PGP Command Line Version 10.0 Release Notes Thank you for using this PGP Corporation product. These Release Notes contain important information regarding this release of PGP Command Line Software Development Kit. PGP Corporation strongly recommends you read this entire document. PGP Corporation welcomes your comments and suggestions. Please use the information provided in Getting Assistance to contact us. Product: PGP Command Line Version: 10.1 Warning: Export of this software may be restricted by the U.S. government. Note: To view the most recent version of this document, please go to the Documentation section on the PGP Support Portal. What's Included in This File About PGP Command Line Changes in This Release System Requirements Licensing Additional Information Getting Assistance Copyright and Trademarks About PGP Command Line Thank you for using PGP Command Line, a software product from PGP Corporation that provides a command-line interface to PGP functionality and automates the processes of encrypting/signing, decrypting/verifying, and file shredding. Using PGP Command Line PGP Command Line uses a command-line interface; you type commands at a command prompt using the following syntax: pgp command [option] <argument> For example, to get assistance with the commands available in PGP Command Line, use the --help command: pgp --help Refer to the PGP Command Line online help file, man page, or the PGP Command Line User's Guide for more information about using PGP Command Line. Changes in This Release This section lists the changes and new features in this release of PGP Command Line. New Features in PGP Command Line 10.1
There are no new features in this release. System Requirements The system requirements for PGP Command Line are the same as the system requirements for the host operating system. Note: In addition to the hard drive space required by the operating system, PGP Command Line requires additional space for both the data on which cryptographic operations (such as encryption, decryption, signing, and verifying) are applied and temporary files created in the process of performing those operations. For a given file being encrypted or decrypted, PGP Command Line can require several times the size of the original file in free hard drive space (depending on how much the file was compressed); enough space to hold the original file or files and the file resulting from the encryption or decryption operation. In cases where PGP Zip functionality is used on a file, PGP Command Line may also require several times the size of the original file or files in free hard drive space, enough to hold the original file, a temporary file created when handling the archive, and the file resulting from the encryption or decryption operation. Make sure you have adequate free hard drive space on your system before using PGP Command Line. For more information about the system requirements for specific platforms, refer to the PGP Command Line User s Guide. Supported Platforms You can install PGP Command Line on these platforms: Windows 7 (32- and 64-bit), Windows Server 2008, Windows Vista (32- and 64-bit) SP2, Windows Server 2003 SP2, Windows XP (32- and 64-bit) SP3, Windows 2000 SP4 HP-UX 11i and above (PA-RISC and Itanium) IBM AIX 5.3 and 6.1 Red Hat Enterprise Linux 5.0 (x86 and x86_64) SLES (SUSE Linux Enterprise Server) 9 SP4 and 10 SP2 (x86) Fedora Core 6 (x86_64 only) Sun Solaris 9 (SPARC) and Solaris 10 (SPARC, x86, and x86_64) Apple Mac OS X 10.5.x and 10.6.x (Intel-based systems only) Note: AIX 5.2 and Mac OS X 10.4 are no longer supported. PGP Command Line for Windows and PGP Desktop on the Same System PGP Command Line and PGP Desktop can be installed on the same system at the same time. To use PGP Command Line for Windows and PGP Desktop for Windows on the same 64-bit system, you must use the 64-bit version of PGP Desktop and the 32-bit version of PGP Command Line. This ensures compatible versions of the PGP SDK are used. The PGP SDK for the 64-bit version of PGP Command Line for Windows includes functionality that makes it incompatible with PGP Desktop for Windows. Licensing PGP Command Line requires a valid license to operate. If you use PGP Command Line without entering a license or after your license has expired, only basic functionality will be available; you will only be able to list the keys on your keyring, view a fingerprint, and export keys.
