a couple PGP questions

Discussion in 'Computer Security' started by eee, Nov 4, 2004.

  1. eee

    eee Guest

    I got pgp freeware 8.1. Haven't installed yet.

    I see you can create different types of keys but I want to be backward
    compatible. What kind of keys should I create that are compatible with older
    pgp versions people are still using?


    I see some people are encrypting files with pgp. can I do this with the
    freeware version?


    eee
    eee, Nov 4, 2004
    #1
    1. Advertising

  2. In article <418a98ae$0$273$>, eee <> wrote:

    > I got pgp freeware 8.1. Haven't installed yet.
    >
    > I see you can create different types of keys but I want to be backward
    > compatible. What kind of keys should I create that are compatible with older
    > pgp versions people are still using?


    RSA goes back further than DH. It should not influence your choice.
    Very few current users have a version that cannot do both.
    Keep away from IDEA for session keys. There are patents which
    discourage some from its use, and slightly limit the way that GPG (Gnu
    Privacy Guard) may be distributed. That means that your correspondence
    with GPG users may not be as smooth as it might have been.

    Take PGP's defaults and you won't go far wrong.
    >
    >
    > I see some people are encrypting files with pgp. can I do this with the
    > freeware version?

    yes.
    You miss out on PGP disk I think. It is an encrypted container file. I
    find it quite useful, and it alone makes the $35 personal edition worth
    the money for me.

    --
    I thought I would be the last on earth to mung my e-mail address.
    fsnospam$elliott$$
    Elliott Roper, Nov 4, 2004
    #2
    1. Advertising

  3. eee

    nemo outis Guest

    In article <418a98ae$0$273$>, eee <> wrote:
    >
    >I got pgp freeware 8.1. Haven't installed yet.
    >
    >I see you can create different types of keys but I want to be backward
    >compatible. What kind of keys should I create that are compatible with older
    >pgp versions people are still using?
    >
    >
    >I see some people are encrypting files with pgp. can I do this with the
    >freeware version?
    >
    >
    >eee



    If you are serious about security, then open-source should be
    high on your list of desiderata (not that it is a panacea by any
    means). Accordingly, version 6.5.8 (the last with source code)
    should be your mainstay (I will avoid subtleties such as MIT v
    CKT versions).

    Regards,
    nemo outis, Nov 5, 2004
    #3
  4. eee

    Tom McCune Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    nemo (nemo outis) wrote in
    news:9aAid.117298$nl.81559@pd7tw3no:

    > If you are serious about security, then open-source should be
    > high on your list of desiderata (not that it is a panacea by any
    > means). Accordingly, version 6.5.8 (the last with source code)
    > should be your mainstay (I will avoid subtleties such as MIT v
    > CKT versions).


    PGP has never really been open source, but except for 7.x versions,
    it has nearly always had source code available for review. All 8.x
    versions have complete source code available for review. I would
    recommend the current 8.1 version.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: My PGP Page & FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBQYrk6WDeI9apM77TAQIVOwf/Zd2iSSeGidKVQeRbF0y2v7+/1IwVyoiG
    jLOEcYzwKYCxefSMp4V1ZkOgS9ehyRCpvr9LVX3j8z/yvIad2tHAuUueC5QVuyMu
    ZDNVlewrIYn0DJ503nyzKMTd62aG/HU4DlOJoFFbEbbj1ePOGo68o9xvMPQIstmd
    +AA7lE8TpSzREzJl6CGDGuUWuTXH1+ZwE1O8eNX3Iuh7mrA9ZVNp7FWJSEJKDYoJ
    ANZO57WCPiOF95x6fnN6PwEFLQ/Cs/vwbCfEUAzscmLsIKVvZPlf9/k3tAcRnsA2
    Kpx+qWwateQIPSkZVYhG8rFs+bQ3gxKgMj9GsM13gdOfgjwVWogQxQ==
    =3GdX
    -----END PGP SIGNATURE-----
    Tom McCune, Nov 5, 2004
    #4
  5. eee

    Johan Wevers Guest

    Tom McCune <news1@DELETE_THISmccune.cc> wrote:

    >PGP has never really been open source,


    That depends on your definition of open source. I've always used
    self-compiled 2.6 versions, and still use them besides GnuPG.

    >it has nearly always had source code available for review. All 8.x
    >versions have complete source code available for review.


    Can you build the complete pgp 8.x package from the distributed source code?
    AFAIK only the crypto functions were open source. Or has this changed?

    --
    ir. J.C.A. Wevers // Physics and science fiction site:
    4all.nl // http://www.xs4all.nl/~johanw/index.html
    PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
    Johan Wevers, Nov 5, 2004
    #5
  6. eee

    Mxsmanic Guest

    Johan Wevers writes:

    > Can you build the complete pgp 8.x package from the distributed source code?


