|Purpose of the Program|
|Requirements for Proper Use|
Files in the Program Package
|(User) Installation of the Package|
New Menu Entries
|The Extension's Functionality|
Signing and Verifying
Key and Certificate Management
Using the Configuration Editor
Pegasus Mail v4 issues
This extension for Pegasus Mail implements the most important cryptographic and key/certificate management functions of Pretty Good Privacy™ versions 6.5.x, 7.x, 8.x and 9.x through 10.3 in Pegasus Mail 3.xx - 4.xx / 32bit on Windows XP through Windows 10. It works best with Pegasus Mail v4.3 or later on Windows XP or later. PGP versions prior to 6.5.1 ARE NOT AND WILL NOT be supported anymore.
The above listed versions of Pegasus Mail and PGP have to be installed properly under Windows and configured according to the respective instructions: Basic understanding of PGP and Pegasus Mail is required!
IMPORTANT NOTE ON RELEASE CHANGES: Every major release change of the underlying systems (Windows, Pegasus Mail or PGP) may cause problems with the currently available version of this extension. As long as new versions aren't explicitly mentioned here there is no sufficient experience with using it with new versions of the above listed software (with regard to that I request you to any problems that are not covered in this documentation - especially with new versions of Windows).
The setup archive (ZIP-file) contains the executable setup and my detached PGP signature for verifying its integrity. The "Xx" in the following list substitutes the respective language code (e.g. "En" for the English version). The English version is always included in any setup package:
|PMPGPManualXx.htm:||Detailed instructions for using this Pegasus Mail extension|
|PMPGPHistoryXx.htm:||Version history of the extension|
|PMPGPNavigateXx.htm:||Index for comfortable use of the manual|
|PMPGPHelpXx.htm:||Frame loader for the above mentioned files|
|PMPGPHelper.exe:||Application providing some internal tools and utilities|
|PMPGPMain.dll:||Main library containing the PGP interface|
|PMPGPCryptor.dll:||Library containing the Pegasus Mail interface|
|PMPGPMain.fxx:||Main library interface data for Pegasus Mail|
|PMPGPCryptor.fxx:||Cryptographic interface data for Pegasus Mail|
|PGPErrorStringsXx.txt:||Text files containing PGP's error messages|
|PMPGPStringsXx.txt:||Files providing all other text resources|
|PMPGPXx.chm:||Help file for miscellaneous program dialogs|
|POPUPSXx.htm:||Help texts for the configuration dialog|
|AutoList.txt:||Sample file with address and key data for automated PGP processing|
|LicenceXx.txt:||Licence information for private and commercial use|
|bmp-files||Nine image files for buttons in Pegasus Mail's toolbar|
|gif/png-files:||Five illustrations for the manual|
The program uses a modified Delphi implementation (see Sébastien Sauvage's ISAAC page) of Bob Jenkins' random number generator ISAAC and modified versions of Primoz Gabrijelcic's Time Zone Routines v1.2 and Ralf Junker's Base64 module rjMime resp. DIMime version 1.5. The PGP interface is based on Steve Heller's former SPGP library source codes. The installer is Inno Setup by Jordan Russell.
The above listed files will be copied (by the setup program, an already existing configuration will not be changed) to a directory of your choice (though the path length including the file names must not exceed 127 characters) and a subdirectory called Resources. Besides, six entries will be added to a new program group folder (Pegasus Mail PGP Utilities) in your Start menu's Program Files folder:
The extension fff of the interface data files indicates the English version of the package. Other language specific versions are also available. Since version 18.104.22.168 it is possible to easily switch language versions provided the respective Pegasus Mail versions are installed: To do so you just have to install the proper additional resource files from the respective archives (as of version 5.0 the English version is automatically installed along with other languages); after doing so the appropriate language will automatically be selected when starting Pegasus Mail.
If you encounter any setup problems please take a look at Additional Information ... to setup or modify the extension manually.
You'll find the following modifications in Pegasus Mail after successful installation:
If the option A fixed toolbar under the menu is selected on Tools | Options | Toolbars and there's enough space available there will be six new buttons on the toolbar (cf. screen shot). To free space you might rename the bitmap files of some rarely used extensions (e.g. ...~bmp instead of ...bmp) which still will be accessible via their menu entries in Tools | Extensions. An extension consists of files like in this package: a dll-library, a bmp-bitmap, an fxx-config file and in some cases also a help file - usually of the same name. In the extension's configuration dialog you may dis- or enable these new buttons (except for the first one) according to your preferences as their functions also are accessible via menu entries (s. next section).
