What's New in PGP Personal Privacy Version 6.5.8 for Windows 95/98, Windows NT, and Windows 2000 Copyright (c) 1990-2000 by Networks Associates Technology, Inc., and its Affiliated Companies. All Rights Reserved. Thank you for using Network Associates' products. This What's New file contains important information regarding PGP Personal Privacy. Network Associates strongly recommends that you read this entire document. Network Associates welcomes your comments and suggestions. Please use the information provided in this file to contact us. Warning: Export of this software may be restricted by the U.S. Government. ___________________ WHAT'S IN THIS FILE - Fixes in this Release - New Features - Documentation - System Requirements - Known Issues - Additional Information - Contacting Network Associates _____________________ FIXES IN THIS RELEASE * This release corrects a security-related bug with Additional Decryption Keys (ADKs) that may allow sophisticated attackers to add unauthorized ADK key IDs to the unhashed areas of PGP public keys. For more information about this bug, please review the PGP ADK Security Advisory available on www.pgp.com. ___________________ NEW FEATURES IN PGP 1. PGPnet. PGPnet is a landmark product in the history of PGP. PGPnet secures all TCP/IP communications between itself and any other machine running PGPnet. PGPnet has been successfully tested with Cisco routers (requires Cisco IOS 12.0(4) or later with IPSec TripleDES), Linux FreeS/WAN, and many others. PGPnet is also the first IPSec product to fully support the use of OpenPGP keys for authentication in addition to X.509 certificates. 2. Self-Decrypting Archives. You may now encrypt files or folders into Self-Decrypting Archives (SDAs) that can be used by users who do not even have PGP. The archives are completely independent of any application, compressed and protected by PGP's strong cryptography. 3. X.509 Certificate and CA Support. PGP is now able to interoperate with the X.509 certificate format. This is the format used by most web browsers for securing the transfer of information. PGP supports the automated request of certificates from Network Associates' Net Tools PKI, VeriSign's OnSite, and Entrust certificate authorities. X.509 certificates are analogous to a PGP signature, so you can even request X.509 certificates on your existing PGP key. This feature can also be used to interoperate with existing VPN solutions based on X.509. 4. Integrated PGP Command Line. This version incorporates the popular command line version of PGP for Windows platforms. This product provides a convenient way to integrate PGP with other Windows applications and automated processes on your desktop system. Please note that this is intended for single user/workstation use. For use on servers, customers are required to purchase the PGP e-Business Server product. Please contact your local Network Associates Sales representative for more information. 5. Automated Freespace Wiping. PGP's Freespace Wipe feature now allows you to use the Windows Task Scheduler to schedule periodic secure wiping of the free space on your disk. 6. Hotkeys. The Use Current Window feature has been significantly enhanced by the addition of Hotkeys. By using a configured key combination, the Encrypt/Decrypt/Sign functions can be automatically invoked without using PGPtray. This feature is very useful for users using messaging applications that PGP does not currently have a plug-in for, such as Netscape Messenger. 7. Fingerprint Word List. When verifying a PGP public key fingerprint, you can now choose to view the fingerprint as a word list instead of hexadecimal characters. The word list in the fingerprint text box is made up of special authentication words that PGP uses and are carefully selected to be phonetically distinct and easy to understand without phonetic ambiguity. 8. Support for Outlook 2000 and Outlook Express 5.0. This version of PGP adds support for sending and receiving encrypted email in Microsoft Outlook 2000 and Outlook Express 5.0. 9. HTTP Proxy Support. If you are behind a firewall with an HTTP proxy server, PGP now supports accessing HTTP keyservers through the proxy. To use this feature, you must configure the proxy server address in your Internet Explorer preferences. 10. Smart Word Wrapping. The word wrapping in PGP now automatically rewraps paragraphs and even quoted paragraphs resulting in much cleaner signed messages. * PGP ENHANCEMENTS * 1. Support for Windows 2000 operating systems. This release of PGP introduces support for Microsoft's latest releases of Windows. All PGP functionality is available in Windows 2000 except PGPnet. PGPnet will support Windows 2000 in future releases of PGP. 2. Windows 2000 IPSec interoperability. PGPnet running on non-Windows 2000 systems can establish VPN connections with the built-in Windows 2000 IPSec client. (The Windows 2000 system must be running the Windows 2000 High Encryption Pack.) 3. Intel Pentium III Random Number Generator (RNG) support. If your computer is equipped with the Intel RNG, PGP will use the random data generated by the chip in addition to our own entropy collection whenever random data is needed for key generation and encryption. The Intel RNG is currently only available with select Pentium III chipsets, including the Intel 810 chipset. 