-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Everyone,
I just read RJ's Web Page on PGP versions, Key compatability
issues and plug-in details at:
http://www.stat.uga.edu/~rmarquet/pgpvers.html
RJ has produced a significant and useful resource of PGP
information. Newbies and oldsters will find a lot of answers
on this informative Web Page.
With the simple and straightforward layout chosen by RJ, it
is easy to convert the page to a text file and send it to your
friends who may not have Web access. Like this:
******************Start of PGP Interactions Page***************
PGP Interactions Page
This page is dedicated to demonstrating which versions of PGP
will handle RSA, DH, or both types of keys.
Any additions, subtractions, or corrections should be emailed to
<rjm22@bellsouth.net> . Thank you!
The Early Years: PGP 1.x (June, 1991)
Someone emailed me a PGP 1.0 manual, and it appears this
program wasn't terribly different from the 2.x versions;
however, it was only for MS-DOS. It used RSA encryption.
Public Key Cryptography: PGP 2.x
These versions of PGP used RSA encryption technology to
produce basically unbreakable keys. Since more information
is available on the net (try http://pgp.rivertown.net ), I
just want to concentrate on what versions will use these keys.
It is safe to say that NO version of 2.x can read/write DH
keys, since they hadn't been created yet.
PGP 2.0, PGP 2.1, PGP 2.2, PGP 2.3, PGP 2.3a
Bugfix releases. (Note that having a lot of bugfixes does not
imply unstable software.)
PGP 2.3 apparently changed the way messages were signed; pre-2.3
version signatures are recognized by 2.3 through 4.5 but they
'whine' about it. PGP 5 is attempting to eliminate the pre-2.3
signatures; for example it will ask you if you'd like them removed
from your keyring.
PGP 2.4.x
This was the first version offered as a commercial product, by
Viacrypt. They licensed the technology from Phil Zimmerman (founder
of PGP, Inc.). It was the first version the could force the user
to encrypt to both the sender and a company's key (for message
recovery-see PGP 4.5 for Business for a more in-depth explanation
of this). Bugfix versions existed, creating the .x revisions.
PGP 2.5
This version has an interesting history. The owners of the patent
on the RSA algorithms (RSA/PKP is the short name for the company)
allowed PGP to release this version with one implementation of their
algorithms. (Free use of the algorithms, up to this point, was not
clearly legitimate.) The condition (read catch) is simple: 2.5 set
a flag (called "LEGAL_KLUDGE" by PGP fans) that made it incompatible
with previous versions of PGP.
PGP 2.6.x
These versions are probably the most popular, even after the
creation of PGP 5. It was released free for all for non-commercial
use only.
PGP 4.0 (Viacrypt)
This version supported 'single-function' keys that could be
used for either encrypting/decrypting or signing. It was not
a general purpose key like most PGP-generated keys.
The idea of this was that someone within a company could create
a key and give it to the company so they might decrypt the messages,
but the company would not have the ability to forge the employee's
signature. Both the Personal and Business versions supported this
feature.
Apparently, a message encrypted or signed with a single-function
key is pretty much useless to any other version of PGP, at least
up until this version and the "PGP 3.0" (see note below).
Note: The documentation mentions a "Freeware PGP 3.0" due to be
released later "this year." Exactly what year is in question,
not to mention the fate of 3.0. Best guess as of this time is
that 3.0 became PGP 5.0.
PGP 4.5
PGP 4.5 only supports RSA keys. Both the business and personal
versions were shipped in the same box; each disk was wrapped in
a separate software license.
PGP 4.5 also contained plugins for Netscape 3.x and Eudora 3.x.
Business version
This version was meant strictly for businesses, and could be set
up that all outgoing messages would be encrypted to a 'corporate
key' so that the management could decrypt their own information
if need be.
Personal version
This contained a graphical user interface for encryption/decryption.
PGP 4.5.1
Bugfix release. Limited support of DH keys is included, however
you cannot add a DH key to the 4.5.1 keyring without crashing the
program.
A new algorithm: PGP 5.0
This version of PGP marked the introduction of the newer DH keys.
Most platforms of this (that I know of) can read the 2.x keys, but
here is why we needed this page.
First, for some reason, some people mistakenly thought PGP5 had
a backdoor in it that would allow the government, CIA, Assistant
Director Skinner, and whomever else to read all of your encrypted
mail. It isn't true. Trust me. The truth is out there. Some people
apparently thought the message-recovery key offered in PGP 4.5 for
Business had been expanded to include the personal versions of PGP.
Five personal versions exist:
The MIT freeware version does use RSA keys but does not generate
RSA keys. The (commercial) PGP, Inc. version creates and uses both
RSA and DH keys. The (freeware) PGP, Inc. version uses only DH
keys. The plugin for Eudora version bundled ("bundleware") with
Eudora (i.e. from http://www.eudora.com ) contains zero RSA support:
no creation or use is allowed. (See PGP 5 and Eudora, below.)
The $5"upgradeware" version from PGP, Inc. that allows RSA key use
but not creation. (See PGP 5 and Eudora, below.)
Improvements in PGP5.0
Desktop integration (for the GUI-based Operating Systems, like
Win95, WinNT, etc.) Plugin for Outlook and Eudora (in some versions
...see below). Note this version lost the plugin for Netscape due
to changes on Netscape's part. (Netscape wants you to use the
Verisign setup...which is okay, but no one uses it! We want
someone we can trust: PGP and Phil Zimmerman!) PGPKeys - again,
for the GUI systems, a much better way to manage keys. Speed
improvements, on the order of 4 to 10 times faster. DH keys, which
avoided the RSA legal problems. International and US versions used
basically the same source code.
