![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to readme.vms CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp|
Return to readme.vms CVS log | Up to [PGP] / pgp |
PGP 2.1
PGP/VMS Version 2.1
-------------------
All rights to PGP are reserved by Phil Zimmermann. All contributed modules
are also subject to the copyrights of their individual authors, on the same
conditions. Certain algorithms used by PGP are subject to patent restrictions
and this software as a whole may be subject to export control in certain
countries. Read the PGP Guide for full copyright information and for details
about export control.
These notes are intended for those people using and working with PGP under
the VAX/VMS operating system. These are intended to supplement rather than
replace the PGP guide. You should read and understand the guide, particularly
the section about key management.
If you unzip under VMS using the public domain Zipper - you will probably have
a problem with file characteristics. If you have the PD FILE utility, you can
fix this by saying:
$ FILE/type=stream *.*
Otherwise you can fix using either TPU or CONVERT/FDL.
PGP/VMS was written using the VAX C compiler, which you must have to
compile it. If you wish to use another compiler, see the developers notes.
PGP is provided with an MMS description file. To build using this file, go
to the directory containing the uncompressed files and type the following:
$ MMS PGP.EXE
You may wish to delete the object files at this point, they are not needed
unless you are working on the code. To build a version under the VAX/VMS
debugger, define the DCL symbol PGP_DEBUG=1. The debugger version will be
built without any optimisation and will be *significantly* slower.
If you do not have MMS you may execute the DCL supplied command procedure
VMSBUILD.COM to compile and link PGP.
Once you have built PGP, it should be placed somewhere that is protected
against tampering. It is not impossible that someone may replace PGP.EXE
with a patched version designed to capture keys. You may wish to use the
CHECKSUM utility (CHECKSUM/IMAGE PGP.EXE) to control against modifications,
however CHECKSUM does not use very effective algorithms and may itself be
compromised.
You should then use PGP by defining it as an "external command" in your
LOGIN.COM, or alternative the system wide login command procedure, SYLOGIN.
This is done simply with the following line of DCL:
$ PGP:==$device:[directory]PGP
After executing this line (remember the dollar sign before the device name),
you should be able to display a help text by typing:
$ PGP
PGP will want to retain the keyrings and some other information. These are
stored in the device and directory pointed to by the logical name PGPPATH.
You should copy the files LANGUAGE.TXT and CONFIG.TXT to this directory.
Your secret keyring contains information that could be cryptographically
analysed - it must be protected against world access. However, your secret key
ring is encrypted so is protected against casual browsing. If anyone that you
can not trust has privileged access to your system, your plaintext files are
vulnerable and potentially, also your keyrings.
Note that keyrings should be directly transportable between VMS, MSDOS
and other PGP implementations. Text files may not be portable because of the
different text record representations across operating systems. If you wish
to send a text file to a system other than VAX/VMS, you are recommended to
use the 'canonical-form' switch '-t'.
If you wish to take binary files such as backup savesets between two systems
running VMS, you can use the special flag 'i' with the encrypt function to
preserve the file and record characteristics. When decrypting, PGP will read
the 'i' flag and the type of the system that created the file. If both systems
are VMS, the file will be correctly decrypted with the correct file
characteristics. Note that whilst -ei is working, -esi is not (this is a bug).
It is possible to sign a file encrypted with -ei on a seperate pass though.
Developers Notes
----------------
There are two key conditionals throughout the source for the VAX/VMS
implementation:
VAXC - Allows specific optimisations permitted by the VAX C compiler and
overcomes problems with the differences between VAX C and ANSII C.
VMS - This allows VMS specific file handling and some optimisations. It
should be noted that the primitives do not work with RISC/VMS until
someone has done some work on porting VAX.MAR.
There was also some preliminary work done on porting this to GNU C and indeed
an earlier (developers) version ran under GNU C. The code affected is usually
conditionalised with GCC. If someone wishes to complete this and (hopefully)
integrate the inline assembler stuff used for moves and zero-fills, this
would be very useful.
All optimizations were checked out using DEC's PCA, and this version appears
to be optimal under VAX C.
As for cleaning up, there are verious areas which could be improved:
1) PGP's own erase on delete could be replaced by the standard VMS
function so the file system does the work.
2) The random number generation uses a polling loop from the keyboard
which is neither nice nor necessary. A better approach would be to do
single character I/Os and fetch the system clock after each
character.
Contributing Authors
--------------------
This port was originally performed by Hugh Kennedy with assistance from
Mark Barsoum and others.
Support
-------
This software is provided in the public domain and without charge other than
for copying. For support issues concerning PGP and VAX/VMS, you are welcome
to contact me via Electronic Mail on Compuserve using ID 70042,710 and on the
Internet with [email protected]. This software is provided "as-is" and
any support given will be of an informal nature.
Hugh A.J. Kennedy, 17th November 1992
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.