--- pgp/doc/pgformat.doc	2018/04/24 16:41:31	1.1.1.3
+++ pgp/doc/pgformat.doc	2018/04/24 16:46:01	1.1.1.5
@@ -1,5 +1,11 @@
-File Formats Used by PGP 2.5 (1 Apr 94)
-========================================
+File Formats Used by PGP 2.x
+============================
+
+***Note: Packets generated with PGP 2.6.3i normally contain a version
+         byte of 3.  However, by using the +legal_kludge=off option, you
+         can force PGP to use a version byte of 2 instead.  This will
+         make all messages and keys generated with PGP 2.6.3i compatible
+         with any PGP 2.x version.
 
 This appendix describes the file formats used externally by Pretty
 Good Privacy (PGP), the RSA public key cryptography application.  The
@@ -111,7 +117,9 @@ RSA public-key-encrypted packet
 Offset  Length  Meaning
 0       1       CTB for RSA public-key-encrypted packet
 1       2       16-bit (or maybe 8-bit) length of packet
-3	1	Version byte (=2).  May affect rest of fields that follow.
+3	1	Version byte, may affect rest of fields that follow.
+                (=2) for PGP versions <= 2.5
+                (=3) for PGP versions >= 2.6
 4       8       64-bit Key ID
 12	1	Algorithm byte for RSA (=1 for RSA).  
 		--Algorithm byte affects field definitions that follow.
@@ -129,8 +137,9 @@ Signature packet
 Offset  Length  Meaning
 0       1       CTB for secret-key-encrypted (signed) packet
 1       2       16-bit (or maybe 8-bit) length of packet
-3	1	Version byte (=2).  May affect rest of fields that follow.
-
+3	1	Version byte, may affect rest of fields that follow.
+                (=2) for PGP versions <= 2.5
+                (=3) for PGP versions >= 2.6
 4	1	Length of following material that is implicitly included 
 		in MD calculation (=5).
 5	1	Signature classification field (see below). 
@@ -329,7 +338,7 @@ older format used by versions 2.2 and ea
 versions up to 2.4, but the RSAREF code in 2.5 is unable to cope
 with it.
 
-PGP versions 2.2 and earlier encode the MD into the MPI as follows:
+PGP versions 2.2 and earlier encode the DEK into the MPI as follows:
 
         MSB                     .   .   .                          LSB
 
@@ -339,7 +348,7 @@ CSUM refers to a 16-bit checksum appende
 RND is a string of NONZERO pseudorandom bytes, enough to make the length
 of this whole string equal to the number of bytes in the modulus.
 
-PGP versions 2.3 and later encode the MD into the MPI as follows:
+PGP versions 2.3 and later encode the DEK into the MPI as follows:
 
         MSB                     .   .   .                   LSB
 
@@ -466,7 +475,9 @@ Secret key certificate
 Offset  Length  Meaning
 0       1       CTB for secret key certificate
 1       2       16-bit (or maybe 8-bit) length of packet
-3	1	Version byte (=2).  May affect rest of fields that follow.
+3	1	Version byte, may affect rest of fields that follow.
+                (=2) for PGP versions <= 2.5
+                (=3) for PGP versions >= 2.6
 4       4       Timestamp
 8       2       Validity period, in number of DAYS (0 means forever)
 10	1	Algorithm byte for RSA (=1 for RSA).  
@@ -504,7 +515,9 @@ Public key certificate
 Offset  Length  Meaning
 0       1       CTB for public key certificate
 1       2       16-bit (or maybe 8-bit) length of packet
-3	1	Version byte (=2).  May affect rest of fields that follow.
+3	1	Version byte, may affect rest of fields that follow.
+                (=2) for PGP versions <= 2.5
+                (=3) for PGP versions >= 2.6
 4       4       Timestamp of key creation
 8       2       Validity period, in number of DAYS (0 means forever)
 10	1	Algorithm byte for RSA (=1 for RSA).