International standards organization

CISSP(Certified Information Systems Security Professional)

The CISSP was the first credential in the field of information security, accredited by the ANSI(American National Standards Institute) to ISO (International Standards Organization) Standard17024:2003

The CISSP curriculum covers subject matter in a variety of Information Security topics. The CISSP examination is based on what (ISC) terms the Common Body of Knowledge (or CBK).

According to (ISC), "the CISSP CBK is a taxonomy -- a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss debate and resolve matters pertaining to the profession with a common understanding."

The ten CBK domains are:

  1. Access Control
    • Categories and Controls
    • Control Threats and countermeasures
  2. Application Security
    • Software Based Controls
    • Software Development Lifecycle and Principles
  3. Business Continuity and Disaster Recovery Planning
    • Response and Recovery Plans
    • Restoration Activities
  4. Cryptography
    • Basic Concepts and Algorithms
    • Signatures and Certification
    • Cryptanalysis
  5. Information Security and Risk Management
    • Policies, Standards, Guidelines and Procedures
    • Risk Management Tools and Practices
    • Planning and Organization
  6. Legal, Regulations, Compliance and Investigations
    • Major Legal Systems
    • Common and Civil Law
    • Regulations, Laws and Information Security
  7. Operations Security
    • Media, Backups and Change Control Management
    • Controls Categories
  8. Physical (Environmental) Security
    • Layered Physical Defense and Entry Points
    • Site Location Principles
  9. Security Architecture and Design
    • Principles and Benefits
    • Trusted Systems and Computing Base
    • System and Enterprise Architecture
  10. Telecommunications and Network Security
  • Network Security Concepts and Risks
  • Business Goals and Network Security

CISSP candidates must meet the following requirements prior to taking the CISSP examination:

  • Have a minimum of five years of direct full-time security professional work experience in two or more of the ten domains of the (ISC)2 CISSP CBK, or four years of direct full-time security professional work experience in two or more of the ten domains of the CISSP CBK with a college degree. Alternatively there is a one-year waiver of the professional experience requirement for holding an additional credential on the (ISC)2-approved list.
  • Complete the Candidate Agreement, attesting to the truth of his or her assertions regarding professional experience and legally commit to adhere to the (ISC)2 Code of Ethics.
  • Successfully answer four questions regarding criminal history and related background.

Upon successfully passing the CISSP examination, you must submit a properly completed and executed endorsement form. The endorser attests that the candidate's assertions regarding professional experience are true to the best of their knowledge, and that the candidate is in good standing within the information security industry. You will then receive your certificate and ID card. You also become eligible to be listed in the CISSP Directory, can elect to participate in the Speakers' Bureau, serve on (ISC)2 committees and participate in its annual elections. You will also be entitled to the full member benefits package.

A percentage of the candidates who pass the CISSP examination and submit endorsements will be randomly selected for audit and are required to submit a resume for formal review and investigation.

Maintenance Requirements:

Recertification is required every three years, with ongoing requirements to maintain your credentials in good standing. This is primarily accomplished through earning 120 continuing professional education (CPE) credits every three years, with a minimum of 20 CPEs earned each year after certification. CISSPs must also pay an annual maintenance fee (AMF) of USD85 per year.


Getting PGP

The first thing you need to do is to go to the PGPi for the PGP distribution. What we are going to get afterwards is PGPFreeware 10.0.. When you get to the site, go to the download wizard.

  1. Select the OS that you use, for example, Windows 95/98/NT, and click on the link.
  2. Choose one of the latest versions of PGP from the list and click on the link.
  3. Check the License Agreement box and download your version.


Install PGP Desktop

The PGP Desktop installation file is located inside 2 zipped archive files. In order to install PGP Desktop, you must first extract its installer from the zipped archive files. Windows XP and 2003 have a built-in extraction utility for this purpose, but Windows 2000 does not. In Windows 2000, it might be necessary to install a 3rd-party program capable of extracting the contents of .zip archive files.

Extract the PGP Desktop Installer File

  1. Right-click on the downloaded PGP Desktop zipped file.
  2. From the context menu, select Extract All and follow the Extraction Wizard. Click Finish to show the extracted files.
  3. In the extracted folder, right-click the PGPDesktop1002_Windows_Inner zipped file and select Extract All and follow the Extraction Wizard. Click Finish to show the extracted files.
  4. When the file extraction is complete, the folder displays the installation file for PGP Desktop.
  5. To install the 32-bit edition of PGP Desktop, select PGPDesktopWin32-1002. For the 64-bit edition of PGP Desktop select PGPDesktopWin64-1002.

