![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to README CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [rsaref] / rsaref|
Return to README CVS log | Up to [rsaref] / rsaref |
1.1 root 1:
2: RSAREF(TM):
3: A Cryptographic Toolkit for Privacy-Enhanced Mail
4:
5: RSA Laboratories
6: (A division of RSA Data Security, Inc.)
7: January 5, 1993
8:
9:
10: This document copyright (C) 1992 RSA Laboratories, a division of RSA
11: Data Security, Inc. License is granted to reproduce, copy, post, or
12: distribute in any manner, provided this document is kept intact and
13: no modifications, deletions, or additions are made.
14:
15:
16: WHAT IS IT?
17:
18: RSAREF is a cryptographic toolkit designed to facilitate rapid
19: deployment of Internet Privacy-Enhanced Mail (PEM) implementations.
20: RSAREF represents the fruits of RSA Data Security's commitment to the
21: U.S. Department of Defense's Advanced Research Projects Agency
22: (DARPA) to provide free cryptographic source code in support of a PEM
23: standard. RSA Laboratories offers RSAREF in expectation of PEM's
24: forthcoming publication as an Internet standard.
25:
26: Part of RSA's commitment to DARPA was to authorize Trusted Information
27: Systems of Glenwood, MD, to distribute a full PEM implementation. That
28: implementation will be available this spring.
29:
30: RSAREF supports the following PEM-specified algorithms:
31:
32: o RSA encryption and key generation, as defined by RSA
33: Laboratories' Public-Key Cryptography Standards (PKCS)
34:
35: o MD2 and MD5 message digests
36:
37: o DES (Data Encryption Standard) in cipher-block chaining mode
38:
39: RSAREF is written in the C programming language as a library that can
40: be called from an application program. A simple PEM implementation
41: can be built directly on top of RSAREF, together with message parsing
42: and formatting routines and certificate-management routines. RSAREF
43: is distributed with a demonstration program that shows how one might
44: build such an implementation.
45:
46: The name "RSAREF" means "RSA reference." RSA Laboratories intends
47: RSAREF to serve as a portable, educational, reference implementation
48: of cryptography.
49:
50:
51: WHAT YOU CAN (AND CANNOT) DO WITH RSAREF
52:
53: The license at the end of this note gives legal terms and conditions.
54: Here's the layman's interpretation, for information only and with no
55: legal weight:
56:
57: 1. You can use RSAREF in personal, non-commercial applications,
58: as long as you follow the interface described in the RSAREF
59: documentation. You can't use RSAREF in any commercial
60: (moneymaking) manner of any type, nor can you use it to
61: provide services of any kind to any other party. For
62: information on commercial licenses of RSAREF-compatible
63: products, please contact RSA Data Security. (Special
64: arrangements are available for educational institutions and
65: non-profit organizations.)
66:
67: 2. You can give others RSAREF and programs that interface to
68: RSAREF, under the same terms and conditions as your RSAREF
69: license.
70:
71: 3. You can modify RSAREF as required to port it to other
72: operating systems and compilers, as long as you give a copy
73: of the results to RSA Laboratories. Other changes require
74: written consent.
75:
76: 4. You can't send RSAREF outside the United States or Canada, or
77: give it to anyone who is not a U.S. or Canadian citizen and
78: doesn't have a U.S. "green card." (These are U.S. State and
79: Commerce Department requirements, because RSA and DES are
80: export-controlled technologies.)
81:
82:
83: HOW TO GET IT
84:
85: To obtain RSAREF, read the license at the end of the note and return a
86: copy of the following paragraph by electronic mail to
87: <[email protected]>:
88:
89: I acknowledge that I have read the RSAREF Program License
90: Agreement and understand and agree to be bound by its terms and
91: conditions, including without limitation its restrictions on
92: foreign reshipment of the Program and information related to the
93: Program. The electronic mail address to which I am requesting
94: that the program be transmitted is located in the United States
95: of America or Canada and I am a United States citizen, a Canadian
96: citizen, or a permanent resident of the United States. The RSAREF
97: Program License Agreement is the complete and exclusive agreement
98: between RSA Laboratories and me relating to the Program, and
99: supersedes any proposal or prior agreement, oral or written, and
100: any other communications between RSA Laboratories and me relating
101: to the Program.
