Thank you for using Network Associates' products. This ReadMe file contains important information regarding the PGP e-Business Server. Network Associates strongly recommends that you read this entire document.

Network Associates welcomes your comments and suggestions. Please use the information provided in this file to contact us.

Warning: Export of this software may be restricted by the U.S. Government.

WHAT'S IN THIS FILE

Enhancements/Fixes in this Release
New Features
Functionality Overview
Documentation
System Requirements
Installation
Known Issues
Additional Information
Contacting Network Associates
Copyright and Trademark Attributions

ENHANCEMENTS/FIXES IN THIS RELEASE

1. AES support. This release of PGP adds support for the new Advanced Encryption Standard algorithm (Rijndael).
    
2. The TZFIX configuration variable is now being interpreted correctly.
    
3. When processing a text file without any encrypted data blocks or keyblocks, PGP now behaves correctly and sets the return code to 3.
    
4. PGP now correctly states that it is creating an ascii-armored file when using the "-at" command line option. Previously, it erroneously stated that it was creating a Clear Signature File.
    
5. Performing an encrypt and sign operation using a split key as the signing key now properly allows the user to reconstitute the key.
    
6. When encrypting and signing a file, PGP no longer prompts for the signing passphrase before validating the user ID and key ID belonging to the recipient.
    

NEW FEATURES

1. Self-Decrypting Archive (SDA) creation. PGP e-Business Server 7.0 introduced a new powerful capability that helps you share encrypted data with users who do not own PGP. Using PGP e-Business Server's scripting interface, Windows 95/98/NT/2000 SDAs can be generated in an automated manner, regardless of what platform PGP e-Business Server is running on. This helps facilitate secure, one-way communication between the sender and the recipient of the SDA.
    
2. Improved scripting flexibility. This release gives administrators more flexibility on how this product behaves when performing bulk encryption/decryption processes. Administrators can now script responses to all questions asked by the product, thus providing maximum flexibility. Prior versions of PGP e-Business Server required administrators to accept the default responses for these prompts.
    
3. High performance design. PGP e-Business Server 7.0 introduced a new service (on certain platforms) that caches public keys that are used when encrypting data to business partners and customers. In environments where bulk encryption operations are performed regularly to large numbers of recipients, customers will see a significant improvement in processing time.
    
4. Parallel decryption support. This release introduces the ability to have multiple processes running in parallel decrypting files. Previously this capability was only available for encrypting files.
    
5. Administrator enforced settings on Unix platforms. PGP e-Business Server adds the ability for an administrator to enforce/override any settings that users of PGP e-Business Server specify. Settings stored in /etc/pgp/pgp-cfg override settings specified by the user via the command line, environment variables, or the PGP.CFG file.
    
6. New RSA key format. PGP e-Business Server 7.0 introduced a new RSA key format that provides support for PGP's Additional Decryption Key (ADK), designated revoker, and multiple encryption subkeys. Previously these features were only available to users with Diffie-Hellman keys. PGP will continue to support users who have RSA keys in the older key format (now called the RSA Legacy key format).
    
7. Twofish support. This release introduces the option of encrypting data using Twofish, a relatively new, but well regarded 256-bit cipher. Twofish is one of five finalists for NIST's new Advanced Encryption Standard (AES). You can obtain more information about Twofish at the following URL:

   http://www.counterpane.com/twofish.html

8. Enhanced key signing support. This release gives users/administrators three new signature type options when signing PGP keys: Non-Exportable, Meta-Introducer, and Trusted Introducer. These are in addition to the current signature type supported: Exportable.

   Users/administrators also now have the option of limiting the lifetime of a signature on a key, rather than always having the signature valid until revoked.

9. Split key support. This release includes support for PGP's key splitting technology. Based upon Blakely- Shamir key splitting standards, PGP can split private keypairs into a number of administrator-specified "shares." The key can be rejoined once an administrator-defined threshold of "shares" are presented.
    
10. Designated Revoker support. This release adds support for PGP's Designated Revoker feature for PGP v4 keys (both DH/DSS and RSA keys). Users can specify one or more keys that can act as a revoker for their own key.
     

FUNCTIONALITY OVERVIEW

PGP e-Business Server provides a convenient way for you to integrate PGP's strong authentication and encryption features with other applications and automated processes. Examples include encrypting credit card transactions, personnel records, etc. 

