From: Robert Hettinga <rah@shipwright.com>
To: cypherpunks@toad.com
Message Hash: 5d6b3b817f9790b548ad546e2459073a6f7fa3f1548dd7da7be67a4cd635ef36
Message ID: <v0311072bb029db53745d@[139.167.130.248]>
Reply To: N/A
UTC Datetime: 1997-08-27 14:23:29 UTC
Raw Date: Wed, 27 Aug 1997 22:23:29 +0800
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 27 Aug 1997 22:23:29 +0800
To: cypherpunks@toad.com
Subject: PGPlib-0.3 is available
Message-ID: <v0311072bb029db53745d@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain
--- begin forwarded text
To: pgplib-announce@cryp.to
Subject: PGPlib-0.3 is available
Date: Wed, 27 Aug 1997 11:10:03 +0200
From: Tage Stabell-Kulo <tage@ACM.org>
Reply-To: tage@acm.org
Sender: pgplib-announce-owner@cryp.to
Precedence: list
-----BEGIN PGP SIGNED MESSAGE-----
This mail is sent on the list pgplib-announce@cryp.to. It is a (very)
low voulme list where announcments are made when new versions of
PGPlib becomes available. Please find below a copy of the file README
distributed with this new release. Instructions on how to obtain your
own copy of PGPlib is included.
===
Welcome to version 0.3 of PGPlib. This code has not yet matured
enough to reach version 1.0. However, this is probably the latest
development version before 1.0. Detailed instructions for how to
obtain this fine code can be found at the end. Experienced users will
know that ftp://dslab1.cs.uit.no/pub/PGPlib.tar.gz is the place to
look.
What is here for you
=====================
PGPlib is a library that lets you generate (and manipulate) PGP
packets without having to run PGP. In particular there is code to
generate and understand the following types of PGP packets:
- Data can be signed with a private key;
- Data can be encrypted with a public key;
- Data encrypted with your public key can be decrypted;
- You can verify signatures on public keys and on buffers (files);
- Convential encrypted (IDEA with Zimmermann's context sensitive
feedback). The library can both read (decrypt) and write
(encrypt) convential packets (in PGP format);
- Armor. You can (de)armor a buffer or a file into a buffer or a
file;
- UserID packets are read and written in a variety of formats;
- Literal with filename, mode, etc. You can create literate
packages from files, or from buffers, and create files from
literate packets;
- Keys can be obtained from a database (which is provided) or by
parsing keyrings. Keys can be kept in buffers or on files;
- You can maintain a PGP public-key database (I use this library to
maintain a database with ~40.000 keys). There is code to use DBM
as supplied from Berkeley. A copy of DBM is included for your
convinience.
In general, PGPlib operates on buffers in order for you to use it in
your applications.
You will find included a small program that will (de)armor anything, a
parser to parse PGP files (including decryption and so on), a shell to
manipulate a keydatabase, a keyserver to run on top of such a
database, a program to verify signatures on keys and/or files, a
program to split keyrings in smaller parts and a program that will
sign files for you. You will find all these (and more) in the
PGPlib/applications/ directory. None of these uses PGP, the library
provides all the functionality you need.
What is not there for you
=========================
- Sufficient documentation.
I have written this library because I need it. In order to make life
less hard for my students, I will have to provide some documentation.
Possibly even on-line. However, quite a few manual pages are
included.
What you need
=============
- Unix (for some definition of "Unix").
- You must have the SSLeay library as I have not implemented any
cryptographic functionality; I hope SSLeay is a good choice. I
did not major in mathematics and can thus not judge the quality
of their work, although it looks solid (to me). I link with their
version 0.8.1. I rely on SSLeay for many things, in particular
their BIGNUMs, RSA encryption and IDEA. You can obtain your copy
of SSLeay from:
* ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/ - SSLeay source
* ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/ - SSL applications
* http://www.psy.uq.oz.au/~ftp/Crypto/ssl.html - SSLeay Programmer
Reference
SSLeay is quite large and I only use a fraction of it.
other hand, SSLeay seems to be well maintained and their
crypto-library might very well shrink or become more modular as
time passes. Also, work is in progress to strip out from SSLeay
only thise parts that PGPlib uses.
