home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Black Crawling Systems Archive Release 1.0
/
Black Crawling Systems Archive Release 1.0 (L0pht Heavy Industries, Inc.)(1997).ISO
/
tezcat
/
Big_Brother
/
Getting_PGP.txt
< prev
next >
Wrap
Text File
|
1996-07-08
|
32KB
|
1,434 lines
From the Radio Free Michigan archives
ftp://141.209.3.26/pub/patriot
If you have any other files you'd like to contribute, e-mail them to
bj496@Cleveland.Freenet.Edu.
------------------------------------------------
Note: follow-ups set to alt.security.pgp, where this is regularly posted.
-----BEGIN PGP SIGNED MESSAGE-----
===============================BEGIN SIGNED TEXT=============================
WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP)
(Last modified: 31 October 1994 by Mike Johnson)
WHAT IS THE LATEST VERSION?
|-----------------+---------------------+---------------------------------|
| Platform(s) | Latest Version | Distribution File Names |
|-----------------+---------------------+---------------------------------|
| DOS, Unix, | Viacrypt PGP 2.7 | disk sets |
| or WinCIM/CSNav | | |
|-----------------+---------------------+---------------------------------|
| DOS, Unix, | MIT PGP 2.6.2 | pgp262.zip (DOS + docs) |
| others | | pgp262s.zip (source) |
| | | pg262s.zip source on CompuServe |
| | | pgp262.tar.gz (source) |
| | | pgp262.gz (same as above on DOS)|
| | | pgp262.tar.Z (source) |
| | | pgp262dc.zip (documentation) |
| | | pg262d.zip (docs on CompuServe) |
|-----------------+---------------------+---------------------------------|
| Macintosh | MIT PGP 2.6 | MacPGP2.6.sea.hqx (binary+docs) |
| | | macpgp26.hqx (same as above) |
| | | MacPGP2.6.src.sea.hqx (source) |
| | | macpgp26.src (same as above) |
| | | MacPGP2.6-68000.sea.hqx (binary)|
| | | mcpgp268.hqx (same as above) |
|-----------------+---------------------+---------------------------------|
| Mac Applescript | MacPGP 2.6ui v 1.2 | MacPGP-2.6ui-v1.2.sit.hqx |
| | | MacPGP2.6ui_V1.2_sources.cpt.hqx|
| | | MacPGP2.6uiV1.2en.cpt.hqx |
| | | MacPGP2.6uiV1.2src.cpt.hqx |
| | | MacPGP2.6uiV1.2.68000.hqx |
|-----------------+---------------------+---------------------------------|
| Amiga | PGP 2.6.2 Amiga 1.4 | pgp262-a14-000.lha |
| | | pgp262-a14-020.lha |
| | | pgp262-a14-src.lha |
|-----------------+---------------------+---------------------------------|
| Atari | Atari PGP 2.6ui | pgp26uib.lzh (binary, docs) |
| | | pgp26uis.lzh |
|-----------------+---------------------+---------------------------------|
| Archimedes | Archimedes 2.3a | ArcPGP23a |
|-----------------+---------------------+---------------------------------|
| Non-USA version | PGP 2.6.i from | pgp26i.zip |
| to avoid RSAREF | Stale Schumacher | pgp26is.zip |
| license. | | pgp26is.tar.gz |
|_________________|_____________________|_________________________________|
WHERE CAN I GET THE PGP VERSION DIRECTLY FROM PHILIP ZIMMERMANN?
This is the MIT version. For several good reasons, Phil is releasing the
main line freeware PGP through MIT, at net-dist.mit.edu. See a list of sites
that also carry this version, below, or use this WWW URL:
http://web.mit.edu/network/pgp-form.html
WHAT IS PGP 2.6.i?
Stale Schumacher <staalesc@ifi.uio.no released an international version of
PGP built the "right way." By "right way," I mean that it uses the latest
MIT code, but uses a different rsaglue.c to use the mpilib instead of RSAREF
for RSA calculations, thus including all the latest bug fixes and features in
the main freeware PGP code line, but frees non-USA persons from the
limitations of the RSAREF license. This release has been as strongly
endorsed by Philip Zimmermann as he can do without incriminating himself.
