Thank you for using Network Associates' products. This ReadMe file
contains important information regarding PGP. Network Associates
strongly recommends that you read this entire document.
Network Associates welcomes your comments and suggestions. Please use
the information provided in this file to contact us.
ABOUT THIS FREEWARE PRODUCT
Network Associates is proud to provide freeware
versions of PGP products for non-commercial use.
PGP Freeware brings easy-to-use, strong encryption
to the masses. You can use PGP to protect your
email, your files, and now even your network
connections. Let PGP bring a new level of privacy
and security to your everyday computer use
and communications with others.
Note: Please refer to the included license for the
specific terms and conditions of using this product.
DID YOU KNOW?
PGP Personal Security is Available!
Did you know that PGP Personal Security, the retail
version of this product, provides many features
and benefits not included with this freeware
product? The following are just some of the added
features and benefits of using PGP Personal Security:
ENHANCEMENTS IN THIS RELEASE
- AES support. This release of PGP adds support for
the new Advanced Encryption Standard algorithm (Rijndael).
AES is the new NIST standard algorithm for the highest
security with a 256-bit symmetric key size.
- IKE Aggressive Mode support. PGPnet now supports
the Aggressive Mode standard for IKE. This enables users
to use usernames/passwords in combination with dynamic
addresses to establish a secure VPN connection.
- IKE Extended Authentication support. PGPnet now supports
the Extended Authentication draft standard (Version 6+).
This provides the ability to use legacy authentication
methods such as RADIUS and SecurID when establishing VPN
connections with compatible gateways.
- Windows ME Support. PGP now supports Microsoft Windows
- RSA 4096 support. The new RSA V4 key type now supports
the full range of key sizes supported by DH/DSS keys
up to 4096 bits.
Next generation client-to-client and client-to-server
VPNs. PGP 7.0 includes revolutionary peer-to-peer VPN
capabilities that enable truly scalable, enterprise-wide
network encryption. If enabled, PGP 7.0 will attempt to
communicate via IPsec whenever an IP-based connection is
attempted to or from another network device. This
behavior can be controlled and can be enabled only in
environments that require this level of security.
- Simple point-and-click VPN connections via PGP systray.
Users can now easily connect to VPN endpoints that have
been configured within PGP to require a manual connection
by simply selecting the appropriate link icon in the
convenient PGP systray.
- Simultaneous protection of multiple network adapters. This release adds support for binding to and protecting
multiple network adapters simultaneously (dial-up, cable
modem, DSL, LAN, ISDN, etc.), providing VPN capabilities
on all selected adapters.
- Optimized VPN connection performance via new MTU path
discovery capability. PGP now automatically determines
the optimal packet size (MTU, Maximum Transmission Unit)
for each VPN connection. This eliminates any packet
fragmentation that may occur due to intermediate Internet
routers that use smaller packet sizes than the user's ISP.
PGP Key and X.509 Certificate Support
- New RSA key format. PGP 7.0 introduces a new RSA key
format that provides support for PGP's designated revoker, multiple
encryption subkeys, and photo ID features. Previously
these features were only available to users with
Diffie-Hellman keys. PGP will continue to support users
who have RSA keys in the older key format (now called
the RSA Legacy key format).
- Key reconstruction feature helps users recover from lost
or forgotten passphrases. PGP 7.0 introduces a new,
optional key reconstruction feature that leverages PGP's
cryptographic key splitting technology to provide a secure
means for users to recover their private keys. This enables
users who have forgotten their PGP passphrase to regain
access to their encrypted data after answering five
questions whose answers only the user would know.
- Support for using X.509 certificates for secure email.
This release gives users the choice of what type of
keys/certificates to use for exchanging secure email
(e.g., PGP keys and/or X.509 certificates). PGP 7.0 users
can also concurrently send an encrypted email to users with
PGP keys as well as other users with X.509 certificates.
- Automatic X.509 certificate lookup from LDAP directories.
If the X.509 certificate of a secure email recipient is
not cached locally on the senders PC, PGP can now
automatically search a pre-defined list of LDAP
directories for that user's certificate. Users can
also use the PGPkeys application to perform manual
searches of LDAP directories for X.509 certificates.
- Support for storing and searching for PGP keys on LDAP
servers. Extending support for storing PGP keys on servers,
other PGP Certificate Servers, and PGP Keyservers. PGP can
now store and retrieve PGP keys from any standard LDAP v2
or v3 compliant directory.
- Silent keyring maintenance. PGP now performs automatic,
unattended keyring maintenance such as key synchronization,
trusted introducer updates, CRL downloading, etc. without
displaying any non-critical dialog boxes.
- Ability to open to multiple keyrings at once. Users
can now open and manage multiple keyrings at a time in PGPkeys, thus
simplifying keyring management.
- Automatic keyring backup. A new automatic backup feature allows the user to
automatically back up keyrings to the keyring directory
or another directory when any changes are made to
the keyring. PGP no longer creates a series of backups
in the keyring folder. Automated keyring backup is now
entirely in the user's control.