The following commands provide on-line help for each of the major product areas:

• To display all of the encryption/decryption options: pgp -h
• To display all of the key management options: pgp -k
• To display all of the group management options: pgp -g 

DOCUMENTATION

Also included with this release are the following manuals, which can be viewed on-line as well as printed:

• Introduction to Cryptography (IntrotoCrypto.pdf)
• PGP e-Business Server User's Guide (PGPeBusinessGuide.pdf)

Each document is saved in Adobe Acrobat Portable Document Format (.PDF). You can view and print these documents with Adobe's Acrobat Reader. PDF files can include hypertext links and other navigation features to assist you in finding answers to questions about your Network Associates product. To download Adobe Acrobat Reader from the World Wide Web, visit Adobe's Web site.

For UNIX releases the following online documents are also included: 

• PGP.1

After the PGP e-Business Server product has been installed, this document can be found in:

Linux RPM:	/usr/man/man1
Solaris:	/opt/PGPeBiz/man/man1/
tar file for all platforms:	install_directory/pgp-7.0.1/man/man1


For more information on how to view the man page, type man man at the command prompt (Unix). 

The following postscript files are also included: 

• PGPeBusInstallGuide.ps 
• PGPeBusinessGuide.ps
• IntrotoCrypto.ps 

After the PGP e-Business Server product has been installed, these documents are located in:

Linux RPM:	/usr/doc/pgp-7.0.1
Solaris:	/opt/PGPeBiz/docs
tar file for all platforms:	install_directory/pgp-7.0.1/docs

SYSTEM REQUIREMENTS

To install PGP e-Business Server on a Windows NT or Windows 2000 system, you must have: 

• Windows NT version 4.0 (Service Pack 4 or later)

or
Windows 2000  
• 32MB RAM minimum 
• 8MB disk space for software 

• One of these flavors of UNIX: 
• Solaris 2.6 or later 
• AIX 4.2 or later
• HPUX 10.20 or later
• Linux x86 Red Hat (RPM) 6.0 or later 
• 64MB RAM minimum for Solaris
• 32MB RAM minimum for Linux, AIX, and HPUX 
• 10MB disk space for software 
• 10MB disk space in /opt partition for Solaris 

INSTALLATION

To install PGP e-Business Server on a Windows machine:

1. Start the Windows system.
    
2. Download the PGP files to the system or insert the PGP CD-ROM into the CD-ROM drive.
    
3. Double-click SETUP.EXE to start the Setup program.

   Note: If you are installing from the CD-ROM, the Setup program automatically starts. If, however, the Setup program does not initiate, double-click SETUP.EXE in the Disk 1 folder on the CD-ROM.

   The PGP e-Business Server Welcome screen appears.

4. Review the information in the Welcome screen, then click Next.

   The Network Associates license agreement appears.

5. Review the license agreement information, then click Yes to accept the licensing terms.

   The ReadMe.txt file appears listing the new features and other important information regarding PGP e-Business Server.

6. Review the ReadMe.txt file, then click Next.

   The Choose a Destination Location dialog box appears.

7. Use the default destination directory or click Browse to navigate to a directory for your PGP files, then click Next.

   The Select Components dialog box appears.

8. Clear the components that you do not want to install. By default, both options are selected.

   • Program files (required). This option must be selected to install the program.
   • Program documentation. Select this option to install the PGP e-Business Server documentation.

9. Click Next.

   The PGP files are copied to the computer.

10. Click Finish to complete the PGP e-Business Server installation. 

To install PGP e-Business Server Solaris package on a Sun SparcStation:
(To install the software, you must have root privileges.)

The Solaris package automatically extracts and installs all of the necessary software components in their proper directory locations.

1. Download the PGP package to the system or insert the PGP CD-ROM into the CD-ROM drive.

   To install from a CD-ROM drive you must also login as root, and cd to the install directory (/cdrom). The CD mounts automatically. If, however, the CD does not mount automatically, you can mount it by going into the root directory (Cd ..), and issuing the following command:

   #mount -F nfs -ro /dev/dsk/c0t6d0s2 /cdrom

2. If this is the first time you are installing the PGP e-Business Server product on this system, navigate to the directory where the PGPeBiz_x.x.x_Solaris file is located, and begin installing the package by issuing the following command:

   pkgadd -d PGPeBiz_x.x.x_Solaris

   (where x.x.x is the release number)

   If a previous version of the e-Business Server is installed on this system, you must remove it before you can install the new package. You can remove the installed package by issuing the following command: 

   pkgrm PGPeBiz

   Note: If you install from a CD-ROM drive under Sun Solaris, you may receive a warning that tells you that the file system does not conform to ISO-9660 specifications. This is because the name of the file contains more than eight characters. Ignore this warning; the install will proceed without problems.

