From: mark lewis Area: Public Key Encryption To: jason carr 7 Jan 95 15:04:54 Subject: KEY REVOKE UpdReq jc> Yes. Before I saw this msg I went back into PKEY_DROP but jc> it'd scrolled off. :( BG> (I just added the "~" to prevent anyone from adding a bad BG> key to their keyring) jc> Bad? Is this the original or the revocation? If it's the jc> original it's good, and fine, and bueno, and wonderful, jc> exciting, shiny, etc. jc> Just delete the revocation from your ring and add in this jc> file. All will be well, Grasshopper. oh?? what about his secret key?? )\/(ark # Origin: (1:3634/12) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 259/212 382/7 640/217 3611/19 9600/0 9608/0 9609/0 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: All 6 Jan 95 13:22:34 Subject: Where to get PGP 1 UpdReq Date: Fri Dec 30, 1994 4:31 pm EST From: mpj@netcom.com TO: * Alan Pugh / MCI ID: 370-1548 Subject: Where to Get PGP FAQ ===============================BEGIN SIGNED TEXT============================= WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) (Last modified: 30 December 1994 by Mike Johnson) WHAT IS THE LATEST VERSION? |-----------------+---------------------+---------------------------------| | Platform(s) | Latest Version | Distribution File Names | |-----------------+---------------------+---------------------------------| | DOS, Unix, | Viacrypt PGP 2.7 | disk sets | | Mac, Windows, | | | | or WinCIM/CSNav | | | |-----------------+---------------------+---------------------------------| | DOS, Unix, | MIT PGP 2.6.2 | pgp262.zip (DOS + docs) | | others | | pgp262s.zip (source) | | | | pg262s.zip source on CompuServe | | | | pgp262.tar.gz (source) | | | | pgp262.gz (same as above on DOS)| | | | pgp262.tar.Z (source) | | | | pgp262dc.zip (documentation) | | | | pg262d.zip (docs on CompuServe) | |-----------------+---------------------+---------------------------------| | Macintosh | MIT PGP 2.6 | MacPGP2.6.sea.hqx (binary+docs) | | | | macpgp26.hqx (same as above) | | | | MacPGP2.6.src.sea.hqx (source) | | | | macpgp26.src (same as above) | | | | MacPGP2.6-68000.sea.hqx (binary)| | | | mcpgp268.hqx (same as above) | |-----------------+---------------------+---------------------------------| | Mac Applescript | MacPGP 2.6ui v 1.2 | MacPGP-2.6ui-v1.2.sit.hqx | | | + some beta versions| MacPGP2.6ui_V1.2_sources.cpt.hqx| | | based on MIT PGP | MacPGP2.6uiV1.2en.cpt.hqx | | | 2.6.2 | MacPGP2.6uiV1.2src.cpt.hqx | | | | MacPGP2.6uiV1.2.68000.hqx | | | | MacPGP2.6.2.beta.sea.hqx | | | | MacPGP2.6.2.beta.src.sea.hqx | |-----------------+---------------------+---------------------------------| | Amiga | PGP 2.6.2 Amiga 1.4 | pgp262-a14-000.lha | | | | pgp262-a14-020.lha | | | | pgp262-a14-src.lha | |-----------------+---------------------+---------------------------------| | Atari | Atari PGP 2.6ui | pgp26uib.lzh (binary, docs) | | | | pgp26uis.lzh | |-----------------+---------------------+---------------------------------| | Archimedes | Archimedes 2.3a | ArcPGP23a | |-----------------+---------------------+---------------------------------| | Non-USA version | PGP 2.6.i from | pgp26i.zip | | to avoid RSAREF | Stale Schumacher | pgp26is.zip | | license. | | pgp26is.tar.gz | |_________________|_____________________|_________________________________| WHERE CAN I LEARN ABOUT PGP? First, get a copy and read the instructions that come with it. There are also at least two books on PGP. I've read the following and think it is pretty good: Protect Your Privacy: A Guide for PGP Users William Stallings Prentice-Hall, ISBN 0-13-185596-4, $19.95, 300 pages is available at most technical bookstores and many general bookstores such as Barnes and Noble. If you order it from National Computer Security Association (74774.1326@compuserve.com) they will donate $1 of the price to Phil Zimmermann's legal defense fund. WHERE CAN I GET THE PGP VERSION DIRECTLY FROM PHILIP ZIMMERMANN? This is the MIT version. For several good reasons, Phil is releasing the main line freeware PGP through MIT, at net-dist.mit.edu. See a list of sites that also carry this version, below, or use this WWW URL: http://web.mit.edu/network/pgp-form.html WHAT IS PGP 2.6.i? Stale Schumacher released an international version of PGP built the "right way." By "right way," I mean that it uses the latest MIT code, but uses a different rsaglue.c to use the mpilib instead of RSAREF for RSA calculations, thus including all the latest bug fixes and features in the main freeware PGP code line, but frees non-USA persons from the limitations of the RSAREF license. This release has been as strongly endorsed by Philip Zimmermann as he can do without incriminating himself. Naturally, by not using the RSAREF code for RSA calculations, this version is not legal for use in the USA (other than limited research, etc.), but is fine anywhere else (like Canada) were RSA patents don't hold. Note that the latest version of Stale Schumacher's PGP is 2.6.i, 2.6i (without the second .) was a beta test version that has been superceded. ... Very funny Mr. Scott - now beam up my clothes! 