-----BEGIN PGP SIGNED MESSAGE-----

THIS IS AN UNOFFICIAL RELEASE OF PGP

If you're new to PGP, go away and read the normal documentation first, then come back and read this. If you're upgrading from a previous version, read on...

MIT have released what they call version 2.6 of PGP. Unlike PGP 2.3a, it uses the RSAREF library. This has a number of ramifications:

1. Key sizes are limited to 1024 bits.
2. You must agree to the RSAREF license.
3. MIT PGP 2.6 is not publicly and widely available outside the USA and Canada, because RSAREF falls under ITAR export restrictions.

Worse, MIT's PGP 2.6 has been deliberately crippled, so that after September 1st 1994 it will produce encoded data which PGP 2.3a cannot decode.

This is an unofficial release of PGP based on 2.3a, modified for interoperability with MIT's PGP 2.6. The following changes have been made:

• This version of PGP will read encoded data produced by both MIT PGP 2.6 and PGP 2.3a.

• You can choose to write data either in the "new" format used by MIT PGP 2.6, or in the old PGP 2.3a format. To do this, use the command line switch +version_byte=3 for MIT PGP 2.6 format, or +version_byte=2 for PGP 2.3a format (the default).

  You can also specify a line like:

         version_byte = 3
  

  in your config.txt file.

  This version does not have any time-bomb code in it. If you want to switch version byte like MIT PGP does, you'll have to do it manually on September 1st. There's no advantage in doing so, unless you want it to look like you're running MIT PGP.

• You can choose the version text which you want to have appear in ASCII armoured files. The default is 2.6, and if you're in the USA you probably don't want to change it, as a well known net.personality tends to harass people whose PGP armor says anything else.

  To change the version text, use a command line argument such as +armor_version=2.6ui or +armor_version=2.3 -- but please do try and use this feature responsibly, and don't go creating random version strings unnecessarily.

  You can also specify

        armor_version = 2.6ui
  

  or similar in your config.txt file.

• This version of PGP displays and accepts 8 characters of the key ID. Hence there's less chance of two keys having the same visible ID.
• Makefile entries have been added for sunos5cc and sunos5gcc, for people using SPARC workstations running Solaris 2. I have personally tested the sunos5gcc build on Solaris 2.3, and it compiles cleanly. A line for NeXTstep Intel has also been added (next486).
• The file idea68k.s has been removed, at the request of the author. It was obsolete. Better 68k routines are available; for example, suitable routines for the Amiga are available on Aminet.
• A message has been added to the key generation section, reminding the user that MIT PGP 2.6 will only handle keys of 504-1024 bits. This version has no key length crippling, however.
• Memory allocated with _fcalloc and freed with _ffree in ztrees.c and zdeflate.c, to avoid memory leakage in the MS-DOS version.
• The -w option wipes files with pseudo-random data, to try and ensure the file is wiped even if you're using a disk compressor. Note that this still isn't perfect; DOS can randomly duplicate bits of cleartext files in partially-used clusters, and those fragments won't be removed if the original file is wiped.
• Branko Lankester and Paul C Leyland's patches have been applied, so that newer key certification signatures automatically replace older ones.

This release reports itself as 2.6ui. It's 2.6 because if it were called 2.3b, users would get confused as to whether 2.3b was compatible with MIT PGP 2.6, given the much smaller version number. I haven't called this version 2.7, because I have no wish to get involved in the kind of "version number war" which goes on between (say) Microsoft, IBM and Novell over DOS.

The letters "ui" stand for Unofficial International release. It's an unofficial release in that it has not been approved by Philip Zimmermann.

This version was assembled by mathew mathew@mantis.co.uk from the standard PGP 2.3a sources, and from source code patches obtained from the net. All patches were scrutinized carefully before being applied by hand. No binary patches were used. The DOS executables were built by mathew using Microsoft Visual C++ version 1.0 (MS C v8).

No RSAREF source code was used; in fact, I used no source code from MIT PGP at all. I haven't even looked at the MIT sources. (No, really.)

Thanks go to Alan Barrett barrett@ee.und.ac.za, Planar Damien.Doligez@inria.fr and Pr0duct Cypher for 2.6 information and interoperability patches. Philip C. Kizer pckizer@gonzo.tamu.edu provided the Solaris 2 patches. The key signature patches were by Paul C Leyland pcl@black.ox.ac.uk and Branko Lancaster branko@suppnet1.support.nl. Thanks also to those who tested 2.6ui against MIT 2.6; you'd better remain anonymous, but you know who you are...

Disclaimer: This software is nothing to do with Mantis Consultants, and is without warranty or guarantee of any kind. Using it in the USA is probably very naughty.

If you used this version of PGP in the USA, and if you remembered to change version_byte to 3 on September 1st 1994, your PGP messages would almost certainly be indistinguishable from ones produced using MIT PGP 2.6. That would be very naughty and devious, though, so don't do it.

My key is on the usual key servers; detached signatures are available for the zip and tar files. Note that if the signature matches, that only really means that the files you have are the same as the ones I have; it doesn't mean that I guarantee this release of PGP works, or that I've examined it for cryptographic back doors.

Naturally, you should only use this release of PGP if you think you can trust me, or if you've compared the source with 2.3a and compiled it yourself. I've created some md5 values in contrib/md5sum. The old pgp23a ones are there, so you can detect which files I've changed :-)

If you have any patches to fix bugs or add features, feel free to mail them to me, and I'll consider adding them to any future unofficial release.

mathew
mathew@mantis.co.uk

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLeXrEnzXN+VrOblFAQGNJgQAmgZEiop3zrMIxvx9Tg4dHRdG28wtay7l
RO3bMpDl0FiVB+KL/56zmbt1p4kDpiyxCoalyY0br9URl8aoS+JRzs7yqmxE7BC0
Z49x18ednTv8rQiAH0pPXHiJJs7Ds2Ea74kLmWZvDyjTZWJD+bMUlPjVEc0IH/9u
jjgMjJ+H3uU=
=Vdz2
-----END PGP SIGNATURE-----

PGP main page
Meine Homepage
UNIX-AG Homepage