Entropy and Cryptographic Algorithms
- Continuous entropy collection. PGP now continuously collects
random data from mouse movements and keystrokes (whether
a PGP-related window is open or not), and stirs that random
data into the PGP entropy pool.
- Twofish support. PGP introduces the option of encrypting
email, files and ICQ instant messages using Twofish,
a relatively new, but well regarded 256-bit cipher. Twofish
is one of five finalists for NIST's new Advanced Encryption
- Improved overall ease-of-use via new centralized passphrase
caching. PGP 7.0 simplifies users' lives by only requiring
them to enter their passphrase once to one of the many PGP
components, and then the user can launch any of the other
PGP modules without needing to enter their passphrase again.
Instant Messaging Plug-In
- ICQ Plug-in. PGP 7.0 secures the next generation of interpersonal
communications by introducing integration with ICQ 99b, ICQ 2000a,
and ICQ 2000b. Users can now safely share instant messages
via PGP's world-renowned encryption and digital signature
capabilities, which have been extended to this exciting
platform. Users can secure all the methods of communication
and data sharing capabilities of ICQ by leveraging the PGP
ICQ plug-in for instant message protection and PGP's Dynamic
Peer-to-Peer VPN capabilities for securing file transfer,
chat, and all other direct client-to-client communications.
- Rich text support in Outlook plug-in. The PGP plug-in for
Outlook 97, 98 and 2000 now supports preserving rich text
formatting of digitally signed and/or encrypted messages.
Disk, File and Freespace Wiping
- Automatic wipe upon file delete. Users now have the option
of having files automatically wiped as soon as they are
deleted. On Windows systems with the Recycle Bin enabled,
files are wiped once they are "emptied" from the Recycle Bin.
- Significantly improved disk wiping time. This release
incorporates new technology for wiping file slack space
and disks that is significantly faster than previous
versions of PGP.
Also included with this release are the following manuals, which can
be viewed on-line as well as printed:
The documentation is automatically installed with the PGP software.
Go to Start -> Programs -> PGP -> Documentation to locate the manuals.
Each document is saved in Adobe Acrobat Portable Document Format
(.PDF). You can view and print these documents with Adobe's Acrobat
Reader. PDF files can include hypertext links and other navigation
features to assist you in finding answers to questions about your
Network Associates product.
To download Adobe Acrobat Reader from the World Wide Web, visit Adobe's
This release also includes integrated online help in Microsoft
HTML Help (.CHM) format. Please note that you must have Internet Explorer 4.01, Service Pack 2 or later installed on your system to view the online help.
PGP online help
- PGPnet online help
Documentation feedback is welcome. Send email to firstname.lastname@example.org.
To install PGP on a Windows system, you must have:
- Intel Pentium 166 MHz processor or better
- Windows 95B (OSR2), Windows 98, Windows NT 4.0 with Service Pack 4 or later,
Windows 2000 or Windows 2000 with Service Pack 1, or Windows Millennium Edition
- 32 MB RAM (64 MB RAM for Windows NT and 2000)
- 32 MB hard disk space
If you plan to run PGPnet on the system, you must also have:
- A compatible LAN/WAN network adapter
Installing PGP on a Windows system
- Exit all programs currently running on your computer.
Download the PGP program files to your computer.
Double-click Setup.exe in the PGP folder to start the Setup
The Setup program searches for open programs and prompts you
to close them.
If you have PGP version 5.x - 7.0.x currently installed, the
PGP setup program prompts you to uninstall the old PGP files.
Click Yes to automatically uninstall the old version. Your
keyring files are saved in a file named Old keyrings.
You must reboot your computer after uninstalling the files.
Once your computer reboots, the installer continues.
The PGP Installation screen appears.
Review the instructions in the PGP Welcome dialog box, then
The Network Associates license agreement appears.
Review the license agreement information, then click Yes to
accept the licensing terms.
The Readme.txt file appears listing the new features and other
important information regarding PGP version 7.0.x.
Review the Readme.txt file, then click Next.
The User Type dialog box appears.
Select the appropriate button:
- Click Yes to use your existing PGP keyrings.
The installation wizard asks you to locate your PGP
keyrings later in the installation process.
- Click No if you are a New User and do not have existing
The key generation wizard assists you in creating a PGP
keypair at the end of the installation process.
Click Browse to navigate to a destination folder for your PGP
files or accept the default folder. Click Next to continue.
The Select Components dialog box appears.
Select the components you want to install.
A dialog box appears, alerting you that the installer is
ready to copy files.
Review the installation settings, then click Next.
The PGP files are copied to the computer.
If you chose to install the PGPnet application, the PGPnet
Set Adapter List appears listing the network adapters found
on your system.
If you want to communicate securely over a modem, select
your Dial-up or WAN adapter (for example, Remote Access WAN
Wrapper). If you want to communicate securely over an Ethernet
connection, select your LAN adapter (for example, 3COM Fast
Etherlink). When you have made your selection(s), click OK.
Note: You can secure all adapters, WAN and LAN, on your
system at this time.
