-----BEGIN PGP SIGNED MESSAGE-----
If you're new to PGP, go away and read the normal documentation first, then come back and read this. If you're upgrading from a previous version, read on...
MIT have released what they call version 2.6 of PGP. Unlike PGP 2.3a, it uses the RSAREF library. This has a number of ramifications:
Worse, MIT's PGP 2.6 has been deliberately crippled, so that after September 1st 1994 it will produce encoded data which PGP 2.3a cannot decode.
This is an unofficial release of PGP based on 2.3a, modified for interoperability with MIT's PGP 2.6. The following changes have been made:
You can choose to write data either in the "new" format used by MIT
PGP 2.6, or in the old PGP 2.3a format. To do this, use the
command line switch +version_byte=3
for MIT PGP 2.6 format, or
+version_byte=2
for PGP 2.3a format (the default).
You can also specify a line like:
version_byte = 3
in your config.txt file.
This version does not have any time-bomb code in it. If you want to switch version byte like MIT PGP does, you'll have to do it manually on September 1st. There's no advantage in doing so, unless you want it to look like you're running MIT PGP.You can choose the version text which you want to have appear in ASCII armoured files. The default is 2.6, and if you're in the USA you probably don't want to change it, as a well known net.personality tends to harass people whose PGP armor says anything else.
To change the version text, use a command line argument such as
+armor_version=2.6ui
or +armor_version=2.3
-- but please do try
and use this feature responsibly, and don't go creating random version
strings unnecessarily.
You can also specify
armor_version = 2.6ui
or similar in your config.txt file.
_fcalloc
and freed with _ffree
in ztrees.c
and zdeflate.c
, to avoid memory leakage in the MS-DOS version.
-w
option wipes files with pseudo-random data, to try and
ensure the file is wiped even if you're using a disk compressor.
Note that this still isn't perfect; DOS can randomly duplicate bits
of cleartext files in partially-used clusters, and those fragments
won't be removed if the original file is wiped.
This release reports itself as 2.6ui. It's 2.6 because if it were called 2.3b, users would get confused as to whether 2.3b was compatible with MIT PGP 2.6, given the much smaller version number. I haven't called this version 2.7, because I have no wish to get involved in the kind of "version number war" which goes on between (say) Microsoft, IBM and Novell over DOS.
The letters "ui" stand for Unofficial International release. It's an unofficial release in that it has not been approved by Philip Zimmermann.
This version was assembled by mathew mathew@mantis.co.uk from the standard PGP 2.3a sources, and from source code patches obtained from the net. All patches were scrutinized carefully before being applied by hand. No binary patches were used. The DOS executables were built by mathew using Microsoft Visual C++ version 1.0 (MS C v8).
No RSAREF source code was used; in fact, I used no source code from MIT PGP at all. I haven't even looked at the MIT sources. (No, really.)
Thanks go to Alan Barrett barrett@ee.und.ac.za, Planar Damien.Doligez@inria.fr and Pr0duct Cypher for 2.6 information and interoperability patches. Philip C. Kizer pckizer@gonzo.tamu.edu provided the Solaris 2 patches. The key signature patches were by Paul C Leyland pcl@black.ox.ac.uk and Branko Lancaster branko@suppnet1.support.nl. Thanks also to those who tested 2.6ui against MIT 2.6; you'd better remain anonymous, but you know who you are...
Disclaimer: This software is nothing to do with Mantis Consultants, and is without warranty or guarantee of any kind. Using it in the USA is probably very naughty.
If you used this version of PGP in the USA, and if you remembered to change version_byte to 3 on September 1st 1994, your PGP messages would almost certainly be indistinguishable from ones produced using MIT PGP 2.6. That would be very naughty and devious, though, so don't do it.
My key is on the usual key servers; detached signatures are available for the zip and tar files. Note that if the signature matches, that only really means that the files you have are the same as the ones I have; it doesn't mean that I guarantee this release of PGP works, or that I've examined it for cryptographic back doors.
Naturally, you should only use this release of PGP if you think you can trust me, or if you've compared the source with 2.3a and compiled it yourself. I've created some md5 values in contrib/md5sum. The old pgp23a ones are there, so you can detect which files I've changed :-)
If you have any patches to fix bugs or add features, feel free to mail them to me, and I'll consider adding them to any future unofficial release.
mathew
mathew@mantis.co.uk
-----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLeXrEnzXN+VrOblFAQGNJgQAmgZEiop3zrMIxvx9Tg4dHRdG28wtay7l RO3bMpDl0FiVB+KL/56zmbt1p4kDpiyxCoalyY0br9URl8aoS+JRzs7yqmxE7BC0 Z49x18ednTv8rQiAH0pPXHiJJs7Ds2Ea74kLmWZvDyjTZWJD+bMUlPjVEc0IH/9u jjgMjJ+H3uU= =Vdz2 -----END PGP SIGNATURE-----
PGP main page
Meine Homepage
UNIX-AG Homepage