Using Command-Line PGP in Windows for Validation and Encryption of Email

Be warned that the learning curve for using PGP (Pretty Good Privacy) is a little steep. It is a very powerful program, and it uses command-line options, of which it has many.

 Although PGP has many uses, the uses described here are the validation and encryption of email. I'll first describe how to use PGP in the DOS environment. There are some nice Windows front-ends for PGP which make its use in Windows much easier than it would otherwise be.

This was originally written for PGP 2.6.2. Verify command-line options if using a later version; whether the Windows "front-ends" work with later versions is something you'll have to check for in their documentation.

  1. Acquiring PGP


    2.  PGP may be acquired from MIT.

    Installing PGP

     RTFM! PGP comes with complete installation instructions -- follow them exactly, and installation should not be a problem.

    Creating a public/secret key pair

     This is also in the Manual -- but I'll describe it briefly. Once PGP is installed, enter 'pgp -kg' at the prompt. 'Bad command' error? Follow the directions for creation of a public/secret key pair. My recommendation is that you choose a 1024 bit key (option 3). Also choose a pass phrase which you will remember but that no-one else will be able to guess. Once you start using PGP. you'll find that you'll have no difficulty remembering your pass phrase, even if it's very obscure, because you will have used it so often. Do not write it down!

    Using PGP to validate one's own email

     Now that you have a public key, you can send email which people can validate as originating from you.

      Create your message as a text file.
    1. 'Sign' your message, using your public key, and save the signed message in text format, suitable for emailing: enter, at the prompt, 'pgp -sta textfile'.
    2. Open your email program and import the signed textfile (which will be called 'textfile.asc'). You may send the file as an attachment or copy its contents and send it as email.
    Using PGP to encrypt a file

     In order to encrypt a file to send to someone else, you must have their public key.

      Add the recipient's key to your public keyring, if it's not already there. To do this, enter 'pgp -ka keyfile' where keyfile is the name of the file containing the public key.

      Encrypt a file, using the recipient's public key, and save the encrypted file in text format, suitable for emailing: enter 'pgp -eat filename userID'.

      Open your email program and import the encrypted file (which will be called 'filename.asc'). You may send the file as an attachment or copy its contents and send it as email.

  2. Using PGP to decrypt a file or to confirm the validity of a signed file


    3.  Just enter 'pgp filename' to decrypt or validate filename; add '-o outfile' to save the output in a file called outfile.

  3. Making your life a lot easier by doing all this in Windows


    4.  There are a number of Windows frontends available for PGP, but my personal favorite was PGP WinFront 3.1 (PWF), the use of which I'll describe briefly.

     Below is a screen shot of PWF. As you can see, using PWF is a matter of selecting checkboxes to build the pgp command line.

    1. Signing mail
      1. Create your message in the new message window of your mail software.
      2. Highlight and cut (Ctl-X) the entire text.
      3. In PWF, make sure the screen looks like the screenshot above; i.e. check the Sign File and Clearsig boxes (the other two will check automatically) and make sure the Dump Into Clipboard box is checked. Press the GO button, and follow directions.
      4. Use Alt-Tab to return to your mail software. Paste (Ctl-V) the signed text into the new message window.
      5. Complete the To: and Subject: lines, and send your signed mail.
    2. Sending encrypted mail
      1. Add the recipient's key to your public keyring. Use PWF's Key Management options (which will be self-explanatory when you open the Key Management screen).
      2. Create your message in the new message window of your mail software.
      3. Highlight and cut (Ctl-X) the entire text.
      4. In PWF, be sure you're getting input from the Clipboard, and not from a file. Check the Encrypt box in PWF's Main screen. If you also wish to sign the encrypted message, check the Sign File and Clearsig boxes. Press the GO button, and follow directions.
      5. Use Alt-Tab to return to your mail software. Paste (Ctl-V) the signed text into the new message window.
      6. Complete the To: and Subject: lines, and send your encrypted mail.
    3. Decrypting or validating received mail
      1. Copy the encrypted or signed message to the clipboard.
      2. In PWF, make sure you're getting input from the Clipboard, and check the Decrypt box. You may either dump the decrypted mail to the Clipboard or save it to a file. Press the GO button, and follow directions.
      3. View the decrypted message in the Clipboard or in the file to which you saved it.
There's a lot more to PGP than is described here, but this should be enough to get you started.
Patrick Wiseman
'Bad command' error?

 Make sure that PGP's directory is in your path (add ;C:\PGP at the end of your path statement in your AUTOEXEC.BAT) and that you have defined the PGPPATH environment variable (in AUTOEXEC.BAT, add a line reading SET PGPPATH=C:\PGP). After doing that, you'll have to reboot and come back to this file. Return