From:    Jerome Greene                          Area: Public Key Encryption
To:      jason carr                             13 Oct 94 11:34:16
Subject: Re: New To Pgp                         UpdReq 

-----BEGIN PGP SIGNED MESSAGE-----

- -=>jason carr was heard talking about New To Pgp to Casey Cady <=-
   Hi jason!
 jc> Here's how I do it.  It's a little sloppy now, but it works and may
 jc> give you some ideas.
 jc> ::      CALLQ.BAT, a way to make timEd call PGP for encryption,
Looks like you've cleaned this up quite a bit from what I first saw.
Jerry


-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
Comment: F x S = K The product of freedom and security is a contant.
iQCVAwUBLp1hbHF52VfebiBFAQGEugP/RWZ9O8F2+AhdIM3FMYPnOEJKz2fVQJx3
bnLAWKtbb7d4B9Wj+WzMk0JnP0h5AEY3DRWx6stgZNxOlga78CX/XNS+hUP/ceaZ
70qDzZ/hmQW3iI8jcC3v1HWeRFQccd9aDh4QWJcixrr2ssIWNkVUCKOw/dPwd2Zu
jb7aNAbyUgw=
=cfKr
-----END PGP SIGNATURE-----
**EZ-PGP v1.07
... I can see clearly now, the brain is gone...


201434369420143436942014343694201434369420143436942014343694718

From:    David McIntyre                         Area: Public Key Encryption
To:      All                                    12 Oct 94 06:03:24
Subject: Which PGP version is best?             UpdReq 

I know this is a loaded question, but which is the best version of PGP
to use?  I know that 2.3a is the last version with true RSA, but is the
new encryption algorithm any less secure than RSA?  Also, which version
will allow the most people to decrypt my messages?  Last question is,
what is the best format to use as my ID/address if I don't have an
internet address?  I considered using David McIntyre <Xyzzy> (my normal
alias).  Most people in the key distribution have internet addresses, so
I don't have an example to work with.
  Thanks in advance,
    David

201434369420143436942014343694201434369420143436942014343694718

From:    Alan Pugh                              Area: Public Key Encryption
To:      jason carr                             11 Oct 94 09:46:06
Subject: Clear-Signed "Hole"                    UpdReq 

  gp> This reported problem is expected to be fixed, with the release of
 gp> 2.6.2, which is anticipated to be available within two weeks.  There
 gp> will be some additional enhancements as well.
  gp> Look for the release sometime after this coming thursday.
  AP> uh, is there any word when it will settle down? this
 AP> _release a week_ stuff is confusing to many. myself
 jc> Well, I'm grateful you guys are out there poring over the code and
 jc> doing what you can to improve the software.  I'm just now starting to
 jc> learn C, so it'll be a long while before I'll be able to make any
 jc> meaningful changes on my own...  :)
jason,
one thing to keep in mind when contemplating making modifications to
pgp is to generally stay away from the code that does the actual
encoding and key generation. unless you really have a deep background
in encryption, it would be pretty easy to weaken the program
unknowingly. i wish _i_ had formal training in crypto-magic.
if i had it to do over again, i'd probably head in that direction in
school. i used to have a really good report on crypto on my computer
somewhere. can't seem to find it now though. it went into pretty good
detail on some of the algorthms and different crypto methods,
weaknesses to attack, and other similar stuff. (stuff is a technical
term here) <bg>
if i find it again, i'll post it somewhere for the masses.
amp
<0003701548@mcimail.com>
October 11, 1994   10:46
  ... FBI: Fry, Burn, Incinerate

201434369420143436942014343694201434369420143436942014343694718

From:    jason carr                             Area: Public Key Encryption
To:      Alan Pugh                              13 Oct 94 10:35:52
Subject: Re: Clear-Signed "Hole"                UpdReq 

-----BEGIN PGP SIGNED MESSAGE-----
Alan Pugh wrote in a message to gk pace:
AP> i've played with this to see how much of a bug it is, and i
AP> think it is a pretty serious bug to those not _thouroughly_
AP> conversant with the workings of pgp. many wouldn't think to
AP> check the output with a messages if it checks out as o.k.  i
If they're not checking output, the problem is not limited to them not
being "conversant with the workings."  They have misunderstood the
concept completely.
An unchecked sig is worthless, has no value at all.
jason
... Yes, I know I'm off topic.