3. Review the license agreement information, then type Y to accept the licensing terms.

   The installer starts pgpsdkd, processes the package and system information, verifies disk space requirements, and installs the PGP e-Business Server program files.

   Note: The program files are installed to the default installation path of /opt/PGPeBiz/.

4. When the installation is complete, you can verify that the product was installed properly by entering the following command:

   pkginfo -l PGPeBiz

   The status for the selected package should be "STATUS: completely installed."

To install the e-Business Server tarball on a Sun SparcStation:

1. Download the PGP package to the system or insert the PGP CD-ROM into the CD-ROM drive.

   To install from a CD-ROM drive you must first copy the PGP installation file for your operating system to a temporary location on your systems harddrive. Then change your current working directory to that same location.

2. Uncompress the package by issuing the following command:

   gzip -d < PGPeBiz_x.x.x_Solaris.tar.gz | tar xvf -

   (where x.x.x is the release number)

   When the package is uncompressed, the pgp-x.x.x/ directory is created.

3. Login as root, then run the post install script from the pgp-x.x.x/ directory by issuing the following command:

   ./install.sh

4. To run PGP e-Business Server application, enter the following command:

   ./pgp
   

To install PGP e-Business Server on AIX and HPUX systems:

1. Download the PGP package to the system or insert the PGP CD-ROM into the CD-ROM drive.

   To install from a CD-ROM drive you must first copy the PGP installation file for your operating system to a temporary location on your systems harddrive. Then change your current working directory to that same location.

2. Uncompress the package by issuing the following command:

   gzip -d < PGPeBiz_x.x.x_AIX.tar.gz | tar xvf -

   or

   gzip -d < PGPeBiz_x.x.x_HPUX.tar.gz | tar xvf -

   (where x.x.x is the release number)

   When the package is uncompressed, the pgp-x.x.x/ directory is created.

3. To run the PGP e-Business Server application, enter the following command:

   ./pgp

To install PGP e-Business Server on Linux RPM systems:
(To install the software, you must have root privileges.)

1. Download the PGP files to the system or insert the PGP CD-ROM into the CD-ROM drive.
    
2. Install the package by issuing the following command:

   rpm -iv PGPeBiz_x.x.x_linux.i386.rpm

   (where x.x.x is the release number)

   Typing this command starts pgpsdkd automatically. The PGP program files are copied to the system.

3. When installation is complete, verify the PGP signature file by adding the PGP signature in the SampleKeys.Asc file found in /usr/doc/pgp-x.x.x/ directory to your keyring.

   Once the PGP signature is added to your keyring, issue the following command:

   rpm --checksig PGPeBiz_x.x.x_linux.i386.rpm

   (where x.x.x is the release number)

   If the signature is correct, the response from this command is "OK."

To install PGP e-Business Server tarball on Linux systems:

1. Download the PGP package to the system or insert the PGP CD-ROM into the CD-ROM drive.

   To install from a CD-ROM drive you must first copy the PGP installation file for your operating system to a temporary location on your systems harddrive. Then change your current working directory to that same location.

2. Uncompress the package by issuing the following command:

   gzip -d < PGPeBiz_x.x.x_linux.tar.gz | tar xvf -

   (where x.x.x is the release number)

   When the package is uncompressed, the pgp-x.x.x/ directory is created.

3. Login as root, then run the post install script from the pgp-x.x.x/ directory by issuing the following command:

   ./install.sh

4. To run the PGP e-Business Server application, enter the following command:

   ./pgp

KNOWN ISSUES

1. In the rare circumstance that the PGPsdkd daemon stops responding, simply stop the current process and re-start the daemon.
    
2. If a user declines to accept transmission of a key share over the network during key share reconstitution and then immediately tries to initiate a second attempt to receive the network share, the user may encounter an "address already in use by another socket" error. If this occurs, quit PGP and try again.
    
3. Any PGP 7.0 client product installed on Windows platforms after installing PGP e-Business Server 7.0.1 will cause e-Business Server to fail (error message: DLL entry point not found). Any such product must be installed BEFORE PGP e-Business Server 7.0.1. Any PGP 7.0.1 software can be safely installed before or after e-Business Server 7.0.1.
    

ADDITIONAL INFORMATION

1. PGP 7.0 provides secure memory locking for root accounts. If you are logged into a non-root account, the PGP banner displays "Warning: Using insecure memory."

   Note: Secure memory locking is not available for PGP e-Business Server on AIX systems.