Naturally, by not using the RSAREF code for RSA calculations, this version is
not legal for use in the USA (other than limited research, etc.), but is fine
anywhere else (like Canada) were RSA patents don't hold.
Note that the latest version of Stale Schumacher's PGP is 2.6.i, 2.6i
(without the second .) was a beta test version that has been superceded.
WHAT IS PGP 2.6ui?
The "unofficial international" versions are really just PGP 2.3a, modified
just enough to make it compatible with MIT PGP 2.6, but do not include all of
the fixes in MIT PGP 2.6 and MIT PGP 2.6.1. They have a "ui" somewhere in
their file names. I recommend the use of the "ui" versions only if you are
using a platform for which there is no Viacrypt or MIT PGP that works
properly. For a version that doesn't use RSAREF, PGP 2.6.i from Stale
Schumacher is a better choice, because it is more up-to-date.
WHERE CAN I GET VIACRYPT PGP?
If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in
Phoenix, Arizona, USA. The commecial version of PGP is fully licensed to use
the patented RSA and IDEA encryption algorithms in commercial applications,
and may be used in corporate environments in the USA and Canada. It is fully
compatible with, functionally the same as, and just as strong as the freeware
version of PGP. Due to limitations on ViaCrypt's RSA distribution license,
ViaCrypt only distributes executable code and documentation for it, but they
are working on making PGP available for a variety of platforms. Call or
write to them for the latest information. The latest version number for
Viacrypt PGP is 2.7.
The Windows version is now shipping, and the Macintosh version is expected to
ship Real Soon Now. The formal announcements will go out about one week prior
to first ship dates. The Windows version is a high grade Visual Basic front
end with the DOS program in the back end. It is a point-and-click,
drag-and-drop operation.
Here is a brief summary of Viacrypt's currently-available products:
1. ViaCrypt PGP for MS-DOS. Prices start at $99.98
2. ViaCrypt PGP for UNIX. Includes executables for the following
platforms:
SunOS 4.1.x (SPARC)
IBM RS/6000 AIX
HP 9000 Series 700/800 UX
SCO 386/486 UNIX
SGI IRIX
AViiON DG-UX(88/OPEN)
Prices start at $149.98
Executables for the following additional platforms are
available upon request for an additional $30.00 charge.
BSD 386
Ultrix MIPS DECstation 4.x
3. ViaCrypt PGP for WinCIM/CSNav. A special package for users of
CompuServe. Prices start at $119.98
Viacrypt's licensing and price information is as follows:
ViaCrypt PGP Version 2.7 for Windows (Single User $ 124.98
ViaCrypt PGP Version 2.7 for Windows (Five User) $ 374.98
ViaCrypt PGP Version 2.7 for Macintosh(Single User) $ 124.98
ViaCrypt PGP Version 2.7 for Macintosh(Five User) $ 374.98
ViaCrypt PGP Version 2.7 for MS-DOS (Single User) $ 99.98
ViaCrypt PGP Version 2.7 for MS-DOS (Five User) $ 299.98
ViaCrypt PGP Version 2.7 for UNIX (Single User) $ 149.98
ViaCrypt PGP Version 2.7 for UNIX (Five User) $ 449.98
ViaCrypt PGP for WinCIM/CSNav (Single User) $ 119.98
ViaCrypt PGP for WinCIM/CSNav (Five User) $ 359.98
UNIX platforms of Ultrix and BSD 386 have an additional $30.00
charge per platform.
Please contact ViaCrypt for pricing of 20 users and above.
Orders may be placed by calling 800-536-2664 during the hours of
8:30am to 5:00pm MST, Monday - Friday. We accept VISA,
MasterCard, AMEX and Discover credit cards.
