PGP Freeware Version 7.0.3 ReadMe for Windows 95, 98, Millenium, NT, and 2000 Copyright (c) 1990-2001 by Networks Associates Technology, Inc., and its Affiliated Companies. All Rights Reserved. Thank you for using Network Associates' products. This ReadMe file contains important information regarding PGP. Network Associates strongly recommends that you read this entire document. Network Associates welcomes your comments and suggestions. Please use the information provided in this file to contact us. Warning: Export of this software may be restricted by the U.S. Government. ___________________ WHAT'S IN THIS FILE - About this Freeware Product - Did you know? - Enhancements in this Release - New Features in PGP Freeware - Documentation - System Requirements - Installation - Known Issues - Additional Information - Contacting Network Associates ___________________________ ABOUT THIS FREEWARE PRODUCT Network Associates is proud to provide freeware versions of PGP products for non-commercial use. PGP Freeware brings easy-to-use, strong encryption to the masses. You can use PGP to protect your email, your files, and now even your network connections. Let PGP bring a new level of privacy and security to your everyday computer use and communications with others. NOTE: Please refer to the included license for the specific terms and conditions of using this product. _____________ DID YOU KNOW? * PGP PERSONAL SECURITY IS AVAILABLE * Did you know that PGP Personal Security, the retail version of this product, provides many features and benefits not included with this freeware product? The following are just some of the added features and benefits of using PGP Personal Security: * PGPdisk PGPdisk provides transparent, easy-to-use encryption of files stored on your computer. When mounted, PGPdisks appear as another harddrive on your system. Your files are automatically encrypted when stored and decrypted when accessed on your PGPdisk. PGPdisk gives you the ability to easily protect your files from prying eyes. * X.509 certificate support PGP Personal Security supports requesting and using X.509 certificates from leading PKI providers like VeriSign and Entrust. You can use your X.509 certificate as another means to authenticate yourself to other VPN products. * Personal Firewall/Intrusion Detection System PGP Personal Security introduces PGP's robust Personal Firewall and Personal IDS technology. PGP creates a dual-layer security perimeter around any computer it protects. Utilizing IDS technology from Network Associates' leading CyberCop family of intrusion protection solutions, PGP provides protection from common attacks, including SYN floods, Ping floods, Smurf, Bonk, Ping of Death, Back Orifice, Teardrop, etc. * VPN gateway support Using PGP Personal Security you can connect to networks behind IPSec-based VPN gateways, such as firewalls or routers. This feature enables PGP to be used for secure remote access to corporate networks from your home computer. * Technical support Network Associates does not provide technical support for freeware products. By purchasing PGP Personal Security, you can contact Network Associates technical support to answer any questions you may have about using PGP. * Licensed for commercial use PGP Freeware is not licensed for commercial use. PGP Personal Security and PGP Desktop Security (the corporate version of this product) are licensed for commercial use. Thank you for your choosing PGP Freeware as your solution for privacy and security. We encourage you to show your support for this great product by buying a copy of PGP Personal Security today! Your purchase will help us continue to extend and enhance this leading personal security solution. ____________________________ ENHANCEMENTS IN THIS RELEASE 1. AES support. This release of PGP adds support for the new Advanced Encryption Standard algorithm (Rijndael). AES is the new NIST standard algorithm for the highest security with a 256-bit symmetric key size. 2. IKE Aggressive Mode support. PGPnet now supports the Aggressive Mode standard for IKE. This enables users to use usernames/passwords in combination with dynamic addresses to establish a secure VPN connection. 3. IKE Extended Authentication support. PGPnet now supports the Extended Authentication draft standard (Version 6+). This provides the ability to use legacy authentication methods such as RADIUS and SecurID when establishing VPN connections with compatible gateways. 4. Windows ME Support. PGP now supports Microsoft Windows Millenium Edition. 5. RSA 4096 support. The new RSA V4 key type now supports the full range of key sizes supported by DH/DSS keys up to 4096 bits. ____________________________ NEW FEATURES IN PGP FREEWARE * VPN * 1. Next generation client-to-client and client-to-server VPNs. PGP 7.0 includes revolutionary peer-to-peer VPN capabilities that enable truly scalable, enterprise-wide network encryption. If enabled, PGP 7.0 will attempt to communicate via IPsec whenever an IP-based connection is attempted to or from another network device. This behavior can be controlled and can be enabled only in environments that require this level of security. 