INSTALLATION: Obtain a copy of the pgp50i-b8 source code from a distribution archive. The patches contained in the pgp50Diffs.patch file will work "out of the box" only with this version. Installation of NXPGP50 proceeds in two segments. First, installing NXPGP.app, and then installing pgp50. To install NXPGP50.app using the binary distribution: o Drag it to /LocalApps or ~/Apps. If the Workspace warns that links exist, click the Repeat and "New Link" buttons. If installing NXPGP50 from the sources, change directories to the NXPGP50/source directory and perform a make: o cd NXPGP50/source o gnumake o Drag NXPGP50.app to /LocalApps or ~/Apps [ Be sure to use 'gnumake' rather than just 'make' above ] To install pgp50i-b8 from the archives perform these steps: o gunzip -c pgp50i-b8.tar.gz | tar xvf - Now copy the pgp50Diffs.patch file from the NXPGP50 directory to the pgp50i-b8 directory: o cp NXPGP50/pgp50Diffs.patch pgp50i-b8/src Continue patching and compiling the source code: o cd pgp50i-b8/src o configure o patch < pgp50Diffs.patch o make PGP should compile to completion with only warnings. I haven't fully investigated whether these warnings are bad in the sense that any of them break the pgp algorithms or impede security. I know that pgp seems to work correctly - it generates keys, it encrypts, decrypts and does all the things you expect pgp to do with no errors (yet). Now, continue installing with these steps: o make install [ The make process may die during the installation of the pgp man pages. I have not tracked down or fixed this problem. It is not critical to the proper operation of pgp ] We need to make three links of pgp to the NXPGP50.app directory: o ln -s /usr/local/bin/pgp /LocalApps/NXPGP50.app/pgpe o ln -s /usr/local/bin/pgp /LocalApps/NXPGP50.app/pgpv o ln -s /usr/local/bin/pgp /LocalApps/NXPGP50.app/pgps Now reboot your machine. Soon after you reboot, the services generator will notice the addition of NXPGP50, and add the NXPGP services button to your Services Menu. With these services, you can encrypt or decrypt selections from programs, and encrypt or decrypt file and directory selections from the WorkSpace. Support for key maintenance through the Services menu is not included in this version. NOTES: NXPGP will not work properly with an unpatched copy of PGP version 5.0. In its present form, PGP 5.0 will prompt users for input from the keyboard when errors occur, even if the +batchmode and +force flags have been set. Since NXPGP is running PGP as a filter, a prompt for keyboard input will cause NXPGP to sit and spin. The pgp50Diffs.patch file includes patches which change the behavior of PGP under these circumstances to simply abort with an error message which is subsequently displayed in the Status Panel of NXPGP. A few comments about the security of NXPGP. Since NXPGP is running PGP as a filter, it passes your secret passphrase to PGP as a command line argument using "-z passphrase" option. From a security standpoint, this is disastrous on a multi- user machine. Anyone else logged into the machine can pick up your passphrase by using a "ps -aux" command. It is highly recommended NOT to use NXPGP on a machine with more than one person logged in (this will no longer be a concern when the PGP API stabilizes, and PGP can be integrated into NXPGP in a way that the passphrase will not appear on a command line anywhere). Your secret passphrase also appears in NSTextFields as undisplayable text for the duration of the encryption process. As soon as encryption is finished, any fields containing the passphrase are cleared. During operation, the passphrase is moved from the TextFields into internal memory and stored in an NSString as a component of an NSMutableArray to be passed to PGP in the argument list. It is possible for these memory pages to be swapped out and stored in the swapfile on the disk. It's not clear to me how long the passphrase would be easily accessible on the disk after such an operation. There may be a way to lock memory pages down and keep them from being swapped. If someone knows how to do this, please email me at the address below with advice on how this could be accomplished. For me, NXPGP is a useful tool. I'm the only person who uses my computer, and I use PGP primarily as an envelope to shield my mail from prying eyes in-transit. NXPGP is not for everyone. But for those who need "light" security NXPGP can be very convenient. As always, I appreciate any suggestions for improvements or additional features. - Howard Cole firstname.lastname@example.org
These are the contents of the former NiCE NeXT User Group NeXTSTEP/OpenStep software archive, currently hosted by Netfuture.ch.