--- pgp/doc/readme.vms 2018/04/24 16:40:33 1.1.1.2 +++ pgp/doc/readme.vms 2018/04/24 16:41:29 1.1.1.3 @@ -1,135 +1,153 @@ -PGP/VMS Version 2.3 -------------------- - -All rights to PGP are reserved by Phil Zimmermann. All contributed modules -are also subject to the copyrights of their individual authors, on the same -conditions. Certain algorithms used by PGP are subject to patent restrictions -and this software as a whole may be subject to export control in certain -countries. Read the PGP Guide for full copyright information and for details -about export control. - -These notes are intended for those people using and working with PGP under -the VAX/VMS operating system. These are intended to supplement rather than -replace the PGP guide. You should read and understand the guide, particularly -the section about key management. - -If you unzip under VMS using the public domain Zipper - you will probably have -a problem with file characteristics. If you have the PD FILE utility, you can -fix this by saying: - -$ FILE/type=stream *.* - -Otherwise you can fix using either TPU or CONVERT/FDL. - -PGP/VMS was written using the VAX C compiler, which you must have to -compile it. If you wish to use another compiler, see the developers notes. -PGP is provided with an MMS description file. To build using this file, go -to the directory containing the uncompressed files and type the following: - -$ MMS PGP.EXE - -You may wish to delete the object files at this point, they are not needed -unless you are working on the code. To build a version under the VAX/VMS -debugger, define the DCL symbol PGP_DEBUG=1. The debugger version will be -built without any optimisation and will be *significantly* slower. - -If you do not have MMS you may execute the DCL supplied command procedure -VMSBUILD.COM to compile and link PGP. - -Once you have built PGP, it should be placed somewhere that is protected -against tampering. It is not impossible that someone may replace PGP.EXE -with a patched version designed to capture keys. You may wish to use the -CHECKSUM utility (CHECKSUM/IMAGE PGP.EXE) to control against modifications, -however CHECKSUM does not use very effective algorithms and may itself be -compromised. - -You should then use PGP by defining it as an "external command" in your -LOGIN.COM, or alternative the system wide login command procedure, SYLOGIN. -This is done simply with the following line of DCL: - -$ PGP:==$device:[directory]PGP - -After executing this line (remember the dollar sign before the device name), -you should be able to display a help text by typing: - -$ PGP - -PGP will want to retain the keyrings and some other information. These are -stored in the device and directory pointed to by the logical name PGPPATH. -You should copy the files LANGUAGE.TXT and CONFIG.TXT to this directory. - -Your secret keyring contains information that could be cryptographically -analysed - it must be protected against world access. However, your secret key -ring is encrypted so is protected against casual browsing. If anyone that you -can not trust has privileged access to your system, your plaintext files are -vulnerable and potentially, also your keyrings. - -Note that keyrings should be directly transportable between VMS, MSDOS -and other PGP implementations. Text files may not be portable because of the -different text record representations across operating systems. If you wish -to send a text file to a system other than VAX/VMS, you are recommended to -use the 'canonical-form' switch '-t'. - -If you wish to take binary files such as backup savesets between two systems -running VMS, you can use the special flag 'i' with the encrypt function to -preserve the file and record characteristics. When decrypting, PGP will read -the 'i' flag and the type of the system that created the file. If both systems -are VMS, the file will be correctly decrypted with the correct file -characteristics. - -Special Notes For V2.2 And Following ------------------------------------- - -This version improves the keyboard handling. Specifically, it addresses -the CPU bound loop whilst reading terminal input and provides better prompt -and keyboard handling. - -Developers Notes ----------------- - -There are two key conditionals throughout the source for the VAX/VMS -implementation: - -VAXC - Allows specific optimisations permitted by the VAX C compiler and - overcomes problems with the differences between VAX C and ANSI C. - -VMS - This allows VMS specific file handling and some optimisations. It - should be noted that the primitives do not work with RISC/VMS until - someone has done some work on porting VAX.MAR. - -There was also some preliminary work done on porting this to GNU C and indeed -an earlier (developers) version ran under GNU C. The code affected is usually -conditionalised with GCC. If someone wishes to complete this and (hopefully) -integrate the inline assembler stuff used for moves and zero-fills, this -would be very useful. - -The MMS command procedure and VMSBUILD.COM build from sources in a directory -pointed to by the logical SRC and objects pointed to by OBJ. This makes life -a little easier as you can use a search list for the sources so you can keep -the distribution intect. - -All optimizations were checked out using DEC's PCA, and this version appears -to be optimal under VAX C. - -As for cleaning up, there are verious areas which could be improved: - -1) PGP's own erase on delete could be replaced by the standard VMS - function so the file system does the work. - -Contributing Authors --------------------- - -This port was originally performed by Hugh Kennedy with assistance from -Mark Barsoum and others. - -Support -------- - -This software is provided in the public domain and without charge other than -for copying. For support issues concerning PGP and VAX/VMS, you are welcome -to contact me via Electronic Mail on Compuserve using ID 70042,710 and on the -Internet with 70042.710@compuserve.com. This software is provided "as-is" and -any support given will be of an informal nature. - -Hugh A.J. Kennedy, 11th February 1992 -Minor editing for 2.3 release, Colin Plumb, 14 June 1993 +PGP/VMS Version 2.5 +------------------- + +THIS MAY OR MAY NOT WORK. + +The build files from PGP 2.3 are included, and vmsbuild.com +has been updated in the obvious way to include "rsaglue2.c", +"noise.c" and "randpool.c", but they are generally OBSOLETE. +In particular, PGP 2.5 needs to be linked with the