-----BEGIN PGP SIGNATURE-----
Version: 2.61
Comment: PGP_ECHO:  Encryption, sigs, and fun in D-FtW...
iQCVAwUBLp1xTEjhGzlN9lCZAQGLfQQAk88Qojgs/124xPomgIzA4VtGBcf0upUc
CwlZQIO4bS4pyLxmtezUb014Rd0yyQiiRpc+uzSGD4+s1h+aXgZDVko99GukvFB2
jtijKU37sQQcRNvnJytM/BiOO+/owYeXRZWNiPRuCyCGZYckXQUhDTXriFA8C0Rp
rUr1vY2daTY=
=mObQ
-----END PGP SIGNATURE-----



201434369420143436942014343694201434369420143436942014343694718

From:    Brad Stiles                            Area: Public Key Encryption
To:      Wes Landaker                           13 Oct 94 19:15:00
Subject: New To Pgp                             UpdReq 

Hello Wes!
 BS>> Do you know how to decrypt a message in GoldEd without
 BS>> editing it first? I haven't seen any way to do this when just
 WL> Sure! :) Set it to a function key:
 WL> (out of GOLDKEYS.CFG)
 WL> F12         ExternUtil03
 WL> So I just press F12 to decrypt. =) You can set it to whatever you want, of
 WL> course.
    Well, duh!  Maybe if I read the docs a little more carefully, huh?  Thanks.
 WL> REXX command script that handles everything for me under OS/2, and gives
 WL> me the choices of encrypting to multiple people, etc. =) Nothing you can't
 WL> do under DOS, though. :) If you're interested, I can send it to ya, or
 WL> post it here. =)
    Unfortunately, I'm not running OS/2 right now, but if you'd still care to
send it, I'd appreciate it.  I'll file it away in the "future" file.  Thanks.
 WL> Oh, also: check out the EDITSAVEUTIL function. I have PGP Sign and PGP
 WL> Encrypt right on my save menu, so I never have to exit GoldED at all. =)
    That's where I've got those as well.  I just never paid enough attention to
connect the two.  That's what I get for letting other folks do the work and 
just patching it in, eh?
                                   Brad
   CIS:      76450,3637            Internet:
   Fido:     1:280/119             tyb30n@mqg1.usmc.mil
   PGP public key available - FReq PGPKEY or PUBLIC_KEY


201434369420143436942014343694201434369420143436942014343694718

From:    Jack O'Neill                           Area: Public Key Encryption
To:      Ryan Adams                             13 Oct 94 19:58:48
Subject: PGP & Golded                           UpdReq 

-----BEGIN PGP SIGNED MESSAGE-----
Hello Ryan,
Tuesday October 11 1994 20:21, Ryan Adams wrote to All:
 RA> I am having some problems using GoldEd 2.42 for OS/2 and PGP 2.6 UI for
 RA> OS/2. Quite simply,  they don't seem to work together using the files and
 RA> instructions that are included in Golded.  I think there might be some
 RA> incombatible commands,  but I am not sure.  I really have not too much
 RA> interest or knowledge in PGP,  I simply want to send and recieve fairly
 RA> secure mail. I'll leave the paranoia to the security freaks who think the
 RA> CIA is watching them <g>.
This works for me:
In Golded.Cfg
- ---------------------
EDITSAVEMENU Yes
EDITSAVEUTIL 1 "S PGP Sign the msg"
EDITSAVEUTIL 2 "E PGP Encode the msg"
EXTERNUTIL 1 F:\PGP\Sign @file
EXTERNUTIL 2 F:\PGP\Encrypt @file @DName
EXTERNUTIL 12 F:\PGP\Pgp -m @file
- ----------------------
In GoldKeys.Cfg
- ---------------------
F12 ExternUtil12
- ---------------------
Sign.Cmd
- --------
F:\pgp\pgp -sat %1
del %1
ren %@name[%1].asc %1
Encrypt.Cmd
- -----------
F:\pgp\pgp -esat %1 "%2$"
del %1
ren %@name[%1].asc %1
Jack
    Freq PGPKEY for (guess what) my PGP Key.
... Some people confuse boredom with security.
- --- GoldED/2 2.50.B0822+
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
Comment: The right of the people to be secure in their persons, houses, 
papers, and effects, ...
iQCVAwUBLp3Z6L9heO3mhXfZAQG0KAP/VCKfm8sjz8rm89UmggaFnStcQFhdVCqz
P/vNxaie0t6fEuhQfWL+iLgZ3DpnYOUMflYJIHaE+q15tWbSdCHXzHk58dbeZhPR
om10PdCk6HrvYSaCwgnEly9zo6VoI3ud7S4XGBLMmLmtRD+cOT0SQZ4QGpNuNBMX
c7LN89ve4wA=
=2Wjs
-----END PGP SIGNATURE-----