Install PGP Desktop

  1. Double-click the PGP Desktop installation file you extracted.
  2. Please read the license agreement, and then select the option to accept the license agreement.
  3. Click Next.
  4. After the installation is complete you will be prompted to restart your computer. Click Yes to restart your computer immediately. If you wish to restart the computer later, click No. Note that after PGP Desktop has been installed, you will not be able to use it until your computer has been restarted.

After successfully installing and rebooting the system, the PGP Setup Assistant runs automatically. The PGP Setup Assistant is designed to help you license and quickly configure several basic functions of PGP Desktop.

Note: If you have reinstalled PGP Desktop on a computer that already had PGP Desktop installed, it is normal for the PGP Setup Assistant not to appear after you restart your computer. This is because PGP Desktop is designed to automatically find and re-use your previous settings, license, and keyrings.

Enable User Account

Once the PGP Desktop Setup Assistant appears, you will be asked to enable PGP Desktop for the current user account. To do so, select Yes, and then click Next.

Note: If the PGP Setup Assistant did not appear, click Start > Programs > PGP > PGP Desktop to run the PGP Setup Assistant.


For this section you will need your PGP License Number. Locate the license number within your PGP order confirmation email. It will be listed in the attached .PDF file. If you do not own a license, select "Skip" and proceed withthe next section. Clicking "Skip" at this point will allow you to use all functionality of PGP Desktop for a trial period of 30 days (non-commercial use only)--after which most functionality will be disabled.

Enter Licensing Information

  1. Click Next on the initial License Assistant screen.
  2. Enter the Name and Organization. Multi-seat licenses require that the same name and organization be entered exactly the same on all systems.
  3. Enter the email address you would like to assign to the license. This should be an email which can be used to obtain licensing information at a future date, should the need arise.
  4. 4. Confirm the email address by entering it in again, and then click Next.
  5. Enter your 28-character License Number in the spaces provided.
  6. Tip: Copy and paste the license number to avoid any typographic errors. The number will paste completely when the cursor is placed in the first field.

    Then click Next.

  7. Once the license number has been successfully authorized, a window will be displayed showing the features enabled by your license number.

User Type

This section is offered to allow you to create new keyrings, or to assist you in selecting old keyrings if you are not a new user of PGP.

  1. If you are a new user of PGP, select the option ''I am a new user'' and select Next.
  2. If you already have keyrings from a previous install, select the option "I have used PGP before and I have existing keys". This means that you have existing public and private keyring files you wish to use. Click Next. You will then be given the opportunity to browse to the keyring files location for both the public and private keyrings as mentioned above.

Note: If you have the keyring files stored in a location other than %USERPROFILE%\My Documents\PGP (default PGP keyrings folder), you may select the option to Copy these keyrings to the default PGP folder. Check the box to copy these keyrings to the default folder.

Key Generation

If you are a new user, proceed with the steps detailed in this section. If you already have keyrings that you are using, skip this section.

New PGP keys are generated as follows:

  1. When the PGP Key Generation Assistant appears, click Next. If you would like to generate the key on a token, make certain the token is inserted, and check the box before clicking Next.
  2. Enter a Full Name. This will be the name you want to associate with your key.
  3. Enter a Primary Email address. Click More if you wish to enter additional email addresses that will be added to the key.
  4. Click Next.
  5. Assign a Passphrase to your key. This Passphrase should be strong enough that it can't be guessed, but not so difficult that you will not be able to remember the passphrase. Note the show keystrokes box to help you view the typing. Click Next.
  6. Click Next after the key is generated successfully.

Global Directory

After a key is generated, the Key Selection box should appear. This box will allow you to publish a key of your choosing to the PGP Global Directory. For additional information on the Global Directory, please refer to the Global Directory documents on this website. To publish a PGP key to the PGP Global Directory, follow these steps:

  1. Select the Key you wish to publish to the Global Directory from the list provided and click Next. You may publish additional keys at any time.
  2. Enter the passphrase for the key you are publishing and click Next. NOTE: If you do not receive an "Enter Passphrase" box, you will only need to proceed with the next step. This means your key was recently created and/or the passphrase is cached.
  3. After the key is successfully uploaded to the server, click Next.

The following instructions will detail the creation of new keys and smart card keys.