102:
103: RSAREF is distributed by electronic mail in UNIX(TM) "uuencoded" TAR
104: format. When you receive it, store the contents of the message in a
105: file, and run your operating system's "uudecode" and TAR programs.
106: For example, suppose you store the contents of your message in the
107: file 'contents'. You would run the commands:
108:
109: uudecode contents # produces rsaref.tar
110: tar -xvf rsaref.tar
111:
112: RSAREF includes about 60 files organized into the following
113: subdirectories:
114:
115: doc documentation on RSAREF and RDEMO
116: install makefiles for various operating systems
117: rdemo RDEMO demonstration program
118: source RSAREF source code and include files
119: test test scripts for RDEMO
120:
121: RSAREF is also available via anonymous FTP to 'rsa.com'. Along with
122: RSAREF you can get RIPEM, Mark Riordan's RSAREF-based privacy-enhanced
123: mail application, and an Emacs command interface to RIPEM. See the
124: file 'README' in the FTP directory 'rsaref' for more information.
125:
126:
127: USERS' GROUP
128:
129: RSA Laboratories maintains the electronic-mail users' group
130: <[email protected]> for discussion of RSAREF applications, bug
131: fixes, etc. To join the users' group, send electronic mail to
132: <[email protected]>.
133:
134:
135: REGISTRATION
136:
137: RSAREF users who register with RSA Laboratories are entitled to free
138: RSAREF upgrades and bug fixes as soon as they become available and a
139: 50% discount on selected RSA Data Security products. To register,
140: send your name, address, and telephone number to
141: <[email protected]>.
142:
143:
144: INNOVATION PRIZES
145:
146: RSA Laboratories will award cash prizes for the best applications
147: built on RSAREF. If you'd like to submit an application, want to be
148: on the review panel, or would like more details, please send
149: electronic mail to <[email protected]>. Applications are due
150: December 31, 1992, and awards will be announced March 31, 1993. First
151: prize is $5000, second prize is $2000, and there are five prizes of
152: $1000.
153:
154:
155: PUBLIC-KEY CERTIFICATION
156:
157: RSA Data Security offers public-key certification services conforming
158: to forthcoming PEM standards. For more information, please send
159: electronic mail to <[email protected]>.
160:
161:
162: PKCS: PUBLIC-KEY CRYPTOGRAPHY STANDARDS
163:
164: To obtain copies of RSA Laboratories' Public-Key Cryptography
165: Standards (PKCS), send electronic mail to <[email protected]>.
166:
167:
168: OTHER QUESTIONS
169:
170: If you have questions on RSAREF software, licenses, export
171: restrictions, or other RSA Laboratories offerings, send electronic
172: mail to <[email protected]>.
173:
174:
175: AUTHORS
176:
177: RSAREF was written by the staff of RSA Laboratories with assistance
178: from RSA Data Security's software engineers. The DES code is based on
179: an implementation that Justin Reyneri did at Stanford University. Jim
180: Hwang of Stanford wrote parts of the arithmetic code under contract
181: to RSA Laboratories.
182:
183:
184: ABOUT RSA LABORATORIES
185:
186: RSA Laboratories is the research and development division of RSA Data
187: Security, Inc., the company founded by the inventors of the RSA
188: public-key cryptosystem. RSA Laboratories reviews, designs and
189: implements secure and efficient cryptosystems of all kinds. Its
190: clients include government agencies, telecommunications companies,
191: computer manufacturers, software developers, cable TV broadcasters,
192: interactive video manufacturers, and satellite broadcast companies,
193: among others.
194:
195: RSA Laboratories draws upon the talents of the following people:
196:
197: Len Adleman, distinguished associate - Ph.D., University of
198: California, Berkeley; Henry Salvatori professor of computer
199: science at University of Southern California; co-inventor of
200: RSA public-key cryptosystem; co-founder of RSA Data Security, Inc.