Pegasus Mail's main menu bar will contain a new entry (cf. screen shot) providing several new PGP related functions (some of them are disabled if no editor or reader window is on top). You can get detailed information about these functions via context help by pressing the [F1] key while highlighting one of its entries.
Besides the two buttons to the left of the PGPkeys/PGP Desktop button you'll find - if a mail folder is open - two new menu entries under Folder | Special called Find/verify digital signature and Key management.... After opening a mail message the same items show up under Reader | Special and in the window's context menu (press right mouse button in there). If a message is marked or opened the respective functions will be executed:
Key management (or the respective button) may import public keys or certificates contained in a message into your PGP keyring. Keys will be detected automatically in encrypted /signed messages if the extension's option Auto key check is enabled; you will not be prompted for importing certificates, though, as each S/MIME signed message usually contains the sender's certificates anyway.
Find/verify digital signature (or the respective button) is useful for retrieving details about a digital signature if you're working with the No signature info extension option enabled or a signature wasn't recognized automatically. For valid S/MIME signatures it will display the Windows certificate dialog where you can check the signing certificate's properties and chain validity in detail (only available with Pegasus Mail v4 on Windows 2000 Pro or XP and later).
To finish installation the program PMPGPHelper.exe will be launched from this directory using the command line parameter UserUpdate to copy the following files to Pegasus Mail's mailbox directory of the current user:
The directory's name will be retrieved from the following registry key:
If such a registry key cannot be found the installing user will be prompted for selecting Pegasus Mail's program directory for installing the extension for all users.
The paths to PMPGPMain.dll and PMPGPCryptor.dll will then be written to each fff-file's respective line:
Form DLL = "DRIVE:\Path\*.dll".
The fff-files may also be copied to the mailboxes of all other users registered in Users.cfg depending on the installer's confirmation and access rights. Users.cfg will be created in ..\Documents and Settings\All Users\Application Data\PMPGP\ if it doesn't already exist.
User-Setup and User-Uninstall will be created in the All Users section as well as they are required for executing steps 2 and 3 and the uninstallation for both configuring new Windows and Pegasus Mail users.
After installing the package and applying the basic configuration you may just start working without having to change any further options, but to take full advantage of the special automation features you have to set up a list of addresses and assigned keys. The leftmost of the new buttons provides a separate Edit AutoList menu which will assist you in doing so. To find out about the basic operations please read the following paragraphs.
Normal encryption: Check Encrypt... in the message editor and select Encrypt message in the dialog box shown left, then click OK: The Encryption method should already be selected, if not you may do so under Tools | Options | Encryption; idw's S/MIME Handler will only be available if you have a private key with a valid S/MIME certificate on your keyring. Selecting a method item beginning with "***" will result in creating just a single outgoing message for all recipients (and another one for any blind copy recipients) instead of a separate one for each single recipient: While this will save you bandwidth it may result in recipients not being able to read an encrypted message if you don't have or don't use the proper PGP key or certificate. Mixing encrypted and unencrypted messages won't work either and there's no way of using these methods in an automated way nor keeping such a selection "sticky".
When pushing the Send button the encryption process starts (watch Pegasus Mail's status bar at bottom left) and you will get asked to select a public key for any recipient address provided for the respective message and its attachments. If you check Add digital signature as well you will get prompted for entering your passphrase prior to selecting the keys (you don't need to provide it via Pegasus Mail's own encryption dialog).
If you don't want to get repeatedly asked whether to encode attachments or not (PGP/MIME and S/MIME include attachments by design), check Encrypt/Sign attachments on the Encoding page of the extension's configuration dialog (idw's PGP-Frontend | idw's PGP-Frontend | Configuration).
List encryption: If you've created key groups in PGP you may send multi-encrypted messages to mailing lists by selecting the desired group in the key selection dialog for the respective message. Automated encryption is not available in such cases. Unfortunately you cannot create key groups anymore with PGP 9 (at least up to version 9.6.1), but if you kept any groups created with PGP 8 you may still use them.