If you have further questions, please feel free to contact:
Paul E. Uhlhorn
Director of Marketing, ViaCrypt Products
Mail: 9033 N. 24th Avenue
Suite 7
Phoenix AZ 85021-2847
Phone: (602) 944-0773
Fax: (602) 943-2601
Internet: viacrypt@acm.org
Compuserve: 70304.41
WHERE CAN I GET THE FREEWARE PGP?
These listings are subject to change without notice. If you find that PGP has
been removed from any of these sites, please let me know so that I can update
this list. Likewise, if you find PGP on a good site elsewhere (especially on
any BBS that allows first time callers to access PGP for free), please let me
know so that I can update this list. Because this list changes frequently, I
have not attempted to keep it complete, but there should be enough pointers
to let you easily find PGP.
There are several ways to get the freeware PGP: ftp, WWW, BBS, CompuServe,
email ftp server, and sneakernet (ask a friend for a copy). Just don't ask
the author directly for a copy.
FTP SITES IN NORTH AMERICA
There are some wierd hoops to jump through, thanks to the U. S. Department of
State and the ITAR, at many of these sites.
Telnet to net-dist.mit.edu, log in as getpgp, answer the questions, then ftp
to net-dist.mit.edu and change to the hidden directory named in the telnet
session to get your own copy.
MIT-PGP is for U. S. and Canadian use only, but MIT is only distributing it
within the USA (due to some archaic export control laws).
1. Read ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt and agree to it.
2. Read ftp://net-dist.mit.edu/pub/PGP/rsalicen.txt and agree to it.
3. Telnet to net-dist.mit.edu and log in as getpgp.
4. Answer the questions and write down the directory name listed.
5. QUICKLY end the telnet session with ^C and ftp to the indicated directory
on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get
the distribution files (see the above chart for names).
If the hidden directory name is invalid, start over at step 3, above.
You can also get PGP from:
ftp.csn.net/mpj
ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/
See ftp://ftp.csn.net/mpj/README.MPJ for the ???????
See ftp://ftp.csn.net/mpj/help for more help on negotiating this site's
export control methods (open to USA and Canada).
ftp.netcom.com/pub/mpj
ftp://ftp.netcom.com/mpj/I_will_not_export/crypto_???????/pgp/
See ftp://ftp.netcom.com/pub/mpj/README.MPJ for the ???????
See ftp://ftp.netcom.com/pub/mpj/help for more help on negotiating this
site's export control methods.
TO GET THESE FILES BY EMAIL, send mail to ftp-request@netcom.com
containing the word HELP in the body of the message for instructions.
You will have to work quickly to get README.MPJ then the files before
the ??????? part of the path name changes again (several times a day).
ftp.eff.org
Follow the instructions found in README.Dist that you get from one of:
ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist
gopher.eff.org, 1/Net_info/Tools/Crypto
gopher://gopher.eff.org/11/Net_info/Tools/Crypto
http://www.eff.org/pub/Net_info/Tools/Crypto/
soda.csua.berkeley.edu (for U. S. or Canadian users)
/pub/cypherpunks/pgp/
ftp.wimsey.bc.ca
/pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/PGP
(U. S. and Canadian users only)
See /pub/crypto/software/README for the characters for XXXXXXXX
This site has all public releases of the freeware PGP.
WORLD WIDE WEB ACCESS
http://web.mit.edu/network/pgp-form.html
http://www.ifi.uio.no/~staalesc/PGPVersions.html
http://www.mantis.co.uk/pgp/pgp.html
http://rschp2.anu.edu.au:8080/crypt.html
http://www.eff.org/pub/Net_info/Tools/Crypto/
COMPUSERVE
The NCSA Forum sysops have a library (Library 12: Export Controlled) that is
available only to people who send them a message asserting that they are
within the U. S. A. This library contains PGP. I have also seen PGP in some
other places on Compuserve. Try searching for PGP262.ZIP in the IBMFF forum
for up-to-date information on PGP in selected other areas. The last time I
tried a search like this, PGP was found in the PC World Online forum (GO
PWOFORUM) new uploads area, along with several PGP shells and accessories.