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: All 6 Jan 95 13:23:06 Subject: Where to get PGP 2 UpdReq WHAT IS PGP 2.6ui? The "unofficial international" versions are really just PGP 2.3a, modified just enough to make it compatible with MIT PGP 2.6, but do not include all of the fixes in MIT PGP 2.6 and MIT PGP 2.6.1. They have a "ui" somewhere in their file names. I recommend the use of the "ui" versions only if you are using a platform for which there is no Viacrypt or MIT PGP that works properly. For a version that doesn't use RSAREF, PGP 2.6.i from Stale Schumacher is a better choice, because it is more up-to-date. WHERE CAN I GET VIACRYPT PGP? If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in Phoenix, Arizona, USA. The commecial version of PGP is fully licensed to use the patented RSA and IDEA encryption algorithms in commercial and government environments in the USA and Canada. It is fully compatible with, functionally the same as, and just as strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA distribution license, ViaCrypt only distributes executable code and documentation for it, but they are working on making PGP available for a variety of platforms. Call or write to them for the latest information. The latest version number for Viacrypt PGP is 2.7. Here is a brief summary of Viacrypt's currently-available products: 1. ViaCrypt PGP for MS-DOS. Prices start at $99.98 2. ViaCrypt PGP for UNIX. Includes executables for the following platforms: SunOS 4.1.x (SPARC) IBM RS/6000 AIX HP 9000 Series 700/800 UX SCO 386/486 UNIX SGI IRIX AViiON DG-UX(88/OPEN) Prices start at $149.98 Executables for the following additional platforms are available upon request for an additional $30.00 charge. BSD 386 Ultrix MIPS DECstation 4.x 3. ViaCrypt PGP for WinCIM/CSNav. A special package for users of CompuServe. Prices start at $119.98 Please contact ViaCrypt for quantity discount pricing. Orders may be placed by calling 800-536-2664 during the hours of 8:30am to 5:00pm MST, Monday - Friday. They accept VISA, MasterCard, AMEX and Discover credit cards. If you have further questions, please feel free to contact: Paul E. Uhlhorn Director of Marketing, ViaCrypt Products Mail: 9033 N. 24th Avenue Suite 7 Phoenix AZ 85021-2847 Phone: (602) 944-0773 Fax: (602) 943-2601 Internet: viacrypt@acm.org Compuserve: 70304.41 WHERE CAN I GET THE FREEWARE PGP? These listings are subject to change without notice. If you find that PGP has been removed from any of these sites, please let me know so that I can update this list. Likewise, if you find PGP on a good site elsewhere (especially on any BBS that allows first time callers to access PGP for free), please let me know so that I can update this list. Because this list changes frequently, I have not attempted to keep it complete, but there should be enough pointers to let you easily find PGP. There are several ways to get the freeware PGP: ftp, WWW, BBS, CompuServe, email ftp server, and sneakernet (ask a friend for a copy). Just don't ask Philip Zimmermann directly for a copy. FTP SITES IN NORTH AMERICA There are some wierd hoops to jump through, thanks to the U. S. Department of State, at many of these sites. This is apparently because the U. S. Department of State wants to make it easier for people outside of North America to develop, distribute, use, or sell strong cryptographic software than people inside of the USA and Canada -- at least that is the effect of their rules. Telnet to net-dist.mit.edu, log in as getpgp, answer the questions, then ftp to net-dist.mit.edu and change to the hidden directory named in the telnet session to get your own copy. ... Freedom and Firearms go hand in hand. 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: All 6 Jan 95 13:23:36 Subject: Where to get PGP 3 UpdReq MIT-PGP is for U. S. and Canadian use only, but MIT is only distributing it within the USA (due to some archaic export control laws). 1. Read ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt and agree to it. 2. Read ftp://net-dist.mit.edu/pub/PGP/rsalicen.txt and agree to it. 3. Telnet to net-dist.mit.edu and log in as getpgp. 4. Answer the questions and write down the directory name listed. 