![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to readme.1st CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp|
Return to readme.1st CVS log | Up to [PGP] / pgp |
1.1.1.2 ! root 1: -----BEGIN PGP SIGNED MESSAGE----- 1.1 root 2: 3: 4: 1.1.1.2 ! root 5: Pretty Good Privacy version 2.6.3i - READ ME FIRST ! 6: . ! 7: Notes by Stale Schumacher ! 8: 1996/01/18 ! 9: ! 10: ! 11: You are looking at the README file for PGP release 2.6.3i. PGP, short for ! 12: Pretty Good Privacy, is a public key encryption package; with it, you can ! 13: secure messages you transmit against unauthorized reading and digitally sign ! 14: them so that people receiving them can be sure they come from you. ! 15: ! 16: ! 17: ABOUT THIS VERSION ! 18: ! 19: PGP 2.6.3i is not an official PGP version. It is based on the source code for ! 20: MIT PGP 2.6.2 (the latest official version of PGP) and has been modified for ! 21: international use. PGP 2.6.3i is probably illegal to use within the USA, but ! 22: is fine in almost every other country in the world. (However, it should be ! 23: possible to compile a version of PGP that is legal even inside the USA, see ! 24: below for details.) This file only explains what is special to version 2.6.3i. ! 25: For a more thorough installation and usage guide, refer to the file setup.doc ! 26: and the documentation for PGP 2.6.2, which is included unmodified in the doc/ ! 27: subdirectory that is created when you unpack the distribution archive. ! 28: ! 29: ! 30: BACKGROUND ! 31: ! 32: Until about two years ago, there were only two "real" PGP versions around: ! 33: PGP 2.3a which was the international freeware version, and 2.4 which was a ! 34: commercial version sold in USA only. However, this situation changed ! 35: dramatically in May 1994 when MIT released a special US freeware version of ! 36: PGP (2.5), in order to put an end to the legal problems surrounding PGP. ! 37: (PGP 2.3a was believed to be illegal in USA because of patent restrictions.) ! 38: The new version had a number of limitations to encourage Americans that were ! 39: using 2.3a to upgrade to the new version. However, these limitations resulted ! 40: in a well of new PGP versions, more or less professionally put together by ! 41: well-intending individuals who wanted a more flexible PGP than that offered ! 42: by MIT. Suddenly, we had ten different PGP versions, not two. ! 43: ! 44: Even though PGP 2.5 and later releases from MIT introduced many bug-fixes and ! 45: improvements over 2.3a, many non-US users of PGP have been reluctant to ! 46: upgrade to the new versions because they feel that the PGP developers have ! 47: abandoned the international PGP community by adding a number of restrictions ! 48: that are only necessary within the USA. That is why I decided to make PGP ! 49: 2.6.i (and later 2.6.2i and 2.6.3i): to put an end to all the PGP "hack ! 50: versions" that flourish, and by giving the non-US users of PGP a version that ! 51: is more "digestible" than those offered by MIT, and at the same time let them ! 52: benefit from all the improvements that the new versions have introduced over ! 53: PGP 2.3a. PGP 2.6.3i is a "real" 2.6 version, as it is based on the code tree ! 54: for PGP 2.6.2 and not 2.3a. This release fixes a number of bugs present in ! 55: PGP 2.6.2(i), and adds some new features (see below). ! 56: ! 57: ! 58: HOW WAS IT DONE? ! 59: ! 60: PGP 2.6.3i was put together by taking all the source files from PGP 2.6.2i ! 61: (which was again based on 2.6.2), modifying them to correct a number of ! 62: annoying bugs and add some new features, and updating the accompanying text ! 63: and documentation files. All changes in the source that are not applicable ! 64: within the USA are enclosed in #ifdef's, thus enabling you to compile a PGP ! 65: version that is legal to use within the USA. This is accomplished by adding ! 66: the -DUSA option when building the program, and by linking it with the RSAREF ! 67: library (rsaglue2) rather than MPILIB (rsaglue1). For a detailed list of all ! 68: the changes between 2.6.2i and 2.6.3i, see the file pgp263i.dif that is ! 69: included with the source code distribution. ! 70: ! 71: ! 72: DISTRIBUTION ! 