PGP Keys are essential to the use of PGP Desktop encryption, please backup your keys by either exporting the key(s) to a file and storing in a secure location, or by using the backup feature provide within PGP Desktop to do so (see the Backup option within PGP Options).

Enter a passphrase that is not easy to guess, but do not enter a passphrase easily forgotten. If the passphrase to a key is forgotten, any Email or file encrypted to the key will remain encrypted.

Create a Keypair

If you skipped the Keypair creation during installation, or if you would like to create a new keypair, proceed with these steps:

  1. Open PGP Desktop.
  2. Open the File menu and click New PGP Key.
  3. When the PGP Key Generation Assistant appears, read about generating PGP keys, and then click Next.
  4. Note: If you will be generating a PGP key on a token, the option to create on token will be displayed below. If the token is not connected, the option will not be active.

  5. Enter a full name and email address you would like associated with the key. If you would like to enter additional email addresses to be associated with this one key, click More, and then add the email addresses in the open spaces provided.
  6. (Optional) If you wish to select a specific key type/size/algorithm, you may do so through the Advanced option in the bottom left.
  7. When you have reviewed the information to make certain it is correct, click Next.
  8. Enter and confirm the passphrase. Click Next.
  9. Publish the Key to the PGP Global Directory by clicking Next, entering the passphrase of the Key (if it wasn't already cached), clicking the link you receive in the email sent from the Global Directory and importing and signing the Global Directory's verification key. For more information about the PGP Global Directory, click here Adding your Key to the PGP Global Directory.

Create/Import Key on Smart Card or Token

To be able to create/import PGP keys on a smart card or token, you need to be certain you have the correct cryptographic libraries/drivers (pkcs 11). Make certain the manufacturer of the smart card or token provides you with these libraries/drivers. Once you have installed the drivers and the smart card or token, follow these steps for creating or importing a key onto a smart card or token.

Note: If you have more than one type of smart card/token installed, open PGP Desktop, select the Tools>PGP Options menu. Select the Keys tab and change the "synchronize with smart cards and tokens" option to the specific name of the smart card or token you will be creating/importing the key on. A good indication that you have been successful is whether or not a new keyring (e.g. All Keys, My Private Keys) within PGP Desktop called "Smart Card Keys" is now displayed.

Create PGP Key on Smart Card or Token

  1. Connect the smart card or token.
  2. Open PGP Desktop.
  3. Open the File menu and click New PGP Key.
  4. When the PGP Key Generation Assistant appears, locate and select the checkbox at the bottom to Generate Key On the smart card or token listed. Click Next.
  5. Enter a full name and email address you would like associated with the key. If you would like to enter additional email addresses to be associated with this one key, click More, and then add the email addresses in the open spaces provided.
  6. (Optional) If you wish to select a specific key type/size/algorithm, you may do so through the Advanced option in the bottom left.
  7. Enter the passphrase (PIN) of the smart card.
  8. After the key is generated, you may publish it to the global directory. When this is complete the new key will be displayed in Smart Card Keys (keyring).

Send a PGP Key to a Smart Card or Token

  1. Connect the smart card or token.
  2. Open PGP Desktop.
  3. Locate the key you wish to send. Make certain the key type is RSA and the key size is no greater than 1024.
  4. Right click on the key, point to Add To, and click Smart Card Keys. This option will be grayed out if the key is not of the correct size and type as described above.
  5. Enter the passphrase of the private key.
  6. Enter the passphrase (PIN) of the smart card or token. This will be the passphrase you will be using for future decryption with the smart card key.
  7. (Optional) Remove the private key from PGP Desktop keyring.

Note: This is the most secure option. The reason for this being very secure is the data encrypted to the key stored on your smart card can be decrypted only when the smart card or token is connected.

When PGP Messaging is enabled, you will find that PGP will begin encrypting your email accounts by default. This will occur when you open your email application for the first time after installing PGP Desktop 9.x, and you send/receive email. If you are communicating with other PGP users through email, PGP Desktop can automatically encrypt and sign messages to PGP users depending on the policies that have been set within PGP Desktop under the Messaging section.

Note: PGP Desktop does configure default policies if you do not wish to create your own. These default encryption policies will be reviewed in Section 3 of this document. New encryption policies will be described in Section 4 of this document.