4. Automatic email plug-in pre-selection. PGP will now automatically pre-select email plug-ins to install on your system based on what messaging applications are installed. Nevertheless, you are still able to change the selected plug-ins at install time. _____________ DOCUMENTATION Also included with this release are the following manuals, which can be viewed online as well as printed: * Introduction to Cryptography * PGP Installation Guide * PGP User's Guide * PGP Command Line User's Guide Each document is saved in Adobe Acrobat Portable Document Format (.PDF). You can view and print these documents with Adobe's Acrobat Reader. PDF files can include hypertext links and other navigation features to assist you in finding answers to questions about your Network Associates product. To download Adobe Acrobat Reader from the World Wide Web, visit Adobe's Web site at: http://www.adobe.com/ This release also includes integrated online help in Microsoft Windows Help format: * Online help: - PGP online help - PGPdisk online help - PGPnet online help Documentation feedback is welcome. Send email to tns_documentation@nai.com. ___________________ SYSTEM REQUIREMENTS To install PGP on a Windows 95, 98, 2000, or NT system, you must have: - Windows 95, 98, 2000, NT 4.0 with Service Pack 3/4/5 - 32 MB RAM - 16 MB hard disk space for the client install If you plan to run PGPnet on the system, you must also have: - Microsoft TCP/IP - A compatible LAN/WAN network adapter Note: PGPnet functionality is not available for users of Windows 95a (the original release of Windows 95) or Windows 2000. PGPnet supports Windows 95b (OSR2), Windows 98, and Windows NT 4.0. ____________ KNOWN ISSUES *PGP ISSUES* 1. Mismatching your keyring files can result in data loss. Your public keyring file and private keyring file must be kept in sync. If, for instance, you select a public keyring file that does not contain the public portion of your private key and do not also change the private keyring to the corresponding file, you and others will not be able to encrypt to exported versions of your key after that time. In most cases, simply updating your key from a public copy on a keyserver will fix this. However, it is recommended that the keyring files always be kept in sync. A future version is expected to correct this issue. 2. Using a Split Key as a public key for PGPdisk will not allow reconstitution of the key through the usual dialog provided for reconstituting split keys. To use such a key to open a PGPdisk, you must first rejoin the key in PGPkeys. 3. Some PGP Version 6.0 and later features are incompatible with previous versions of PGP, so we feature a "compatible" export format that strips incompatible features such as Photo IDs and X.509 certificates from keys. Selecting "Include 6.X Extensions" in the Export dialog enables these features to be exported. By default, we export in compatible mode. You may change the default in the Advanced preferences dialog. When sending a key to a PGP Certificate Server Version 2.0 or above, Photo IDs always accompany the key. The default LDAP server in PGP 6.x supports this. 4. Sometimes, after a PGPdisk volume is unmounted and placed in the Recycle Bin and the Bin is emptied, Windows reports that the drive letter associated with the PGPdisk volume is no longer accessible. This behavior should cease after the system is rebooted. This will not interfere with the normal operation of your system. 5. On Windows 95/98, the Free Space Wiper will reset every time another program writes to your disk while the wiping process is in progress. This is similar to defragmentation programs, and is required by the Operating System. For optimal wiping, make sure to close all open applications. On some systems with very low amounts of RAM, it may be advisable to also shutdown Windows Explorer. 6. The Windows Explorer provides PGP with information only about the target of a shortcut and not the shortcut itself. If you use the Wipe feature in the Explorer, the shortcut itself will not be wiped. The actual target will be wiped. When using PGPtools, the shortcut will also be wiped. 7. Hotkeys are for use with applications that support general text editing. Using Hotkeys with some applications may result in unpredictable behavior. 8. Hard disk utilities (such as ScanDisk) or programs that monitor the hard disk will not run on a drive on which a PGPdisk volume is mounted. This is to ensure that the PGPdisk volume does not become corrupted. To use your hard disk utilities, unmount all PGPdisk volumes on the drive on which you wish to use the utilities. 9. PGPdisk volumes accessed using an Additional Decryption Key open with permissions set as follows: FAT volumes open with permissions set to read-only; NTFS volumes open with permissions set to read/write. 10. (Windows 2000 only) To support Windows 2000's Hibernation mode, PGPdisk's Inactivity Timeout feature is disabled on Windows 2000. 11. (Windows 98 only) If you create a PGPdisk that you plan to immediately copy to a different drive, we recommend that you reboot before you copy to make sure everything is written correctly. This is only a potential issue just after the creation of the PGPdisk, and is due to a Windows 98 disk caching bug. 12. The PGP Exchange/Outlook plugin does not support Microsoft Word as an email editor. 