73: ! 74: PGP 2.6.3i is distributed in the following files: ! 75: ! 76: pgp263i.zip This is the MS-DOS executable release, which includes the ! 77: executable, support files, and basic documentation. ! 78: ! 79: pgp263ix.zip This is a 32-bit MS-DOS compilation of PGP. If you have a ! 80: 386 processor or better, this version will give you a ! 81: slightly better performance than the ordinary (16-bit) ! 82: MS-DOS version. ! 83: ! 84: pgp263i-os2.zip This is the OS/2 executable with documentation and support ! 85: (pgp263i2.zip) files. ! 86: ! 87: pgp263is.zip This is the source code release, which includes all the ! 88: source code needed to compile PGP and examples of usage. ! 89: It also contains all the files in pgp263i.zip except the ! 90: pgp.exe binary. ! 91: ! 92: pgp263is.tar.gz This contains exactly the same files as pgp263is.zip, ! 93: except that they use Unix rather than MS-DOS line end ! 94: conventions. ! 95: ! 96: Binaries for other platforms (Amiga, Atari, Macintosh etc.) will probably ! 97: be available soon after the official release. ! 98: ! 99: ! 100: DIFFERENCES BETWEEN PGP 2.6.3i AND 2.6.2 ! 101: ! 102: PGP 2.6.3i differs from MIT PGP 2.6.2 in the following ways: ! 103: ! 104: (1) It identifies itself as version 2.6.3i ! 105: ! 106: This is to clearly distinguish it from other PGP versions. This is ! 107: important because users within the USA should not use PGP 2.6.3i, and ! 108: also because script files, shells and other PGP add-ons may need to ! 109: know exactly how your copy of PGP will behave under different ! 110: circumstances. If you compile your copy of PGP using the -DUSA option, ! 111: you will get a version called 2.6.3 instead. ! 112: ! 113: (2) It uses PRZ's MPILIB instead of RSAREF ! 114: ! 115: PGP 2.3a and earlier versions use a special library for all the RSA ! 116: encryption/decryption routines, called MPILIB, and written by Philip R. ! 117: Zimmermann (PRZ), the original author of PGP. However, starting with ! 118: version 2.5, all official releases of PGP have been using the RSAREF ! 119: library from RSADSI Inc, a US company that holds the patent on the RSA ! 120: algorithm in the USA. This change was made in order to make PGP legal ! 121: to use within the USA. ! 122: ! 123: Please observe that PGP 2.6.3i does NOT use RSAREF, but rather PRZ's ! 124: original MPILIB library, which is functionally identical to RSAREF and ! 125: slightly faster on most platforms. Because 2.6.3i uses MPILIB rather ! 126: than RSAREF, this PGP version is also able to verify key signatures made ! 127: with PGP 2.2 or earlier versions. This is not true for MIT PGP, because ! 128: the RSAREF library only understands the new PKCS signature format ! 129: introduced in PGP 2.3. ! 130: ! 131: The use of the MPILIB library is the main reason why PGP 2.6.3i is ! 132: probably illegal to use within the USA. If you are in the USA, you ! 133: should compile the source code using the -DUSA option and link it with ! 134: the RSAREF library rather than MPILIB. ! 135: ! 136: (3) It lets you disable the "legal kludge" ! 137: ! 138: PGP 2.6.2 contains a "feature" that will cause it to generate keys and ! 139: messages that are not readable by PGP 2.3a and earlier versions. This ! 140: is the "legal kludge", and was introduced to encourage users in the USA ! 141: to upgrade from PGP 2.3a. ! 142: ! 143: PGP 2.6.3i provides you with a way to disable the "legal kludge". This ! 144: means that messages and keys generated with PGP 2.6.3i can be used and ! 145: understood by all existing 2.x versions of PGP. To disable the legal ! 146: kludge, uncomment the following line in your config.txt file so that it ! 147: reads: ! 148: ! 149: legal_kludge = off ! 150: ! 151: This option may also be set on the command line: "pgp +le=off <command>". ! 152: If you compile PGP using the -DUSA option, the legal kludge cannot be ! 153: disabled. ! 154: ! 155: (4) It allows you to generate keys up to and including 2048 bits ! 156: ! 157: Because of a bug in PGP 2.6.2, this version would not let you generate ! 158: keys bigger than 2047 bits on some platforms. This problem has been ! 159: corrected in PGP 2.6.3i. ! 160: ! 161: (5) It contains a number of bug-fixes ! 