Porting
=======
PGPlib has been developed on NetBSD 1.2. It should compile smoothly
on FreeBSD, HP-UX and Linux. If you port PGPlib to some other
platform, I would be greatful if you would send me patches. In
particular, PGPlib does not compile on SunOS 4 and 5, your assistance
would be valuable.
Regarding PGP
=============
- Work is underway to ensure that PGPlib is compliant with RFC1991.
- The name PGPlib might not be final as I respect Zimmermann's
"ownership" of the acronym PGP and he might not like that this
library uses the name PGPlib. Thus, this library might become
libRFC1991.a or something.
- PGP-5.0 is available. It has several new features, such as a
multitude of encryption methods. PGPlib might evolve to support
them all.
Your Feedback
============
Your feedback is solicited. Peter Simons <Peter.Simons@gmd.de> has
created a mailinglist for PGPlib. To subscribe, send an e-mail to
the address pgplib-dev-request@crypt.to and write the command
SUBSCRIBE into the BODY. If you want to be subscribed under
a different address than the one you're mailing from, you can also
use SUBSCRIBE yourname@somewhere.else to do the trick. To post to
the list, send an e-mail to pgplib-dev@cryp.to as usual.
There is also (very low volume) list pgplib-announce@cryp.to.
Subscribe by sending an e-mail to pgplib-announce-request@cryp.to
with SUBSCRIBE in the body.
Both lists are archived at URL:http://www.cryp.to/
If you write a nice application based on this library (the ultimate
feedback :-), please feel free to send it to me and I will include
it in the next release;
Where to get PGPlib
===================
ftp://dslab1.cs.uit.no/pub/PGPlib.tar.gz
This file is a link to the latest version. If you obtain the file
PGPlib-0.3.tar.gz instead, note that a name conflict will occur when
you unpack the file (see below).
What to do
==========
First, uncompress PGPlib, which should give you the file PGPlib.tar.
When you unpack PGPlib.tar you will get three files in your CURRENT
directory. These files are
README : This file
PGPlib-0.3.tar : The library
PGPlib-0.3.tar.sig : My signature on the above.
Verify the signature by running
pgp PGPlib-0.3.tar.sig
and verify that PGP prints Good signature from user "Tage Stabell-Kulo
<tage@cs.uit.no>". When you unpack PGPlib-0.3.tar, tar will create
the directory PGPlib-0.3 and place all the files within it. Unless
you run SunOS, running the script configure should produce Makefiles
that you can use to compile everything.
To verify that everything compiled correctly, you should run the
script applications/test.sh. Before you do so, you must edit away the
code that asks you to read this file.
COPYRIGHT (yum, yum)
=========
The library and included applications are all available under
"Berkeley style" copyright terms. Basically, this means that
PGPlib is FREE for commercial and non-comercial use, and that you
can do almost anything with the code. The only thing you can not
do is to say that you wrote it. See the file COPYING for details.
//// Tage Stabell-Kuloe | e-mail: tage@ACM.org ////
/// Department of Computer Science/IMR | Phone : +47-776-44032 ///
// 9037 University of Tromsoe, Norway | Fax : +47-776-44580 //
/ "'oe' is '\o' in TeX" | URL:http://www.cs.uit.no/~tage/
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.2, an Emacs/PGP interface
iQCVAwUBNAPu4wMzZ6tx+9RpAQEM2AP/Sp7REQHWSRGhscblUpX7CPoin6h9Lo5Y
D0CzO/7cm9kqXqB3oQ3xPhchEcXzJEyABz8mehoAm6+D3Bqus1aI1JkcD6mVmoUE
yQ3QU0X0jXdN84xcjTn6cyQx3iuu17MQ5/WKoLh2Ftq5DzBGATGlmGN6O6TRUbAW
SZrCOQDN54M=
=XjX4
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
PGP Library Announcements
--- end forwarded text
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
Return to August 1997
Return to “Robert Hettinga <rah@shipwright.com>”
1997-08-27 (Wed, 27 Aug 1997 22:23:29 +0800) - PGPlib-0.3 is available - Robert Hettinga <rah@shipwright.com>