201434369420143436942014343694201434369420143436942014343694718

From:    Jim Cannell                            Area: Public Key Encryption
To:      Alan Pugh                              13 Oct 94 17:55:16
Subject: Bug in PGP signatures                  UpdReq 

-----BEGIN PGP SIGNED MESSAGE-----
In a msg on <Oct 07 23:54>, Alan Pugh of 1:151/142 writes:
 AP>  jim, i posted the following to a friend, but figured i'd post it
 AP> here to you to see what you think as well.
The problem has a workaround.  All you need do is process the message
through PGP.
 AP> -----BEGIN PGP SIGNED MESSAGE-----
 AP> 
 AP> this is a quick and dirty message to show the true extent
 AP> of the weakness of pgp clear signed messages. until the bug
 AP> described below is fixed, don't trust them.
 AP> amp
 AP> hello james,
Most text deleted.
 AP> later,
 AP> amp
 AP> -----BEGIN PGP SIGNATURE-----
 AP> Version: 2.3a
I ran this message through PGP.  I do not have the correct key to verify
the signature.  However, only the correct text was returned.  What I got
is posted below with the central portion of the text deleted to save
space.
Key matching expected Key ID E04FA2E1 not found in file 
'c:\tools\pgp\pubring.pgp'.
Enter public key filename: 
Key matching expected Key ID E04FA2E1 not found in file 
'c:\tools\pgp\bigring.pgp'.
Enter public key filename: 
Key matching expected Key ID E04FA2E1 not found in file 
'c:\tools\pgp\intring.pgp'.
Enter public key filename: 
WARNING: Can't find the right public key-- can't check signature integrity.

- ------------ P L A I N   T E X T   F O L L O W S ------------ 
hello james,
you posted a message pointing out the fact that pgp does not barf on
clear signed messages that have been altered. my adding lines
immediately after the =begin= line and then putting a blank line in
to fake pgp out into thinking that that is where the message begins.
>>>>> deleted stuff <<<<<
i no longer trus clear signed messages at all in echomail.
later,
amp
Note that the bogus text that was added at the beginning did not survive
the trip through PGP even though I did not have the public key to verify
the signature.
BTW, you might post your key in PKEY_DROP.
Jim - International SecureMail Host (ISMH)
PGP key 1024/B7822B3D
fingerprint =  0F F4 79 06 3B 33 99 D1  07 36 66 66 80 85 76 B3
Protect your right to privacy. Say no to GAK.

-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAwUBLp3ZECWTIMO3gis9AQFOAQP/cD0wi22j+1oLJ+t+0CYt9PiGzlj5h4ut
fCbNkJ0kFkUDfg+avlLgoXEbzssLx3PfCzfVDZEj8Q2grqxZJsvefJyfE8fUrWDz
8fLxnXS42ArMyplMaOe3PVUwGD23Vc4qQ9cesfx0Axx2QeNKq6m+JHk8Dzw6qv63
YA8eGFrxiDs=
=sAWD
-----END PGP SIGNATURE-----


201434369420143436942014343694201434369420143436942014343694718

From:    Low Kok Kiong                          Area: Public Key Encryption
To:      All                                    12 Oct 94 22:27:10
Subject: pgp - HELP!!!                          UpdReq 

Hi every1,
after modemming for the past month, i have come across "pgp" a few
times.   I think it stands for "Pretty Good Privacy", but apart
from that, i know next to nothing.   any1 out there please enlighten
how to use it, which file/program to download ...etc, possibly 
also what literature to read to understand more?   thanks alot.
... No Right..No Wrong..No Nothing..No Everything...Planet ReeBok?
--- RemoteAccess 2.02+

201434369420143436942014343694201434369420143436942014343694718