162: ! 163: PGP 2.6.3i also fixes a number of other bugs found in PGP 2.6.2, most ! 164: notably the signature bug for keys over 2034 bits, as reported by ! 165: ViaCrypt. PGP 2.6.3i will also let you clearsign messages in 8-bit ! 166: character sets, such as Russian, Japanese, Korean etc. Many other ! 167: bugs have also been corrected, see pgp262i.dif and pgp263i.dif for ! 168: details. ! 169: ! 170: (6) It contains a number of new features ! 171: ! 172: Version 2.6.3i adds some new functionality to PGP, while maintaining ! 173: compatibility with older versions, e.g.: ! 174: ! 175: a) You may now specify additional user IDs from a separate file when ! 176: encrypting a message to multiple recipients. This is particularly ! 177: useful on MS-DOS systems, which impose an upper limit of 127 ! 178: characters on the command line. The command line syntax is: ! 179: ! 180: pgp -eat filename.txt user1 user2 [email protected] ! 181: ! 182: The file moreusers.txt is a normal text file with one key ID or user ! 183: ID on each line. ! 184: ! 185: b) Userids can be automatically signed with your secret key when ! 186: creating keys ('pgp -kg') or adding new userids ('pgp -ke'). This ! 187: is controlled through the new AutoSign option in the configuration ! 188: file. ! 189: ! 190: c) When extracting keys with the 'pgp -kxa' command, PGP 2.6.3i will ! 191: label the ASCII output with a text similar to that of the 'pgp -kv' ! 192: keyring listing. ! 193: ! 194: d) When clearsigning messages, PGP 2.6.3i will add a "Charset:" header ! 195: to the signature block, explaining which character set was used for ! 196: creating the signature. This will help the recipient of the message ! 197: to select correct character conversion when verifying the signature. ! 198: If he/she is using version 2.6.3i, PGP will automatically choose the ! 199: correct character set, thereby eliminating a lot of "Bad signature" ! 200: problems. ! 201: ! 202: (7) It can be compiled on many new platforms ! 203: ! 204: PGP 2.6.3i has been modified in order to let it compile "out of the box" ! 205: for such platforms as Amiga, Atari, VMS, IBM mainframes running MVS and ! 206: Windows NT/Windows 95. Furthermore, the Macintosh port of PGP is now ! 207: integrated into the main source distribution. PGP 2.6.3i will also ! 208: compile under MS-DOS using Borland C (MIT PGP 2.6.2 only supports ! 209: Microsoft C). ! 210: ! 211: (8) It includes updated documentation and language files ! 212: ! 213: The language files for MIT PGP 2.6.2 had not been updated for a long ! 214: time. This has been fixed in this version. PGP 2.6.3i comes with ! 215: a combined translation file for German, French and Spanish. Additional ! 216: language modules may be downloaded from: ! 217: ! 218: http://www.ifi.uio.no/pgp/modules.shtml ! 219: ftp://ftp.ifi.uio.no/pub/pgp/lang/ ! 220: ! 221: All the other text and documentation files for PGP 2.6.3i have also ! 222: been brought up to date, with the exception of PRZ's original PGP ! 223: Users's Guide from PGP 2.6.2, which is included unmodified in the ! 224: various distribution archives. ! 225: ! 226: (9) It includes additional PGP tools ! 227: ! 228: The PGP 2.6.3i source code distribution contains two new tools for use ! 229: with PGP, called Stealth and PGPSort. Take a look in the contrib/ ! 230: subdirectory for details. The binary distributions now contain pre- ! 231: compiled versions of PGPSort and MD5Sum. ! 232: ! 233: ! 234: DIFFERENCES BETWEEN PGP 2.6.3i and 2.6ui ! 235: ! 236: A PGP version that has been very popular among non-US users of PGP is 2.6ui. ! 237: If you have been using PGP 2.6ui up to now, you should note that PGP 2.6.3i ! 238: differs from this version in the following ways: ! 239: ! 240: (1) It is a "real" 2.6 version ! 241: ! 242: PGP 2.6.3i is based on the source code for PGP 2.6.2, whereas PGP 2.6ui ! 243: is based on the source code for 2.3a. This means that 2.6.3i contains a ! 244: lot of bug-fixes that are not present in 2.6ui, and it also adds a ! 245: number of new features that are lacking in 2.6ui. ! 246: ! 247: (2) It doesn't have the version_byte option ! 248: ! 249: PGP 2.6ui has an option to allow you to choose which message format to ! 