PGP/MIME encryption: This option is available for the first time in version 4.7.0, but it should only be used if you know about your recipient's email program being able to deal with it (e.g. Mutt for Linux or Eudora for Windows/Mac, more information). Some of PGP/MIME's advantages are that it automatically includes attachments and can easily deal with formatted and non-English messages.
As of version 4.9.6 you may also enable selected recipients via AutoList to always receive PGP/MIME-encoded messages provided your AutoList has been activated (see Automated encryption below).
S/MIME encryption (PGP 8.1 (English version) and later only): This option is available for the first time in version 5.0, but it should only be used if you know about your recipient's email program being able to deal with it. The respective encryptor option will only be enabled if your keyring contains a secret key with a valid S/MIME certificate. Encryption and signing are handled exactly the same way as with PGP/MIME (see above), only the email address used with the respective Pegasus Mail identity must be certified, i.e. signed by certificate issuers!
Easy encryption: After finishing typing your message you can simply click Encrypt > send or Encrypt + Sign > send in the menu idw's PGP-Frontend. This will check all necessary options automatically and push the Send button for you. These menu entries can also be presented via a separate menu by right clicking the respective toolbar button which you may as well configure to execute any of these single options by left clicking. If a recipient is listed on your AutoList the encoding method will be taken from the appropriate list entry (see the following paragraphs).
Automated encryption (thanks to Gary Siemund ...): You might already think: Why can't I have the encryption module automatically find the required public key? Well, you can, but you should prepare the AutoList for doing so (though most of the keys will probably be found without it): After enabling the Auto encryption feature at first you should add your keyring addresses to the list by clicking Add keyring addresses in the Edit AutoList menu. You will get a dialog where every single key (if not invalid, disabled, revoked or expired) will be listed: In there you may select the encryption/signing options you want to apply to the key's addresses and check the Add address to AutoList checkbox for the keys you'd like to add (all sub-addresses will be added as well). Next step - if you're working with address books in Pegasus Mail - would be to click any of the Add address books submenu entries in the same menu. This will present a list of the address book addresses you may select from and set options for (both email address and alias name will be added; while moving through the key ID list the selected key's most important properties will be shown).
Now you can start using the Auto encryption feature along with Auto key selection (you have to enable both of them): Whenever you press the Send button and any of the message recipients' addresses is listed and enabled, the processing will start automatically after confirming Pegasus Mail's encryption dialog and you won't have to do anything else except for addresses not yet listed or providing your signing passphrase (unless you enable the Store passphrase option as well). To avoid having to confirm the processing in Pegasus Mail's encryption dialog (except for addresses with the respective option set) check Full send automation in the menu idw's PGP-Frontend (this will also set the default encryption/signing options for adding addresses to the list): You will not be able to manually change the encryption method in Pegasus Mail's encryption dialog when using this feature. If you want to get a notification about successful encryption you may enable the option Encryption confirmation. To get a short description of which options to set for full automation take a look at the online help by clicking the question mark on the bottom bar of the configuration dialog. Please make sure to read the following Problems and Hints section!
Updating the AutoList: In case of an address missing on the list there are four more ways of adding addresses:
Duplicates will be detected and removed automatically, bare email addresses will not be added if they are already present within another entry. By clicking Update AutoList all addresses assigned to disabled, revoked, expired or deleted keys will be removed from the list, and Set address options enables you to edit the options of all listed addresses. To force the program to ignore options set on the list you may manually start encryption or signing; if using any of the menu entries or buttons PGP/MIME or S/MIME preferences of list entries will be honoured.
Automated decryption: Decryption of an encrypted message including possible attachments will usually be done automatically when opening or saving a message or its attachment provided Pegasus Mail is able to recognize the use of PGP properly: To be sure enough you should configure the Number of lines to scan for enclosures on Tools | Options | Advanced to at least 25 (recommended 100), which can also be done using the extension's configuration dialog by estimating the actual header length of received emails (the first 10 messages of a folder are checked). The passphrase can be stored for repeated decryption if Store passphrase is enabled in the configuration dialog. For security reasons it is wiped and encrypted again internally each time it has been used successfully; PGP's internal passphrase caching is used with PGP 8 and later.
