                  PGPrepair 1.0 ReadMe
         Copyright (c) 2000 by Networks Associates 
      Technology, Inc., and its Affiliated Companies. 
                  All Rights Reserved.


Thank you for using Network Associates' products.
This ReadMe file contains important information
regarding PGPrepair. Network Associates strongly 
recommends that you read this entire document.

Network Associates welcomes your comments and
suggestions. Please use the information provided in
this file to contact us.

Warning: Export of this software may be restricted
by the U.S. Government.


___________________
WHAT'S IN THIS FILE

- Functionality Overview
- System Requirements
- Installation
- Using the Tool
- Contacting Network Associates


______________________
FUNCTIONALITY OVERVIEW

The PGPrepair tool was designed to help PGP customers
scan existing PGP keyrings for keys that have been
tampered with. This tool examines a PGP keyring file
and searches it for unhashed signature packets that
contain Additional Decryption Keys (ADKs) or other
inappropriate packets. This tool can optionally remove
all signatures (containing offending packets) from
keys on the keyring, thus cleansing the keyring of
these issues.

The PGPrepair tool is designed to repair keyrings
created and/or used by PGP versions 2.6.2 and above.
It can be applied to personal keyrings or to large 
keyserver keyrings to determine if they contain any 
keys with tampered signatures that contain offending
packets.

For more information about the security issue this
tool addresses (referred to as the PGP ADK Security
Advisory), please visit www.pgp.com.


___________________
SYSTEM REQUIREMENTS

To install the PGPrepair tool, you must have one of
the following platforms:

- Windows 95/98/NT/2000
- Solaris SPARC 2.6 and above
- Red Hat Linux 5.2 and above


____________
INSTALLATION

* To install on a Windows system: *

1. Obtain the file pgprepair.zip.

2. Unzip this file into any directory.


* To install on a Solaris or Linux system: *

1. Obtain the file pgprepair.tar.gz.

2. Uncompress and un-tar the file by issuing
   the following command:

   gzip -d < pgprepair.tar.gz | tar xvf -



______________
USING THE TOOL

The PGPrepair tool must be run from a command prompt.

The tool usage is as follows:

    pgprepair <input_file> [<output_file>]

Where <input_file> is your PGP keyring file name,
commonly known as pubring.pkr, and <output_file>
is the file where you want to write the repaired
keyring.

Note: You must specify an output file to remove
tampered signatures that contain offending packets.

If only an input file is specified:

    PGPrepair scans your keyring for signatures that
    have been tampered with (containing offending 
    packets), but does not remove the tampered 
    signatures from the keyring. While scanning, each
    UserID in your keyring displays. If a signature 
    that has been tampered with is found, then one of
    the following messages is also displayed:

       **** WARNING: Bad signature packet (#) detected! ****
       **** ATTACK: Unhashed ADK key detected! ****

If both an input file and an output file are specified:

    PGPrepair scans your keyring for signatures that
    have been tampered with (containing offending 
    packets), and writes the original keyring to the
    specified output file with the tampered signatures
    removed. The UserIDs and messages do not display. 

_____________________________
CONTACTING NETWORK ASSOCIATES

NOTE: Network Associates does not provide technical
support for freeware products. 

To purchase a retail or commercial version of PGP, 
please contact the Network Associates Customer Service 
department between 8:00 a.m. and 8:00 p.m. Central Time, 
Monday through Friday, at:

    Network Associates Customer Service
    4099 McEwen Road, Suite 500
    Dallas, Texas 75244

    Phone:  (972) 308-9960
    Email:  cust_care@nai.com
    Web:    http://www.pgp.com