5. QUICKLY end the telnet session with ^C and ftp to the indicated directory on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get the distribution files (see the above chart for names). If the hidden directory name is invalid, start over at step 3, above. You can also get PGP from: ftp.csn.net/mpj See ftp://ftp.csn.net/mpj/README.MPJ ftp.netcom.com/pub/mp/mpj See ftp://ftp.netcom.com/pub/mp/mpj/README.MPJ ftp.eff.org Follow the instructions found in README.Dist that you get from one of: ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist gopher.eff.org, 1/Net_info/Tools/Crypto gopher://gopher.eff.org/11/Net_info/Tools/Crypto http://www.eff.org/pub/Net_info/Tools/Crypto/ ftp.csua.berkeley.edu (for U. S. or Canadian users) /pub/cypherpunks/pgp/ ftp.gibbon.com /pub/pgp/README ftp.wimsey.bc.ca /pub/crypto/software/dist/README WORLD WIDE WEB ACCESS http://web.mit.edu/network/pgp-form.html http://www.ifi.uio.no/~staalesc/PGPVersions.html http://www.mantis.co.uk/pgp/pgp.html http://rschp2.anu.edu.au:8080/crypt.html http://www.eff.org/pub/Net_info/Tools/Crypto/ http://community.net/community/all/home/solano/sbaldwin http://www.cco.caltech.edu/~rknop/amiga_pgp26.html COMPUSERVE GO NCSAFORUM. Follow the instructions there to gain access to Library 12: Export Controlled. PGP may be other places, too. Compuserve file names are even more limited than DOS (6.3 instead of the already lame 8.3), so the file names to look for are PGP262.ZIP, PG262S.ZIP (source code), PGP262.GZ (Unix source code) and PG262D.ZIP (documentation only). BULLETIN BOARD SYSTEMS Colorado Catacombs BBS Mike Johnson, sysop Mac and DOS versions of PGP, PGP shells, and some other crypto stuff. Also the home of some good Bible search files and some shareware written by Mike Johnson, including ATBASH, DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR, DELETE, PROVERB, SPLIT, ONEPAD, QUICRYPT, etc. v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps 8 data bits, 1 stop, no parity, as fast as your modem will go. Use ANSI terminal emulation, or if you can't, try VT-100. Free access to PGP. If busy or no answer, try again later. For free access: log in with your own name, answer the questions, then select [Q]uestionaire 3 from the [M]ain menu. (303) 772-1062 Longmont, Colorado number - 2 lines. (303) 938-9654 Boulder, Colorado number forwarded to Longmont number intended for use by people in the Denver, Colorado area. The Freedom Files BBS, DeLand Florida, USA 904-738-2691 Exec-Net, New York, NY, USA (Host BBS for the ILink net) 914-667-4567 The Ferret BBS (North Little Rock, Arkansas) (501) 791-0124 also (501) 791-0125 Special PGP users account: login name: PGP USER password: PGP This information from: Jim Wenzel CVRC BBS 317-791-9617 CyberGold BBS 601-582-5748 Self-Governor Information Resource, 915-587-7888, El Paso, Texas, USA In the UK, try 01273-688888 Other BBS -- check your local BBS. Chances are good that it has any release that is at least a month old if it has much of a file area at all. ... I drank What? - Socrates 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: All 6 Jan 95 13:24:04 Subject: Where to get PGP 4 UpdReq OTHER FTP SITES ftp.informatik.uni-hamburg.de /pub/virus/crypt/pgp This site has most, if not all, of the current PGP files. ftp.ox.ac.uk (163.1.2.4) /pub/crypto/pgp This is a well organized site with most of the current PGP files as well as shells and mailer scripts. ftp.netcom.com /pub/dc/dcosenza -- Some crypto stuff, sometimes includes PGP. ftp.ee.und.ac.za /pub/crypto/pgp ftp.csua.berkeley.edu /pub/cypherpunks/pgp (DOS, MAC) ftp.demon.co.uk /pub/amiga/pgp /pub/archimedes /pub/pgp /pub/mac/MacPGP ftp.informatik.tu-muenchen.de ftp.funet.fi ftp.dsi.unimi.it /pub/security/crypt/PGP ftp.tu-clausthal.de (139.174.2.10) (Atari ST/E,TT,Falcon) /pub/atari/misc/pgp/pgp26uib.lzh (2.6ui ttp, 2.3a docs) /pub/atari/misc/pgp/pgp26uis.lzh (2.6ui sources) /pub/atari/misc/pgp/pgp26ui.diffs (Atari diffs for 2.6 sources) wuarchive.wustl.edu /pub/aminet/util/crypt src.doc.ic.ac.uk (Amiga) /aminet /amiga-boing ftp.informatik.tu-muenchen.de /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2) iswuarchive.wustl.edu pub/aminet/util/crypt (Amiga) nic.funet.fi (128.214.6.100) /pub/crypt ftp.uni-kl.de (131.246.9.95) /pub/aminet/util/crypt qiclab.scn.rain.com (147.28.0.97) pc.usl.edu (130.70.40.3) leif.thep.lu.se (130.235.92.55) goya.dit.upm.es (138.4.2.2) tupac-amaru.informatik.rwth-aachen.de (137.226.112.31) ftp.etsu.edu (192.43.199.20) princeton.edu (128.112.228.1) pencil.cs.missouri.edu (128.206.100.207) ftp.csua.berkeley.edu kauri.vuw.ac.nz nctuccca.edu.tw /PC/wuarchive/pgp/ ftp.fu-berlin.de:/mac/sys/init/MacPGP2.6uiV1.2en.cpt.hqx.gz Also, try an archie search for PGP. FTPMAIL For those individuals who do not have access to FTP, but do have access to e-mail, you can get FTP files mailed to you. For information on this service, send a message saying "Help" to ftpmail@decwrl.dec.com. You will be sent an instruction sheet on how to use the ftpmail service. It works with messages something like this: > To: ftpmail@decwrl.dec.com > Subject: Ftpmail request > Connect ftp.csua.berkeley.edu > chdir pub/cypherpunks/pgp/pgp262 > uuencode > get pgp262.zip > quit ... Federal Reserve Notes are not Money! Silver and Gold are. 