13. We strongly recommend that VirusScan users upgrade to VirusScan Version 4.0.3 or later to take advantage of the newest virus DAT file update features. * PGPNET ISSUES * 1. Do not attempt to manually uninstall PGPnet. It is very important that you use the PGP Uninstaller to remove PGPnet. PGPnet makes extensive modifications to the registry and changes the bindings on network adapters. The PGP Uninstaller can be accessed via the Add/Remove Programs control panel. 2. [Windows NT only] As a precautionary measure, in the unusual event that there is a incompatibility between your network card driver and PGPnet, you can create a "No Networking" hardware profile prior to installing PGPnet on your system. The "No Networking" hardware profile can be used later if an incompatibility occurs. To create a "No Networking" hardware profile, right click on "My Computer," select Properties, and then select the Hardware Profiles tab. Use the Copy button to create a copy of the Original Configuration. Get Properties on your copied configuration and click the Network tab. Finally, select the "Network-disabled hardware profile" checkbox. Click OK to both windows and then you are done. (Due to a Windows bug we recommend that you restart once and double-check that the "No Networking" configuration is working before you install PGPnet.) 3. [Windows 95 only] You may experience a loss of networking after resuming from standby mode. You must reboot your machine to resume network activity. 4. PGPnet is not compatible with the Intel EtherExpress 16 driver. 5. Installing virtual private network software such as PGPnet on the same machine as a firewall or another VPN client is highly likely to cause problems. We recommend uninstalling the other product prior to installing or choosing not to install PGPnet on such a machine. 6. You cannot use the default MSN dialer to connect to MSN if PGPnet is installed. To connect to MSN with PGPnet, use the Microsoft Dial-Up Networking client. ______________________ ADDITIONAL INFORMATION PGP 6.5.8 includes support for both RSA and Diffie-Hellman key types. _____________________________ CONTACTING NETWORK ASSOCIATES You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to the Network Associates Customer Service department at the addresses or phone numbers listed below. Contact the Network Associates Customer Service department between 8:00 a.m. and 8:00 p.m. Central Time, Monday through Friday, at: Network Associates Customer Service 4099 McEwen Road, Suite 500 Dallas, Texas 75244 Contact information for corporate-licensed customers: Phone: (972) 308-9960 Email: services_corporate_division@nai.com Web: http://support.nai.com Contact information for retail licensed customers: Phone: (972) 308-9960 Email: cust_care@nai.com Web: http://www.pgp.com Send correspondence to the following Network Associates location: Network Associates Corporate Headquarters 3965 Freedom Circle McCandless Towers Santa Clara, CA 95054 Or, you can receive online assistance through any of the following resources: 1. World Wide Web: http://support.nai.com 2. Telephone technical support Corporate-licensed customers: (972) 308-9960 Contact Network Associates Customer Service for information about technical support subscription plans. Retail-licensed customers: (972) 855-7044 To provide the answers you need quickly and efficiently, the Network Associates technical support staff needs some information about your computer and your software. Please have this information ready when you call: - Program name and version number - Computer brand and model - Any additional hardware or peripherals connected to your computer - Operating system type and version numbers - Network name, operating system, and version - Network card installed, where applicable - Modem manufacturer, model, and bits-per- second rate, where applicable - Relevant browsers or applications and their version numbers, where applicable - How to reproduce your problem: when it occurs, whether you can reproduce it regularly, and under what conditions - Information needed to contact you by voice, fax, or email *FOR PRODUCT UPGRADES* Network Associates has a worldwide range of partnerships and reseller relationships with hundreds of independent vendors, each of which can provide you with consulting services, sales advice, and product support for Network Associates software. For assistance in locating a local reseller, you can contact Network Associates Customer Service at (972) 308-9960. *FOR REPORTING PROBLEMS* Network Associates prides itself on delivering a high-quality product. If you find any problems, please take a moment to review the contents of this file. If the problem you've encountered appears in the Known Issues section of this README.TXT file, Network Associates is already aware of the problem, and you need not report it. If you find any feature that does not appear to function properly on your system, or if you believe an application would benefit greatly from enhancement, please contact Network Associates or one of its resellers with your suggestions or concerns. *FOR ON-SITE TRAINING INFORMATION* Contact Network Associates Customer Service at (800) 338-8754.