Enable PGP Messaging

PGP Messaging is enabled by default during installation. However, if you disabled PGP Messaging during installation, there are two ways to enable this feature. They are as follows:

  1. Locate the PGP Desktop icon (padlock) in the system tray. Click the PGP Desktop padlock and click Use PGP Email Proxy. The option will have a black check mark next to it when it is enabled.
  2. Open PGP Desktop through the Programs/All Programs menu and select the Tools menu. Click Use PGP Email Proxy. The option will have a black check mark next to it when it is enabled.

Assign a PGP Key to a PGP Messaging Service

PGP Messaging requires a PGP Key to secure the email account(s). To assign a key to a messaging service for the first time, do the following:

  1. When you open your email application for the first time after installing PGP Desktop, PGP will display the "Email Account Detected" window after sending/receiving mail.
  2. Select Yes, secure this email account, and then click Next.
  3. You may select one of many key sources. If you created a key pair during installation, then generally, the option you would select is PGP Desktop Key. You can also create a new key pair, or import a previously exported key pair.
  4. After choosing the source, click Next.
  5. Highlight the key to be used for this email account and click Next.
  6. Click Finish. You are now ready to encrypt mail through this email account and proceed with section 3.

Trust models

In relatively closed systems, such as within a small company, it is easy to trace a certification path back to the root CA. However, users must often communicate with people outside of their corporate environment, including some whom they have never met, such as vendors, customers, clients, associates, and so on. Establishing a line of trust to those who have not been explicitly trusted by your CA is difficult.

Companies followone or another trust model, which dictates how users will go about establishing certificate validity. There are three different models:

  • Direct Trust
  • Hierarchical Trust
  • A Web of Trust

Direct Trust

Direct trust is the simplest trust model. In this model, a user trusts that a key is valid because he or she knows where it came from. All cryptosystems use this form of trust in some way. For example, in web browsers, the root Certification Authority keys are directly trusted because they were shipped by the manufacturer. If there is any form of hierarchy, it extends from these directly trusted certificates.

Hierarchical Trust

In a hierarchical system, there are a number of "root" certificates from which trust extends. These certificates may certify certificates themselves, or they may certify certificates that certify still other certificates down some chain. Consider it as a big trust "tree." The "leaf" certificate's validity is verified by tracing backward from its certifier, to other certifiers, until a directly trusted root certificate is found.

Web of Trust

A web of trust encompasses both of the other models, but also adds the notion that trust is in the eye of the beholder (which is the real-world view) and the idea that more information is better. It is thus a cumulative trust model. A certificate might be trusted directly, or trusted in some chain going back to a directly trusted root certificate (the meta-introducer), or by some group of introducers.

Perhaps you've heard of the term six degrees of separation, which suggests that any person in the world can determine some link to any other person in the world using six or fewer other people as intermediaries. This is a web of introducers.

It is also the PGP view of trust. PGP uses digital signatures as its form of introduction. When any user signs another's key, he or she becomes an introducer of that key. As this process goes on, it establishes a web of trust.

In a PGP environment, any user can act as a certifying authority. Any PGP user can validate another PGP user's public key certificate. However, such a certificate is only valid to another user if the relying party recognizes the validator as a trusted introducer. (That is, you trust my opinion that others' keys are valid only if you consider me to be a trusted introducer. Otherwise, my opinion on other keys' validity is moot.)

Stored on each user's public keyring are indicators of

  • whether or not the user considers a particular key to be valid
  • the level of trust the user places on the key that the key's owner can serve as certifier of others' keys

You indicate, on your copy of my key, whether you think my judgement counts. It's really a reputation system: certain people are reputed to give good signatures, and people trust them to attest to other keys' validity.

Levels of trust in PGP

The highest level of trust in a key, implicit trust, is trust in your own key pair. PGP assumes that if you own the private key, you must trust the actions of its related public key. Any keys signed by your implicitly trusted key are valid.

There are three levels of trust you can assign to someone else's public key:

  • Complete trust
  • Marginal trust
  • Notrust (or Untrusted)
  • To make things confusing, there are also three levels of validity:

  • Valid
  • Marginally valid
  • Invalid

To define another's key as a trusted introducer, you

  1. Start with a valid key, one that is either
    • signed by you or
    • signed by another trusted introducer

    and then

  2. Set the level of trust you feel the key's owner is entitled.
  3. For example, suppose your key ring contains Alice's key. You have validated Alice's key and you indicate this by signing it. You know that Alice is a real stickler for validating others' keys. You therefore assign her key with Complete trust. This makes Alice a Certification Authority. If Alice signs another's key, it appears as Valid on your keyring.