Note: As PGP Command Line does not operate normally until licensed, you should license it immediately after installation. Use --license-authorize to license PGP Command Line. The following options are required: For example: --license-name <Name> Where <Name> is your name or a descriptive name. --license-organization <Org> Where <Org> is the name of your company. --license-number <Number> Where <Number> is a valid license number. pgp --license-authorize --license-name "Alice Cameron" --license-organization "Example Corporation" --license-number "AAAAA-BBBBB-CCCCC-DDDDD-EEEEE-FFF" Note that the error message stating no email address was specified can be ignored. Including an email address is optional, not required, for license authorization. Refer to the PGP Command Line User s Guide for more information about licensing. Additional Information This section includes important information about using PGP Command Line. PGP Command Line 10.1 Search filter lacks a case-insensitive substring search operator. The PGP USP API does not provide a search filter for case-insensitive substring matches. However, it provides search filters for case-sensitive substring matches and case-insensitive complete-string matches. To work around this problem, use the LDAP protocol for case-insensitive substring searches. [26634] Unable to authenticate devices with username or email address. When authenticating a device, the PGP USP API is unable to find the device by using the device's consumer name. To authenticate a device, use the device's UUID. [24184] Anonymous key search is not constrained to internal keys. The PGP USP SDK supports anonymous searches for keys. These searches correctly consider internal keys on the PGP Universal Server. They also erroneously consider external keys on the PGP Universal Server. As a result, anonymous key searches can unintentionally reveal external keys. There is no workaround. [25365 and 27998] Signature operations download private SKM keys. Signature operations download the private portion of the MAK key, even if the key mode is SKM. These operations include signing a document and validating the signature on a document. The keys are downloaded with TLS transport. Downloading the private portion of certain types of keys may be a security problem in some environments. [26106] Keys and subkeys assume the expiration dates of their certificates. Importing a certificate into a key or subkey causes the key or subkey to assume the expiration date of the certificate (within 1 week). If the certificate expires, then the key or subkey expires. To reset such an expired key or subkey, change the certificate expiration date. [26353] Downloaded PGP Verified Directory keys are uncertified. When the PGP USP API downloads a key that is hosted on PGP Verified Directory, it omits the signature that certifies the key. As a result, such
keys are uncertified. To work around this problem, use the LDAP protocol to download keys that are hosted on PGP Verified Directory. [27862] PGP Command Line 10.0 License issue when upgrading dual-processor systems. Occasionally when dual-processor systems are upgraded, PGP Command Line believes it is not licensed because it is checking the license against a different processor, not the one it was originally licensed against. To resolve this issue, re-license PGP Command Line. This issue can apply to both physical and virtual processors. [18637] Archive modes. The overwrite flag is ignored for archive modes (PGP archives and self-decrypting archives). [17595] Self-decrypting archives (SDAs) on Mac OS X. Some large SDAs (over 1 GB) do not decrypt automatically on Mac OS X systems. To resolve this issue, break the one large SDA into multiple smaller SDAs. [18991] Entropy generation. PGP Command Line now prefers strong entropy generation to be supplied from the host operating system. On Unix-based systems, PGP Command Line attempts to find entropy sources from /dev/hwrandom, /dev/urandom, and /dev/random. [19959] If you are running HP-UX B.11.11, you may require this patch to prevent an out-of-entropy error: https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=krng11i Legacy (v3) keys. Per the OpenPGP Message Format specification (RFC 4880), PGP Command Line no longer creates legacy (v3) keys. Existing legacy keys can still be used, but new ones cannot be created. [25548] PGP Command Line 9.9 PGP Command Line 9.8 PGP Command Line 9.7 Default installation location on Linux. Linux installations now default to /opt/pgp, which matches the default installation location on other UNIX platforms. To install PGP Command Line on Linux to the previous installation location (/usr/bin/), use the "--prefix=/usr" option. If you have an existing Linux installation of PGP Command Line and do not install the new version using the "--prefix=/usr" option, you will need to update your path to include /opt/pgp/bin and you will need to update any scripts accordingly. [NBN] PGP Command Line 9.5 Self-Decrypting Archives (SDAs). PGP Command Line 9.5 and below was not able to decrypt SDAs. This has been fixed. [10079] Solaris installations. If you have modified the system default link editor path, the installer may not be able to find the correct versions of third-party libraries, causing the installation to fail. [NBN] To restore the system default link editor path, run: rm /var/ld/ld.config crle -u PGP Command Line 9.5
HP-UX installations. On HP-UX, you may encounter an issue generating 2048- or 4096-bit keys if you have altered the maximum number of shared memory segments that can be attached to one process, as configured by the shmseg system parameter. To avoid this issue, reset the shmseg system parameter to its default value of 120. Consult your HP-UX documentation for information on how to alter system parameters. [NBN] PGP Command Line 9.0 PGP Command Line 8.5 Uninstall issues on Windows systems. If you install PGP Command Line 8.5 on a Windows system that has PGP Desktop 8.0.3 or below, and then you uninstall PGP Command Line 8.5, you must then also uninstall and reinstall PGP Desktop to restore it to proper operation. PGP Desktop 8.1 and greater do not require this. Resolution: PGP Desktop 8.0.3 and earlier are not supported for use with PGP Command Line 9.0, so this requirement does not apply. This requirement does not affect versions of PGP Desktop that are supported for use with PGP Command Line 9.0, Versions 8.1 and greater. [NBN] Getting Assistance Available Documentation Documentation for PGP Command Line includes HTML-based online help for Windows; a man page for AIX, HP-UX, Mac OS X, Solaris, and Linux; and the PGP Command Line User's Guide (in PDF format) for all platforms. You can view and print the user's guide with Adobe Acrobat Reader, available on Adobe's Web site. Contact Information Contacting Technical Support To learn about PGP support options and how to contact PGP Technical Support, please visit the PGP Corporation Support Home Page. To access the PGP Support Knowledge Base or request PGP Technical Support, please visit PGP Support Portal Web Site. Note that you may access portions of the PGP Support Knowledge Base without a support agreement; however, you must have a valid support agreement to request Technical Support. To access the PGP Support forums, please visit PGP Support. These are user community support forums hosted by PGP Corporation. Contacting Customer Service For help with orders, downloads, and licensing, please visit PGP Corporation Customer Service. Contacting Other Departments For any other contacts at PGP Corporation, please visit the PGP Contacts Page. For general information about PGP Corporation, please visit the PGP Web Site. Copyright and Trademarks Copyright (c) 1991-2010 PGP Corporation. All Rights Reserved. PGP, Pretty Good Privacy, and the PGP logo are registered trademarks and PGP Universal is a trademark of PGP Corporation in the U.S. and other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.