250: use when generating keys and messages. This is the version_byte option, ! 251: and can be set both in the config.txt file and on the command line: ! 252: ! 253: version_byte = 2 (use backwards-compatible format, default) ! 254: version_byte = 3 (use new 2.6 format) ! 255: ! 256: In PGP 2.6.3i, the same is accomplished using the legal_kludge flag: ! 257: ! 258: legal_kludge = off (use backwards-compatible format) ! 259: legal_kludge = on (use new 2.6 format, default) ! 260: ! 261: (3) It doesn't have the armor_version option ! 262: ! 263: PGP 2.6ui has an option to let you "forge" the version number in the ! 264: ASCII armored files produced by PGP. In PGP 2.6.3i, the armor_version ! 265: option is NOT supported, as this is a feature that is heavily misused. ! 266: If you must change the version number of your keys and messages, you can ! 267: do so in the language.txt file instead. ! 268: ! 269: ! 270: LEGAL STUFF ! 271: ! 272: PGP 2.6.3i is not approved by MIT or PRZ or NSA or the Pope or anyone else. ! 273: However, it should be possible to use it legally by anyone in the free world ! 274: (i.e. all countries except USA, France, Iraq and a few others). There are three ! 275: reasons why people may claim (incorrectly) that PGP 2.6.3i is illegal: ! 276: ! 277: (1) It is based on source code that was illegally exported from the USA ! 278: ! 279: The ITAR regulations classifies cryptography in the same category as ! 280: munitions, and so it is very likely that exporting PGP from the USA ! 281: is considered illegal by US authorities. In the case of PGP 2.6.3i, ! 282: large portions of the code were written inside the USA, and later ! 283: exported to the rest of the world. However, this is not a problem, ! 284: because it is the _export_ that is illegal, not the _use_ of the ! 285: program. Once the software is (illegally) exported, anyone may use it ! 286: legally. (I didn't export it, and I strongly recommend that you won't ! 287: do it either.) As long as you make sure that you get your copy of PGP ! 288: 2.6.3i from somewhere outside the USA, then you should be on the safe ! 289: side. ! 290: ! 291: (2) It infringes the RSA patent ! 292: ! 293: This is not a problem either, because PGP 2.6.3i is not intended for use ! 294: in the USA (which just happens to be the only country in the world where ! 295: the RSA patent is valid, and still the validity of this patent is ! 296: somewhat dubious). If you are inside the USA, you should compile the ! 297: source using the -DUSA option and link it with the RSAREF library, ! 298: which will give you a version that identifies itself as PGP 2.6.3. ! 299: ! 300: (3) It violates the MIT license ! 301: ! 302: The second point in the MIT license for PGP 2.6.2 explicitly forbids ! 303: anyone to remove the so-called "legal kludge". Still, this is exactly ! 304: what PGP 2.6.3i does. However, it should be clear that this limitation ! 305: only refers to the RSAREF versions of PGP. PGP 2.6.3i, on the other ! 306: hand, does not use RSAREF, and so this point becomes irrelevant. If you ! 307: still feel uncomfortable about this, take a look at the file ! 308: przon26i.asc which is included in the distribution archive. This file ! 309: contains a statement by Phil Zimmermann on PGP 2.6.i, the predecessor ! 310: to PGP 2.6.3i. ! 311: ! 312: ! 313: COMMERCIAL USE ! 314: ! 315: PGP 2.6.3i may be freely used for non-commercial purposes only. If you want ! 316: to use PGP for commercial purposes, you need to buy a separate license for ! 317: the IDEA algorithm used in PGP. IDEA licenses can be purchased from Ascom ! 318: Systec AG in Switzerland. The fee is charged on a per-user basis as ! 319: follows: ! 320: ! 321: 1.. 10 users 120 SFr. per copy ! 322: 11.. 20 users 80 SFr. per copy ! 323: 21..100 users 60 SFr. per copy ! 324: ! 325: For more information, contact: ! 326: ! 327: Ascom Systec AG ! 328: IDEA Licensing ! 329: Gewerbepark ! 330: CH-5506 Maegenwil ! 331: Switzerland ! 332: ! 333: Phone : +41 62 889 59 54 ! 334: Fax : +41 62 889 59 54 ! 335: Email : [email protected] ! 336: ! 337: ! 338: COMMENTS AND BUG REPORTS ! 339: ! 340: PGP 2.6.3i was put together by Stale Schumacher <[email protected]> with ! 