    PGP requires one Completely trusted signature or two Marginally trusted signatures to establish a key as valid. PGP's method of considering two Marginals equal to one Complete is similar to a merchant asking for two forms of ID. You might consider Alice fairly trustworthy and also consider Bob fairly trustworthy. Either one alone runs the risk of accidentally signing a counterfeit key, so you might not place complete trust in either one. However, the odds that both individuals signed the same phony key are probably small.

    PGP Tutorial

    Step-by-Step PGP Guide

    (I assume that you are using a PC and Outlook Express as your mailer but the settings differ little from those of the other mailers.)

    Getting PGP

    The first thing you need to do is to go to the PGPi for the PGP distribution. What we are going to get afterwards is PGPFreeware 8.0.2. When you get to the site, go to the download wizard.

  4. Select the OS that you use, for example, Windows 95/98/NT, and click on the link.
  5. Choose one of the latest versions of PGP from the list and click on the link.
  6. Check the License Agreement box and download your version.

Installing PGP

Once you have downloaded PGP, go to the location where you have saved it and double click on its file. This will begin the installation process. After you have finished reading the License Agreement and the ReadMe, press the "Next" button . That will bring up the following screen.

There you should select "No, I'm a New User". If you are reading this tutorial then you probably haven't got any keys. That's ok, because in a few short steps you will. After you press "Next" there will appear the window asking where you would like to install PGP. The default directory is fine, however, if you would like to install it somewhere else, that is fine too. After you have selected the directory, press the "Next" button to bring up the following screen.

Here you will be asked to type in your name and organization name. After you have finished, press the "Later" button.

At this screen, you will decide what components of PGP you would like to install. Choose the plugin for your mailer (for example, Outlook, Outlook Express, Eudora, etc.). After you have finished selecting, pressing the "Next" button will begin the actual installation process. How fast it would go will dependend on your computer. However, it should not take more than a couple of minutes. When it is finished you'll be ready to proceed to the key generation.

Generating a Key

Now you are ready for generating an initial key. PGP will place this key on your keyring, PGP's name for a key database. I recommend you consider this a temporary key you will use to get familiar with PGP. There are two important things which you should remember when using this initial key: first, do not forget your passphrase. Second, do not upload this key to a key server. You will most likely want to generate another key, with a strong passphrase, when you have gotten used to PGP. After installation, PGP is accessible through the PGPtray icon in the system tray area.

This is the PGP Tray icon. It contains every tool you need to operate PGP on your system. You can right or left click once on this icon. When you do, you should see a menu that has the following options in it (starting from the top): Hide, About PGP, License, Help, Options, PGPkeys, PGPmail, Current Window, and Clipboard. The Current window and Clipboard options have submenus that can be reached by moving the mouse toward them. Simply click on the PGPtray icon and select the PGPkeys item from the pop-up menu.

You can generate a key by choosing the Keys-New Key from the PGPkeys menu or simply by clicking on the Key icon. This will launch the key generation wizard.

This is the PGP Key Generation Wizard, it will lead you through the process. Click "Next" or "Expert".

The text that you enter into the "Full Name" and "Email address" fields will be associated with your key and distinguish it as belonging to you. You do not actually need to use your own name there.

For Expert mode there are three more choices.

  1. Key type: Diffie-Hellman/DSS, RSA, or RSA Legacy. For this tutorial, please, choose RSA.
  2. Key size: The size of your key pair. The default is 2048. I would highly discourage using anything less than this. In my opinion, this is the best choice.
  3. Key expiration: The expiration date of your keys. The default "Never" is just fine.

Click "Next".

This is the most crucial phase of your key generation. This is the pass phrase section. Notice, I said pass PHRASE and not pass WORD. It is paramount that you choose a long phrase of upper and lower letters, numbers and characters. The weakness of PGP is the pass phrase. It is the easiest to compromise. So, choose a phrase that can withstand an attack. The "Passphrase Quality" indicator will help you. Also, it should be something that you can remember without having to write it down. After you have typed and retyped your pass phrase for confirmation, press the "Next" button. REMEMBER! If you forget the passphrase, you will NOT be able to use the key to decrypt anything.

After the actual keys generation procedure press "Finish". This will bring up the PGP Keys window. You should be able to see your key in the window. Success!

Using PGP

Distributing a Key

The simplest way to distribute your temporary key is to mail it to people with whom you wish to correspond. With most mail clients, you can simply drag the key from the PGPkey display into the body of a mail message, or select Edit-Copy in the PGPkey menu and Edit-Paste in the message menu.

