PGP e-Business Server Version 7.0.1 ReadMe Copyright (c) 1999-2000 by Networks Associates Technology, Inc., and its Affiliated Companies. All Rights Reserved. Thank you for using Network Associates' products. This ReadMe file contains important information regarding PGP e-Business Server. Network Associates strongly recommends that you read this entire document. Network Associates welcomes your comments and suggestions. Please use the information provided in this file to contact us. Warning: Export of this software may be restricted by the U.S. Government. ___________________ WHAT'S IN THIS FILE - Enhancements/Fixes in this Release - New Features in PGP e-Business Server - Functionality Overview - Documentation - System Requirements - Installation - Known Issues - Additional Information - Contacting Network Associates - Copyright and Trademark Attributions __________________________________ ENHANCEMENTS/FIXES IN THIS RELEASE 1. AES support. This release of PGP adds support for the new Advanced Encryption Standard algorithm (Rijndael). 2. The TZFIX configuration variable is now being interpreted correctly. 3. When processing a text file without any encrypted data blocks or keyblocks, PGP now behaves correctly and sets the return code to 3. 4. PGP now correctly states that it is creating an ascii-armored file when using the "-at" command line option. Previously, it erroneously stated that it was creating a Clear Signature File. 5. Performing an encrypt and sign operation using a split key as the signing key now properly allows the user to reconstitute the key. 6. When encrypting and signing a file, PGP no longer prompts for the signing passphrase before validating the user ID and key ID belonging to the recipient. _____________________________________ NEW FEATURES IN PGP E-BUSINESS SERVER 1. Self-Decrypting Archive (SDA) creation. PGP e-Business Server 7.0 introduced a new powerful capability that helps you share encrypted data with users who do not own PGP. Using PGP e-Business Server's scripting interface, Windows 95/98/NT/2000 SDAs can be generated in an automated manner, regardless of what platform PGP e-Business Server is running on. This helps facilitate secure, one-way communication between the sender and the recipient of the SDA. 2. Improved scripting flexibility. This release gives administrators more flexibility on how this product behaves when performing bulk encryption/decryption processes. Administrators can now script responses to all questions asked by the product, thus providing maximum flexibility. Prior versions of PGP e-Business Server required administrators to accept the default responses for these prompts. 3. High performance design. PGP e-Business Server 7.0 introduced a new service (on certain platforms) that caches public keys that are used when encrypting data to business partners and customers. In environments where bulk encryption operations are performed regularly to large numbers of recipients, customers will see a significant improvement in processing time. 4. Parallel decryption support. This release introduces the ability to have multiple processes running in parallel decrypting files. Previously this capability was only available for encrypting files. 5. Administrator enforced settings on Unix platforms. PGP e-Business Server adds the ability for an administrator to enforce/override any settings that users of PGP e-Business Server specify. Settings stored in /etc/pgp/pgp-cfg override settings specified by the user via the command line, environment variables, or the PGP.CFG file. 6. New RSA key format. PGP e-Business Server 7.0 introduced a new RSA key format that provides support for PGP's Additional Decryption Key (ADK), designated revoker, and multiple encryption subkeys. Previously these features were only available to users with Diffie-Hellman keys. PGP will continue to support users who have RSA keys in the older key format (now called the RSA Legacy key format). 