2. Simple point-and-click VPN connections via PGP systray. Users can now easily connect to VPN endpoints that have been configured within PGP to require a manual connection by simply selecting the appropriate link icon in the convenient PGP systray. 3. Simultaneous protection of multiple network adapters. This release adds support for binding to and protecting multiple network adapters simultaneously (dial-up, cable modem, DSL, LAN, ISDN, etc.), providing VPN capabilities on all selected adapters. 4. Optimized VPN connection performance via new MTU path discovery capability. PGP now automatically determines the optimal packet size (MTU, Maximum Transmission Unit) for each VPN connection. This eliminates any packet fragmentation that may occur due to intermediate Internet routers that use smaller packet sizes than the user's ISP. * PGP Key and X.509 Certificate Support * 5. New RSA key format. PGP 7.0 introduces a new RSA key format that provides support for designated revoker, multiple encryption subkeys, and photo ID features. Previously these features were only available to users with Diffie-Hellman keys. PGP will continue to support users who have RSA keys in the older key format (now called the RSA Legacy key format). 6. Key reconstruction feature helps users recover from lost or forgotten passphrases. PGP 7.0 introduces a new, optional key reconstruction feature that leverages PGP's cryptographic key splitting technology to provide a secure means for users to recover their private keys. This enables users who have forgotten their PGP passphrase to regain access to their encrypted data after answering five questions whose answers only the user would know. 7. Support for using X.509 certificates for secure email. This release gives users the choice of what type of keys/certificates to use for exchanging secure email (e.g., PGP keys and/or X.509 certificates). PGP 7.0 users can also concurrently send an encrypted email to users with PGP keys as well as other users with X.509 certificates. 8. Automatic X.509 certificate lookup from LDAP directories. If the X.509 certificate of a secure email recipient is not cached locally on the senders PC, PGP can now automatically search a pre-defined list of LDAP directories for that user's certificate. Users can also use the PGPkeys application to perform manual searches of LDAP directories for X.509 certificates. 9. Support for storing and searching for PGP keys on LDAP servers. Extending support for storing PGP keys on servers, other PGP Certificate Servers, and PGP Keyservers. PGP can now store and retrieve PGP keys from any standard LDAP v2 or v3 compliant directory. 10. Silent keyring maintenance. PGP now performs automatic, unattended keyring maintenance such as key synchronization, trusted introducer updates, CRL downloading, etc. without displaying any non-critical dialog boxes. 11. PGPkeys is able to open to multiple keyrings at once. Users can now open and manage multiple keyrings at a time, thus simplifying keyring management. 12. A new automatic backup feature allows the user to automatically back up keyrings to the keyring directory or another directory when any changes are made to the keyring. PGP no longer creates a series of backups in the keyring folder. Automated keyring backup is now entirely in the user's control. * Entropy and Cryptographic Algorithms * 13. Continuous entropy collection. PGP now continuously collects random data from mouse movements and keystrokes (whether a PGP-related window is open or not), and stirs that random data into the PGP entropy pool. 14. Twofish support. PGP introduces the option of encrypting email, files and ICQ instant messages using Twofish, a relatively new, but well regarded 256-bit cipher. Twofish is one of five finalists for NIST's new Advanced Encryption Standard (AES). * Single Sign On * 15. Improved overall ease-of-use via new centralized passphrase caching. PGP 7.0 simplifies users' lives by only requiring them to enter their passphrase once to one of the many PGP components, and then the user can launch any of the other PGP modules without needing to enter their passphrase again. * Instant Messaging Plug-In * 16. PGP 7.0 secures the next generation of interpersonal communications by introducing integration with ICQ 99b, ICQ 2000a, and ICQ 2000b. Users can now safely share instant messages via PGP's world-renowned encryption and digital signature capabilities, which have been extended to this exciting platform. Users can secure all the methods of communication and data sharing capabilities of ICQ by leveraging the PGP ICQ plug-in for instant message protection and PGP's Dynamic Peer-to-Peer VPN capabilities for securing file transfer, chat, and all other direct client-to-client communications. * Email Plug-Ins * 17. Rich text support in Outlook plug-in. The PGP plug-in for Outlook 97, 98, and 2000 now supports preserving rich text formatting of digitally signed and/or encrypted messages. * Disk, File and Freespace Wiping * 18. Automatic wipe upon file delete. Users now have the option of having files automatically wiped as soon as they are deleted. On