You can also export the key to a text file and include that text file in a message. All of these procedures will include a mailable version of your PGP key. Obtaining Others' Keys

There are two general ways to obtain the PGP key of a correspondent. The first way is to ask the correspondent to mail you the key.

You can put a key into your keyrings by opening the mail message containing the key and selecting "Current Window-Decrypt and Verify" from the PGPtray menu. After you have put correspondent's key on your keyrings, you can verify their signatures and encrypt messages to them. They need to similarly install your keys in order to verify your signatures and encrypt messages to you.

The second way, if the correspondent has sent the key to a key server, is to obtain the key from the key server.

You can use PGPkey to search the network of PGP key servers. Start PGPkey by choosing PGPkey from the PGPtray icon, then choose Server-Search. Enter your correspondent's name or email address in the search contents field, and click the Search button. In either case, you should verify the key ownership before you use the key.

The recommended way to do this is to contact your correspondent in some way by which you can validate your correspondent's identity and ask your correspondent to verify the key fingerprint. The key fingerprint is displayed when you right click on the key and choose Key Properties. The fingerprint is a series of words (or, if you click the Hexadecimal check box, a series of hexadecimal digits) that encode a hash of the key. If your correspondent verifies the key fingerprint, you can know that the key belongs to the correspondent. Before you use a key, you must mark it as valid. You do this by signing the key.

You sign the key by selecting it in the PGPkeys display and choosing Key-Sign.

If you wish to attest the key ownership to others, make your signature exportable by selecting the "Allow your key to be exported" checkbox; otherwise, leave it clear.

Sending and Receiving Encrypted Emails

Outlook (and Outlook Express)

If you installed PGP with the Microsoft Outlook Express plug-in, PGP puts controls on the icon bars in the New Message window and in the window where received messages are displayed. These icons let you decrypt and verify messages, encrypt messages, digitally sign messages, encrypt and digitally sign messages, and start PGPkeys.

When you receive a message encoded with PGP, click on the "Decode and verify" PGP tool on the tool bar to decode the message and verify any attached signature. PGP will copy the encrypted message to the Windows clipboard, decode it, and display it in the secure message viewer. If you need to send a message encrypted with PGP, compose the message normally. And before sending it click on the Encrypt Message Before Sending and/or the Sign Message Before Sending buttons at the top right corner of the new message window.

PGP will encrypt the message to the addressees of the message, and replace the cleartext message body with the encrypted message body. Note: Outlook Express does not make the full message available to PGP. For this reason, PGP encryption will cause the text formatting (font and color settings, for example) to be lost. Also, attachments will be sent in clear. You can solve this problem in several ways. You can separately encrypt files to be attached, and attach the encrypted versions. You can compose a formatted message using Wordpad or Word, save the message as an RTF file, encrypt the RTF file using PGP, and send the encrypted file as your message.

Other Mailers

PGP can be used easily with other mailers, although not quite as easily as with the mailers for which there are plug-ins. If the mailer supports select all, copy, and paste operations (as almost all of them do), message encryption, signing, and decryption can be performed through the PGPtray program.

To sign and/or encrypt an outgoing mail message, first compose it as usual, then click on the PGPtray icon and then on Current Window-Encrypt, Current Window-Sign, or Current Window-Encrypt and Sign. PGP will process the message as desired and replace the cleartext message in the composition window with the encrypted message. You can then send the processed message in the usual way. Similarly, a received message can be decrypted by clicking on the PGPtray icon, then on Current Window-Decrypt and Verify. If the mailer does not support window operations, then PGP can still be used by manually moving data to and from the clipboard. After composing the message, select the entire message and copy the text to the clipboard.

You can do this using the Edit-Copy menu. Then, sign and/or encrypt the message with PGPtray by choosing Clipboard-Encrypt, Clipboard-Sign, or Clipboard-Encrypt and Sign. This processes the contents of the clipboard and puts the results back to the clipboard. Finally, replace the cleartext message by pasting the processed message over it. You can do this using the Edit-Paste menu. You can then send the processed message in the usual way. Similarly, encrypted messages you receive can be decrypted by copying the message to the clipboard, then using the Clipboard-Decrypt and Verify menu option of PGPtray.

Please be aware that the free essay that you were just reading was not written by us. This essay, and all of the others available to view on the website, were provided to us by students in exchange for services that we offer. This relationship helps our students to get an even better deal while also contributing to the biggest free essay resource in the UK!