Surfaces logoPGP and Surfaces


Table of content:


Introduction

PGP stands for "Pretty Good Privacy" and is a cryptography software, releaased in the public domain. It uses both "public key" and "conventional" (secret keys) cryptography.

With PGP, you can achieve these results:

For this, a user must obtain a pair of "keys", one public and one secret. The first one is distributed everywhere, by any means, but the second one is only known by its proprietary. A file encrypted with a public key can only be decrypted with the corresponding secret key. Reverse is also true.

Once someone has these two keys, you can perform the two preceding operations this way:


Surfaces and PGP

All Surfaces articles are signed with PGP, both HTML and SGML versions. It is thus possible for the readers to check if they are really reading the original articles, as published by Surfaces, without any modification.

This signature is transparent for the readers, if they don't want to use this feature. Web browsers or Panorama won't be affected by the signature and will display the documents in the usual manner. Readers can thus continue to read Surfaces articles as always.

But if a reader wants to verify the articles signatures, he needs first to get and install PGP. Then, he has to save the article source (HTML or SGML) locally, and use PGP to verify the signature.

You will find how to use PGP shortly, but first lets take a look at how to save Surfaces articles locally, on your computer:

Once you have done that, you have a local copy of the article, on your hard disk, or anywhere you decided to save it. You can then use PGP to check for its integrity and anthenticity, and we will show you how to do this in a few moments.


Getting PGP

PGP is in public domain , but the power of its algorithm has given a lot of trouble to its author with american laws. It is therefore a little more difficult to distribute, and you should check with your local laws if you really can use this software.

We must mention that the use of PGP in France, Irak, and Iran is illegal. There may be other countries where there are restrictions, so please verify before.

You can get PGP from different sources, depending on where is located the computer where you will install it.

For Canada and United States, you must firts answer some short questions, then you choose the right platform for you (DOS, UNIX, Macintosh).

For the international version, you only need to choose the right platform. Althoug there seems to be a Windows version of PGP, you should really get the DOS version, even if you're running Windows.


Installing PGP

Installing PGP is probably the most difficult step. We will try to give instructions with as much details as possible. As always, instructions differ if you use DOS/Windows or a Macintosh.

Instructions for DOS/Windows

  1. Create a directory named "PGP26" at the root of your hard disk. You should use the file manager or Windows Explorer to do this.

  2. Copy the file "PGP262.ZIP" (that you got before) in the directory just created (C:\PGP26). Once again, you should use the file manager or Windows Explorer to do this.

  3. Open a DOS window.

  4. Go to the directory "C:\PGP26", by typing "cd \PGP26".

  5. Uncompress the file PGP262.ZIP. To do it, use the PKZIP utility, or any other similar program. If you have PKZIP installed, you can uncompress the file by typing "pkunzip -d PGP262.ZIP".

  6. Add a few lines to your "autoexec.bat" file. To edit this file, type "edit c:\autoexec.bat". Add the following lines at the end of the file:

              SET PGPPATH=C:\PGP26
              SET PATH=C:\PGP26;%PATH%
              SET TZ=GMT-nn
    

    For the last line, replace "nn" by the number of hours before GMT of your time zone. For instance, in eastern Canada and United States, you must type "SET TZ=GMT-5".

  7. Reboot your computer, or execute your command file by typing "autoexec".

PGP should now be installed, and you can run it from anywhere since it is in your "PATH".

Instructions for Macintosh

To install PGP on a Macintosh (MacPGP), you must follow these intructions:

  1. Uncompress the file you downloaded ("MacPGP2.6.2-130v1.hqx") with Stuffit Expander or any other compatible software.

  2. You will get a folder named "MacPGP2.6.2-Installation Folder". in this folder, you will find a file called "MacPGP2.6.2-130v1-inner". Double-click on this file to install the software.

  3. During the installation, you will be asked for the destination folder for MacPGP. After the installation, you will get a folder named "MacPGP2.6.2 Folder". It is your main MacPGP folder, and the software itself is the file "MacPGP262".


Using PGP

Decrypting files with PGP is fairly simple, and we will only explain this operation and how to add a key to your key ring.

If you need more information on PGP, type "pgp -h" with the DOS version, or choose the "Help" menu with the Macintosh version.

To verify a Surfaces article, you must first add the Surfaces public key to your personal key ring. In DOS/Windows, follow these steps:

  1. Download Surfaces public key here and save this file (item "Save as..." of the "File" menu in Netscape or Internet Explorer).

  2. Open a DOS window, and type the following command:

    pgp -ka surfaces_key

    The "surfaces_key" file is the one you saved at the previous step.

On a Macintosh, follow these steps:

  1. Download Surfaces public key here and save this file (item "Save as..." of the "File" menu in Netscape or Internet Explorer).

  2. Start MacPGP, and choose the "Add Keys..." item from the "Key" menu.

  3. Choose the file you just saved at the preceding step.

  4. Choose your public key ring, which should normally be the "pubring.pgp" file, in your "MacPGP2.6.2 Folder" folder.

To verify a signature in an article file, you should simply type "pgp file_name" in DOS/Windows. Of course, you must include the entire path to the file if it's not located in the current directory. If the file really comes from Surfaces, you should get a confirmation from PGP. If not, you'll get an error.

On a Macintosh, you must choose the "Open/Decrypt..." item of the "File" menu. You then choose the file to verify, and you should get a confirmation that the file comes from Surfaces. If not, you'll get an error.


Surfaces public key

Surfaces public key is available here. You can save this file to add it to your public key ring. Then you'll be able to verify the anthenticity the integrity of Surfaces articles.


For more information on PGP

If you want to know more about PGP, including how to use it and the legal aspects, please follow these links:


Signing of Surfaces articles, along with this document, have been done by Martin Sévigny for Surfaces.


| Home page | Search | SGML | Forum | Call for Papers | Accueil |


Last update: September 15, 1996
Responsible: Guylaine Beaudry