![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to newfor25.doc CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / doc|
Return to newfor25.doc CVS log | Up to [PGP] / pgp / doc |
1.1.1.2 ! root 1: Changes to PGP 2.5: ! 2: ! 3: ***** MOST IMPORTANT ***** ! 4: ! 5: This version of PGP uses RSAREF 2.0, so it's legal in the U.S.! The ! 6: RSAREF license forbids you to (among other things; see the license for ! 7: full details) "use the program to provide services to others for which ! 8: you are compensated in any manner", but that still covers a lot of ! 9: people. If you want to use it in a commercial or governmental ! 10: setting, talk to ViaCrypt (2014 West Peoria Avenue, Phoenix, Arizona ! 11: 85029, +1 602 944-0773). ! 12: ! 13: PGP 2.5 should always be distributed with a copy of the RSAREF 2.0 ! 14: license of March 16, 1994 from RSA Data Security, Inc., so that all ! 15: users will be aware of their obligations under the RSAREF license. ! 16: ! 17: Since the RSAREF license conflicts with the GNU General Public License that ! 18: PGP was formerly distributed under, the GPL had to go. PGP is still ! 19: freely distributable, though. (From a copyright point of view; export ! 20: controls or some other legal hassle may apply.) ! 21: ! 22: *** IMPORTANT CHANGE: ! 23: ! 24: RSAREF 2.0 can understand only the pkcs_compat=1 formats for signatures ! 25: and encrypted files. This has been the default since 2.3, so old files ! 26: should not be too much of a problem, but old key signatures will ! 27: encounter difficulties. This change will result in a hole being ripped ! 28: in the "web of trust" as many old signatures are invalidated. Please check ! 29: your key rings (pgp -kc) and re-issue any signatures that have been ! 30: invalidated. PGP by default offers to remove such signatures. Even if you ! 31: leave them in, they are not trusted. ! 32: ! 33: Another RSAREF limitation is that it cannot cope with keys longer than ! 34: 1024 bits. PGP now prints a reasonably polite error message in such a ! 35: case. ! 36: ! 37: OTHER CHANGES: ! 38: ! 39: The support files are thinner. The various contrib directory utilities ! 40: have not been updated since 2.3a, and since the PGP developers know how ! 41: annoying it is to have people using an ancient version and complaining ! 42: about a bug in a program that was fixed a year ago, they have been ! 43: omitted rather than annoy the contributors in this way. Also, the ! 44: language translation file, language.txt, is incomplete. The strings ! 45: that were in 2.3a are there, and some that could be updated without ! 46: much knowledge of the language, but others that are new to 2.5 are ! 47: untranslated. The format should be obvious and some tools for ! 48: manipulating the language traslations are included in the contrib ! 49: directory. ! 50: ! 51: Printed KeyIDs have been incresed to 32 bits, as there were enough keys ! 52: out there that 24-bit keyIDs were no longer sufficiently unique. The ! 53: previous 24-bit keyID is the LAST 6 digits of an 8-digit 32-bit keyID. ! 54: For example, what was printed as A966DD now appears as C7A966DD. ! 55: ! 56: The config-file options ! 57: pubring=<filename>, ! 58: secring=<filename>, and ! 59: randseed=<filename> ! 60: have been added. Hopefully, the uses will be obvious. With these, you can ! 61: keep keyrings anywhere you like. Of course, they can also be specified on ! 62: the command line with +pubring= (or abbreviated to +pub=). ! 63: ! 64: If the line ! 65: comment=<string> ! 66: appears in the config file, the line "Comment: <string>" appears in ! 67: ASCII armor output. Of course, you can also use this from the ! 68: command line, e.g. to include a filename in the ASCII armor, do ! 69: "pgp -eat +comment=filename filename recipient". ! 70: ! 71: PGP now enables clearsig by default. If you sign and ascii-armor a ! 72: text file, and do not encrypt it, it is clearsigned unless you ask ! 73: for this not to be done. ! 74: ! 75: The now enables textmode. Textmode detects non-text files and ! 76: automatically turns itself off, so it's quite safe to leave on all ! 77: the time. If you haven't got these defaults yourself, you might ! 78: want to enable them. ! 79: ! 80: All prompts and progress messages are now printed to stderr, to make them ! 81: easier to find and ensure they don't get confused with data on standard ! 82: output such as pgp -m output. ! 83: ! 84: PGP now wipes temp files (and files wiped with pgp -w) with pseudo-random ! 85: data in an attempt to force disk compressors to overwrite as much data as ! 86: possible. ! 87: ! 88: On Unix, if the directory /usr/local/lib/pgp exists, it is searched ! 89: fror help files, language translations, and the PGP documentation. On ! 90: VMS, the equivalent is PGP$LIBRARY:. (This is PGP_SYSTEM_DIR, defined ! 91: in fileio.h, if you need to change it for your site.) ! 92: ! 93: Also, it is searched for a default global config.txt. This file may ! 94: be overridden by a local config.txt, and it may not set pubring, ! 95: secring, randseed or myname (which should be strictly personal) ! 96: ! 97: The normal help files (pgp -h) are pgp.hlp or <language>.hlp, such as ! 98: fr.hlp. Now, there is a separate help file for pgp -k, called pgpkey.hlp, ! 99: or <language>key.hlp. No file is provided by default; PGP will use ! 100: its one-page internal help by default, but you can create such a file ! 101: at your site. ! 102: ! 103: On Unix systems, $PGPPATH defaults to $HOME/.pgp. ! 104: ! 105: PGP used to get confused if you had a keyring containing signatures from ! 106: you, but not your public key. (PGP can't use the signatures in this case. ! 107: Only signatures from keys in the keyring are counted.) ! 108: PGP still can't use the signatures, but prints better warning messages. ! 109: Also, adding a key on your secret key ring to your public keyring ! 110: now asks if the key should be considered ultimately-trusted. ! 111: Prviously, you had to run pgp -ke to force this check, which was ! 112: non-obvious. ! 113: ! 114: Due to a few people distributing PGP without the manual (including one ! 115: run of a few thousand CD-ROMs), and the resultant flood of phone calls ! 116: from confused users, PGP now looks to make sure a manual is somewhere in ! 117: the vicinity when running to discourage this sort of thing. (If you're ! 118: getting this warning and need details on how to get rid of it, try pgp -kg.) ! 119: ! 120: On Unix, PGP now figures out the resolution of the system clock at run ! 121: time for the purpose of computing the amount of entropy in keystroke ! 122: timings. This means that on many Unix machines, less typing should be ! 123: required to generate keys. (SunOS and Linux especially.) ! 124: ! 125: The small prime table used in generating keys has been enlarged, which ! 126: should speed up key generation somewhat. ! 127: ! 128: There was a bug in PGP 2.3a (and, in fact in 2.4 and dating back to 1.0!) ! 129: when generating primes 2 bits over a multiple of the unit size (16 bits ! 130: on PC's, 32 bits on most larger computers), if the processor doesn't deal ! 131: with expressions like "1<<32" by producing a result of 1. In practice, ! 132: that corresponds to a key size of 64*x+4 bits. ! 133: ! 134: Code changes: ! 135: ! 136: At the request of Windows programmers, the PSTR() macro used to translate ! 137: string has been renamed to LANG(). ! 138: ! 139: The random-number code has been *thoroughly* cleaned up. So has the ! 140: IDEA code and the MD5 code. The MD5 code was developed from scratch and ! 141: is available for public use. ! 142: ! 143: The Turbo C makefile was dropped in favour of a Borland C .prj file. ! 144: You can use makefile.msc as a guide if you need one for a command-line ! 145: Turbo C.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.