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: All 6 Jan 95 13:24:30 Subject: Where to get PGP 5 UpdReq Another e-mail service is from nic.funet.fi. Send mail to mailserv@nic.funet.fi with the word HELP. For the ftp sites on netcom, send mail to ftp-request@netcom.com containing the word HELP in the body of the message. To get pgp 2.6.i by email: Send a message to hypnotech-request@ifi.uio.no with your request in the Subject: field. Subject What you will get GET pgp26i.zip MS-DOS executable (uuencoded) GET pgp26is.zip MS-DOS source code (uuencoded) GET pgp26is.tar.gz UNIX source code (uuencoded) For FAQ information, send e-mail to mail-server@rtfm.mit.edu with send usenet/news.answers/ftp-list/faq in the body of the message. MACPGP OPTIONS There are multiple parallel efforts to write an up-to-date MacPGP. See the following for the latest MacPGP beta stuff. Zbigniew Fiedorowicz has updated his MacPGP to support Apple events, and his distribution comes with complete source code. Grady's netcom directory contains a different version, about which he says "This latest bug release beta 1.23 fixes several relatively minor bugs. Source to this version is NOT available, so its use should be restricted to experimentation only." ftp://ftp.csn.net/mpj/README.MPJ ftp://ataxia.res.wpi.edu/pub/mac-pgp/README ftp://highway.alinc.com/pub/jordyn/mac-pgp/README ftp://ftp.netcom.com/pub/gr/grady/PGP/MacPGP262b1.23.seq.hqx.asc PGP FOR WINDOWS, WINDOWS NT, AND WINDOWS 95 There isn't one, yet, that I know of (at least not a true native Windows application). There are several good shells that call the DOS PGP for the actual work, though. I use Viacrypt's, but there are others available as shareware or freeware at most of the sites listed above for PGP itself. IS MY COPY OF PGP GOOD? If you find a version of the PGP package that does not include the PGP User's Guide, something is wrong. The manual should always be included in the package. PGP should be signed by one of the developers (Philip Zimmermann, Jeff Schiller, Viacrypt, Stale Schumacher, etc.). If it isn't, the package is suspect and should not be used or distributed. The site you found it on should remove it so that it does no further harm to others. To be really sure, you should get PGP directly from MIT or check the signatures with a version of PGP that you trust. The copies of PGP on ftp.csn.net/mpj, ftp.netcom.com/pub/mp/mpj, and the Colorado Catacombs BBS are direct copies of the ones on MIT, except that the ones on the BBS include a BBS advertisement (automatically added by the system when it virus scans new files) in the outer .zip files. OTHER PGP DOCUMENTATION For more information on the "time bomb" in PGP, see ftp://ftp.csn.net/mpj/pgpbomb.asc More PGP details are at http://www.pegasus.esprit.ec.org/people/arne/pgp.html Windows shells documentation http://www.LCS.com/winpgp.html LANGUAGE MODULES These are suitable for most PGP versions. I am not aware of any export/import restrictions on these files. German * _UK:_ ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_german.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha Italian * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.italian.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/PGP/pgp-lang.italian.tar.gz * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz Japanese * _UK:_ ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_japanese.tar.gz * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz Lithuanian * _UK:_ ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_lithuanian.zip * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip ... The family that shoots together shouldn't be messed with! 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: All 6 Jan 95 13:24:56 Subject: Where to get PGP 6 UpdReq Russian * _UK:_ ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp26_russian.zip * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26ru.zip (MIT version) * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26uir.zip (ui version) * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip Spanish * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.spanish.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz Swedish * _UK:_ ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_swedish.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt MAILINGLISTE FUER PGP UND VERWANDTES (PGP MAILING LIST IN GERMAN) Die Listenadresse: pgp-friends@fiction.pb.owl.de Die *Request*adresse (fuer subscribe/unsubscribe und andere Administra- tiva): pgp-friends-request@fiction.pb.owl.de WHAT IS ALL THIS NONSENSE ABOUT EXPORT CONTROLS? For a detailed rant, get ftp://ftp.csn.net/mpj/cryptusa.zip The practical meaning, until the law is corrected to make sense, is that you are requested to get PGP from sites outside of the USA and Canada if you are outside of the USA and Canada. If you are in France, I understand that you aren't even supposed import it. Other countries may be worse. Make sure you follow the laws of your own country. If you want to officially export PGP, you may be able to get permission in limited cases and for a fee. Contact the U. S. Department of State for information. WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST IN THE USA? MIT PGP is only for personal, noncommercial use because of