Manual decryption: If the encryption cannot be recognized by Pegasus Mail you may use the Decrypt (unrecognized) message button or menu entry for decrypting a message to a separate window. To internally mark such messages as encrypted (thereby allowing Pegasus Mail to automatically recognize them afterwards) you may set the appropriate flag directly: Select the message in its folder, press [F12] and check Is encrypted. If an attachment cannot be recognized as encrypted just save it to file and decrypt it using PGP after attaching a .pgp extension - if it isn't already there. NB: Pegasus Mail v3 cannot decrypt messages correctly when saving them from a folder. You may save them unmodified (= undecrypted) after disabling the respective flag (select the message in its folder, press [F12], uncheck Is encrypted), though - but you have to reverse the flag afterwards to have the message text automatically decrypted when opening it again.
Folder decryption: By using the respective entry in the menu idw's PGP-Frontend you may also decrypt complete mail folders (especially useful for searching messages, as the internal find function cannot search encrypted messages). Such decrypted folder can be exported to a file and be encrypted again, if desired. Attachments that don't solely contain plain or encrypted text will be listed but not included.
Tip: You may create a special filter rule to automatically highlight PGP/MIME messages when opening the new mail folder: Select Rules applied when folder is opened... in Tools | Mail filtering rules | Edit new mail filtering rules, click Add rule, select Regular expression match from the first selection box, and enter Content-Type:*application/pgp-* (including the asterisks like shown here; Content-Type:*application/*pkcs7-* for S/MIME) in the edit box below. Then select In the message's headers only from the Appears: section, Highlight from the selection box below and the desired color from the dialog popping up afterwards. To finish adding this rule confirm by pressing OK and save your new entry by using the respective button.
For selecting the signing key the extension compares a message's current Pegasus Mail identity (i.e. its respective email address) with the addresses of all available signing keys: If it doesn't find a single exact match or the option Always use default key is enabled it uses the default signing key.
Automated verifying: Signatures will be detected automatically (provided the Number of lines to scan for enclosures is set like described above, for PGP/MIME and S/MIME see Hints) and indicated by adding a status bar icon or changing the reader icon to one of these shown left (if the message has been successfully decrypted a little key will be added; plus or minus with valid signatures indicates validity of the signing key or the certificate chain). After enabling the extension's option Remove signature data the verified text will be displayed without PGP's signature data and you can select whether or where you want to get the verification information shown. To view the original message, switch to Show all headers in the reader menu or Show raw message data in the reader's context menu (due to some inconsistencies in Pegasus Mail this causes a little mix up when changing the reader window between with/without attachments by clicking the Prev/Next buttons, but this can be corrected by resetting the menu entry).
Manual verifying: To manually check for signatures just click the appropriate button or menu entries after loading a message into a reader window: Find/verify digital signature in Reader | Special and the window's context menu (click right mouse button in there). For valid S/MIME signatures this will display the Windows certificate dialog where you can check the signing certificate's properties and chain validity in detail (only available since Windows 2000 Professional or XP). Unfortunately this doesn't work for messages with attachments unless they are PGP/MIME or S/MIME signed.
PGP keys in messages or attachments can automatically be detected as well (provided the Number of lines to scan for enclosures is set like described above): The option Auto key check has to be enabled to do so. Having this option disabled you may check for keys using the respective button or the Key management... item in the Reader | Special menu or the reader window's context menu (press right mouse button in there). After adding to your keyring you will automatically be asked whether to add the attached key addresses to your AutoList (if Auto encryption is enabled).
S/MIME certificates won't automatically be presented for import as every S/MIME signed message usually contains the signing key including the required certificates anyway. Importing certificates manually will work the same way as just described, though. If you're already using S/MIME certificates with your browser or other email applications you may export them from the respective certificate database to import them into your keyring: For importing keys and certificates from files (or the clipboard) via idw's PGP-Frontend | Add keys/certificates just hold down the [Ctrl] key while selecting the menu item. Import system certificates may import private certificates from IE's certificate store, if available.
The extension's configuration editor may be opened by selecting the Configuration entry in the submenu idw's PGP-Frontend. Context help will be provided for most options by pressing [F1] or the right mouse key.
Following the first installation you will be prompted automatically to check some basic settings that will be saved to a file called PMPGP.cfg. Especially you have to provide the appropriate PGP-related file paths. The program will try to extract these from the Windows Registry and PGP's own configuration.
THIS MANUAL DOES NOT SUBSTITUTE A PROPER KNOWLEDGE OF PGP'S AND PEGASUS MAIL'S MANUALS!