How I Sign and Encrypt E-mail with Pretty Good Privacy (PGP)

By Weldon Whipple <>


This document tells what I have encountered (so far) in getting Philip Zimmermann's Pretty Good Privacy (PGP) to encrypt and sign (and decrypt and verify) e-mail. (I hope to update it as I learn more about PGP)

2 November 2006 update: Two years after writing the first version of this document (after I had "moved on" from PGP), I received a note from Paul Henrichsen, in which he updated the information from the original version. (Thanks, Paul!)

Which PGP?

PGP has been around since the early or mid-1990s. During that time quite a few flavors have appeared. Some that appear in the FreeBSD ports collection (/usr/ports/security) include

The most recent Windows version is version 9.5. There is also a version for the Mac.

Note: After learning PGP the wrong way--using documentation from 1995, which was of no help in sorting out the versions that are around in 2003--I discovered David Wood's 1999 book entitled Programming Internet Mail (O'Reilly), which describes the PGP landscape in 1999.

According to Wood, RFCs 1991 ("PGP Message Exchange Formats") and 2015 ("MIME Security with Pretty Good Privacy") described a PGP that had few prospects of ever becoming an Internet standard, because it used proprietary RSA (for key exchange) and IDEA (for encryption). The newer RFC 2440 describes a non-proprietary OpenSSL, which retains the message structures of RFC 2015 but eliminates the proprietary technologies of earlier PGPs. PGP's version 5 was the first to implement OpenPGP.

GnuPG isn't mentioned in Wood's book. It appears that it might be the PGP of choice for Open Source fans. Others might want to use PGP version 5 or later?

Installing PGP

Seeing no reason not to, I first installed pgp version 2--the one named "pgp" in the FreeBSD ports tree. As root, I entered the commands:

# cd /usr/ports/security/pgp
# make
# make install
# make clean

Then, when I typed "pgp", the following appeared:

Pretty Good Privacy(tm) 2.6.3ia - Public-key encryption for the
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-03-04
International version - not for use in the USA. Does not use RSAREF.
Current time: 2003/06/17 23:37 GMT

For details on licensing and distribution, see the PGP User's Guide.
For other cryptography products and custom development services,
Philip Zimmermann, 3021 11th St, Boulder CO 80304 USA, phone +1 303

For a usage summary, type:  pgp -h

I generated a key pair for "Weldon Whipple <>", placed it/them in my public and private key rings, and proceeded to look for a way to integrate PGP with e-mail clients. (I use several, on several platforms.)


"Googling," I found many PGP tutorials and howto's, including one for integrating PGP with pine (University of Washington's e-mail client). Since I sometimes use pine, I decided to start there. The instructions mentioned commands like pgpe, pgpv, pgpk, etc.--which didn't exist on my FreeBSD box.

Returning to FreeBSD's ports, I found /usr/ports/security/pgp5. Thinking that I might need a more current version, I installed that version. Sure enough, it had the commands I wanted. I proceeded to integrate pine with pgp version 5.

I noticed that versions 2 and 5 of PGP are able to coexist on the same box!


The instructions I found for integrating PGP and pine worked for only version 5 of PGP. Looking further on Google, I found pgp4pine. I located pgp4ping in the FreeBSD ports tree and installed it. By following its instructions, I got PGP version 2 to work. With a little more effort I was able to get pgp4pine to support both versions 2 and 5.


With two different versions of PGP coexisting on one machine, I decided to try version 6 from /usr/ports/securigy/pgp6. It installed with little effort. When I tried to send mail with version 6, however, I saw a message implying that it was still under development and possibly not quite stable. Sure enough, it failed to work for me. I subsequently deinstalled pgp6 and reinstalled pgp (i.e. pgp version 2).


Still hopeful that I might be able to get other PGP variants to coexist with PGP versions 2 and 5, I browsed /usr/ports/security and found the gnupg (GnuPG--GNU Privacy Guard) port. Its installation was uneventful, and I was able to incorporate it as a third PGP flavor in my .pgp4pinerc configuration file.

gpg on Windows

The portable Thunderbird with enigmail and gnupg plugins is highly recommended as a pgp client for Windows. -- P. Henrichsen


With each of the three PGP versions I installed, I initially created (different) public/secret key pairs--using each version's own syntax for creating keys. I eventually decided this was a bad idea, so I deleted the keys from PGP 5 and GnuPG. Then I exported the original PGP 2 keys (using PGP v2 commands) and imported them into my PGP 5 and GnuPG key rings.

Exporting My Keys from PGP 2

% pgp -kxa 'Weldon Whipple <>' ~/weldon-pub.asc pubring
% pgp -kxa 'Weldon Whipple <>' ~/weldon-sec.asc secring

Importing the PGP 2 Keys into PGP 5

% pgpk -a ~/weldon-pub.asc
% pgpk -a ~/weldon-sec.asc

I verified the import with the command:

% pgpk -l

Importing the PGP 2 Keys into GnuPG

% gpg --import ~/weldon-pub.asc ~/weldon-sec.asc

I verified the import with the command:

% gpg --list-keys

Distributing PGP Public Key

After I felt comfortable with PGP, I submitted my public key to a key server, so that others can send me secure mail. I visited to share my key.

What's Next?

I'll continue to explore PGP, but also want to investigate S/MIME, which uses SSL/TLS certificates and is more recent than PGP (and accomplishes similar things). Unless S/MIME is totally obvious, I might document what I learn about S/MIME.