PGP Command Line Version 10.

2 Release Notes
Thank you for using this Symantec Corporation product. These Release Notes contain important information regarding this release of PGP Command Line. Symantec Corporation strongly recommends you read this entire document. Symantec Corporation welcomes your comments and suggestions. You can use the information in Getting Assistance to contact us. Product: PGP Command Line Version: 10.2.0 Warning: Export of this software may be restricted by the U.S. government. Note: To view the most recent version of this document, go to the Products section on the Symantec Corporation Web site.

What's Included in This File

About PGP Command Line Changes in This Release System Requirements Licensing Additional Information Getting Assistance Copyright and Trademarks

About PGP Command Line

Thank you for using PGP Command Line, a software product from Symantec Corporation that provides a command-line interface to PGP functionality and automates the processes of encrypting/signing, decrypting/verifying, and file shredding.

Using PGP Command Line

PGP Command Line uses a command-line interface; you type commands at a command prompt using the following syntax: pgp command [option] <argument> For example, to get assistance with the commands available in PGP Command Line, use the --help command: pgp --help Refer to the PGP Command Line online help file, man page, or the PGP Command Line User's Guide for more information about using PGP Command Line.

Changes in This Release

This section lists the changes and new features in this release of PGP Command Line.

New Features in PGP Command Line 10.2

Certificate verification. PGP Command Line can now query a PGP Key Management Server (KMS) for the validity of a certificate. Multiple cached authentication credentials. When working with a PGP KMS, you can now cache multiple authentication credentials, instead of just one. Expanded Certificate Signing Request (CSR) capabilities. Additional extensions can now be included in CSRs created on the command line, and CSRs can now be submitted directly to a PGP KMS as well as saved to a file. New extensions are Subject Alternative Name, Key Usage, Extended Key Usage, and Basic Constraint. Support for PGP keys that use Elliptic Curve Cryptography (ECC). PGP Command Line supports sign/verify and encrypt/decrypt operations with keys that use ECC. Supported ECC algorithms include ECDSA and ECDH using the Suite B curves P-256, P-384 and P-521. For information on creating keys that use ECC, see your Symantec support representative. Decrypt command finds key. For SKM and SCKM MAKs, the --decrypt command can now find the MAK for an encrypted document and then use that MAK to decrypt the document. The --decrypt commands capabilities for other types of keys is unchanged. (This feature was added in 10.1 but not previously disclosed.) Export private keys as encrypted PKCS8. The --export-key-pair (--export) and --export-mak-pair commands can now export private keys in PKCS8 encrypted format. Use this format to export the private keys associated with X.509 certificates. This command searches the provided keys for X.509 certificates and then exports the private keys associated with those certificates.

System Requirements
The system requirements for PGP Command Line are the same as the system requirements for the host operating system. Note: In addition to the hard drive space required by the operating system, PGP Command Line requires additional space for both the data on which cryptographic operations (such as encryption, decryption, signing, and verifying) are applied and temporary files created in the process of performing those operations. For a given file being encrypted or decrypted, PGP Command Line can require several times the size of the original file in free hard drive space (depending on how much the file was compressed); enough space to hold the original file or files and the file resulting from the encryption or decryption operation. In cases where PGP Zip functionality is used on a file, PGP Command Line may also require several times the size of the original file or files in free hard drive space, enough to hold the original file, a temporary file created when handling the archive, and the file resulting from the encryption or decryption operation. Make sure you have adequate free hard drive space on your system before using PGP Command Line. For more information about the system requirements for specific platforms, refer to the PGP Command Line Users Guide.

Supported Platforms
You can install PGP Command Line on these platforms: Windows XP Professional 32-bit (including Service Pack 2 or 3), Windows XP Professional 64-bit (including Service Pack 2 or 3), Windows Vista 32-bit and 64-bit (including Service Pack 2), Windows 7 32-bit and 64-bit (including Service Pack 1), Windows Server 2003 32-bit and 64-bit (including Service Pack 1 or 2), Windows Server 2008 32-bit (including Service Pack 1 and 2), Windows Server 2008 R2 64-bit HP-UX 11i and above (PA-RISC 32-bit and Itanium2 32-bit) IBM AIX 5.3 (Technology Levels supported by IBM; as of July 2011, TL 11 and greater) and 6.1 (TL 4 and greater) PowerPC Red Hat Enterprise Linux 5.4 (x86 and x86_64), Red Hat Enterprise Linux 5.5 (x86 and x86_64), and Red Hat Enterprise Linux 6.0 (x86 and x86_64) SLES (SUSE Linux Enterprise Server) 10 SP2 (x86) Solaris 9 (SPARC, 32-bit), Solaris 10 (SPARC, 32-bit), Solaris 10 (x86), Solaris 10 (x86_64) Apple Mac OS X 10.5.x (x86) and Mac OS X 10.6.x (x86) Note: These platforms are no longer supported: Windows 2000, Red Hat Enterprise Linux 5.0, SLES (SUSE Linux Enterprise Server) 9, Sun Solaris 9 (x86 and x86_64), Fedora Core 6, AIX 5.2 and Mac OS X 10.4.

