home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World Komputer 1999 January
/
pcwk_01_1999.iso
/
Tajnepp
/
F-PROT
/
PGP.TXT
< prev
next >
Wrap
Text File
|
1998-06-17
|
2KB
|
44 lines
About PGP
We encourage the use of PGP for various purposes, including the transfer
of virus samples. This document is not intended to describe how to
install PGP or use it to encrypt files. However, PGP can also be used to
verify that the F-PROT package you receive has not been tampered with.
We use PGP to provide two types of detached signatures. One is for the
FP-xxx.ZIP package that is made available via FTP, E-mail and other means.
This signature can be obtained by doing a 'finger f-prot@complex.is'. It
is also included in the announcement we send out. Do not trust this
signature unless you obtain it from a secure source. NOTE: THIS SIGNATURE
CANNOT BE USED TO VERIFY THE INTEGRITY OF THE PACKAGE AVAILABLE AT THE
GARBO FTP SITE, AS THE FILE IS MODIFIED THERE.
The other signatures are included in the package, and are therefore less
secure, as they could be tampered with.
We include the public key of Frisk Software in NEW_VIR.TXT. This key is
signed by Fridrik Skulason and Vesselin Bontchev. The latter key is signed
by Phil Zimmermann, the author of PGP. Therefore a "web of trust" (see the
PGP documentation) can be established. Also, all those keys are available
on public key servers.
Assuming you have installed PGP and added the public key of Frisk
Software, you can verify the files by giving a command like
pgp f-prot.asc f-prot.exe
You should then see something like this:
File has signature. Public key is required to check signature.
File 'f-prot.$00' has signature, but with no text.
Text is assumed to be in file 'f-prot.exe'.
Good signature from user "FRISK Software International <f-prot@complex.is>".
If, instead, you get a "bad signature" message, it means that either you
are using the wrong signature, or that the file has been modified.
In some cases FTP archive sites may modify .ZIP files by adding a comment.
If that appears to be the case, you can strip the comment away by running
pkzip with the -z switch, and then use PGP to check the resulting file.