RSAREF +2.0 library, and commands for building that are NOT included. + +Apologies, but there wasn't time. The instructions for 2.3 +follow, and hopefully you can use that as a guideline. + +If you can figure out how to compile it, it SHOULD work. One change is +that PGP can now look for support files in a system-wide directory. +The default (PGP_SYSTEM_DIR, defined in fileio.h) is PGP$LIBRARY:, but +you can change that if you like. + +--- PGP 2.3 instructions follow --- + +All rights to PGP are reserved by Phil Zimmermann. All contributed +modules are also subject to the copyrights of their individual authors, +on the same conditions. Certain algorithms used by PGP are subject to +patent restrictions and this software as a whole may be subject to +export control in certain countries. Read the PGP Guide for full +copyright information and for details about export control. + +These notes are intended for those people using and working with PGP under +the VAX/VMS operating system. These are intended to supplement rather than +replace the PGP guide. You should read and understand the guide, particularly +the section about key management. + +If you unzip under VMS using the public domain Zipper - you will probably have +a problem with file characteristics. If you have the PD FILE utility, you can +fix this by saying: + +$ FILE/type=stream *.* + +Otherwise you can fix using either TPU or CONVERT/FDL. + +PGP/VMS was written using the VAX C compiler, which you must have to +compile it. If you wish to use another compiler, see the developers notes. +PGP is provided with an MMS description file. To build using this file, go +to the directory containing the uncompressed files and type the following: + +$ MMS PGP.EXE + +You may wish to delete the object files at this point, they are not needed +unless you are working on the code. To build a version under the VAX/VMS +debugger, define the DCL symbol PGP_DEBUG=1. The debugger version will be +built without any optimisation and will be *significantly* slower. + +If you do not have MMS you may execute the DCL supplied command procedure +VMSBUILD.COM to compile and link PGP. + +Once you have built PGP, it should be placed somewhere that is protected +against tampering. It is not impossible that someone may replace PGP.EXE +with a patched version designed to capture keys. You may wish to use the +CHECKSUM utility (CHECKSUM/IMAGE PGP.EXE) to control against modifications, +however CHECKSUM does not use very effective algorithms and may itself be +compromised. + +You should then use PGP by defining it as an "external command" in your +LOGIN.COM, or alternative the system wide login command procedure, SYLOGIN. +This is done simply with the following line of DCL: + +$ PGP:==$device:[directory]PGP + +After executing this line (remember the dollar sign before the device name), +you should be able to display a help text by typing: + +$ PGP + +PGP will want to retain the keyrings and some other information. These are +stored in the device and directory pointed to by the logical name PGPPATH. +You should copy the files LANGUAGE.TXT and CONFIG.TXT to this directory. + +Your secret keyring contains information that could be cryptographically +analysed - it must be protected against world access. However, your secret key +ring is encrypted so is protected against casual browsing. If anyone that you +can not trust has privileged access to your system, your plaintext files are +vulnerable and potentially, also your keyrings. + +Note that keyrings should be directly transportable between VMS, MSDOS +and other PGP implementations. Text files may not be portable because of the +different text record representations across operating systems. If you wish +to send a text file to a system other than VAX/VMS, you are recommended to +use the 'canonical-form' switch '-t'. + +If you wish to take binary files such as backup savesets between two systems +running VMS, you can use the special flag 'i' with the encrypt function to +preserve the file and record characteristics. When decrypting, PGP will read +the 'i' flag and the type of the system that created the file. If both systems +are VMS, the file will be correctly decrypted with the correct file +characteristics. + +Special Notes For V2.2 And Following +------------------------------------ + +This version improves the keyboard handling. Specifically, it addresses +the CPU bound loop whilst reading terminal input and provides better prompt +and keyboard handling. + +Developers Notes +---------------- + +There are two key conditionals throughout the source for the VAX/VMS +implementation: + +VAXC - Allows specific optimisations permitted by the VAX C compiler and + overcomes problems with the differences between VAX C and ANSI C. + +VMS - This allows VMS specific file handling and some optimisations. It + should be noted that the primitives do not work with RISC/VMS until + someone has done some work on porting VAX.MAR. + +There was also some preliminary work done on porting this to GNU C and indeed +an earlier (developers) version ran under GNU C. The code affected is usually +conditionalised with GCC. If someone wishes to complete this and (hopefully) +integrate the inline assembler stuff used for moves and zero-fills, this +would be very useful. + +The MMS command procedure and VMSBUILD.COM build from sources in a directory +pointed to by the logical SRC and objects pointed to by OBJ. This makes life +a little easier as you can use a search list for the sources so you can keep +the distribution intect. + +All optimizations were checked out using DEC's PCA, and this version appears +to be optimal under VAX C. + +As for cleaning up, there are verious areas which could be improved: + +1) PGP's own erase on delete could be replaced by the standard VMS + function so the file system does the work. + +Contributing Authors +-------------------- + +This port was originally performed by Hugh Kennedy with assistance from +Mark Barsoum and others. + +Support +------- + +This software is provided in the public domain and without charge other than +for copying. For support issues concerning PGP and VAX/VMS, you are welcome +to contact me via Electronic Mail on Compuserve using ID 70042,710 and on the +Internet with 70042.710@compuserve.com. This software is provided "as-is" and +any support given will be of an informal nature. + +Hugh A.J. Kennedy, 11th February 1992 +Minor editing for 2.3 release, Colin Plumb, 14 June 1993