I've also heard that EUROFORUM carries PGP, but have not confirmed this.
Compuserve file names are even more limited than DOS (6.3 instead of the
already lame 8.3), so the file names to look for are PGP262.ZIP, PG262S.ZIP
(source code), PGP262.GZ (Unix source code) and PG262D.ZIP (documentation
only).
BULLETIN BOARD SYSTEMS
Colorado Catacombs BBS
Mike Johnson, sysop
Mac and DOS versions of PGP, PGP shells, and some other crypto stuff.
Also the home of some good Bible search files and some shareware written
by Mike Johnson, including ATBASH, DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP,
MDIR, DELETE, PROVERB, SPLIT, ONEPAD, QUICRYPT, etc.
v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps
8 data bits, 1 stop, no parity, as fast as your modem will go.
Use ANSI terminal emulation, of if you can't, try VT-100.
Free access to PGP. If busy or no answer, try again later.
Log in with your own name, or if someone else already used that, try
a variation on your name or pseudonym. You can request access to
crypto software on line, and if you qualify legally under the ITAR,
you can download on the first call.
For free access: log in with your own name, answer the questions, then
select [Q]uestionaire 3 from the [M]ain menu.
(303) 772-1062 Longmont, Colorado number - 2 lines.
(303) 938-9654 Boulder, Colorado number forwarded to Longmont number
intended for use by people in the Denver, Colorado area.
The Colorado Catacombs BBS only has two phone lines, so if you get a copy of
PGP from here, you might consider spreading it around to any place that you
can legally do so.
The Freedom Files BBS, DeLand Florida, USA 904-738-2691
Exec-Net, New York, NY, USA (Host BBS for the ILink net) 914-667-4567
The Ferret BBS (North Little Rock, Arkansas)
(501) 791-0124 also (501) 791-0125
Special PGP users account:
login name: PGP USER
password: PGP
This information from: Jim Wenzel <jim.wenzel@grapevine.lrk.ar.us
CVRC BBS 317-791-9617
CyberGold BBS 601-582-5748
Other BBS -- check your local BBS. Chances are good that it has any release
that is at least a month old if it has much of a file area at all.
OTHER FTP SITES
ftp.informatik.uni-hamburg.de
/pub/virus/crypt/pgp
This site has most, if not all, of the current PGP files.
ftp.ox.ac.uk (129.67.1.165)
ftp.netcom.com
/pub/dcosenza -- Some crypto stuff, sometimes includes PGP.
/pub/gbe/pgpfaq.asc -- frequently asked questions answered.
/pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as
well. PGP FAQ, crypto FAQ, US Crypto Policy FAQ,
Steganograpy software list. MacUtilites for use with
MacPGP. Stealth1.1 + other steganography programs.
Send mail to ftp-request@netcom.com with "HELP" in the
body of the message if you don't have ftp access.
ftp.ee.und.ac.za
/pub/crypto/pgp
soda.berkeley.edu
/pub/cypherpunks/pgp (DOS, MAC)
ftp.demon.co.uk
/pub/amiga/pgp
/pub/archimedes
/pub/pgp
/pub/mac/MacPGP
ftp.informatik.tu-muenchen.de
ftp.funet.fi
ftp.dsi.unimi.it
/pub/security/crypt/PGP
ftp.tu-clausthal.de (139.174.2.10) (Atari ST/E,TT,Falcon)
/pub/atari/misc/pgp/pgp26uib.lzh (2.6ui ttp, 2.3a docs)
/pub/atari/misc/pgp/pgp26uis.lzh (2.6ui sources)
/pub/atari/misc/pgp/pgp26ui.diffs (Atari diffs for 2.6 sources)
wuarchive.wustl.edu
/pub/aminet/util/crypt
src.doc.ic.ac.uk (Amiga)
/aminet
/amiga-boing
ftp.informatik.tu-muenchen.de
/pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2)
iswuarchive.wustl.edu
pub/aminet/util/crypt (Amiga)
nic.funet.fi (128.214.6.100)
/pub/crypt
ftp.uni-kl.de (131.246.9.95)
/pub/aminet/util/crypt
qiclab.scn.rain.com (147.28.0.97)
pc.usl.edu (130.70.40.3)
leif.thep.lu.se (130.235.92.55)
goya.dit.upm.es (138.4.2.2)
tupac-amaru.informatik.rwth-aachen.de (137.226.112.31)
ftp.etsu.edu (192.43.199.20)
princeton.edu (128.112.228.1)
pencil.cs.missouri.edu (128.206.100.207)
soda.csua.berkeley.edu
kauri.vuw.ac.nz
nctuccca.edu.tw
/PC/wuarchive/pgp/
Also, try an archie search for PGP using the command:
archie -s pgp262 (DOS & Unix Versions)
archie -s pgp2.6 (MAC Versions)
FTPMAIL
For those individuals who do not have access to FTP, but do have access
to e-mail, you can get FTP files mailed to you. For information on
this service, send a message saying "Help" to ftpmail@decwrl.dec.com.