restrictions on the licensing of both the RSA algorithm (attached to RSAREF) and the IDEA algorithm. PKP/RSADSI insist that we use RSAREF instead of the mpi library for reasons that make sense to them. For commercial use, use Viacrypt PGP, which is fully licensed to use both the RSA and IDEA algorithms in commercial and corporate environments (as well as personal use, of course). Another restriction is due to an exclusive marketing agreement between Philip Zimmermann and Viacrypt that applies to the USA and Canada only. Viacrypt has exclusive rights to market PGP commercialy in this area of the world. This means that if you want to market PGP commercially in competition with Viacrypt in the USA or Canada, you would have to create a new implementation of the functions of PGP containing none of Philip Zimmermann's copyrighted code. You are free to modify existing PGP code for your own use, as long as you don't sell it. Phil would also appreciate your checking with him before you distribute any modified versions of PGP as freeware. "PGP", "Pretty Good Privacy" and "Phil's Pretty Good Software" are trademarks owned by Philip Zimmermann. This means that if you modify an older version of PGP that was issued under the copyleft license and distribute it without Phil's permission, you have to call it something else. This avoids confusing all of us and protects Phil's good name. WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST IN CANADA? MIT PGP is only for noncommercial use because of restrictions on the licensing of the IDEA algorithm. Because the RSA algorithm isn't patented in Canada, you are free to use the mpi library instead of RSAREF, if you want to, thus freeing yourself of the RSAREF license associated with the RSAREF copyright, which is valid in Canada. For commercial use, use Viacrypt PGP, which is fully licensed to use the IDEA algorithm in commercial and corporate environments. The exclusive marketing agreement with Viacrypt also applies in Canada. See the section on USA intellectual property restrictions for more details. WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST OUTSIDE NORTH AMERICA? MIT PGP is only for noncommercial in areas where there is a patent on software implementations of the IDEA algorithm. Because the RSA algorithm isn't patented outside of the USA, you are free to use the mpi library instead of RSAREF, if you want to, thus freeing yourself of the RSAREF license restrictions. The RSAREF copyright holds outside of the USA, even though the RSA patent does not. The IDEA conventional block cipher is covered by US Patent 5,214,703 and European patent EP 0 482 154 B1. IDEA is a trademark of Ascom-Tech AG. Commercial users of IDEA (including commercial use of PGP) may obtain licensing details from Ph. Baumann, Ascom Tech Ltd., IDEA Lizenz, Postfach 151, CH-4502 Solothurn, Switzerland, Tel ++41 65 242828, Fax ++41 65 242847. ... Anyone coming for my guns better be prepared to meet god. 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: All 6 Jan 95 13:25:56 Subject: Where to get PGP 7 UpdReq WHAT IS COMMERCIAL USE? Use some common sense. If you are running a business and using PGP to protect credit card numbers sent to you electronically, then you are using PGP commercially. Your customers, however, need not buy the commercial version of PGP just to buy something from you, if that is the only commercial use they make of PGP (since they are spending, not making, money with PGP). If you are just encrypting love letters or other personal mail (for which you don't get paid) on your own personal computer, that is not commercial. If you are encrypting official business mail on your for-profit corporation's computer with PGP, that is commercial use. Note that there are some gray areas not covered above, and the patent owners of RSA and IDEA may differ from my interpretation in the areas not covered above, so if you are in doubt, you should consider the licensing of Viacrypt PGP (or outside of North America, direct licensing of IDEA) to be cheap legal insurance. Indeed, the license fee is probably a lot cheaper than a legal opinion from a lawyer qualified to make such a judgement. Note that I am not a lawyer and the above is not legal advise. Use it at your own risk. WHAT IS THE "TIME BOMB" IN MIT PGP 2.6? There was a version byte change in MIT PGP 2.6 as of 1 September 1994. See ftp://ftp.csn.net/mpj/pgpbomb.asc for details. ARE MY KEYS COMPATIBLE WITH THE OTHER PGP VERSIONS? If your RSA key modulus length is less than or equal to 1024 bits (I don't recommend less, unless you have a really slow computer and little patience), and if your key was generated in the PKCS format, then it will work with any of the current PGP versions (MIT PGP 2.6, PGP 2.6ui, or Viacrypt PGP 2.7). If this is not the case, you really should generate a new key that qualifies. MIT PGP 2.6.2 should be able to use 2048 bit keys. Generation of 2048 bit keys is supposed to automatically be enabled in PGP 