7. Twofish support. This release introduces the option of encrypting data using Twofish, a relatively new, but well regarded 256-bit cipher. Twofish is one of five finalists for NIST's new Advanced Encryption Standard (AES). You can obtain more information about Twofish at the following URL: http://www.counterpane.com/twofish.html 8. Enhanced key signing support. This release gives users/administrators three new signature type options when signing PGP keys: Non-Exportable, Meta-Introducer, and Trusted Introducer. These are in addition to the current signature type supported: Exportable. Users/administrators also now have the option of limiting the lifetime of a signature on a key, rather than always having the signature valid until revoked. 9. Split key support. This release includes support for PGP's key splitting technology. Based upon Blakely- Shamir key splitting standards, PGP can split private keypairs into a number of administrator-specified "shares." The key can be rejoined once an administrator-defined threshold of "shares" are presented. 10. Designated Revoker support. This release adds support for PGP's Designated Revoker feature for PGP v4 keys (both DH/DSS and RSA keys). Users can specify one or more keys that can act as a revoker for their own key. ______________________ FUNCTIONALITY OVERVIEW PGP e-Business Server provides a convenient way for you to integrate PGP's strong authentication and encryption features with other applications and automated processes. Examples include encrypting credit card transactions, or personnel records. The following commands provide on-line help for each of the major product areas: * To display all of the encryption/decryption options: pgp -h * To display all of the key management options: pgp -k * To display all of the group management options: pgp -g _____________ DOCUMENTATION Also included with this release are the following manuals, which can be viewed on-line as well as printed: * Introduction to Cryptography (IntrotoCrypto.pdf) * PGP e-Business Server Installation Guide (PGPeBusInstallGuide.pdf) * PGP e-Business Server User's Guide (PGPeBusinessGuide.pdf) Each document is saved in Adobe Acrobat Portable Document Format (.PDF). You can view and print these documents with Adobe's Acrobat Reader. PDF files can include hypertext links and other navigation features to assist you in finding answers to questions about your Network Associates product. To download Adobe Acrobat Reader from the World Wide Web, visit Adobe's Web site at: http://www.adobe.com/ For UNIX releases the following online documents are also included: * PGP.1 After the PGP e-Business Server product has been installed, this document can be found in: Linux: /usr/man/man1 Solaris: /opt/PGPeBiz/man/man1/ tar file for all platforms: /pgp-7.0.1/man/man1 For more information on how to view the man page, type "man man" (without quotes) at the command prompt (Unix). * PGPeBusInstallGuide.ps * PGPeBusinessGuide.ps * IntrotoCrypto.ps These are postscript files of the e-Business Server User's Guide, the e-Business Server Installation Guide and the Introduction to Cryptography. After the PGP e-Business Server product has been installed, these documents are located in: Linux: /usr/doc/pgp-7.0.1 Solaris: /opt/PGPeBiz/docs tar file for all platforms: /pgp-7.0.1/docs Documentation feedback is welcome. Send email regarding the documentation to tns_documentation@nai.com. ___________________ SYSTEM REQUIREMENTS To install PGP e-Business Server on a Windows NT or Windows 2000 system, you must have: - Windows NT version 4.0 (Service Pack 4 or later) or - Windows 2000 - 32MB RAM minimum - 8MB disk space for software To install PGP e-Business Server on a UNIX system, you must have: - One of these flavors of UNIX: - Solaris 2.6 or later - AIX 4.2 or later - HPUX 10.20 or later - Linux x86 Red Hat (RPM) 6.0 or later - 64MB RAM minimum for Solaris - 32MB RAM minimum for Linux, AIX, and HPUX - 10MB disk space for software - 10MB disk space in /opt partition for Solaris ____________ INSTALLATION To install PGP e-Business Server on a Windows machine: 1. Start the Windows system. 2. Download the PGP files to the system or insert the PGP CD-ROM into the CD-ROM drive. 