341: the help of many individuals around the world (see the file pgp263i.dif for ! 342: a list of names). All questions regarding PGP 2.6.3i should be addressed to ! 343: [email protected]. Please note that PRZ, MIT and the University of Oslo have ! 344: nothing to do with this release. Comments, bug reports and suggestions for ! 345: future releases are welcome. ! 346: ! 347: ! 348: I WANT TO KNOW MORE! ! 349: ! 350: If you want to find out more about PGP and encryption in general, there are a ! 351: number of resources available, both on paper and in electronic form. Here are ! 352: a few, to get you started: ! 353: ! 354: WWW: ! 355: ! 356: The International PGP Home Page ! 357: http://www.ifi.uio.no/pgp/ ! 358: Fran Litterio's PGP Page (from the Virtual Library) ! 359: http://world.std.com/~franl/pgp/pgp.html ! 360: The Official Bug List for MIT PGP 2.6.2 ! 361: http://www.mit.edu:8001/people/warlord/pgp-faq.html ! 362: ! 363: FTP: ! 364: ! 365: ftp://ftp.ifi.uio.no/pub/pgp/ ! 366: ftp://ftp.ox.ac.uk/pub/crypto/pgp/ ! 367: ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/ ! 368: ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/ ! 369: ! 370: DOCs: ! 371: ! 372: http://www.ifi.uio.no/pgp/doc.shtml ! 373: http://www.pegasus.esprit.ec.org/people/arne/pgp.html ! 374: ftp://ftp.ifi.uio.no/pub/pgp/doc/ ! 375: ftp://ftp.rhein.de/pub/peti/ ! 376: ! 377: FAQs: ! 378: ! 379: PGP 2.6.3i FAQ ! 380: http://www.ifi.uio.no/pgp/FAQ.shtml ! 381: PGP FAQs from alt.security.pgp ! 382: http://www.prairienet.org/~jalicqui/pgpfaq.txt ! 383: ftp://ftp.prairienet.org/pub/providers/pgp/pgpfaq.txt ! 384: Where to Get the Latest PGP Program FAQ ! 385: ftp://ftp.uu.net/usenet/news.answers/pgp-faq/where-is-PGP.Z ! 386: ! 387: Newsgroups: ! 388: ! 389: alt.anonymous discussion of anonymity and anon remailers ! 390: alt.anonymous.messages for anonymous encrypted message transfer ! 391: alt.privacy.clipper Clipper, Capstone, Skipjack, Key Escrow ! 392: alt.security general security discussions ! 393: alt.security.index index to alt.security ! 394: alt.security.pgp discussion of PGP ! 395: alt.security.ripem discussion of RIPEM ! 396: alt.security.keydist key distribution via Usenet ! 397: alt.society.civil-liberty general civil liberties, including privacy ! 398: comp.compression discussion of compression algorithms ! 399: comp.org.eff.news news reports from EFF ! 400: comp.org.eff.talk discussion of EFF related issues ! 401: comp.patents discussion of S/W patents, including RSA ! 402: comp.risks some mention of crypto and wiretapping ! 403: comp.society.privacy general privacy issues ! 404: comp.security.announce announcements of security holes ! 405: misc.legal.computing software patents, copyrights, computer laws ! 406: sci.crypt methods of data encryption/decryption ! 407: sci.math general math discussion ! 408: talk.politics.crypto general talk on crypto politics ! 409: ! 410: Books: ! 411: ! 412: The Official PGP User's Guide ! 413: by Philip R. Zimmermann ! 414: MIT Press 1995 ! 415: ISBN 0-262-74017-6 ! 416: 216 pp. $14.95 ! 417: ! 418: PGP: Pretty Good Privacy ! 419: by Simson Garfinkel ! 420: O'Reilly & Associates 1994 ! 421: ISBN 1-56592-098-8 ! 422: 430 pp. $24.95 ! 423: ! 424: Protect Your Privacy: The PGP User's Guide ! 425: by William Stallings ! 426: Prentice Hall PTR 1995 ! 427: ISBN 0-13-185596-4 ! 428: 302 pp. $19.95 ! 429: ! 430: Applied Cryptography: Protocols, Algorithms, and Source Code in C ! 431: 2nd Edition ! 432: by Bruce Schneier ! 433: John Wiley & Sons 1996 ! 434: ISBN 0-471-11709-9 ! 435: ! 436: E-Mail Security with PGP and PEM: How to Keep Your Electronic Mail Private ! 437: by Bruce Schneier ! 438: John Wiley & Sons 1995 ! 439: ISBN 0-471-05318-X ! 440: ! 441: ! 442: ! 443: -----BEGIN PGP SIGNATURE----- ! 444: Version: 2.6.3i ! 445: Charset: latin1 ! 446: ! 447: iQCVAgUBMP5+SbCfd7bM70R9AQEGvAP/TNiKcvWsaFD4Guno6FV2uBW+QWf2NZtp ! 448: wW7zcyx2850gqEPfrHeiDSP0mn22qMgjdh4UPq0t7Qd1JJlmiUbOe/x+xwzwvpaN ! 449: Ef71xdhQO6sUJtcAQSqrxBAQW7ADilAPICzZolxYaXZiENZcsFQm+5TYZ6J+MI2z ! 450: wdtvHhXqZA4= ! 451: =w1Pe ! 452: -----END PGP SIGNATURE-----
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.