Licensing
PGP Command Line requires a valid license to operate. If you use PGP Command Line without entering a license or after your license has expired, only basic functionality will be available; you will only be able to list the keys on your keyring, view a fingerprint, and export keys. Note: As PGP Command Line does not operate normally until licensed, you should license it immediately after installation. Use --license-authorize to license PGP Command Line. The following options are required: --license-name <Name> Where <Name> is your name or a descriptive name. --license-organization <Org> Where <Org> is the name of your company. --license-number <Number> Where <Number> is a valid license number. For example: pgp --license-authorize --license-name "Alice Cameron" --license-organization "Example Corporation" --license-number "AAAAA-BBBBB-CCCCC-DDDDD-EEEEE-FFF" Note that the error message stating no email address was specified can be ignored. Including an email address is optional, not required, for license authorization. Refer to the PGP Command Line Users Guide for more information about licensing.

PGP Command Line for Windows and PGP Desktop on the Same System
PGP Command Line and PGP Desktop can be installed on the same system at the same time. To use PGP Command Line for Windows and PGP Desktop for Windows on the same 64-bit system, you must use the 64-bit version of PGP Desktop and the 32-bit version of PGP Command Line. This ensures compatible versions of the PGP SDK are used. The PGP SDK for the 64-bit version of PGP Command Line for Windows includes functionality that makes it incompatible with PGP Desktop for Windows.

Additional Information
This section includes important information about using PGP Command Line. Upgrading when multiple PGP client products are installed. If PGP Desktop and PGP Command Line are installed on the same system and those versions are earlier than 10.2, you must upgrade both products at the same time. If only one product is updated to version 10.2 or later, then the other product will not function correctly until it is also updated. [31379] Keys and subkeys assume the expiration dates of their certificates. Importing a certificate into a key or subkey causes the key or subkey to assume the expiration date of the certificate (within 1 week). If the certificate expires, then the key or subkey expires. To reset such an expired key or subkey, change the certificate expiration date. [26353] Unable to recreate MAK. Deleting a MAK and then importing a MAK for the same key results in the error USP-00000: SQL command execution error: ERROR: duplicate key violates unique constraint "subkey_pkey". [26433] MAKs lack the ADK subkey. PGP Universal Server supports policy settings that add an Additional Decryption Key (ADK) on an organizational or a group policy level. When consumers covered by such policies create MAKs, the new key

material in those MAKs omits the specified ADK. [29001] Excluded users can create MAKs and other objects. Consumers authenticated through PGP Command Line can create MAKs and other objects, even if they are members of the Excluded group. [26577] External factors may affect your ability to set validity durations for MEK series. For PGP Command Line installed on a Windows system that has a timezone with a UTC offset of +1 to +13, setting the validity-duration of a MEK Series object results in the error pgp:edit MEK series (3090:operation failed, unknown error. This behavior occurs with all Windows system that PGP Command Line supports, including Windows 7, Windows Server 2008, Windows Vista, and Windows XP. [27882] Unable to encrypt emails that have email addresses with leading or trailing white space. Keys that have email addresses with trailing or leading white space characters are unsearchable for email encryption. Email clients ignore leading and trailing white space characters, which causes PGP Desktop email and PGP Universal Gateway Email to search for keys with email address that omit leading or trailing white space characters. [31001] Managed access for cached passphrases within a user session. PGP Command Line now requires a longrunning application to retain cached passphrases. For PGP Desktop installations on Windows and Mac OSX, the longrunning application is PGP Tray. For Linux PGP Command Line or other installations without PGP Desktop, PGP Command Line itself can be used as the long-running application. Scripts can start PGP Command Line as a long-running application using the PGP --agent command. The application continues running until it is terminated with a sigint signal (for example control-C). [nbn]

Technical Support
Symantec Technical Support maintains support centers globally. Technical Supports primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantecs support offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and/or Web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services For information about Symantecs support offerings, you can visit our Web site at the following URL: www.symantec.com/business/support/ All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support information at the following URL: www.symantec.com/business/support/ Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: Product release level Hardware information Available memory, disk space, and NIC information Operating system Version and patch level

Network topology Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/business/support/

Customer service
Customer service information is available at the following URL: www.symantec.com/business/support/ Customer Service is available to assist with non-technical questions, such as the following types of issues: Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and support contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs or manuals

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows: Asia-Pacific and Japan Europe, Middle-East, Africa North America, Latin America customercare_apac@symantec.com semea@symantec.com supportsolutions@symantec.com

Copyright and Trademarks

Copyright (c) 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, PGP, Pretty Good Privacy, and the PGP logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.