2.6.2 in December, 1994. By then, hopefully, most people will have had a chance to upgrade to a version of PGP that can use them, so longer keys won't be a big problem. On the other hand, 1024 bit keys are probably beyond the reach of most criminals and spies to break, anyway. MORE WORLD WIDE WEB URLs http://draco.centerline.com:8080/~franl/pgp/pgp-mac-faq-hinely.html http://draco.centerline.com:8080/~franl/pgp/pgp.html http://draco.centerline.com:8080/~franl/crypto/cryptography.html http://www.pegasus.esprit.ec.org/people/arne/pgp.html http://rschp2.anu.edu.au:8080/crypt.html http://ibd.ar.com/PublicKeys.html http://www.ifi.uio.no/~staalesc/PGPversions.html WINDOWS SHELLS Several shells for running PGP with Microsoft Windows are available at the same places PGP can be found. MACPGP KIT The MacPGP kit is a user interface for the Mac version of PGP. See ftp://ftp.netcom.com/pub/qw/qwerty ftp://duke.bwh.harvard.edu:/pub/adam/mcip/MacPGP_icons.sit.hqx ftp://duke.bwh.harvard.edu:/pub/adam/mcip/MacPGPkit.hqx ftp://duke.bwh.harvard.edu:/pub/adam/mcip/MacPGPkitSources.sit.hqx BUGS See the documentation that comes with PGP in the latest versions for bugs in the older versions. The latest versions of PGP may not fully wipe all traces of plain text from a file when given the -w option. For more information, see http://www.mit.edu:8001/people/warlord/pgp-faq.html BETSI - BELLCORE'S TRUSTED SOFTWARE INTEGRITY SYSTEM For information on this service, send mail to certify@bellcore.com with the subject help, or check http://info.bellcore.com/BETSI/betsi.html INTEGRATING PGP AND PINE Send blank e-mail to slutsky@lipschitz.sfasu.edu with Subject: mkpgp to get a c-shell script to interface PGP and Pine. Send a second message with Subject: addtomkpgplist if you want updates sent you automatically. ... When the shit hits the fans, reverse the motor. 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: All 6 Jan 95 13:26:32 Subject: Where to get PGP 8 UpdReq HOW DO I PUBLISH MY PGP PUBLIC KEY? There are lots of ways. One way is to use a key server. Send mail to one of these addresses with the single word "help" in the subject line to find out how to use a key server. pgp-public-keys@pgp.iastate.edu pgp-public-keys@pgp.mit.edu pgp-public-keys@pgp.ai.mit.edu public-key-server@pgp.ai.mit.edu pgp-public-keys@cs.tamu.edu pgp-public-keys@chao.sw.oz.au pgp-public-keys@jpunix.com pgp-public-keys@dsi.unimi.it pgp-public-keys@kiae.su pgp-public-keys@fbihh.informatik.uni-hamburg.de There is also an experimental public key server at http://ibd.ar.com/PublicKeys.html There is a commercial key certification and publication service, too. Send mail to info@Four11.com for information. You can also mail your key to pgp-public-keys@c2.org, and it will be posted to the subscribers of that mailing list, sent to the keyservers, and posted to alt.security.keydist. To subscribe to the mailing list, send a message to majordomo@c2.org with "subscribe pgp-public-keys" in the body of the message. Another way is to upload it to the PGP public keys area of the Colorado Catacombs BBS (303-772-1062). Another way is to just send it to your correspondents. You could add it to your .plan file so that finger returns your key. You could add it to some of your postings. No matter which way you do it, you should have your key signed by someone who verifies that your key belongs to you, so that you don't have someone else generating a key that has your name on it, but that isn't yours. Here is my public key: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7 mQCNAi4PT2QAAAEEAPPCZnrshEJ9PSnV+mXEwjM4kzJF0kyg2MnLMzo83vWI40ei jogncqdkXT0c2TQWg+Bsu9ckFoXdId0utumYv0aqd8yI/oU/DwJ1zJrqRL2PFbxe ZLofHoKFjvq1TiNiJq9ps3jW6iYS4IU1SzyKhjmyE+K0+WyrPPX0zg8FAL9FAAUR tCdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajiJAJUCBRAu G3chZXmEuMepZt0BAZtAA/0Rw5mintlUDgHycNbeoyIiMHoLu8jWaCSaiGSt+dDU 1A/bUCo+gorv5TYxOClRf3XHjD6zSooWyUz3ehotrzPYLunhVOE2YBxPU+OvKFOc 37mcZrnXGBlF5NblnSYxp0186tGaTm7WMWx7NDlHT4GvhzHJQSOoo48ykDkKm/mk LIkAlQIFEC4PWbs/ZwY8hTPrxQEBKyMD/A7kv91C1ZZIRtkbC9k9lsWOgOnO8wG8 bGMajaco465Z5llWD+Y8QCMdSWcowtOBGfW0Wv1bZ1uebeCpg1L66pJ7C+BOExrk gPqRVCstLLiVerKGeSOZo3yXtxYKYX7mHQPrHp98ef7fUG4IiKS+S+znmGxpJwrV sHZRlhJ3hXUsiQCVAgUQLg9ZefX0zg8FAL9FAQFBTAQAh4u4Vun7WhPuL6fsXiXm paaGfeLtd3biRj/aOMAG1eHuhVdWejx71ormyKTdNB2YV56bpsE3JQ/KhBuYDo0N SkRnqeM2S+Ef7aZEg6Q44uXG52pqCZUldtCeYfOs3aLCR9SMlc6Y3zmpSwB1wKP0 5+tN9zruNYVKKBLWEIFAY7W0K01pY2hhZWwgUGF1bCBKb2huc29uIDxtLnAuam9o bnNvbkBpZWVlLm9yZz60IE1pY2hhZWwgSm9obnNvbiA8bXBqQG5ldGNvbS5jb20+ tChNaWtlIEpvaG5zb24gPDcxMzMxLjIzMzJAY29tcHVzZXJ2ZS5jb20+tCtNaWNo YWVsIFAuIEpvaG5zb24gPG1wam9obnNvQG55eC5jcy5kdS5lZHU+tC1EbyBub3Qg dXNlIGZvciBlbmNyeXB0aW9uIGFmdGVyIDI3IEp1bmUgMTk5Ni4= =rR4q - -----END PGP PUBLIC KEY BLOCK----- Permission is granted to distribute unmodified copies of this FAQ. To get the latest version of this FAQ, get ftp://ftp.netcom.com/pub/mp/mpj/getpgp.asc or send mail to ftp-request@netcom.com with the line SEND mp/mpj/getpgp.asc in the body of the message, or send blank mail to mpjohnso@nyx.cs.du.edu. There are many other frequently asked questions. Most of them are covered in the documentation that comes with PGP or in one of the books about PGP. Send corrections to mpj@netcom.com. I regret that I lost some of the corrections people sent me on the last round of this FAQ, so if I missed yours, please send it again. Thanks. ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 | | | | / _ | mpj@csn.org aka mpj@netcom.com m.p.johnson@ieee.org | | |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 | | |||\ ( | ftp://ftp.netcom.com/pub/mp/mpj/README -. --- ----- .... | | ||| \ \_/ |___________________________________________________________| ... Very funny Mr. Scott - now beam up my clothes! 201434369420143436942014343694201434369420143436942014343694718 From: Richard Dale Area: Public Key Encryption To: David Chessler 7 Jan 95 19:55:10 Subject: Re: key revoke UpdReq DC>*Moreover, since it's a number that is publicly associated with you, people DC>*might consider trying it, putting it in the dictionary file. If added to a DC>*conventional passphrase it would strengthen it, That's true, and that's why I'd alter it. Easy-to-guess pass phrases are as bad as no encryption in the first place. The numbers have been out of use for several years now, though, and I rarely run into anyone who remembers how they used to be. Sheesh! At work half our passwords are "password". The login name to get into a system is the person's initials, then there's a random password, but the Windows program password is the person's first name in lower case. The problem is, there are a lot of temp workers and random people that do need access, so the catch is that security is fairly lax. * 1st 2.00b #567 * A husband is a lover who pushed his luck too far. 201434369420143436942014343694201434369420143436942014343694718 From: Ian Hebert Area: Public Key Encryption To: John Goerzen 8 Jan 95 20:09:10 Subject: Can I Freq Pgp? UpdReq -----BEGIN PGP SIGNED MESSAGE----- JG> TV> 2.6.2 fixes a lot of bugs, and is fully legal. 'nuff said. You JG> TV> can FREQ here with the magic name of PGP (or try PGP262.ZIP if JG> TV> that fails). JG> Should be added here that 2.6.2 is fully legal only within the US. JG> It is illegal to export it. JG> International users need PGP 2.xx UI (it will always have UI after it). This is old information--the versions of PGP with ui after them (i.e. PGP 2.6ui) are based on the 2.3a source code--in other words, they are modified 2.3a versions. The latest international version, PGP 2.6.i, is based on the source code of 2.6.1. PGP 2.6.i has incorporated modifications to make it functionally equivalent to PGP 2.6.2; i.e. 2047-bit keys, no more clearsig bug, etc. JG> BBS operators can be indicted on criminal charges if somebody from JG> outside the US downloads or FREQs PGP. Technically, citizens of both the U.S. and Canada are subject to ITAR, and therefore both may legally obtain PGP 2.6.2. I would urge Canadians, though, to use PGP 2.6.i. The reasons for this are: since Canadians are not subject to U.S. patent laws, there is no reason for us to be forced to use PGP 2.6.2. Secondly, PGP 2.6.i does not have any of the 'features' put into 2.6.2 at the insistence of Public Key Partners (PKP)--i.e. the new version byte, non-compatibility with signatures made with prior versions of PGP. Ian Hebert London, Ontario, Canada RIME: HOMEBASE (5508) Fido: 1:2401/114 Internet: ian.hebert@homebase.com PGP Key: 1024 / 077A2F7F 1993/02/11 PGP Key Fingerprint: A2 15 DE 22 DA FE D4 DC 0F 17 43 24 1F F2 1E 7B -----BEGIN PGP SIGNATURE----- Version: 2.6.i iQEVAgUBLxCP7R4Q9YNx1O8pAQGywwf/YWcOtOimo71BgWFFsHUTHNfVUHDSdcof dKAchwYDZJ7uwyGDlEX3E+P0mK6D0geGaE40HIEgNkDwXkmu0l11oDc4tapMeWvy 4TLRR6GVIujU8Dnw4qoT74aWEGUhW0VStJGymll4/x+Y49fee0Ghl3vp4CQ1RWud 6qo1cwzt964q9p4PKq04XYIx9xPmhn4CkENgACyxxmL5FSJ3BEN7T3/EnQQW13lp CCn5B7pEQ0V8O54SdX2lXtvG93yOH2GlkwbqKKb1yyQUMjqhw1+J4nMjR3C3t8KW wEH34I6CcfzJMToKHH/fScbVA4M8F4X0f9C0r73TCANY8mhRFlGl9Q== =vTDu -----END PGP SIGNATURE----- * RM 1.3 02664 * Frustrate the NSA, CIA & FBI--Use Pretty Good Privacy (PGP)! 201434369420143436942014343694201434369420143436942014343694718 From: Ted Rolle Area: Public Key Encryption To: Aaron Goldblatt 8 Jan 95 07:53:00 Subject: Can I Freq Pgp? UpdReq Hello Aaron! Thursday January 05 1995 23:41, Aaron Goldblatt wrote to John Goerzen: JG>> BBS operators can be indicted on criminal charges if somebody JG>> from outside the US downloads or FREQs PGP. AG> Like I can control that. Actually, you can. I only allow systems with which I have previously established a password to freq from the PGP directory. Actually no one has freq'ed PGP from here because it's easier to get from some other source, but that process keeps me clean. Ted 201434369420143436942014343694201434369420143436942014343694718 From: gk pace Area: Public Key Encryption To: Jim Bell 8 Jan 95 17:17:12 Subject: Re: Can I Freq Pgp? UpdReq In a message dated: 06 Jan 95, you were quoted as saying: JB> -=> Quoting John Goerzen@1:291/51 to Todd Jacobs <=- JB> TV> 2.6.2 fixes a lot of bugs, and is fully legal. 