Command Code Product FAQ

Looking for answers about Command Code products? Check out our list of frequently asked questions.

General PGP & SpyShield Questions

What's new in SpyShield 1.0?

SpyShield 1.0 adds support for MSN® Messenger 5.0 and GnuPG.

SpyShield 1.0 also includes support for some localized versions of MSN® Messenger. English, Spanish, and German are known to work. Languages that use the ISO-Latin-1 character set (for example, French and Portuguese) probably will work. Your mileage will vary with other languages.

Please note the following minor changes in functionality:

SpyShield will not start itself after the installation. Run SpyShield from either the Start Menu or the Quick Launch bar.
SpyShield no longer adds itself to the StartUp folder. You must run SpyShield after the messenger has been started.

What is PGP and how can I get it?

Pretty Good Privacy® (PGP®) is a powerful cryptographic tool that provides privacy and strong authentication for users. As the de facto standard for data protection with over six million users, PGP enables you to store data and exchange messages securely. You can learn more about PGP technology at www.pgp.com and http://web.mit.edu/network/pgp.html.

You can download PGP freeware without cost for personal, noncommercial use at http://web.mit.edu/network/pgp.html. The commercial version is available from Network Associates.

Which versions of PGP does SpyShield support?

SpyShield 1.0 supports PGP 6.5.8. SpyShield works with PGP 6.5.1; however, signing imported keys is known to fail due to a PGP bug. Compatibility with earlier versions has not been tested; if you have used SpyShield successfully with an earlier version, please inform us by email to spyshield@commandcode.com.

Does SpyShield support PGP 7.x freeware?

Many users have written us asking about support for PGP 7.x freeware. PGP began as a command-line program and included the PGP Command Line in all versions through PGP 6.5.8. In a surprise move, Network Associates, Inc. removed the command-line version of PGP from the PGP 7.x freeware distribution. SpyShield integrates with PGP using the PGP Command Line, so SpyShield currently does not support PGP 7.x freeware. As a solution to this problem, we included support for GnuPG in SpyShield 1.0. GnuPG is tiny compared to PGP and can coexist on the same machine.

You can work around this issue by using PGP 6.5.8 freeware, the last release to include the PGP Command Line. You can download this version from the MIT Distribution Center for PGP at http://web.mit.edu/network/pgp.html.

Does SpyShield support the CKT version of PGP?

Although SpyShield does not support the Cyber Knights Templar (CKT) version of PGP at this time, we have received reports that SpyShield works with build 6 of the CKT version of PGP. Please send us an email if you have success with this or other versions.

If you are interested in support for CKT, please email us a feature request. We make every effort to include popular feature requests in upcoming releases.

What is GnuPG and does SpyShield support it?

In SpyShield 1.0, we have added support for GnuPG. GNU Privacy Guard (GnuPG) is a free replacement for PGP. It is a full implementation of OpenPGP, the standard that extends PGP, and has been released as open-source software under the GNU General Public License (GNU GPL). For more information about GnuPG, check out http://www.gnupg.org/.

Does SpyShield support GnuPG under Cygwin?

SpyShield 1.0 does support GnuPG under Cygwin. For more information about Cygwin, check out http://www.cygwin.com/.

Is SpyShield free?

SpyShield 1.0 is free for noncommercial use. We reserve the right to change this policy in future releases. If you find this product useful, please spread the word to friends and colleagues. If you would like to make a contribution to help offset our costs of operation, please drop a check or money order in the mail to Command Code, PO Box 99707, Seattle, WA 98199. You also can make a donation using PayPal (see below). For commercial purchasing, contact sales@commandcode.com.

Will SpyShield be available for other instant messengers?

Command Code is focusing development efforts on MSN® Messenger and Windows® Messenger at this time. If you are interested in support for other instant messengers, please email us a feature request. We make every effort to include popular feature requests in upcoming releases.

I have a feature request. Can I send it in?

Your feature requests are welcome! Please email them to spyshield@commandcode.com.

SpyShield is awesome! What can I do to help the effort?

We're glad you asked! Spread the word to your friends, colleagues, other sites, news media, and anyone else interested in instant-messaging privacy. If you would like to make a contribution to help offset our costs of operation, please drop a check or money order in the mail to Command Code, PO Box 99707, Seattle, WA 98199. You also can make a donation using PayPal—just click the PayPal Donate button below!

If you have feature requests, bug reports, product ideas, or other comments, let us know by email to spyshield@commandcode.com. We appreciate your support!

SpyShield for MSN® Messenger and Windows® Messenger Questions

What is MSN® Messenger and how can I get it? What is Windows® Messenger?

MSN® Messenger is the Microsoft® software tool you can use to exchange instant messages with friends online. You can download it at http://messenger.msn.com/ for free.

Windows® Messenger is the Microsoft messaging tool included in Windows XP. Windows Messenger only works on the Windows XP operating system.

MSN® Messenger and Windows® Messenger both use .NET Messenger Service (previously called MSN® Messenger Service) and are interoperable.

Which versions of MSN® Messenger and Windows® Messenger does SpyShield support?

SpyShield supports MSN® Messenger 2.0 through 4.5 and Windows® Messenger 4.0 through 4.5.

If I'm running MSN® Messenger and my friend is running Windows® Messenger, will SpyShield still work?

Yes. Windows® Messenger and MSN® Messenger both rely on .NET Messenger Service and have been developed for interoperability.

