PGPrepair 1.0 ReadMe Copyright (c) 2000 by Networks Associates Technology, Inc., and its Affiliated Companies. All Rights Reserved. Thank you for using Network Associates' products. This ReadMe file contains important information regarding PGPrepair. Network Associates strongly recommends that you read this entire document. Network Associates welcomes your comments and suggestions. Please use the information provided in this file to contact us. Warning: Export of this software may be restricted by the U.S. Government. ___________________ WHAT'S IN THIS FILE - Functionality Overview - System Requirements - Installation - Using the Tool - Contacting Network Associates ______________________ FUNCTIONALITY OVERVIEW The PGPrepair tool was designed to help PGP customers scan existing PGP keyrings for keys that have been tampered with. This tool examines a PGP keyring file and searches it for unhashed signature packets that contain Additional Decryption Keys (ADKs) or other inappropriate packets. This tool can optionally remove all signatures (containing offending packets) from keys on the keyring, thus cleansing the keyring of these issues. The PGPrepair tool is designed to repair keyrings created and/or used by PGP versions 2.6.2 and above. It can be applied to personal keyrings or to large keyserver keyrings to determine if they contain any keys with tampered signatures that contain offending packets. For more information about the security issue this tool addresses (referred to as the PGP ADK Security Advisory), please visit www.pgp.com. ___________________ SYSTEM REQUIREMENTS To install the PGPrepair tool, you must have one of the following platforms: - Windows 95/98/NT/2000 - Solaris SPARC 2.6 and above - Red Hat Linux 5.2 and above ____________ INSTALLATION * To install on a Windows system: * 1. Obtain the file pgprepair.zip. 2. Unzip this file into any directory. * To install on a Solaris or Linux system: * 1. Obtain the file pgprepair.tar.gz. 2. Uncompress and un-tar the file by issuing the following command: gzip -d < pgprepair.tar.gz | tar xvf - ______________ USING THE TOOL The PGPrepair tool must be run from a command prompt. The tool usage is as follows: pgprepair [] Where is your PGP keyring file name, commonly known as pubring.pkr, and is the file where you want to write the repaired keyring. Note: You must specify an output file to remove tampered signatures that contain offending packets. If only an input file is specified: PGPrepair scans your keyring for signatures that have been tampered with (containing offending packets), but does not remove the tampered signatures from the keyring. While scanning, each UserID in your keyring displays. If a signature that has been tampered with is found, then one of the following messages is also displayed: **** WARNING: Bad signature packet (#) detected! **** **** ATTACK: Unhashed ADK key detected! **** If both an input file and an output file are specified: PGPrepair scans your keyring for signatures that have been tampered with (containing offending packets), and writes the original keyring to the specified output file with the tampered signatures removed. The UserIDs and messages do not display. _____________________________ CONTACTING NETWORK ASSOCIATES NOTE: Network Associates does not provide technical support for freeware products. To purchase a retail or commercial version of PGP, please contact the Network Associates Customer Service department between 8:00 a.m. and 8:00 p.m. Central Time, Monday through Friday, at: Network Associates Customer Service 4099 McEwen Road, Suite 500 Dallas, Texas 75244 Phone: (972) 308-9960 Email: cust_care@nai.com Web: http://www.pgp.com