201:
202: Taher Elgamal, senior associate - Ph.D., Stanford University;
203: director of engineering at RSA Data Security, Inc.; inventor of
204: Elgamal public-key cryptosystem based on discrete logarithms
205:
206: Martin Hellman, distinguished associate - Ph.D., Stanford University;
207: professor of electrical engineering at Stanford University;
208: co-inventor of public-key cryptography, exponential key exchange;
209: IEEE fellow; IEEE Centennial Medal recipient
210:
211: Burt Kaliski, chief scientist - Ph.D., MIT; former visiting assistant
212: professor at Rochester Institute of Technology; author of Public-Key
213: Cryptography Standards; general chair of CRYPTO '91
214:
215: Cetin Koc, associate - Ph.D., University of California, Santa
216: Barbara; assistant professor at University of Houston
217:
218: Ron Rivest, distinguished associate - Ph.D., Stanford University;
219: professor of computer science, MIT; co-inventor of RSA public-key
220: cryptosystem; co-founder of RSA Data Security, Inc.; member of
221: National Academy of Engineering; director of International
222: Association for Cryptologic Research; program co-chair of ASIACRYPT
223: '91
224:
225: RSA Laboratories seeks the talents of other people as well. If you're
226: interested, please write or call.
227:
228: ADDRESSES
229:
230: RSA Laboratories RSA Data Security, Inc.
231: 100 Marine Parkway 100 Marine Parkway
232: Redwood City, CA 94065 Redwood City, CA 94065
233:
234: (415) 595-7703 (415) 595-8782
235: (415) 595-4126 (fax) (415) 595-1873 (fax)
236:
237: PKCS, RSAREF and RSA Laboratories are trademarks of RSA Data
238: Security, Inc. All other company names and trademarks are not.
239:
240: ----------------------------------------------------------------------
241: RSA LABORATORIES
242: PROGRAM LICENSE AGREEMENT
243:
244:
245: RSA LABORATORIES, A DIVISION OF RSA DATA SECURITY, INC. ("RSA")
246: GRANTS YOU A LICENSE AS FOLLOWS TO THE "RSAREF" PROGRAM:
247:
248: 1. LICENSE. RSA grants you a non-exclusive, non-transferable,
249: perpetual (subject to the conditions of section 8) license
250: for the "RSAREF" program (the "Program") and its associated
251: documentation, subject to all of the following terms and
252: conditions:
253:
254: a. to use the Program on any computer in your possession;
255:
256: b. to make copies of the Program for back-up purposes;
257:
258: c. to modify the Program in any manner for porting or
259: performance improvement purposes (subject to Section 2)
260: or to incorporate the Program into other computer programs
261: for your own personal or internal use, provided that you
262: provide RSA with a copy of any such modification or
263: Application Program by electronic mail, and grant RSA
264: a perpetual, royalty-free license to use and distribute
265: such modifications and Application Programs on the terms
266: set forth in this Agreement.
267:
268: d. to copy and distribute the Program and Application Programs
269: in accordance with the limitations set forth in Section 2.
270:
271: "Application Programs" are programs which incorporate all or any
272: portion of the Program in any form. The restrictions imposed on
273: Application Programs in this Agreement shall not apply to any software
274: which, through the mere aggregation on distribution media, is
275: co-located or stored with the Program.
276:
277: 2. LIMITATIONS ON LICENSE.
278:
279: a. RSA owns the Program and its associated documentation and
280: all copyrights therein. You may only use, copy, modify and
281: distribute the Program as expressly provided for in this
282: Agreement. You must reproduce and include this Agreement,
283: RSA's copyright notices and disclaimer of warranty on any
284: copy and its associated documentation.
285:
286: b. The Program and all Application Programs are to be used only
287: for non-commercial purposes. However, media costs associated
288: with the distribution of the Program or Application Programs
289: may be recovered.
290:
291: c. The Program, if modified, must carry prominent notices
292: stating that changes have been made, and the dates of any
293: such changes.
294:
295: d. Prior permission from RSA is required for
296: any modifications that access the Program through ways
297: other than the published Program interface or for
298: modifications to the Program interface. RSA will grant
299: all reasonable requests for permission to make such
300: modifications.
301:
302: 3. NO RSA OBLIGATION. You are solely responsible for all of your
303: costs and expenses incurred in connection with the distribution
304: of the Program or any Application Program hereunder, and RSA
305: shall have no liability, obligation or responsibility therefor.
