Reviewed version: PGPfreeware v 6.5.8
Distributed by Network Associates Technology, Inc.
http://web.mit.edu/network/pgp-form.html
PGP is the de facto standard for encryption, but it is definitely not for the timid. New users will undoubtedly need to refer to the Help files and/or the comprehensive User's Guide. It's worth the effort, however, because once you understand how PGP works, it is not difficult to use. PGP employs a number of thoroughly tested algorithms. The freeware version of PGP works by encrypting data generated by other applications. There are plug-ins available for some applications so you can encrypt and decrypt messages without opening the PGP program. The program installs an icon on your desktop menu bar for convenient encryption and decryption of data in applications not supported by plug-ins
Encryption programs that use the asymmetric-key model have a steeper learning curve than symmetric-key programs. When you install the application, you also get an "Intro to Crypto" guide that provides more detailed information than NetAction's Guide to Using Encryption Software.
If you download PGP from the MIT site, you're asked to read and accept two separate licensing agreements, one from RSA and one from MIT. Because the software uses encryption that is subject to U.S. export controls, you also have to complete an online form and send it to the server. When you've done all that, you're directed to a web site with a list of packages to download. This can be confusing.
You will need Stuffit Expander 5.5 to unstuff the downloaded file. (Stuffit Expander is a free Internet utility. If you don't have version 5.5, you can download it from Aladdin's web site. You'll need to go to the FAQ and click "I have an older version of the Mac OS, what version of Stuffit Expander is right for me?" to locate and download version 5.5.)
The PGP installation is actually quite simple; just click on the installer and follow the instructions, using the "Easy Install" option. After the program is installed you have the option of immediately generating a key pair. I recommend you skip this step and first review the User's Guide (located in the Documentation folder). The PGP Help menu does an adequate job of guiding you through the program, but if you're new to PGP you're better off if you review the User's Guide first.
PGP installs an icon on your menu bar that makes access to the program easy. Before you can send or receive encrypted email, you must set up a key pair that consists of a public key and a private key. Click on the menu bar icon and select PGPkeys. A Key Generation Wizard will open and guide you through the process of setting up a key. Use the default options if you're a new user; you can generate a new key later if you want to try other options. Once the key has been generated the Wizard will guide you through the process of sending your public key to a PGP key server. Again, use the default options if you're just starting out. Finally, you'll be guided through the process of saving your key pair and a backup. The User's Guide has detailed information about other options you can use when you generate a key pair.
After you've generated and saved your key pair and sent your public key to a PGP key server, there is one more thing you must do before you can send encrypted email: you must download and store your recipient's public key. For example, to obtain John Doe's public key, open PGPkeys (from the menu bar icon), go to the Server menu and choose "Search." There are several different ways to search for someone's key, but the simplest is to use the person's name. The search results will appear in a window. If John Doe's key is listed, you can add it to your keyring by dragging it to the PGPkeys window. The User's Guide has detailed information on how to confirm that the key you locate through your search is actually John Doe's key. If your intended recipient has a common name (like John Doe!) it is important to confirm that you've got the correct public key.
If you're using Eudora, Outlook Express, or Claris Emailer to send and receive email, PGP plug-ins allow you to encrypt and decrypt messages from within the program. If you're using another email program, you can encrypt and decrypt email by opening PGPtools. Use the Help guide or review the User's Manual for detailed instructions. You can also encrypt files to send as attachments to an email message, or to store on your computer.
PGP is a sophisticated program with many useful features. If you're serious about sending and receiving secure email, once you've learned the basic operation you can refine your security options by trying out other program functions.
Because of restrictions on the export of strong encryption, this version of PGP is only available in the U.S. The free version of PGP International can be obtained from: http://www.pgpi.org/products/pgp/versions/freeware/mac/7.0.3/.
Back to Reviews | Back to Guide
