP2.6.2-130v1-inner". Double-click on this file to install the software.
During the installation, you will be asked for the destination folder for MacPGP. After the installation, you will get a folder named "MacPGP2.6.2 Folder". It is your main MacPGP folder, and the software itself is the file "MacPGP262".
Decrypting files with PGP is fairly simple, and we will only explain this operation and how to add a key to your key ring.
If you need more information on PGP, type "pgp -h" with the DOS version, or choose the "Help" menu with the Macintosh version.
To verify a Surfaces article, you must first add the Surfaces public key to your personal key ring. In DOS/Windows, follow these steps:
Download Surfaces public key here and save this file (item "Save as..." of the "File" menu in Netscape or Internet Explorer).
Open a DOS window, and type the following command:
pgp -ka surfaces_key
The "surfaces_key" file is the one you saved at the previous step.
On a Macintosh, follow these steps:
Download Surfaces public key here and save this file (item "Save as..." of the "File" menu in Netscape or Internet Explorer).
Start MacPGP, and choose the "Add Keys..." item from the "Key" menu.
Choose the file you just saved at the preceding step.
Choose your public key ring, which should normally be the "pubring.pgp" file, in your "MacPGP2.6.2 Folder" folder.
To verify a signature in an article file, you should simply type "pgp file_name" in DOS/Windows. Of course, you must include the entire path to the file if it's not located in the current directory. If the file really comes from Surfaces, you should get a confirmation from PGP. If not, you'll get an error.
On a Macintosh, you must choose the "Open/Decrypt..." item of the "File" menu. You then choose the file to verify, and you should get a confirmation that the file comes from Surfaces. If not, you'll get an error.
Surfaces public key is available here. You can save this file to add it to your public key ring. Then you'll be able to verify the anthenticity the integrity of Surfaces articles.
If you want to know more about PGP, including how to use it and the legal aspects, please follow these links:
Signing of Surfaces articles, along with this document, have been done by Martin Sévigny for Surfaces.
| Home page | Search | SGML | Forum | Call for Papers | Accueil |