Windows systems with the Recycle Bin enabled, files are wiped once they are "emptied" from the Recycle Bin. 19. Significantly improved disk wiping time. This release incorporates new technology for wiping file slack space and disks that is significantly faster than previous versions of PGP. _____________ DOCUMENTATION Also included with this release are the following manuals, which can be viewed on-line as well as printed: * Introduction to Cryptography * PGP User's Guide The documentation is automatically installed with the PGP software. Go to Start -> Programs -> PGP -> Documentation to locate the manuals. Each document is saved in Adobe Acrobat Portable Document Format (.PDF). You can view and print these documents with Adobe's Acrobat Reader. PDF files can include hypertext links and other navigation features to assist you in finding answers to questions about your Network Associates product. To download Adobe Acrobat Reader from the World Wide Web, visit Adobe's Web site at: http://www.adobe.com/ This release also includes integrated online help in Microsoft HTML Help (.CHM) format: * Online help: - PGP online help - PGPnet online help Note that this help format requires Microsoft Internet Explorer v4.01 Service Pack 2 or later. Documentation feedback is welcome. Send email to tns_documentation@nai.com. ___________________ SYSTEM REQUIREMENTS To install PGP on a Windows system, you must have: - Intel Pentium 166 MHz processor or better - Windows 95B (OSR2), Windows 98, Windows NT 4.0 with Service Pack 4 or later, Windows 2000, Windows 2000 with Service Pack 1, or Windows Millennium Edition - 32 MB RAM (64 MB RAM for Windows NT and 2000) - 32 MB hard disk space If you plan to run PGPnet on the system, you must also have: - Microsoft TCP/IP - A compatible LAN/WAN network adapter ____________ INSTALLATION * Installing PGP on a Windows system * 1. Exit all programs currently running on your computer. 2. Download the PGP program files to your computer. 3. Double-click Setup.exe in the PGP folder to start the Setup program. 4. The Setup program searches for open programs and prompts you to close them. If you have PGP version 5.x - 7.0.x currently installed, the PGP setup program prompts you to uninstall the old PGP files. Click Yes to automatically uninstall the old version. Your keyring files are saved in a file named Old keyrings. You must reboot your computer after uninstalling the files. Once your computer reboots, the installer continues. The PGP Installation screen appears. 5. Review the instructions in the PGP Welcome dialog box, then click Next. The Network Associates license agreement appears. 6. Review the license agreement information, then click Yes to accept the licensing terms. The Readme.txt file appears listing the new features and other important information regarding PGP version 7.0.x. 7. Review the Readme.txt file, then click Next. The User Type dialog box appears. 8. Select the appropriate button: * Click Yes to use your existing PGP keyrings. The installation wizard asks you to locate your PGP keyrings later in the installation process. * Click No if you are a New User and do not have existing PGP keyrings. The key generation wizard assists you in creating a PGP keypair at the end of the installation process. 9. Click Next. 10. Click Browse to navigate to a destination folder for your PGP files or accept the default folder. Click Next to continue. The Select Components dialog box appears. 11. Select the components you want to install. 12. Click Next. A dialog box appears, alerting you that the installer is ready to copy files. 13. Review the installation settings, then click Next. The PGP files are copied to the computer. 14. If you chose to install the PGPnet application, the PGPnet Set Adapter List appears listing the network adapters found on your system. If you want to communicate securely over a modem, select your Dial-up or WAN adapter (for example, Remote Access WAN Wrapper). If you want to communicate securely over an Ethernet connection, select your LAN adapter (for example, 3COM Fast Etherlink). When you have made your selection(s), click OK. Note: You can secure all adapters, WAN and LAN, on your system at this time. Note: On Windows 2000, Set Adapter displays, "All Network and Dial-up Adapters." Select this check box to secure all network interfaces. Tip: You can change the selected network adapter(s) at any time after installation. Go to Start->Programs->PGP->SetAdapter and select the network adapter(s) you want PGP to bind to, or deselect the network adapter(s) you no longer want PGP to bind to. The installation program binds the PGPnet driver to the adapter(s) you selected and configures your computer to use the PGPnet application. 15. If you have keyrings on your computer from a previous version of PGP, and selected Yes in step seven, a browse dialog box appears. Browse to locate your public keyring, Pubring.pkr, and your private keyring, Secring.skr. If you do not have keyrings on your computer from a previous version of PGP, and selected No in step seven, you are prompted to create a keypair after completing the PGP installation. The key generation wizard will guide you through the necessary steps to create a new PGP keypair. 