You will be sent an instruction sheet on how to use the ftpmail
service.
Another e-mail service is from nic.funet.fi. Send the following mail message
to mailserv@nic.funet.fi:
ENCODER uuencode
SEND pub/crypt/pgp23srcA.zip
SEND pub/crypt/pgp23A.zip
This will deposit the two zipfiles, as 15 batched messages, in your mailbox
with about 24 hours. Save and uudecode.
For the ftp sites on netcom, send mail to ftp-request@netcom.com containing
the word HELP in the body of the message.
To get pgp 2.6.i by email:
Send a message to hypnotech-request@ifi.uio.no with your request in the
Subject: field.
Subject What you will get
GET pgp26i.zip MS-DOS executable (uuencoded)
GET pgp26is.zip MS-DOS source code (uuencoded)
GET pgp26is.tar.gz UNIX source code (uuencoded)
For FAQ information, send e-mail to mail-server@rtfm.mit.edu with
send usenet/news.answers/ftp-list/faq
in the body of the message.
IS MY COPY OF PGP GOOD?
If you find a version of the PGP package that does not include the PGP User's
Guide, something is wrong. The manual should always be included in the
package. PGP should be signed by one of the developers (Philip Zimmermann,
Jeff Schiller, Viacrypt, Stale Schumacher, etc.). If it isn't, the package is
suspect and should not be used or distributed. The site you found it on
should remove it so that it does no further harm to others. To be really
sure, you should get PGP directly from MIT or check the signatures with a
version of PGP that you trust. The copies of PGP on ftp.csn.net/mpj,
ftp.netcom.com/pub/mpj, and the Colorado Catacombs BBS are direct copies of
the ones on MIT, except that the ones on the BBS include a BBS advertisement
(automatically added by the system when it virus scans new files) in the
outer .zip files.
OTHER PGP DOCUMENTATION
PGP is rather counter-intuitive to a Mac user. Luckily, there's a
guide to using MacPGP in
ftp://ftp.netcom.com/pub/qwerty/Here.is.How.to.MacPGP.
There is a Frequently Asked Questions document in
ftp://ftp.netcom.com/pub/gbe/pgpfaq.asc
For more information on the "time bomb" in PGP, see
ftp://ftp/netcom.com/pub/mpj/pgpbomb.asc
LANGUAGE MODULES
These are suitable for most PGP versions. I am not aware of any
export/import restrictions on these files.
German
* _UK:_ ftp://ftp.ox.ac.uk/src/security/pgp_german.txt
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha
Italian
* _IT:_
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.italian.tar.gz
* _FI:_
ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/PGP/pgp-lang.italian.tar.gz
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz
Japanese
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz
Lithuanian
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip
Russian
* _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26ru.zip (MIT version)
* _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26uir.zip (ui version)
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip
Spanish
* _IT:_
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.spanish.tar.gz
* _FI:_
ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz
Swedish
* _UK:_ ftp://ftp.ox.ac.uk/src/security/pgp_swedish.txt
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt
WHAT IS ALL THIS NONSENSE ABOUT EXPORT CONTROLS?