Note: On Windows 2000, Set Adapter displays, "All Network
and Dial-up Adapters." Select this checkbox to secure
all network interfaces.
Tip: You can change the selected network adapter(s) at any
time after installation. Go to
Start->Programs->PGP->SetAdapter and select the
network adapter(s) you want PGP to bind to, or
deselect the network adapter(s) you no longer want
PGP to bind to.
The installation program binds the PGPnet driver to the
adapter(s) you selected and configures your computer to use
the PGPnet application.
If you have keyrings on your computer from a previous version
of PGP, and selected Yes in step seven, a browse dialog box
Browse to locate your public keyring, Pubring.pkr, and your
private keyring, Secring.skr.
If you do not have keyrings on your computer from a previous
version of PGP, and selected No in step seven, you are
prompted to create a keypair after completing the PGP
installation. The key generation wizard will guide you
through the necessary steps to create a new PGP keypair.
To start using PGP immediately, select Yes, I want to
restart my computer now.
Click Finish to complete the PGP installation and reboot
Modifying your PGP installation
You can run the PGP Setup Maintenance utility at any time
to modify your current PGP installation. The PGP Setup
Maintenance utility allows you to:
- add or remove PGP components
- re-install all program components installed by a previous setup
- remove all installed components
To modify your PGP installation:
Exit all programs currently running on your computer.
Double-click Setup.exe in the PGP folder to start the Setup
The Setup program searches for open programs and prompts you
to close them.
The PGP Install Wizard Welcome screen appears.
Do one of the following:
- Select Modify to add new PGP components or remove currently
installed PGP components. The Select Components dialog box
appears. Select the components you want to install, or
deselect the components you want to remove from your current
installation. Click Next.
Select Repair to re-install all program components installed by
a previous setup. This may be necessary if you modified your
installation, and now want to return to your original setup.
PGP re-installs all program components from the original
Select Remove to uninstall all PGP program components. PGP asks
you to confirm your request to remove the PGP application and
all of its components. Click OK if you want to remove PGP, or
click Cancel if you do not want to remove PGP.
To start using PGP immediately, select Yes, I want to restart
my computer now.
Click Finish to complete the PGP maintenance and reboot your
- You must shut down a docked Windows 2000 laptop--rather than undock the laptop in standby mode--if PGPnet is bound
to the dock's network adapter.
- To reconstitute a split key over a network, all key
shareholders must use PGP 7.0.
- Groups files created with versions of PGP prior to 7.0
must be re-created using PGP 7.0.
- The Windows Explorer provides PGP with
information only about the target of a shortcut
and not the shortcut itself. If you use the
Wipe feature in the Explorer, the shortcut
itself will not be wiped. The actual target
will be wiped. When using PGPtools, the shortcut
will also be wiped.
- Hotkeys are for use with applications that
support general text editing. Using Hotkeys
with some applications may result in
- PGP 7.0's new RSA keys should not be used with
previous versions of PGP. PGP 7.0 also generates
"RSA Legacy" keys, which can be used with any
- Due to ICQ's limited message size, the PGP plug-in for ICQ does not use the "Always encrypt to default key" feature even if that option
- The PGP Exchange/Outlook plug-in does not
support Microsoft Word as an email editor.
- Installing versions of PGP prior to 7.0 on a
machine containing 7.0 is not supported and
may result in unpredictable behavior.
- Do not attempt to manually uninstall PGPnet.
It is very important that you use the PGP
Uninstaller to remove PGPnet. PGPnet makes
extensive modifications to the registry and
changes the bindings on network adapters.
The PGP Uninstaller can be accessed via the
Add/Remove Programs control panel.
- Novell's Netware client for Windows 2000
is not currently compatible with PGPnet.
- If you use hardware profiles on NT, and you
hide a network adapter to which PGPnet
is bound, you will be prompted to re-bind
to that adapter when you reboot using
a hardware profile that does not hide
- 3COM's Dynamic Access control panel prompts
you to reboot if you use Set Adapter to modify
your network bindings. Ignore this reboot
request until Windows has finished updating
the network bindings.
- PGPnet does not support Token Ring or FDDI
network interface cards. PGPnet fully supports
Ethernet cards for VPN.
- PGPnet is not compatible with the Intel
EtherExpress 16 driver.
- Installing virtual private network software
such as PGPnet on the same machine as a firewall
or another VPN client is highly likely to cause
problems. We recommend uninstalling the other
product prior to installing or choosing not to
install PGPnet on such a machine.
- You cannot use the default MSN dialer to connect
to MSN if PGPnet is installed. To connect to MSN
with PGPnet, use the Microsoft Dial-Up Networking
Note: Network Associates does not provide technical
support for freeware products.
To purchase a commercial version of PGP,
please contact the Network Associates Customer Service
department between 8:00 a.m. and 8:00 p.m. Central Time,
Monday through Friday, at:
Network Associates Customer Service
4099 McEwen Road, Suite 500
Dallas, Texas 75244
Phone: (972) 308-9960
Network Associates Corporate Headquarters
3965 Freedom Circle
Santa Clara, CA 95054