306: RSA shall have no obligation to provide maintenance, support,
307: upgrades or new releases to you or to any distributee of the
308: Program or any Application Program.
309:
310: 4. NO WARRANTY OF PERFORMANCE. THE PROGRAM AND ITS ASSOCIATED
311: DOCUMENTATION ARE LICENSED "AS IS" WITHOUT WARRANTY AS TO THEIR
312: PERFORMANCE, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR
313: PURPOSE. THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF
314: THE PROGRAM IS ASSUMED BY YOU AND YOUR DISTRIBUTEES. SHOULD THE
315: PROGRAM PROVE DEFECTIVE, YOU AND YOUR DISTRIBUTEES (AND NOT RSA)
316: ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR
317: CORRECTION.
318:
319: 5. LIMITATION OF LIABILITY. EXCEPT AS EXPRESSLY PROVIDED FOR IN
320: SECTION 6 HEREINUNDER, NEITHER RSA NOR ANY OTHER PERSON WHO HAS
321: BEEN INVOLVED IN THE CREATION, PRODUCTION, OR DELIVERY OF THE
322: PROGRAM SHALL BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR ANY
323: DIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF RSA HAS BEEN
324: ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
325:
326: 6. PATENT INFRINGEMENT OBLIGATION. Subject to the limitations set
327: forth below, RSA, at its own expense, shall: (i) defend, or at
328: its option settle, any claim, suit or proceeding against you on
329: the basis of infringement of any United States patent in the
330: field of cryptography by the unmodified Program; and (ii) pay
331: any final judgment or settlement entered against you on such
332: issue in any such suit or proceeding defended by RSA. The
333: obligations of RSA under this Section 6 are subject to:
334: (i) RSA's having sole control of the defense of any such claim,
335: suit or proceeding; (ii) your notifying RSA promptly in writing
336: of each such claim, suit or proceeding and giving RSA authority
337: to proceed as stated in this Section 6; and (iii) your giving
338: RSA all information known to you relating to such claim,
339: suit or proceeding and cooperating with RSA to defend any such
340: claim, suit or proceeding. RSA shall have no obligation under
341: this Section 6 with respect to any claim to the extent it is
342: based upon (A) use of the Program as modified by any person
343: other than RSA or use of any Application Program, where use
344: of the unmodified Program would not constitute an infringement,
345: or (B) use of the Program in a manner other than that permitted
346: by this Agreement. THIS SECTION 6 SETS FORTH RSA'S ENTIRE
347: OBLIGATION AND YOUR EXCLUSIVE REMEDIES CONCERNING CLAIMS FOR
348: PROPRIETARY RIGHTS INFRINGEMENT.
349:
350: NOTE: Portions of the Program practice methods described in and
351: subject to U.S. Patents Nos. 4,200,770, 4,218,582 and 4,405,829,
352: and all foreign counterparts and equivalents, issued to Leland
353: Stanford Jr. University and to Massachusetts Institute of
354: Technology. Such patents are licensed to RSA by Public Key
355: Partners of Sunnyvale, California, the holder of exclusive
356: licensing rights. This Agreement does not grant or convey any
357: interest whatsoever in such patents.
358:
359: 7. RSAREF is a non-commercial publication of cryptographic
360: techniques. Portions of RSAREF have been published in the
361: International Security Handbook and the August 1992 issue of Dr.
362: Dobb's Journal. Privacy applications developed with RSAREF may be
363: subject to export controls. If you are located in the United States
364: and develop such applications, you are advised to consult with the
365: State Department's Office of Defense Trade Controls.
366:
367: 8. TERM. The license granted hereunder is effective until
368: terminated. You may terminate it at anytime by destroying
369: the Program and its associated documentation. The termination
370: of your license will not result in the termination of the
371: licenses of any distributees who have received rights to the
372: Program through you so long as they are in compliance with
373: the provisions of this license.
374:
375: 9. GENERAL
376:
377: a. This Agreement shall be governed by the laws of the State of
378: California.
379:
380: b. Address all correspondence regarding this license to RSA's
381: electronic mail address <[email protected]>, or
382: to
383:
384: RSA Laboratories
385: ATTN: RSAREF Administrator
386: 100 Marine Parkway, Suite 500
387: Redwood City, CA 94065
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.