For a detailed rant, get ftp://ftp.csn.net/mpj/cryptusa.zip
The practical meaning, until the law is corrected to make sense, is that you
are requested to get PGP from sites outside of the USA and Canada if you are
outside of the USA and Canada. If you are in France, I understand that you
aren't even supposed import it. Other countries may be worse. Make sure you
follow the laws of your own country. If you want to officially export PGP,
you may be able to get permission in limited cases and for a fee. Contact
the U. S. Department of State for information.
WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST IN THE USA?
MIT PGP is only for noncommercial use because of restrictions on the
licensing of both the RSA algorithm (attached to RSAREF) and the IDEA
algorithm. PKP/RSADSI insist that we use RSAREF instead of the mpi library
for reasons that make sense to them.
For commercial use, use Viacrypt PGP, which is fully licensed to use both the
RSA and IDEA algorithms in commercial and corporate environments.
Another restriction is due to an exclusive marketing agreement between Philip
Zimmermann and Viacrypt that applies to the USA and Canada only. Viacrypt
has exclusive rights to market PGP commercialy in this area of the world.
This means that if you want to market PGP commercially in competition with
Viacrypt in the USA or Canada, you would have to create a new implementation
of the functions of PGP containing none of Philip Zimmermann's copyrighted
code. You are free to modify existing PGP code for your own use, as long as
you don't sell it. Phil would also appreciate your checking with him before
you distribute any modified versions of PGP as freeware.
"PGP", "Pretty Good Privacy" and "Phil's Pretty Good Software" are trademarks
owned by Philip Zimmermann. This means that if you modify an older version of
PGP that was issued under the copyleft license and distribute it without
Phil's permission, you have to call it something else. This avoids confusing
all of us and protects Phil's good name.
WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST IN CANADA?
MIT PGP is only for noncommercial use because of restrictions on the
licensing of the IDEA algorithm. Because the RSA algorithm isn't patented in
Canada, you are free to use the mpi library instead of RSAREF, if you want
to, thus freeing yourself of the RSAREF license.
For commercial use, use Viacrypt PGP, which is fully licensed to use the IDEA
algorithm in commercial and corporate environments.
The exclusive marketing agreement with Viacrypt also applies in Canada. See
the section on USA intellectual property restrictions for more details.
WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST OUTSIDE NORTH AMERICA?
MIT PGP is only for noncommercial in areas where there is a patent on
software implementations of the IDEA algorithm. Because the RSA algorithm
isn't patented outside of the USA, you are free to use the mpi library
instead of RSAREF, if you want to, thus freeing yourself of the RSAREF
license restrictions.
For commercial use, you cannot buy Viacrypt PGP, but you can arrange to
license your use of IDEA directly from ASCOM Tech AG in Switzerland. (I
think the cost is about SFr 90/user.) Phone: 65-243404. If software
implementations of IDEA are not covered by a patent in your country, then you
can use the freeware versions of PGP, provided that you compile it with the
mpi library instead of RSAREF.
WHAT IS COMMERCIAL USE?
Use some common sense. If you are running a business and using PGP to
protect credit card numbers sent to you electronically, then you are using
PGP commercially. Your customers, however, need not buy the commercial
version of PGP just to buy something from you, if that is the only commercial
use they make of PGP (since they are spending, not making, money with PGP).
If you are just encrypting love letters or other personal mail, that is not
commercial. If you are encrypting casual internal company email, that is not
necessarily commercial if the email is not "official," but official business
use of PGP by any for-profit organization is commercial. On the other hand,
since the nature of PGP is that it hides the contents of what you are
encrypting, some might claim that the existance of PGP on a computer owned
and operated by a commercial enterprise is sufficient evidence that PGP is
being used commercially. If you are using PGP to sign contracts that you are
making money on, that is commercial.