3. Double-click SETUP.EXE to start the Setup program. Note: If you are installing from the CD-ROM, the Setup program automatically starts. If, however, the Setup program does not initiate, double-click SETUP.EXE in the Disk 1 folder on the CD-ROM. The PGP e-Business Server Welcome screen appears. 4. Review the information in the Welcome screen, then click Next. The Network Associates license agreement appears. 5. Review the license agreement information, then click Yes to accept the licensing terms. The ReadMe.txt file appears listing the new features and other important information regarding PGP e-Business Server. 6. Review the ReadMe.txt file, then click Next. The Choose a Destination Location dialog box appears. 7. Use the default destination directory or click Browse to navigate to a directory for your PGP files, then click Next. The Select Components dialog box appears. 8. Clear the components that you do not want to install. By default, both options are selected. * Program files (required). This option must be selected to install the program. * Program documentation. Select this option to install the PGP e-Business Server documentation. 9. Click Next. The PGP files are copied to the computer. 10. Click Finish to complete the PGP e-Business Server installation. To install the e-Business Server Solaris package on a Sun SparcStation: The Solaris package automatically extracts and installs all of the necessary software components in their proper directory locations. Note: To install the software, you must have root privileges. 1. Download the PGP package to the system or insert the PGP CD-ROM into the CD-ROM drive. To install from a CD-ROM drive you must also login as root, and cd to the install directory (/cdrom). The CD mounts automatically. If, however, the CD does not mount automatically, you can mount it by going into the root directory (Cd ..), and issuing the following command: #mount -F nfs -ro /dev/dsk/c0t6d0s2 /cdrom 2. If this is the first time you are installing the PGP e-Business Server product on this system, navigate to the directory where the PGPeBiz_x.x.x_Solaris file is located, and begin installing the package by issuing the following command: pkgadd -d PGPeBiz_x.x.x_Solaris (where x.x.x is the release number) If a previous version of the e-Business Server is installed on this system, you must remove it before you can install the new package. You can remove the installed package by issuing the following command: pkgrm PGPeBiz Note: If you install from a CD-ROM drive under Sun Solaris, you may receive a warning that tells you that the file system does not conform to ISO-9660 specifications. This is because the name of the file contains more than eight characters. Ignore this warning; the install will proceed without problems. 3. Review the license agreement information, then type Y to accept the licensing terms. The installer starts pgpsdkd, processes the package and system information, verifies disk space requirements, and installs the PGP e-Business Server program files. Note: The program files are installed to the default installation path of /opt/PGPeBiz/. 4. When the installation is complete, you can verify that the product was installed properly by issuing the following command: pkginfo -l PGPeBiz The status for the selected package should be "STATUS: completely installed." To install the e-Business Server tarball on a Sun SparcStation: 1. Download the PGP package to the system or insert the PGP CD-ROM into the CD-ROM drive. To install from a CD-ROM drive you must first copy the PGP installation file for your operating system to a temporary location on your systems harddrive. Then change your current working directory to that same location. 2. Uncompress the package by issuing the following command: gzip -d < PGPeBiz_x.x.x_Solaris.tar.gz | tar xvf - (where x.x.x is the release number) When the package is uncompressed, the pgp-x.x.x/ directory is created. 