'nuff said. You can JB> FREQ JB> TV> here with the magic name of PGP (or try PGP262.ZIP if that fails). JB> JG> Should be added here that 2.6.2 is fully legal only within the US. It JB> JG> is illegal to export it. JB> JG> International users need PGP 2.xx UI (it will always have UI after JB> JG> it). JB> JG> BBS operators can be indicted on criminal charges if somebody from JB> JG> outside the US downloads or FREQs PGP. JB> Who says? Documentation, please. JB> ... On what conclusion do you base your facts? How about Phillip being the target of a US Grand Jury for alledgedly placing PGP upon a medium which "allowed" it to be obtained by someone outside of the US? -gk 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Jim Bell 9 Jan 95 12:11:36 Subject: Can I Freq Pgp? UpdReq Despite the stern warnings of the tribal elders, Jim Bell said this to JOHN GOERZEN: JB> See the problem? The people who try to argue that putting PGP on a BBS, JB> which then is called from outside the country, results in a violation of JB> the laws chargeable to the BBS operator, are arguing a very selective JB> and opportunistic interpretation of the law. While I completely agree with you, Jim, I remind you that you're talking about a legal system that says that Freedom of Speech doesn't include certain words and images, and that "the right of the people to keep and bear arms shall not be infringed" doesn't include the people, and doesn't prohibit infringement. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Glen Todd 9 Jan 95 12:15:22 Subject: KEY REVOKE UpdReq Despite the stern warnings of the tribal elders, Glen Todd said this to Shawn McMahon: GT> I tend to use long words in obscure/fictional languages or, if I'm semi-serious GT> about securing a link (such as session pwds) I have a little utility that generates GT> psuedo-random Radix-64 sequences of any desired length. The same warnings about using English words apply to any other language you care to use, including Tibetan, tlhIngan, or Elvish. If *YOU* have a dictionary for the language, then somebody else might; and you can throw a dictionary at a tlhIngan password just as easily as you can an English one. So, if you're gonna do this, at least throw in some alphanumeric stuff. And watch those lengths; 8 characters of Tibetan is still just 8 characters. 201434369420143436942014343694201434369420143436942014343694718 From: Wes Perkhiser Area: Public Key Encryption To: Brian Giroux 6 Jan 95 05:08:48 Subject: KEY REVOKE UpdReq In a message of , Brian Giroux (1:225/330@fidonet.org) writes: RV>Only if you saved a copy of your keyring from _before_ issuing the >revocation; in which case, just replace the newly-created one with the old. BG>of posting it to the PKEY_DROP echo. Can I just add this key to BG>my BG>keyring to effectively unrevoke the key? Yes and no. I believe that PGP, when you revoke a key, also puts that certificate in the secret keyring. Unless you have a copy of that ring to import, you're still out of luck. Wes P.S. I could be wrong. Try it and let us know. 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Rich Veraa 9 Jan 95 09:56:00 Subject: Technical questions UpdReq -----BEGIN PGP SIGNED MESSAGE----- Despite the advice of tribal elders, Rich Veraa said Technical questions to Glen RV> /* Possible error exit codes - not all of these are used. Note that RV> we don't use the ANSI EXIT_SUCCESS and EXIT_FAILURE. To make things RV> easier for compilers which don't support enum we use #defines */ Captured -- thanks. GT> Second, is it possible to instruct PGP to GT> verify not only that a file contains a valid signature, but GT> that that signature matches a particular key ID? RV> Not sure what you mean here... when it finds a valid signature, it RV> _gives_ you the KeyID of that signature... I'm planning on calling PGP from another program (thus the interest in exit codes, which the calling program will read.) Having the KeyID displayed to the screen isn't much good in this scenario, as without a lot of complicated redirection it is still not available to the calling program. Ves thu heil und Gut Jul, // Glen PGP F2F935C1 ... Backup not found: (A)bort (R)etry (P)anic -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: The right of the people to be secure in their persons and papers iQEVAwUBLxFcqUsDfAvy+TXBAQFEkgf/XOyiThFNvoFS0RLYa6Hts8euUwHNHRn7 Vx5+ONUV2x1ty6TBFODF+0pSbRSu1oAe3xnMgMsXn6IPEPLmms1Md9+FiwjHTvD6 TC2xE+JLGLviZXETCLDevR5R5JzGaueaBmmV6jyBTmTbJD3XpQ0vSyYrzuKoYpwU d9AjtbXe11DYW1O+qrl1mvGHP+fj++tpNVMvlQP440f6cIxJb8H54OgZyCFpLaAD g+WzPUjfrYeyqSo7kO0WRvEDWIfuQuNMRtpueG/EurCZRBMMD9XyNioMUNurigi6 rlmGcDQlENIRkXGU2u/P+7D8DjHIzW7OJ+2b9OYMOTS4HaNDUPq64g== =BK7U -----END PGP SIGNATURE----- ~~~ PGPBLUE 2.5 201434369420143436942014343694201434369420143436942014343694718