16. To start using PGP immediately, select Yes, I want to restart my computer now. 17. Click Finish to complete the PGP installation and reboot your computer. * Modifying your PGP installation * You can run the PGP Setup Maintenance utility at any time to modify your current PGP installation. The PGP Setup Maintenance utility allows you to: * add or remove PGP components * re-install all program components installed by a previous setup * remove all installed components To modify your PGP installation: 1. Exit all programs currently running on your computer. 2. Double-click Setup.exe in the PGP folder to start the Setup program. 3. The Setup program searches for open programs and prompts you to close them. The PGP Install Wizard Welcome screen appears. 4. Do one of the following: * Select Modify to add new PGP components or remove currently installed PGP components. The Select Components dialog box appears. Select the components you want to install, or deselect the components you want to remove from your current installation. Click Next. * Select Repair to re-install all program components installed by a previous setup. This may be necessary if you modified your installation, and now want to return to your original setup. PGP re-installs all program components from the original installation. * Select Remove to uninstall all PGP program components. PGP asks you to confirm your request to remove the PGP application and all of its components. Click OK if you want to remove PGP, or click Cancel if you do not want to remove PGP. 5. To start using PGP immediately, select Yes, I want to restart my computer now. 6. Click Finish to complete the PGP maintenance and reboot your computer. ____________ KNOWN ISSUES 1. You must shut down a docked Windows 2000 laptop--rather than undock the laptop in standby mode--if PGPnet is bound to the dock's network adapter. 2. To reconstitute a split key over a network, all key shareholders must use PGP 7.0. 3. Groups files created with versions of PGP prior to 7.0 must be re-created using PGP 7.0. ______________________ ADDITIONAL INFORMATION * PGP * * The Windows Explorer provides PGP with information only about the target of a shortcut and not the shortcut itself. If you use the Wipe feature in the Explorer, the shortcut itself will not be wiped. The actual target will be wiped. When using PGPtools, the shortcut will also be wiped. * Hotkeys are for use with applications that support general text editing. Using Hotkeys with some applications may result in unpredictable behavior. * PGP 7.0's new RSA keys should not be used with previous versions of PGP. PGP 7.0 also generates "RSA Legacy" keys, which can be used with any previous version. * Due to ICQ's limited message size, the PGP plug-in for ICQ does not use the "Always encrypt to default key" feature even if that option is selected. * The PGP Exchange/Outlook plug-in does not support Microsoft Word as an email editor. * Installing versions of PGP prior to 7.0 on a machine containing 7.0 is not supported and may result in unpredictable behavior. * PGPNET * * Do not attempt to manually uninstall PGPnet. It is very important that you use the PGP Uninstaller to remove PGPnet. PGPnet makes extensive modifications to the registry and changes the bindings on network adapters. The PGP Uninstaller can be accessed via the Add/Remove Programs control panel. * Novell's Netware client for Windows 2000 is not currently compatible with PGPnet. * If you use hardware profiles on NT, and you hide a network adapter to which PGPnet is bound, you will be prompted to re-bind to that adapter when you reboot using a hardware profile that does not hide the adapter. * 3COM's Dynamic Access control panel prompts you to reboot if you use Set Adapter to modify your network bindings. Ignore this reboot request until Windows has finished updating the network bindings. * PGPnet does not support Token Ring or FDDI network interface cards. PGPnet fully supports Ethernet cards for VPN. * PGPnet is not compatible with the Intel EtherExpress 16 driver. * Installing virtual private network software such as PGPnet on the same machine as a firewall or another VPN client is highly likely to cause problems. We recommend uninstalling the other product prior to installing or choosing not to install PGPnet on such a machine. * You cannot use the default MSN dialer to connect to MSN if PGPnet is installed. To connect to MSN with PGPnet, use the Microsoft Dial-Up Networking client. _____________________________ CONTACTING NETWORK ASSOCIATES NOTE: Network Associates does not provide technical support for freeware products. To purchase a commercial version of PGP, please contact the Network Associates Customer Service department between 8:00 a.m. and 8:00 p.m. Central Time, Monday through Friday, at: Network Associates Customer Service 4099 McEwen Road, Suite 500 Dallas, Texas 75244 Phone: (972) 308-9960 Email: cust_care@nai.com Web: http://www.pgp.com Network Associates Corporate Headquarters McCandless Towers 3965 Freedom Circle Santa Clara, CA 95054