3. Login as root, then run the post install script from the pgp-x.x.x/ directory by issuing the following command: ./install.sh 4. To run PGP e-Business Server application, enter the following command: ./pgp To install PGP e-Business Server on AIX and HPUX systems: 1. Download the PGP package to the system or insert the PGP CD-ROM into the CD-ROM drive. To install from a CD-ROM drive you must first copy the PGP installation file for your operating system to a temporary location on your systems harddrive. Then change your current working directory to that same location. 2. Uncompress the package by issuing the following command: gzip -d < PGPeBiz_x.x.x_AIX.tar.gz | tar xvf - or gzip -d < PGPeBiz_x.x.x_HPUX.tar.gz | tar xvf - (where x.x.x is the release number) When the package is uncompressed, the pgp-x.x.x/ directory is created. 3. To run the PGP e-Business Server application, enter the following command: ./pgp To install PGP e-Business Server on Linux RPM systems: Note: To install the software, you must have root privileges. 1. Download the PGP files to the system or insert the PGP CD-ROM into the CD-ROM drive. 2. Install the package by issuing the following command: rpm -iv PGPeBiz_x.x.x_linux.i386.rpm (where x.x.x is the release number) Typing this command starts pgpsdkd automatically. The PGP program files are copied to the system. 3. When installation is complete, verify the PGP signature file by adding the PGP signature in the SampleKeys.Asc file found in /usr/doc/pgp-x.x.x/ directory to your keyring. Once the PGP signature is added to your keyring, issue the following command: rpm --checksig PGPeBiz_x.x.x_linux.i386.rpm (where x.x.x is the release number) If the signature is correct, the response from this command is "OK." To install the PGP e-Business Server tarball on Linux systems: 1. Download the PGP package to the system or insert the PGP CD-ROM into the CD-ROM drive. To install from a CD-ROM drive you must first copy the PGP installation file for your operating system to a temporary location on your systems harddrive. Then change your current working directory to that same location. 2. Uncompress the package by issuing the following command: gzip -d < PGPeBiz_x.x.x_linux.tar.gz | tar xvf - (where x.x.x is the release number) When the package is uncompressed, the pgp-x.x.x/ directory is created. 3. Login as root, then run the post install script from the pgp-x.x.x/ directory by issuing the following command: ./install.sh 4. To run PGP e-Business Server application, enter the following command: ./pgp ____________ KNOWN ISSUES 1. In the rare circumstance that the PGPsdkd daemon stops responding, simply stop the current process and re-start the daemon. 2. If a user declines to accept transmission of a key share over the network during key share reconstitution and then immediately tries to initiate a second attempt to receive the network share, the user may encounter an "address already in use by another socket" error. If this occurs, quit PGP and try again. 3. Any PGP 7.0 client product installed on Windows platforms after installing PGP e-Business Server 7.0.1 will cause e-Business Server to fail (error message: DLL entry point not found). Any such product must be installed BEFORE PGP e-Business Server 7.0.1. Any PGP 7.0.1 software can be safely installed before or after e-Business Server 7.0.1. ______________________ ADDITIONAL INFORMATION 1. PGP 7.0.1 provides secure memory locking for root accounts. If you are logged into a non-root account, the PGP banner displays "Warning: Using insecure memory." Note: Secure memory locking is not available for PGP e-Business Server on AIX systems. 2. Unlike previous versions of PGP, this version gathers entropy in the background. Therefore, you may not be prompted for keyboard strokes during key generation. 