MSN® Messenger Service encrypts my password. Why do I need SpyShield, too?

Although MSN® Messenger Service does provide password encryption, it does not encrypt the contents of your messages; MSN® Messenger Service sends your messages as plain text through the network. Anyone who shares a hub with you or anyone with access to an Internet router between you and MSN® Messenger Service can view your messages simply by packet sniffing.

With SpyShield, you can PGP-encrypt your instant messages to guarantee your privacy and the security of the information you send.

With which keys does SpyShield encrypt my messages?

SpyShield encrypts your messages with all keys you select from the Recipient Keys dialog box. SpyShield also encrypts with the sender key that you select so that messages you send can be displayed as plaintext on your screen. It is assumed that messages sent to you can be decrypted with this key.

How do I know my messages are being encrypted?

Encrypted messages are indicated by (secure line) in the message window.

Troubleshooting

How do I verify the downloaded file with the downloaded signature file?

First you need to import our key into your keyring. Our key is posted on our site at http://www.commandcode.com/about/publickeys.html. Generally, PGP creates a file association for .sig files. The best way to verify the signature is to save both ssinstall.exe and the corresponding digital signature in the same directory and double-click the .sig file. PGP will do the rest. If all goes well, you will not see anything like "bad signature". Unfortunately, you will probably see "invalid key". This does not necessarily indicate a problem. It simply means that our key has been found in your keyring, but it is not considered valid because it has not been signed by you or one of your trusted introducers. This behavior is related to PGP's web of trust. If you have the PGP command-line program (included by default in pre-7.0 versions of PGP), you can validate the signature by running "pgp ssinstall.exe.sig" in the same directory. This will give you more information than the pretty (but confusing) windows UI.

When I run ssinstall.exe, it seems to unzip a few files but it doesn't continue. What should I do?

Unzip the files to a temporary folder and run spyshield --install.

I restarted MSN® Messenger Service, and now the SpyShield button is gone. How do I reactivate it?

The SpyShield plug-in is only active when SpyShield.exe is running. The SpyShield installation creates a shortcut in your Startup folder to start SpyShield.exe when you first login. If you stop the MSN® Messenger Service, you should restart it by double-clicking the SpyShield desktop shortcut.

I keep getting "PGP decryption failure. Invalid passphrase?" What am I doing wrong?

More often than not, the sender is not encrypting the message to your public key.

Check that the message is actually encrypted to your public key:

Select cancel from the decryption failure message box. The encrypted message should be displayed in your messenger window.

Select the text of the message with your mouse so that it is highlighted.

Using the PGPtray application that comes with PGP, right click the system tray icon and select Current Window >>Decrypt & Verify. The PGPtray passphrase dialog should be displayed.

Make sure that the message was encrypted to your public key.

Have the sender validate your key:

To validate your key, the sender must sign your public key with her secret key. The PGP trust model also supports indirect validation in which someone who the sender trusts vouches for the integrity of your key, but this is a topic for a much longer conversation. The sender can sign your key by right clicking your key from within the PGPkeys application and selecting sign. The sender should only do this if she trusts that the key that she has is really your key. Depending on how paranoid you are, you should verify this directly by verifying the key fingerprint over a secure medium, e.g. in person or over the phone.

I keep getting "PGP signature failure. Invalid passphrase?"

Due to a known bug in PGP 6.5.1, SpyShield cannot sign an imported public key. Upgrade to a later version of PGP to correct this problem. As a workaround, you can sign the imported key using the PGPkeys tool.

When I enter my passphrase, I always get a "PGP validate passphrase failed" error. What gives?

It is possible that your sender key is not trusted. When PGP generates a new key pair, the key is trusted implicitly because you were the person who generated it. However, when you import a key pair from another source, you might have to set the trust manually. You can make this change using the command line with the pgp -ke command or using PGPkeys by right-clicking your key and selecting Key Properties (in the General tab of the dialog box that opens, check the Implicit Trust check box).

When I try to import a public key using SpyShield, the key doesn't import. What can I do?

Make sure that the PGPkeys application is closed when you use SpyShield to import a public key into your keyring. Otherwise, SpyShield cannot import it successfully.

The Show Emoticons option doesn't work when encryption is enabled. Why?

The short answer is that it just doesn't. The slightly longer answer is that the encrypted message is not the same size as the original message, which confuses the emoticon substitution.

URLs aren't hyperlinked when encryption is enabled. Why?

Same problem as above.

I'm using an international version of Windows. Could this be why I'm having problems?

Quite possibly. Several users have had problems when using non-ISO-Latin1 character sets. We at Command Code lack the resources to do exhaustive testing with international versions of Windows. Please send us an email and we'll try to help you to find a resolution.

In SpyShield 1.0, we have added support for some localized versions of MSN® Messenger. English, Spanish, and German are known to work. Languages that use the ISO-Latin-1 character set (for example, French and Portuguese) probably will work. Your mileage will vary with other languages.

I'm using MSN® Messenger 4.x with SpyShield 0.98 Beta, and my messages aren't encrypted when I press ENTER to send them. What can I do?

You can install SpyShield 1.0, which includes a fix for this problem. If you would like to continue using MSN® Messenger 4.x with SpyShield 0.98 Beta, you must click the Send button or press ALT-S to encrypt your messages. Encrypted messages are indicated by (secure line) in the message window.

I found a bug. What should I do?

We appreciate your feedback. Please send bug reports to spyshield@commandcode.com.