![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to newfor25.doc CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / doc|
Return to newfor25.doc CVS log | Up to [PGP] / pgp / doc |
1.1 root 1: Changes to PGP 2.5:
2:
3: ***** MOST IMPORTANT *****
4:
5: This version of PGP uses RSAREF 2.0, so it's legal in the U.S.! The
6: RSAREF license forbids you to (among other things; see the license for
7: full details) "use the program to provide services to others for which
8: you are compensated in any manner", but that still covers a lot of
9: people. If you want to use it in a commercial or governmental
10: setting, talk to ViaCrypt (2014 West Peoria Avenue, Phoenix, Arizona
11: 85029, +1 602 944-0773).
12:
13: PGP 2.5 should always be distributed with a copy of the RSAREF 2.0
14: license of March 16, 1994 from RSA Data Security, Inc., so that all
15: users will be aware of their obligations under the RSAREF license.
16:
17: Since the RSAREF license conflicts with the GNU General Public License that
18: PGP was formerly distributed under, the GPL had to go. PGP is still
19: freely distributable, though. (From a copyright point of view; export
20: controls or some other legal hassle may apply.)
21:
22: *** IMPORTANT CHANGE:
23:
24: RSAREF 2.0 can understand only the pkcs_compat=1 formats for signatures
25: and encrypted files. This has been the default since 2.3, so old files
26: should not be too much of a problem, but old key signatures will
27: encounter difficulties. This change will result in a hole being ripped
28: in the "web of trust" as many old signatures are invalidated. Please check
29: your key rings (pgp -kc) and re-issue any signatures that have been
30: invalidated. PGP by default offers to remove such signatures. Even if you
31: leave them in, they are not trusted.
32:
33: Another RSAREF limitation is that it cannot cope with keys longer than
34: 1024 bits. PGP now prints a reasonably polite error message in such a
35: case.
36:
37: OTHER CHANGES:
38:
39: The support files are thinner. The various contrib directory utilities
40: have not been updated since 2.3a, and since the PGP developers know how
41: annoying it is to have people using an ancient version and complaining
42: about a bug in a program that was fixed a year ago, they have been
43: omitted rather than annoy the contributors in this way. Also, the
44: language translation file, language.txt, is incomplete. The strings
45: that were in 2.3a are there, and some that could be updated without
46: much knowledge of the language, but others that are new to 2.5 are
47: untranslated. The format should be obvious and some tools for
48: manipulating the language traslations are included in the contrib
49: directory.
50:
51: Printed KeyIDs have been incresed to 32 bits, as there were enough keys
52: out there that 24-bit keyIDs were no longer sufficiently unique. The
53: previous 24-bit keyID is the LAST 6 digits of an 8-digit 32-bit keyID.
54: For example, what was printed as A966DD now appears as C7A966DD.
55:
56: The config-file options
57: pubring=<filename>,
58: secring=<filename>, and
59: randseed=<filename>
60: have been added. Hopefully, the uses will be obvious. With these, you can
61: keep keyrings anywhere you like. Of course, they can also be specified on
62: the command line with +pubring= (or abbreviated to +pub=).
63:
64: If the line
65: comment=<string>
66: appears in the config file, the line "Comment: <string>" appears in
67: ASCII armor output. Of course, you can also use this from the
68: command line, e.g. to include a filename in the ASCII armor, do
69: "pgp -eat +comment=filename filename recipient".
70:
71: PGP now enables clearsig by default. If you sign and ascii-armor a
72: text file, and do not encrypt it, it is clearsigned unless you ask
73: for this not to be done.
74:
75: The now enables textmode. Textmode detects non-text files and
76: automatically turns itself off, so it's quite safe to leave on all
77: the time. If you haven't got these defaults yourself, you might
78: want to enable them.
79:
80: All prompts and progress messages are now printed to stderr, to make them
81: easier to find and ensure they don't get confused with data on standard
82: output such as pgp -m output.
83:
84: PGP now wipes temp files (and files wiped with pgp -w) with pseudo-random
85: data in an attempt to force disk compressors to overwrite as much data as
86: possible.
87:
88: On Unix, if the directory /usr/local/lib/pgp exists, it is searched
89: fror help files, language translations, and the PGP documentation. On
90: VMS, the equivalent is PGP$LIBRARY:. (This is PGP_SYSTEM_DIR, defined
91: in fileio.h, if you need to change it for your site.)
92:
93: Also, it is searched for a default global config.txt. This file may
94: be overridden by a local config.txt, and it may not set pubring,
95: secring, randseed or myname (which should be strictly personal)
96:
97: The normal help files (pgp -h) are pgp.hlp or <language>.hlp, such as
98: fr.hlp. Now, there is a separate help file for pgp -k, called pgpkey.hlp,
99: or <language>key.hlp. No file is provided by default; PGP will use
100: its one-page internal help by default, but you can create such a file
101: at your site.
102:
103: On Unix systems, $PGPPATH defaults to $HOME/.pgp.
104:
105: PGP used to get confused if you had a keyring containing signatures from
106: you, but not your public key. (PGP can't use the signatures in this case.
107: Only signatures from keys in the keyring are counted.)
108: PGP still can't use the signatures, but prints better warning messages.
109: Also, adding a key on your secret key ring to your public keyring
110: now asks if the key should be considered ultimately-trusted.
111: Prviously, you had to run pgp -ke to force this check, which was
112: non-obvious.
113:
114: Due to a few people distributing PGP without the manual (including one
115: run of a few thousand CD-ROMs), and the resultant flood of phone calls
116: from confused users, PGP now looks to make sure a manual is somewhere in
117: the vicinity when running to discourage this sort of thing. (If you're
118: getting this warning and need details on how to get rid of it, try pgp -kg.)
119:
120: On Unix, PGP now figures out the resolution of the system clock at run
121: time for the purpose of computing the amount of entropy in keystroke
122: timings. This means that on many Unix machines, less typing should be
123: required to generate keys. (SunOS and Linux especially.)
124:
125: The small prime table used in generating keys has been enlarged, which
126: should speed up key generation somewhat.
127:
128: There was a bug in PGP 2.3a (and, in fact in 2.4 and dating back to 1.0!)
129: when generating primes 2 bits over a multiple of the unit size (16 bits
130: on PC's, 32 bits on most larger computers), if the processor doesn't deal
131: with expressions like "1<<32" by producing a result of 1. In practice,
132: that corresponds to a key size of 64*x+4 bits.
133:
134: Code changes:
135:
136: At the request of Windows programmers, the PSTR() macro used to translate
137: string has been renamed to LANG().
138:
139: The random-number code has been *thoroughly* cleaned up. So has the
140: IDEA code and the MD5 code. The MD5 code was developed from scratch and
141: is available for public use.
142:
143: The Turbo C makefile was dropped in favour of a Borland C .prj file.
144: You can use makefile.msc as a guide if you need one for a command-line
145: Turbo C.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.