3. Unlike previous versions of PGP, this version does not automatically back up keyrings. This is the sole responsibility of the user. 4. Due to the processing power required for PGP key generation, we do not recommend that you attempt other concurrent PGP encryption/decryption operations at the same time as key generation. _____________________________ CONTACTING NETWORK ASSOCIATES You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to the Network Associates Customer Service department at the addresses or phone numbers listed below. Contact the Network Associates Customer Service department between 8:00 a.m. and 8:00 p.m. Central Time, Monday through Friday, at: Network Associates Customer Service 4099 McEwen Road, Suite 500 Dallas, Texas 75244 Contact information for corporate-licensed customers: Phone: (972) 308-9960 Email: services_corporate_division@nai.com Web: http://support.nai.com Contact information for retail licensed customers: Phone: (972) 308-9960 Email: cust_care@nai.com Web: http://www.pgp.com Send correspondence to any of the following Network Associates locations: Network Associates Corporate Headquarters 3965 Freedom Circle McCandless Towers Santa Clara, CA 95054 Network Associates offices outside the United States: Network Associates Australia Level 1, 500 Pacific Highway St. Leonards, NSW Sydney, Australia 2065 Phone: 61-2-8425-4200 Fax: 61-2-9439-5166 Network Associates Austria Pulvermuehlstrasse 17 Linz, Austria Postal Code A-4040 Phone: 43-732-757-244 Fax: 43-732-757-244-20 Network Associates Belgique BDC Heyzel Esplanade, boîte 43 1020 Bruxelles Belgique Phone: 0032-2-478.10.29 Fax: 0032-2-478.66.21 Network Associates do Brasil Rua Geraldo Flausino Gomez 78 Cj. - 51 Brooklin Novo - São Paulo SP - 04575-060 - Brasil Phone: (55 11) 5505 1009 Fax: (55 11) 5505 1006 Network Associates Canada 139 Main Street, Suite 201 Unionville, Ontario Canada L3R 2G6 Phone: (905) 479-4189 Fax: (905) 479-4540 Network Associates People's Republic of China Room 913, Tower B, Full Link Plaza, No. 18 Chao Yang Men Wai Avenue Beijing, China People's Republic of China 100044 Phone: 86 10 6538-3399 Fax: 86 10 6588-5601 Network Associates Denmark Lautruphoej 1-3 2750 Ballerup Danmark Phone: 45 70 277 277 Fax: 45 44 209 910 NA Network Associates Oy Mikonkatu 9, 5. krs. 00100 Helsinki Finland Phone: 358 9 5270 70 Fax: 358 9 5270 7100 Network Associates France S.A. 50 Rue de Londres 75008 Paris France Phone: 33 1 44 908 737 Fax: 33 1 45 227 554 Network Associates GmbH Ohmstraße 1 D-85716 Unterschleißheim Deutschland Phone: 49 (0)89/3707-0 Fax: 49 (0)89/3707-1199 Network Associates Hong Kong 19th Floor, Matheson Centre 3 Matheson Way Causeway Bay Hong Kong 63225 Phone: 852-2832-9525 Fax: 852-2832-9530 Network Associates Srl Centro Direzionale Summit Palazzo D/1 Via Brescia, 28 20063 - Cernusco sul Naviglio (MI) ITALY Phone: 39 02 92 65 01 Fax: 39 02 92 14 16 44 Network Associates Japan, Inc. Shibuya Mark City West 20F 1-12-1 Dougenzaka, Shibuya-ku Tokyo 150-0043, Japan Phone: 81 3 5428 1100 Fax: 81 3 5428 1480 Network Associates Latin America 1200 South Pine Island Road, Suite 375 Plantation, Florida 33324 United States Phone: (954) 452-1721 Fax: (954) 236-8031 Network Associates de Mexico Andres Bello No. 10, 4 Piso 4th Floor Col. Polanco Mexico City, Mexico D.F. 11560 Phone: (525) 282-9180 Fax: (525) 282-9183 Network Associates International B.V. Gatwickstraat 25 1043 GL Amsterdam The Netherlands Phone: 31 20 586 6100 Fax: 31 20 586 6101 Network Associates Portugal Av. da Liberdade, 114 1269-046 Lisboa Portugal Phone: 351 1 340 4543 Fax: 351 1 340 4575 Net Tools Network Associates South Africa Hawthorne House St. Andrews Business Park Meadowbrook Lane Bryanston, Johannesburg South Africa 2021 Phone: 27 11 700-8200 Fax: 27 11 706-1569 Network Associates South East Asia 78 Shenton Way #29-02 Singapore 079120 Phone: 65 222-7555 Fax: 65 222-7555 Network Associates Spain Orense 4, 4a Planta. Edificio Trieste 28020 Madrid Spain Phone: 34 9141 88 500 Fax: 34 9155 61 404 Network Associates Sweden Datavägen 3A Box 596 S-175 26 Järfälla Sweden Phone: 46 (0) 8 580 88 400 Fax: 46 (0) 8 580 88 405 Network Associates AG Baeulerwisenstrasse 3 8152 Glattbrugg Switzerland Phone: 0041 1 808 99 66 Fax: 0041 1 808 99 77 Network Associates Taiwan Suite 6, 11F No. 188, Sec. 5 Nan King E. Rd. Taipei, Taiwan, Republic of China Phone: 886-2-27-474-8800 Fax: 886-2-27-635-5864 Network Associates International Ltd. 227 Bath Road Slough, Berkshire SL1 5PP United Kingdom Phone: 44 (0)1753 217 500 Fax: 44 (0)1753 217 520 Or, you can receive online assistance through any of