2. Unlike previous versions of PGP, this version gathers entropy in the background. Therefore, you may not be prompted for keyboard strokes during key generation.
    
3. Unlike previous versions of PGP, this version does not automatically back up keyrings. This is the sole responsibility of the user.
    
4. Due to the processing power required for PGP key generation, we do not recommend that you attempt other concurrent PGP encryption/decryption operations at the same time as key generation.

CONTACTING NETWORK ASSOCIATES

For questions, orders, problems, or comments 

You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to the Network Associates Customer Service department at the addresses or phone numbers listed below.

Contact the Network Associates Customer Service department between 8:00 a.m. and 8:00 p.m. Central Time, Monday through Friday, at:

Network Associates Customer Service
4099 McEwen Road, Suite 500
Dallas, Texas 75244

For corporate-licensed customers:

Phone: (972) 308-9960
Email:services_corporate_division@nai.com
World Wide Web: http://support.nai.com

For retail-licensed customers:

Phone: (972) 855-7044
Email:cust_care@nai.com
World Wide Web:http://www.pgp.com
To provide the answers you need quickly and efficiently, the Network Associates technical support staff needs some information about your computer and your software. Please have this information ready when you call:

• Program name and version number
• Computer brand and model
• Any additional hardware or peripherals connected to your computer
• Operating system type and version numbers
• Network name, operating system, and version
• Network card installed, where applicable
• Modem manufacturer, model, and speed, where applicable
• Relevant browsers or applications and their version numbers, where applicable
• How to reproduce your problem: when it occurs, whether you can reproduce it regularly, and under what conditions
• Information needed to contact you by voice, fax, or email

For product upgrades

Network Associates has a worldwide range of partnerships and reseller relationships with hundreds of independent vendors, each of which can provide you with consulting services, sales advice, and product support for Network Associates software. For assistance in locating a local reseller, you can contact Network Associates Customer Service at (972) 308-9960.

For reporting problems

Network Associates prides itself on delivering a high-quality product. If you find any problems, please take a moment to review the contents of this file. If the problem you've encountered is documented, there is no need to report the problem to Network Associates.

If you find any feature that does not appear to function properly on your system, or if you believe an application would benefit greatly from enhancement, please contact Network Associates with your suggestions or concerns.

For on-site training information

Contact Network Associates Customer Service at (800) 338-8754.

COPYRIGHT AND TRADEMARK ATTRIBUTIONS

Copyright (c) 1990-2000 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies.

Trademark Attributions

* ActiveHelp, Bomb Shelter, Building a World of Trust, CipherLink, Clean-Up, Cloaking, CNX, Compass 7, CyberCop, CyberMedia, Data Security Letter, Discover, Distributed Sniffer System, Dr Solomon’s, Enterprise Secure Cast, First Aid, ForceField, Gauntlet, GMT, GroupShield, HelpDesk, Hunter, ISDN Tel/Scope, LM 1, LANGuru, Leading Help Desk Technology, Magic Solutions, MagicSpy, MagicTree, Magic University, MagicWin, MagicWord, McAfee, McAfee Associates, MoneyMagic, More Power To You, Multimedia Cloaking, NetCrypto, NetOctopus, NetRoom, NetScan, Net Shield, NetShield, NetStalker, Net Tools, Network Associates, Network General, Network Uptime!, NetXRay, Nuts & Bolts, PC Medic, PCNotary, PGP, PGP (Pretty Good Privacy), PocketScope, Pop-Up, PowerTelnet, Pretty Good Privacy, PrimeSupport, RecoverKey, RecoverKey-International, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, Site Meter, Sniffer, SniffMaster, SniffNet, Stalker, Statistical Information Retrieval (SIR), SupportMagic, Switch PM, TeleSniffer, TIS, TMachf, TMeg, Total Network Security, Total Network Visibility, Total Service Desk, Total Virus Defense, T-POD, Trusted Mach, Trusted Mail, Uninstaller, Virex, Virex-PC, Virus Forum, ViruScan, VirusScan, VShield, WebScan, WebShield, WebSniffer, WebStalker WebWall, and ZAC 2000 are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

License Agreement

NOTICE TO ALL USERS: FOR THE SPECIFIC TERMS OF YOUR LICENSE TO USE THE SOFTWARE THAT THIS DOCUMENTATION DESCRIBES, CONSULT THE README.1ST, LICENSE.TXT, OR OTHER LICENSE DOCUMENT THAT ACCOMPANIES YOUR SOFTWARE, EITHER AS A TEXT FILE OR AS PART OF THE SOFTWARE PACKAGING. IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH THEREIN, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.