1998-04-03 - instructs for using PGP 5 freeware with Eudora and 2.6.2 keys

Header Data

From: David Honig <honig@otc.net>
To: cypherpunks@toad.com
Message Hash: 439a67122382b9531c082a888b62b5daae95965cd6a9098349d9a6c917470304
Message ID: <3.0.5.32.19980402215130.007a85d0@otc.net>
Reply To: N/A
UTC Datetime: 1998-04-03 05:52:08 UTC
Raw Date: Thu, 2 Apr 1998 21:52:08 -0800 (PST)

Raw message

From: David Honig <honig@otc.net>
Date: Thu, 2 Apr 1998 21:52:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: instructs for using PGP 5 freeware with Eudora and 2.6.2 keys
Message-ID: <3.0.5.32.19980402215130.007a85d0@otc.net>
MIME-Version: 1.0
Content-Type: text/plain



Since I grew impatient navigating geocities' UI,
I am sending this in the hope that it will be useful.
Propogate at will.


Using Eudora+PGP 5 with
2.6.2-Compatible RSA Keys
for Win95 for Dummies

4/3/98
honig@alum.mit.edu

Intro

I explain how to install and use the slick Eudora and PGP 5 freeware on 
Windows95 while maintaining full back-compatability with PGP v. 2.6.2 users. 
The installation path for compatability with 262 is not the obvious one
a new user would take.  Thus this document.

The install takes about 10 minutes and the software is free.  The strength
of your key is the same.

What is Eudora?  PGP?

Eudora is a popular, powerful, easy to use GUI POP3 email client.  Free
versions
are available.

PGP is a public-key encryption package.  PGP 5 freeware includes a plug-in
for Eudora,
making secure email not only possible, but nearly transparent.  That is key
to widespread
use which is key to the success of any protocol.  

But some people use only PGP 2.6.2, or 262 it is built into their MacOS.
The problem is that
262 uses "RSA" keys only, but PGP 5 can also use "Diffie-Hellman" keys.  In
fact,
the freeware version of PGP 5 does not allow the creation of RSA keys.

These instructions tell you how to set up Eudora + PGP so you can
painlessly use these tools with all popular PGP versions.  The newer PGP 
does not generate keys that the earlier PGP can use; but the 
newer version imports them.  So if we take the trouble to use the older
version of PGP to make our key, we can use our slick GUI email tools with
everyone, even the 2.6.2 throwbacks who probably use rotary phones,
carburators, etc.

I use "PGP 2.6.2 key" to mean the RSA key version supported by PGP 2.6.2,
and "PGP 5 key" to mean the
Diffie-Hellman key supported by the freeware version.  Both variants are
based on the ease
of multiplying two numbers and difficulty of factoring the product of large
indivisible ("prime") numbers.


Installation Instructions

You will use defaults everywhere.

1. Download and install Eudora lite 3.05 (eul305.exe)
	from http://eudora.qualcomm.com/eudoralight/
	This creates c:\Eudora by default.

	Use Tools | Options | Getting Started and Hosts to specify
	your POP email account (e.g., joe@xyz.com) and your
	SMTP (outgoing) host (e.g., mail.isp.com).

	TEST: Run Eudora, send yourself email, wait a minute, retrieve it, exit.

2. Download and install PGP 5 freeware (pgpinstall.exe)
	Do NOT create a key if asked to do so.  PGP 5 makes keys incompatible
	with PGP 2.6.2.  You will use a 2.6.2-compatible key you make later on.

	This creates c:\Program Files\PGP\PGP5.0 and installs a plug-in
	to Eudora.

	TEST: Start Eudora, look for PGP tools in toolbar.


Easier Setup If You Can:

1 & 2. Download Eudora + PGP together 
	from http://eudora.qualcomm.com/eudoralight/
	and install.  (I can't access this so I don't know about installing it.)
	TEST: send yourself email as above.  Check for PGP tools as above.

HERE'S THE RETRO-COMPATABILITY PART

3. Download pgp262.zip.  
	Create new directory c:\pgp262.  Go there.
	Unzip the file there.  
	Read the instructions, you may have to set some variables before using PGP262
		SET PGPPATH=C:\PGP262
		SET PATH=C:\PGP262;%PATH%
		SET TZ=PST8PDT

	While in that directory:

4. Create a 2.6.2 key with PGP 2.6.2:
	 Run "pgp -kg" and do what it says.  You will provide a username. Use
	your email address.  You will also provide a passphrase to hide your
	private key.  Pick a phrase you can remember, that others can't guess.
	You'll have to type your passphrase to prove who you are (when you
	use your private key).

5. Export your 2.6.2 key to a file:
	Run "pgp -kxa yourname mykey" where "yourname" is the username you used
	above. This creates a file mykey.asc which is your public key suitable for
emailing.

6. Import your key into PGP 5:
	Double click on the file "mykey.asc" that you just created.  

7. Make sure your PGP262 key is your Default (e.g., if you made a PGP 5 key):
	Run PGPKeys, e.g., from Eudora.  Select your key with the blue icon.
	Right-click to see its properties. Its key type should be "RSA".
	Right-click and select Set As Default.

TO TEST PGP

Send yourself a regular email addressed to the username you used above,
which should
be your email address, to verify that functionality didn't break.  Then
send a second letter, this time, select Eudora's PGP MIME button AND the
PGP Encrypt button.  Then send your letters.  Wait a bit, and retrieve your
mail as you did before.  To read the encrypted version run the Plug-in.
You will be prompted for your passphrase.

If one of your dinosaur 2.6.2 associates sends you a block of text, use the
PGP Decrypt button.  You will be
prompted for your passphrase.

To send email to other people, you will have to import their public keys.


Security Note

Your private key is hidden in the \Program Files\PGP\PGP50\SECRING.SCR
file.    Its also
in the c:\pgp262\SECRING.PGP file.

If threse files are copied by opponents, only your passphrase stands
between them and your secret key.
Your mykey.asc file is the opposite: it should be published so people can
send messages to you (and verify that you signed and sent what was received
by them, etc.) PGPKeys lets you export your key to a well-known server
which functions like a phone directory.


honig@alum.mit.edu
------------------
"Are we going after their tax returns?  I can only hope that we are,
frankly, doing a little persecuting" ---Nixon to Erlichman,
on tax audits of wealth Jewish contributors to the Democrats.
	-LA Times 1.4.98







Thread