PGP 5 and Eudora
The Eudora plugin (for versions 3.0.2 (I think) to 3.0.4 of Light
or Pro) will only use DH keys; it won't even encrypt/decrypt to
them. However, a $5 upgrade version is available that will allow
RSA key use (but not generation). (It seems to me the MIT freeware
version also contains a plugin for Eudora, but maybe I'm wrong here.)
Note the plugin from MIT for Eudora will not work with v3.0.5 of
Eudora without an updated pgpplugin.dll file. I'm told this file is
on the Eudora website ( http://www.eudora.com ) and it is included
with the plugin/Eudora combination download.
PGP 5.0i - International Version
First, there seems to be some confusion about the i on the end of
the version number. It does not indicate that the version came
from PGP, Inc; rather it indicates that this version is an
International release, intended for users outside the US and Canada.
The international version (or at least the code for it) was released
in a book that was exportable, enabling other users to have strong
encryption.
I'm told this version has no support for RSA keys at all.
PGP5.0i can be downloaded from http://www.pgpi.com .
PGP Europe has a page (under construction) at:
http://www.pgpeurope.com.
PGP 5.0ic
This version is an international, corporation version, roughly
equivalent (in idea) to PGP for Business. It allows generation
of both RSA and DH keys.
PGP 5.5
Both versions of PGP5.5 contain a feature that will mark the
corporate keys (outlined in the PGP 5.5 for Business Security),
and will warn you if you do encrypt to an employee's key but do
not encrypt to the corporate key (if the corporation has PGP
5.5 set up to do this, of course).
Not included in the PGP5.5 bundle but available is a program
that will watch the incoming email to the company. If a message
is sent that is not encrypted to the corporate key as requested,
this program will either send a note to the author or reject the
email outright. Note this can't decrypt the email on the fly; it
just watches for a message encrypted to the corporate key.
Improvements in PGP 5.5
Encryption to more than one recipient is supported. A new key
search interface. PGPTools now allows encrypting, decrypting,
signing, verifying, or wiping files from Win95's Explorer window.
Improved key-signing capabilities.
Personal Security
Similar to PGP5.0, but with the enhanced Business Security features
outlined above for dealing with corporate keys. Three versions
seem to exist:
The commercial PGP, Inc. version handles both RSA and DH fully.
The freeware version from PGP, Inc does no RSA at all.
The freeware version from MIT does use RSA but will not create
RSA keys.
Business Security
This version of PGP is meant for, of course, businesses (in the
US/Canada, not to be exported). Most of the features are
configurable by the system administrator; however, this version
can create and use both RSA and DH keys. Note the sys admin can
turn RSA creation off. This version can use the message recovery
features outlined in PGP4.5 for Business, plus it can send a note
asking anyone who encrypts to an employee of the company to also
encrypt to the corporate key.
The Business Security Suite version also contains (essentially)
keyserver software (called 'certserver') and the email watcher
outlined above.
PGP 5.5.1, PGP 5.5.2
Bugfix releases. (I think.)
Sources
Errors in this page are most likely mine! These people (from the
PGP-Users mailling list) contributed much of the information:
Jack Repenning ( jackr@informix.com ) provided me with a lot of
general information between the versions, and most of the
information on PGP 4.5. Jack also provided all of the information
about the different versions of 2.x and the features of PGP5.0.
Mark ( mark@mbsystem.u-net.com ) provided information on PGP 5.5.
Mark also provided some feedback that helped me clarify the 4.5
section and differences in the 5.0 versions.
Rainer Merz ( rmerz@earthling.net ) provided information on Eudora
and the international versions.
Alasdair Lindsay ( ceeagdl@cee.hw.ac.uk ) corrected a mistake
concerning international versions.
Richard Conyngham Greene ( rcg@pgpeurope.com ) also corrected that
mistake and informed me about the 5.0ic version.
Curt Clark ( wcclark@rmi.net ) corrected several mistakes all over
the page.
Noah Salzman ( noah@pgp.com ) corrected several mistakes regarding
the business versions.
Go to my homepage. Go to my sitemap.
URL: http://www.stat.uga.edu/~rmarquet/pgpvers.html
Written by RJ Marquette on 12/10/97. Version gamma - 12/18/97.
Copywrite © 1997 RJ Marquette. rmarquet@stat.uga.edu This page
was last modified on Thursday, December 18 1997
******************End Of PGP Interactions Page*****************
Thanks to RJ for donating his time and effort on a job well
done.
Fred, how about a link at Rivertown? I think RJ's page would
make a nice addition.
Curt Clark <wcclark@rmi.net>
RSA Key ID: 0xCF02DC2B
RSA Fingerprint: A160 6417 0B25 4056
EB63 89F3 A21D 5FE1
DSS Key ID: 0E6BCEA9
DSS Fingerprint: F8FF 0432 D9A7 0BEF 83A6
8E5C 523E 7284 0E6B CEA9
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNJnz6VI+coQOa86pEQJmDACZAW60nKlBjhxtpxrMFxOiTq137GgAoMiL
PS3+2qJedp6cRopODyrIssWv
=ASHY
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: pgp-users-unsubscribe@joshua.rivertown.net
For additional commands, e-mail: pgp-users-help@joshua.rivertown.net