Version 1.5

The comp.security.pgp FAQ

This is the list of Frequently Asked Questions for the Pretty Good Privacy (PGP) encryption program written by Phillip Zimmermann. It is posted to all comp.security.pgp newsgroups once a month, and is also available on the World-Wide Web.

See "About this document" for more information. The What's new section tells you what has been added, modified or removed in this version of the FAQ.

1. Introductory Questions

1.1 What is PGP?
1.2 Why should I encrypt my mail? I'm not doing anything illegal!
1.3 What are public keys and private keys?
1.4 How much does PGP cost?
1.5 Is encryption legal?
1.6 Is PGP legal?
1.7 What's the current version of PGP?
1.8 Is there an archive site for the comp.security.pgp groups?
1.9 Is there a commercial version of PGP available?
1.10 Is PGP available as a programming library, so I can write programs that use it?
1.11 What platforms has PGP been ported to?
1.12 Where can I obtain PGP?
1.13 I want to find out more!

2.1 Why can't a person using version 2.3 read my version 2.6 message?
2.2 Why does PGP complain about checking signatures every so often?
2.3 Why does it take so long to encrypt/decrypt messages?
2.4 How do I create a secondary key file?
2.5 How does PGP handle multiple addresses?
2.6 Where can I obtain scripts to integrate pgp with my email or news reading system?
2.7 How can I decrypt messages I've encrypted to others?
2.8 Why can't I generate a key with PGP for Unix?
2.9 When I clearsign a document in PGP, it adds a "dash-space" to several of my lines. What gives?
2.10 How do I encrypt more than one file at a time?
2.11 How can I give my passphrase to PGP automatically?
2.12 How come 'randseed.bin' got infected by a virus?
2.13 Why can't MacPGP find my secret key?
2.14 How do I set the TZ variable?
2.15 How do I determine if the PGP command worked?
2.16 Why does PGP 5.0 no longer ask for random keystrokes?
2.17 Are PGP 5.0/5.5 and PGP 2.6.x interoperable?

3.1 How secure is PGP?
3.2 Can't you break PGP by trying all of the possible keys?
3.3 How secure is the conventional cryptography (-c) option?
3.4 Can the NSA crack RSA?
3.5 Has RSA ever been cracked publicly? What is RSA-129?
3.6 How secure is the "for your eyes only" option (-m)?
3.7 What if I forget my pass phrase?
3.8 Why do you use the term "pass phrase" instead of "password"?
3.9 What is the best way to crack PGP?
3.10 If my secret key ring is stolen, can my messages be read?
3.11 How do I choose a pass phrase?
3.12 How do I remember my pass phrase?
3.13 How do I verify that my copy of PGP has not been tampered with?
3.14 I can't verify the signature on my new copy of MIT PGP with my old PGP 2.3a!
3.15 How do I know that there is no trap door in the program?
3.16 I heard that the NSA put a back door in MIT PGP, and that they only allowed it to be legal with the back door.
3.17 Is there a back door in the international version?
3.18 Can I put PGP on a multi-user system like a network or a mainframe?
3.19 Can I use PGP under a "swapping" operating system like Windows or OS/2?
3.20 Why not use RSA alone rather than a hybrid mix of IDEA, MD5, & RSA?
3.21 Aren't all of these security procedures a little paranoid?
3.22 Can I be forced to reveal my pass phrase in any legal proceedings?

4.1 Which key size should I use?
4.2 Why does PGP take so long to add new keys to my key ring?
4.3 How can I extract multiple keys into a single armored file?
4.4 I tried encrypting the same message to the same address two times and got completely different outputs. Why is this?
4.5 How do I specify which key to use when an individual has 2 or public keys and the very same user ID on each, or when 2 different users have the same name?
4.6 What does the message "Unknown signator, can't be checked" mean?
4.7 How do I get PGP to display the trust parameters on a key?
4.8 How can I make my key available via finger?
4.9 Should I put my key in my .signature?
4.10 Can a public key be forged?
4.11 How do I detect a forged key?

5.1 What is message signing?
5.2 How do I sign a message and keep it readable?
5.3 Can't you just forge a signature by copying the signature block to another message?
5.4 Are PGP signatures legally binding?
5.5 Is the date on a PGP signature reliable?

7.1 My secret key ring has been stolen or lost, what do I do?
7.2 I forgot my pass phrase. Can I create a key revocation certificate?
7.3 How do I create a key revocation certificate?
7.4 How do I indicate that my key is invalid when I don't have the secret key anymore?