cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1994-12-20 - PGP Tools

Header Data

From: Mark Grant <mark@unicorn.com>
To: cypherpunks@toad.com
Message Hash: 72e388182b4569e0222c52e11cd72f2f9f64462eb50d033ecd8a414a80302a62
Message ID: <Pine.3.89.9412201205.A21616-0100000@unicorn.com>
Reply To: N/A
UTC Datetime: 1994-12-20 13:06:00 UTC
Raw Date: Tue, 20 Dec 94 05:06:00 PST

Raw message

From: Mark Grant <mark@unicorn.com>
Date: Tue, 20 Dec 94 05:06:00 PST
To: cypherpunks@toad.com
Subject: PGP Tools
Message-ID: <Pine.3.89.9412201205.A21616-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 19 Dec 1994, Andrew Lowenstern wrote:

> It has been a while since I looked too, does it work with the 'new' format
> messages generated by MIT pgp? 

I don't think it does by default, but you can just change the code that 
looks for a version number to accept version 2 or 3. Works for me...

> Does anyone actually USE pgptools for any
> available applications?  As far as I know, nobody uses it. 

Magic Money
Privtool
Mixmaster

Dunno about anything else....

> Either nobody really wants a PGP library
> (which isn't true judging from the inquiries on cypherpunks), or something is
> wrong with PGPTools. Is it the documentation like you said?  Maybe some of
> us should pick up where pr0duct cypher left off and enhance PGPTools.

I'd say there are three problems, firstly there's very little
documentation, which isn't a problem for those of us who can read and
understand the source code, but could be for more general use, secondly
it's not entirely legal in the US (patents, etc) and not widely available
outside (there are some versions on ftp.dsi.unimi.it, but you have to
actually go looking for it if you want to find it). The other problem is
that the interface is very low-level, which makes it difficult to just
take a standard PGP message and decrypt it in your program. You can get
around the latter by using pgplib.c from Privtool (it's been released
under the GPL), however it's only really been tested on Suns at this point
and may need a bit of hacking - if you port it to other machines please
mail me any bugfixes.

It also has some potential security problems, for example there are lots
of places where it should probably zero the memory that's been used but
doesn't (I've fixed most of those in my own copy). But otherwise it's a
pretty good product and I'm suprised that more people don't use it. 

There also appears to be a bug in pgpk_findkey() such that it only looks 
at the first id on each key, so if you request a key by another id it 
fails to find it. Does anyone know if Pr0duct Cypher is still updating 
PGP Tools, or should I look at fixing this instead ?

		Mark

Thread