From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 30 May 1997 22:16:32 +0800
To: cypherpunks@toad.com
Subject: PGPlib-0.2 available
Message-ID: <v0302098dafb48a60888b@[139.167.130.247]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


To: pgplib-announce@petium.rhein.de
Subject: PGPlib-0.2 available
Date: Fri, 30 May 1997 15:06:42 +0200
From: Tage Stabell-Kulo <tage@acm.org>
Reply-To: tage@acm.org
Sender: pgplib-announce-owner@petium.rhein.de
Precedence: list

-----BEGIN PGP SIGNED MESSAGE-----


Announcing PGPlib-0.2
=====================

We are pleased to announce a new verison of PGPlib.  You can obtain
the newest version (that is 0.2 as of today) from

	ftp://dslab1.cs.uit.no/pub/PGPlib.tar.gz

In short, you will find a library that enables your software to read
and write "packages" which can be decrypted and/or verified by means
of PGP.  In other words, you can incorporate PGP compatibility in your
software without having to run PGP.

When you uncompress and un-tar the file, you will obtain four files in
the CURRENT directory.  These files are

	README			Describing how to preceed
	PGPlib-0.2.tar		The library, manual pages and so on
	PGPlib-0.2.tar.asc	A detached signature for verification
	pubkey.asc		My public key (again, for verification)

It is described in README how to verify the release you have obtained,
how to unpack, what you will actually get when you unpack, and so on.

What is there for you
=====================

PGPlib is a library that lets you generate (and manipulate) PGP
packets without having to run PGP.  In particular there is code to
generate and understand the following types of PGP packets:

   - Literal with filename, mode, etc.  You can create literate
     packages from files, or from buffers, and create files from
     literate packets;
   - Convential encrypted (IDEA with Zimmermann's context sensitive
     feedback).  The library can both read (decrypt) and write
     (encrypt) convential packets (in PGP format);
   - Armor.  You can (de)armor a buffer or a file into a buffer or a
     file;
   - UserID packets are read and written in a variety of formats;
   - Keys can be obtained from a database (which is provided) or by
     parsing keyrings.  Keys can be kept in buffers or on files;
   - You can maintain a PGP public-key database (I use this library to
     maintain a database with ~40.000 keys).  There is code to use DBM
     as supplied from Berkeley or, if you prefer, GDBM from GNU;
   - You can verify RSA signatures on public keys and on buffers
     (files);
   - You can encrypt data (file or buffer) with public keys.  The DEK
     is naturally written as a separate packet;
   - With a secret key you can sign other keys and buffers.  Keys can
     be read from databases or files; they are decrypted on the fly.

We have made a small program that will (de)armor anything, a parser to
parse PGP files (including decryption and so on), a shell to
manipulate a keydatabase, a keyserver to run on top of such a
database, a program to verify signatures on keys and/or files, a
program to split keyrings in smaller parts and a program that will
sign files for you.  You will find all these (and more) in the
applications/ directory.  None of these uses PGP, the library provides
all the functionality you need.

What you need
=============

   - You must have the SSLeay library as I have not implemented any
     cryptographic functionality; I hope SSLeay is a good choice. I
     did not major in mathematics and can thus not judge the quality
     of their work, although it looks solid (to me).  I link with their
     version 0.6.6.  I rely on SSLeay for great many things, in
     particular their BIGNUMs, RSA encryption and IDEA.  I use
     "fprintf(stderr" when problems occur, but integration into the
     SSLeay "error-system" might happen.  You can obtain SSLeay from:
        * ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/ - SSLeay source
        * ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/ - SSL applications
        * http://www.psy.uq.oz.au/~ftp/Crypto/ssl.html - SSLeay Programmer
          Reference
     SSLeay is quite large and I only use a fraction of it.  On the
     other hand, SSLeay seems to be well maintained and their
     crypto-library might very well shrink or become more modular as
     time passes.


Your Feedback
=============

   Your feedback is solicited.  Peter Simons <Peter.Simons@gmd.de> has
   created a mailinglist for PGPlib.  To subscribe, send an e-mail to
   the address pgplib-dev-request@petium.rhein.de and write the
   command SUBSCRIBE into the BODY. If you want to be subscribed under
   a different address than the one you're mailing from, you can also
   use SUBSCRIBE yourname@somewhere.else to do the trick.  To post to
   the list, send an e-mail to pgplib-dev@petium.rhein.de as usual.

   There is also an pgplib-announce@petium.rhein.de.  Subscribe by
   sending an e-mail to pgplib-announce-request@petium.rhein.de with
   SUBSCRIBE in the body.  The latter list will be very low-volume.

   If you write a nice application based on this library (the ultimate
   feedback :-), please feel free to send it to  me and I will include
   it in the next release;


Where to get PGPlib
===================

	ftp://dslab1.cs.uit.no/pub/PGPlib.tar.gz

COPYRIGHT  (yum, yum)
=========

   The library and included applications are all available under
   "Berkely style" copyright terms.  Basically, this means that it is
   FREE for commercial and non-comercial use, and that you can do
   almost anything with the code.  The only thing you can not do is to
   say that you wrote it.  See the file COPYING for details.


Let's go to work
================

   I hope you like it, that you find is useful, that you will find no
   bugs, and that you will provide valuable feedback by means of the
   mailing list.

      Tage Stabell-Kul¯
      Castelmaggiore, Italy
      30. May 1997


////        Tage Stabell-Kuloe         | e-mail: tage@ACM.org          ////
/// Department of Computer Science/IMR | Phone : +47-776-44032         ///
// 9037  University of Tromsoe, Norway | Fax   : +47-776-44580         //
/       "'oe' is '\o' in TeX"          | URL:http://www.cs.uit.no/~tage/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.2, an Emacs/PGP interface

iQCVAwUBM47QfAMzZ6tx+9RpAQFHJQQAmsrh3sqgeRdOFscXWAb7/bV5ivdgnB4+
IpgGpGPMhNYfAzDJvz2rdvt1Z38NhLjOHOTEl+RhKGUGmc7cDXiaAE38Vh3OJIPu
FijHtMgr++GdxZS5/WvcUxlvvMQjyjDaX84eG0clG1djYizMzR+7HwsIaaJeLtOb
wlBORx01NRo=
=Q5Ed
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
			  PGP Library Announcements

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/