the following resources: 1. World Wide Web: http://support.nai.com 2. Telephone technical support Corporate-licensed customers: (972) 308-9960 Contact Network Associates Customer Service for information about technical support subscription plans. Retail-licensed customers: (972) 855-7044 To provide the answers you need quickly and efficiently, the Network Associates technical support staff needs some information about your computer and your software. Please have this information ready when you call: - Program name and version number - Computer brand and model - Any additional hardware or peripherals connected to your computer - Operating system type and version numbers - Network name, operating system, and version - Network card installed, where applicable - Modem manufacturer, model, and bits-per- second rate, where applicable - Relevant browsers or applications and their version numbers, where applicable - How to reproduce your problem: when it occurs, whether you can reproduce it regularly, and under what conditions - Information needed to contact you by voice, fax, or email *FOR PRODUCT UPGRADES* Network Associates has a worldwide range of partnerships and reseller relationships with hundreds of independent vendors, each of which can provide you with consulting services, sales advice, and product support for Network Associates software. For assistance in locating a local reseller, you can also contact Network Associates Customer Service at (972) 308-9960. *FOR REPORTING PROBLEMS* Network Associates prides itself on delivering a high-quality product. If you find any problems, please take a moment to review the contents of this file. If the problem you've encountered appears in the Known Issues section of this README.TXT file, Network Associates is already aware of the problem, and you need not report it. If you find any feature that does not appear to function properly on your system, or if you believe an application would benefit greatly from enhancement, please contact Network Associates or one of its resellers with your suggestions or concerns. *FOR ON-SITE TRAINING INFORMATION* Contact Network Associates Customer Service at (800) 338-8754. ____________________________________ COPYRIGHT AND TRADEMARK ATTRIBUTIONS Copyright (c) 1990-2000 by Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. * TRADEMARKS * * ActiveHelp, Bomb Shelter, Building a World of Trust, CipherLink, Clean-Up, Cloaking, CNX, Compass 7, CyberCop, CyberMedia, Data Security Letter, Discover, Distributed Sniffer System, Dr Solomon’s, Enterprise Secure Cast, First Aid, ForceField, Gauntlet, GMT, GroupShield, HelpDesk, Hunter, ISDN Tel/Scope, LM 1, LANGuru, Leading Help Desk Technology, Magic Solutions, MagicSpy, MagicTree, Magic University, MagicWin, MagicWord, McAfee, McAfee Associates, MoneyMagic, More Power To You, Multimedia Cloaking, NetCrypto, NetOctopus, NetRoom, NetScan, Net Shield, NetShield, NetStalker, Net Tools, Network Associates, Network General, Network Uptime!, NetXRay, Nuts & Bolts, PC Medic, PCNotary, PGP, PGP (Pretty Good Privacy), PocketScope, Pop-Up, PowerTelnet, Pretty Good Privacy, PrimeSupport, RecoverKey, RecoverKey-International, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, Site Meter, Sniffer, SniffMaster, SniffNet, Stalker, Statistical Information Retrieval (SIR), SupportMagic, Switch PM, TeleSniffer, TIS, TMach, TMeg, Total Network Security, Total Network Visibility, Total Service Desk, Total Virus Defense, T-POD, Trusted Mach, Trusted Mail, Uninstaller, Virex, Virex-PC, Virus Forum, ViruScan, VirusScan, VShield, WebScan, WebShield, WebSniffer, WebStalker WebWall, and ZAC 2000 are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. * LICENSE AGREEMENT * NOTICE TO ALL USERS: FOR THE SPECIFIC TERMS OF YOUR LICENSE TO USE THE SOFTWARE THAT THIS DOCUMENTATION DESCRIBES, CONSULT THE README.1ST, LICENSE.TXT, OR OTHER LICENSE DOCUMENT THAT ACCOMPANIES YOUR SOFTWARE, EITHER AS A TEXT FILE OR AS PART OF THE SOFTWARE PACKAGING. IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH THEREIN, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.