NetMarket: PGP Help
Go to :
[__BACK___]
[COMMENTS_]
[__MENU__]
[__HELP___]
The NetMarket Company has licensed ViaCrypt PGP 2.7, a
version of PGP that is completely legal for commercial use, and we've ported
it our flavor of Unix. ViaCrypt PGP 2.7 is fully compatible with PGP 2.6
and later, which is available for free for personal, non-commercial use.
To have automated encrypted Mosaic transactions, you must have access to
Unix, PGP 2.6 or later, and source code to X Mosaic 2.4. Unfortunately,
automatic encryption of Mosaic transactions is not yet
available for Macintosh or Windows computers.
If you can't use PGP-capable X Mosaic :
If you can't set-up a PGP-capable X Mosaic, select the
Non-PGP New Account Set-up Page
to transmit your billing information and select
the option to not send your unencrypted credit card. Then, you can use PGP encrypted
e-mail to securely transmit your credit card information to NetMarket.
Send your credit card information and your NetMarket username (which is
generated by the New Account Set-up Page) by email to
pgp@netmarket.com and we'll manually set-up a NetMarket account
for you.
Make sure to
add your public key
to
the NetMarket public keyring so that we can encrypt your NetMarket username
and password when we reply to you.
Information on obtaining PGP and X Mosaic software :
Steps to exchange PGP public keys with NetMarket :
- Get PGP-2.6.1 working to the point where you've generated your own
public/secret key pair. Put all your PGP files (such as pubring.pgp,
randseed.bin, and secring.pgp) in one directory (usually
.pgp
in your home directory).
- Add the NetMarket PGP public key into your PGP keyring. On the Unix command line, type
finger pgp@netmarket.com | pgp -fka
to get this public key or you can cut it from the bottom of this page.
- Give us your PGP public key. Select the
Public Key Submit Page
to transmit your public key to NetMarket.
Steps to setup a PGP-capable Mosaic client :
- Get the X Mosaic-2.4 sources, and compile it with the PEM_AUTH flag
enabled in Makefile.
- Copy two shell scripts,
pgp-enc and pgp-dec,
from the auth directory of the Mosaic-2.4 source, and put them
in your .pgp directory.
- Edit the
pgp-enc script. In particular,
edit the settings for PGPPASS, PGPPATH, and PGPUSER to match your local
information. If your PGPPASS pass phrase contains spaces, enclose
your pass phrase in quotes ("). Change the following line in the
script:
old:
exec $PGPBIN -fe $* -u $PGPUSER 2>/dev/null
new:
exec $PGPBIN -fea $* -u $PGPUSER -z "$PGPPASS" 2>/dev/null
and remove the following line from the script:
export PGPPASS
- Edit the
pgp-dec script. In particular,
edit the settings for PGPPASS, PGPPATH, and PGPUSER to match your local
information. If your PGPPASS pass phrase contains spaces, enclose
your pass phrase in quotes ("). Change the following line in the
script:
old:
exec $PGPBIN -f -u $PGPUSER 2>/dev/null
new:
exec $PGPBIN -f -u $PGPUSER -z "$PGPPASS" 2>/dev/null
and remove the following line from the script:
export PGPPASS
Technical note (you can skip this): We recommend using the -z
command line option rather than using the PGPPASS environment variable.
Neither is ideal since the passphrase resides in a text file. Normally,
however, the window of opportunity for someone seeing your passphrase
through the PGPPASS environment variable on BSD Unix systems is the
execution time of the PGP process, which can take several seconds. If you
use the -z option, that window of opportunity is reduced to
several milliseconds because the PGP program clears the argv[]
array immediately upon startup. In fact, the -z option was
designed into PGP specifically for this situation. Unfortunately, there is
no way around putting the passphrase in a textfile at this time unless
non-trivial changes are made to the standard X Mosaic distribution.
- Make the two shell scripts executible by typing:
chmod 700 pgp-enc pgp-dec
- Edit your
.Xresources file in your home directory and add
the following entries in them, but replace the pathname and the PGP email
address with your pathname and your own PGP email address.
Mosaic*pgpEncrypt: /path/to/your/home/directory/.pgp/pgp-enc
Mosaic*pgpDecrypt: /path/to/your/home/directory/.pgp/pgp-dec
Mosaic*pgpEntity: your@pgp.email.address
- Reload your X resources with
xrdb -load $HOME/.Xresources
- Restart Mosaic and make sure that under the
Options, HTTP/1.0 Encryption
menu, both None and PGP are selectable. Then make
sure that None is selected. If you select PGP,
weird things will happen. PGP encryption will automatically take place
on PGP encrypted pages without any need to select the PGP
menu item on Mosaic.
Once you have finished setting up Mosaic and PGP, you can test it out by
clicking on the following button. You can change the sample text, though
it's not necessary.
If you get any errors, you probably missed one of the steps outlined above.
If you have any problems with your setup, try getting help from your local
Unix guru, and if you're still having problems, send email to
pgp@netmarket.com for help.
NetMarket's PGP Public Key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7
mQCNAi5GN0IAAAEEAM0lcSWzCJ7J62WcUv8+XEhW+9zcX+QCuLLgDr1pg1tLEKIM
HoKTlRINvQRa9uHr3QVNQlJPuc1sGsgb+oqS42FXlNUDVvuDjFYM1xa4bNhjjb0G
3KCbjPSyYrrW7JzUisxzp/E8lBPhievaMssD1rq2Oy9iMfxJyQ8D4DydBhJ1AAUR
tClOZXRNYXJrZXQgUEdQIEFjY291bnQgPHBncEBuZXRtYXJrZXQuY29tPokAlQIF
EC5GfSgd20SjDnikXwEBR+sD/A7OkoVd839D2XDUDfuPFBrAhCqneC8v1G24e0QF
JebkCU9KenYfS8zQRU5zfTusFyg1yzoV1T10kxwhF3x5fRkrs94HlosKuvhhc3zI
B9BjHCPiMPV94Sggytn7q0E+4H++Qn90+AgxRa4gCu53cpJMwTSJKEyflZUz5hG3
bVPQ
=fTpM
-----END PGP PUBLIC KEY BLOCK-----
NetMarket's PGP Fingerprint
Type bits/keyID Date User ID
pub 1024/9D061275 1994/08/08 NetMarket PGP Account
Key fingerprint = 15 A3 8A 99 35 E7 DE BC EE A5 BA EA 43 E2 C6 26
netmarket.com
Copyright 1994 The NetMarket Company. All Rights Reserved.
Switch to :