    Yes, if you have the right compiler software.

    > AFAIK only the crypto functions were open source. Or has this changed?


    Last I looked, it was all there, but that was several versions ago.

    --
    Transpose hotmail and mxsmanic in my e-mail address to reach me directly.
    Mxsmanic, Nov 5, 2004
    #6
  7. eee

    Tom McCune Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    4all.nl (Johan Wevers) wrote in
    news:4all.nl:

    >>PGP has never really been open source,

    >
    > That depends on your definition of open source. I've always used
    > self-compiled 2.6 versions, and still use them besides GnuPG.


    As I understand it, if it were open source, then others would be
    allowed to make their own compilation and distribute it. Although
    that has been done, the only builds that I'm aware of PGP owners ever
    really even tacitly permitting were the "i" builds.

    >>it has nearly always had source code available for review. All 8.x
    >>versions have complete source code available for review.

    >
    > Can you build the complete pgp 8.x package from the distributed
    > source code? AFAIK only the crypto functions were open source. Or
    > has this changed?


    Yes, as already stated, the PGP 8.x builds are complete in the source
    code release. You are probably thinking of the 7.1 source code
    release that was only for the sdk (and which was the only 7.x source
    code release). That was towards the end of NAI ownership of PGP.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: My PGP Page & FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBQYwEBGDeI9apM77TAQKaZwgAgW7mrxxjsTuDsFUM8OIfwVO8xLDpe7z9
    ZdM2Gfp2rA5oCThmwbhlgx4cgskm07pzr5cgu9b0t3XCcwoPwS6IFIrN1FeVCgWp
    LImoYswDLmwM1D2yO5th0/8kaxTVyNfzGXu2QYviFuXll+cZEjXGq1ThFPpkSwxS
    HwrrbbuJnL/J3bVIrMvHNHUPNY8iX6+vDySXz+mZBjo4ThVwB8WgF6Q3krbmfrV+
    mZYjOkQevr2VpWVYs0UOB4cFShWI9RBpXsHLuf0dsQVhyploqTrjeEmChmLevmL8
    kcV7DFdvPgUUB5Rj3L06Ei+6Abk4ZkICIRt7YA8RPoHD8WzMXLX8EQ==
    =as4R
    -----END PGP SIGNATURE-----
    Tom McCune, Nov 5, 2004
    #7
  8. eee

    Zuxy Guest

    On Thu, 04 Nov 2004 15:04:10 -0600£¬eee wrote:

    > I see you can create different types of keys but I want to be backward
    > compatible. What kind of keys should I create that are compatible with
    > older pgp versions people are still using?


    A DSS/DH keypair with CAST5 cipher and SHA-1 hash should work for all.
    >
    > I see some people are encrypting files with pgp. can I do this with the
    > freeware version?


    Yes you can.

    --
    Zuty
    PGP KeyID: E8555ED6
    Zuxy, Nov 8, 2004
    #8
  9. eee

    Johan Wevers Guest

    Tom McCune <news1@DELETE_THISmccune.cc> wrote:

    >As I understand it, if it were open source, then others would be
    >allowed to make their own compilation and distribute it.


    That's along the lines of the GNU and BSD licenses, but it's debatable if
    this is required to call something open source.

    >Although that has been done, the only builds that I'm aware of PGP owners
    >ever really even tacitly permitting were the "i" builds.


    Patent issues were more liberal outside the USA, so adapted i versions
    would meet fewer legal problems. And further, if we look at 2.6.x, why
    would someone _want_ to adapt a crippled US version like 2.6.2 if a
    better one, like 2.6.3ia, is available?

    --
    ir. J.C.A. Wevers // Physics and science fiction site:
    4all.nl // http://www.xs4all.nl/~johanw/index.html
    PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
    Johan Wevers, Nov 9, 2004
    #9
  10. eee

    Johan Wevers Guest

    Johan Wevers, Nov 9, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dale Brisket

    A couple of T-Bird questions

    Dale Brisket, Oct 2, 2005, in forum: Firefox
    Replies:
    2
    Views:
    438
    Dale Brisket
    Oct 2, 2005
  2. Thomas
    Replies:
    0
    Views:
    421
    Thomas
    Jan 30, 2004
  3. Andrew Hodgson
    Replies:
    4
    Views:
    498
    Andrew Hodgson
    Feb 6, 2006
  4. JuanMa

    NG FAQ and a couple of computer questions. TIA

    JuanMa, Jun 22, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    1,439
    °Mike°
    Jun 22, 2003
  5. James Williams

    A couple of questions about monitors

    James Williams, Aug 3, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    424
    HamMan
    Aug 3, 2003
Loading...

Share This Page