Reviewed version: PGPi 7.0.3 (http://www.pgpi.org/)
for Windows ("PGP International")
By Philip Zimmerman, MIT, Stale Schumacher
PGP is the de facto standard for encryption. It employs a number of thoroughly tested algorithms, any of which can be disabled if you have reservations about using them. (For example, some experts have expressed doubts about the Twofish algorithm because it has not been tested extensively.) The freeware version of PGP allows you to encrypt text files, email, and instant messages. The latter two are supported by plug-ins available for a select number of popular programs.
Encryption programs that use the asymmetric-key model have a steeper learning curve than symmetric-key programs, and PGPi's straightforward, no-nonsense interface is no exception. New users will undoubtedly need to review the Help files. It's worth the effort, however, because once you understand it, using PGP is not difficult. If you plan to use PGP, make sure it's compatible with your operating system. PGP is not compatible with Windows XP RC1 and RC2. The program caused my network connection to stop working when I tried it. Unfortunately, uninstalling the program didn't restore my network connection, so I ended up having to reinstall the Windows operating system to get my network connection working,
PGP's installer asked me to close all the programs it would affect (in my case this included Windows Explorer, ICQ 2000b, and Qualcomm Eudora). I then chose the installation location, and entered my email address and name. It asked me to restart, after which it asked me to type a password of letters and numbers so it could generate my key. A handy "quality of key" display meter grows as you make your password longer. Those of you who take your privacy very seriously will probably want to fill the meter, since a longer key is twice as difficult to break as a key that is even one character shorter.
After entering my password, PGP generated my key and a sub-key in less than a second, and added both the key and sub-key to my "keyring." The PGP keyring is a key management tool that you can use on more than one computer. For example, if you install PGP on your desktop computer and also on your laptop computer, the keyring from your desktop computer can be copied onto your laptop.
After a second restart, PGP launched and added a system tray icon called "PGPtray." When clicked, it opens a menu that provides quick and easy access to many of PGP's functions. For most non-technical users, the functionality provided by PGPtray and the plug-ins for various programs will suffice.
Although I'm normally annoyed with programs that offer tips and other up-front help, the basic operation of PGP was initially so baffling that I found myself wishing for a more intuitive or helpful interface. I can't recall the last time I felt like I absolutely had to consult a program's Help file in order to complete rudimentary tasks. Fortunately, the documentation is clear and easy to navigate, and PGP is a powerful tool once you know how to use it.
For advanced users, PGP offers a choice of encryption methods. You may want to read up on the various kinds of encryption PGP uses.
By default, PGP placed both the PGP Keyring Files and thePGPnet Keyring Files in My Documents\PGP\. (The public rings are stored as "pubring.pkr" and the private rings are stored as "secring.skr."
The easiest way to encrypt a text file with PGP is by using the Encrypt File menu item. You can browse through your folders and find the file to encrypt and then tell PGP to encrypt it. Another option is to use the "Current Window" menu item and select "Encrypt."
If you are encrypting a file in order to send it to someone else, you may want to use the "save as" menu to save your newly encrypted file with the file extension "pgp," so the original file remains intact and unencrypted. Otherwise, PGP replaces the original file with the encrypted version. Also, saving the encrypted version as a separate file with a ".pgp" file extension will make it easier for the recipient to decrypt the message because the recipient's PGP program will recognize the file.
When you encrypt a file, PGP automatically brings up the recipient list dialogue, and you can choose the recipients. It's at this stage that you can choose the symmetric key model (which PGP labels "conventional encryption") or the default asymmetric key model. If you choose symmetric encryption, the recipient will need the same password you used to encrypt the file in order to decrypt it. Files encrypted with conventional encryption can also be sent as self-decrypting files (with the ".exe" extension). This is a useful option if you want to use PGP to send an encrypted message to someone who does not have PGP installed. (Otherwise, the recipient will not be able to decrypt the message without installing PGP.)
With PGP you can either select the specific text you want to encrypt by highlighting it with your cursor, or encrypt all the text in a given window with "standard" text control. For example, if you're encrypting Notepad contents and you don't highlight a specific section of text, PGP will encrypt all the file's contents by default. When you encrypt Word or other word-processing documents, all your special formatting (bold, italics, colors, tables, etc.) will be lost. Letters, spaces, line breaks, and tabs are retained, because they are ASCII characters.
I tried encrypting a Word document with tables, thinking I would get an error, but
PGP converted the tables to ASCII text spaced with tabs to line up text (poorly), much as
Word does when you copy a Word document with tables and paste it into an email message window.
When you send an encrypted message, PGP automatically pairs each email address in the recipient list with the recipient's public key. If you don't have the key for a given recipient, the program will tell you.
When you receive a file encrypted with PGP, decryption is fairly straightforward.
You open the message to be decrypted and go to Current Window - Decrypt and Verify from the PGP system tray icon. You will be prompted to enter your own password. (In asymmetric encryption, this is the password for the private key that corresponds to the public key that the sender used to encrypt the message. In symmetric encryption, this is the same password the recipient used to encrypt the message.)
PGP offers plug-ins for some email software. When I tested it with Eudora and ICQ it plugged seamlessly into both programs, placing small buttons on the menu in message windows. The buttons enabled me to easily choose whether or not to encrypt the message. (The default setting for Eudora is to encrypt it, but the default setting for ICQ is not to encrypt it. You can change these settings in each program's Options menu.)
Sending encrypted mail opens a PGP dialogue box that asks what public key to use. If you don't already have the recipient's public key in your keyring, PGP connects you to all its keyservers (on the Internet) to locate the recipient's public key. Using the PGP plug-ins to encrypt and decrypt messages in Eudora was certainly easier than using the encrypt/decrypt-current-window menu with a text file.
Figuring out how to distribute my public key was a challenge. None of the PGP wizards (such as the step-by-step guide for the install process) explicitly told me how to find or distribute keys. This is where the Help files were useful. I found them easy to navigate, and quickly discovered that I could distribute my key and obtain other users' public keys by going into PGPkeys (from the system tray icon). Using PGPkeys to distribute your public keys is by far the easiest method, but you can also distribute your public key manually, as a file attachment to an email, on a floppy disk, or by cutting-and-pasting the contents of the key file into your email message body. This is a little harder for your recipient, however.
Obtaining someone else's public key is even easier. You retrieve it from one of the online PGP servers. It's also possible to receive a key as an ".asc" file, but this requires a little more work.
Back to Reviews | Back to Guide