Note that the patent owners of RSA and IDEA may differ from my interpretation
slightly, so if you are in doubt, you should consider the licensing of
Viacrypt PGP (or outside of North America, direct licensing of IDEA) to be
cheap legal insurance. Indeed, the license fee is probably a lot cheaper
than a legal opinion from a lawyer qualified to make such a judgement. Note
that I am not a lawyer and the above is not legal advise. Use it at your own
risk.
WHAT IS THE "TIME BOMB" IN MIT PGP 2.6?
There was a version byte change in MIT PGP 2.6 as of 1 September 1994. See
ftp://ftp.csn.net/mpj/pgpbomb.asc for details.
ARE MY KEYS COMPATIBLE WITH THE OTHER PGP VERSIONS?
If your RSA key modulus length is less than or equal to 1024 bits (I don't
recommend less, unless you have a really slow computer and little patience),
and if your key was generated in the PKCS format, then it will work with any
of the current PGP versions (MIT PGP 2.6, PGP 2.6ui, or Viacrypt PGP 2.7). If
this is not the case, you really should generate a new key that qualifies.
MIT PGP 2.6.2 should be able to use 2048 bit keys. Generation of 2048 bit
keys is supposed to automatically be enabled in PGP 2.6.2 in December, 1994.
By then, hopefully, most people will have had a chance to upgrade to a
version of PGP that can use them, so longer keys won't be a big problem. On
the other hand, 1024 bit keys are probably beyond the reach of most criminals
and spies to break, anyway.
MORE WORLD WIDE WEB URLs
http://draco.centerline.com:8080/~franl/pgp/pgp-mac-faq-hinely.html
http://draco.centerline.com:8080/~franl/pgp/pgp.html
http://draco.centerline.com:8080/~franl/crypto/cryptography.html
http://www.pegasus.esprit.ec.org/people/arne/pgp.html
http://rschp2.anu.edu.au:8080/crypt.html
http://ibd.ar.com/PublicKeys.html
http://www.ifi.uio.no/~staalesc/PGPversions.html
WINDOWS SHELLS
Several shells for running PGP with Microsoft Windows are available at the
same places PGP can be found.
BUGS
These are the most annoying:
It is possible to add significant amounts of text to a clear signed message
after the BEGIN line, but before the first really blank line, and make it
look like part of the signed text. A line with a space or tab in it doesn't
count as a really blank line.
MIT PGP 2.6.1 doesn't REALLY generate 2048 byte keys.
Microsoft Natural Keyboard -- will not accept input for the pass phrase.
For more information, see http://www.mit.edu:8001/people/warlord/pgp-faq.html
BETSI - BELLCORE'S TRUSTED SOFTWARE INTEGRITY SYSTEM
For information on this service, send mail to certify@bellcore.com with the
subject help, or check http://info.bellcore.com/BETSI/betsi.html
HOW DO I PUBLISH MY PGP PUBLIC KEY?
There are lots of ways. One way is to use a key server. Send mail to one of
these addresses with the single word "help" in the subject line to find out
how to use a key server.
pgp-public-keys@pgp.iastate.edu
public-key-server@pgp.ai.mit.edu
pgp-public-keys@cs.tamu.edu
pgp-public-keys@chao.sw.oz.au
pgp-public-keys@jpunix.com
pgp-public-keys@dsi.unimi.it
pgp-public-keys@kiae.su
pgp-public-keys@fbihh.informatik.uni-hamburg.de
There is also an experimental public key server at
http://ibd.ar.com/PublicKeys.html
Another way is to upload it to the PGP public keys area of the Colorado
Catacombs BBS (303-772-1062). Another way is to just send it to your
correspondents. You could add it to your .plan file so that finger returns
your key. You could add it to some of your postings. No matter which way you
do it, you should have your key signed by someone who verifies that your key
belongs to you, so that you don't have someone else generating a key that has
your name on it, but that isn't yours.
------------------------------------------------
(This file was found elsewhere on the Internet and uploaded to the
Radio Free Michigan archives by the archive maintainer.
All files are ZIP archives for fast download.
E-mail bj496@Cleveland.Freenet.Edu)
