[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Where is PGP?
-----BEGIN PGP SIGNED MESSAGE-----
WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) FAQ
Revised 24 May 1996
Disclaimer -- I haven't recently verified all of the information in
this file, and much of it is probably out of date.
For questions not covered here, please read the documentation
that comes with PGP, get one of the books mentioned below, or search for
other relevant FAQ documents at rtfm.mit.edu and on the alt.security.pgp
news group.
A NOTE FROM THE FAQ MAINTAINERS
Peter Herngaard <[email protected]> is taking over the maintenance
of this FAQ until further notice.
Some of you sent me (Mike Johnson) corrections and suggestions for
this FAQ, and I stored them away on my hard disk to edit from. Then,
Windows 95 got indigestion (induced by a sound card) and destroyed
all of the data in that partition. If you suggested changes and they
aren't in this FAQ, please send them to Peter Herngaard
<[email protected]>.
WHAT IS THE LATEST VERSION OF PGP?
Viacrypt PGP (commercial version): 2.7.1 (4.0 is due out Real Soon Now)
MIT & Philip Zimmermann (freeware, USA-legal): 2.6.2
Staale Schumacher's International variant: 2.6.3i for non-USA
(2.6.3ai source code only); 2.6.3 for USA
WHERE CAN I GET VIACRYPT PGP?
Just call 800-536-2664 and have your credit card handy.
WHERE IS PGP ON THE WORLD WIDE WEB?
U.S. only availability:
PGP: http://web.mit.edu/network/pgp-form.html
PGPfone: http://web.mit.edu/network/pgpfone
International availability:
PGP and PGPfone: http://www.ifi.uio.no/pgp/
WHERE CAN I FTP PGP IN NORTH AMERICA?
If you are in the USA or Canada, you can get PGP by following the
instructions in any of:
ftp://net-dist.mit.edu/pub/PGP/README
ftp://ftp.csn.net/mpj/README.MPJ
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp/
ftp://ftp.gibbon.com/pub/pgp/README.PGP
ftp://ftp.wimsey.bc.ca/pub/crypto/software/README
WHERE IS PGP ON COMPUSERVE?
GO NCSAFORUM. Follow the instructions there to gain access to Library 12:
Export Controlled.
AOL
Go to the AOL software library and search "PGP" or ftp from
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp or another site listed above.
It is possible to get PGP from ftp sites with hidden directories with the
following trick: (1) View the README file with the hidden directory name in
it, then quickly (2) Start a new ftp connection, specifiying the hidden
directory name with the ftp site's address, like
ftp.csn.net/mpj/I_will_not_export/crypto_xxxxxxx (where the xxxxxxx is
replaced with the current character string).
WHAT BULLETIN BOARD SYSTEMS CARRY PGP?
MANY BBS carry PGP. The following carry recent versions of PGP and
allow free downloads of PGP.
US
303-343-4053 Hacker's Haven, Denver, CO
303-772-1062 Colorado Catacombs BBS, Longmont CO
8 data bits, 1 stop, no parity, up to 28,800 bps.
Use ANSI terminal emulation.
For free access: log in with your own name, answer the questions.
314-896-9309 The KATN BBS
317-887-9568 Computer Virus Research Center (CVRC) BBS, Indianapolis, IN
Login First Name: PGP Last Name: USER Password: PGP
501-791-0124, 501-791-0125 The Ferret BBS, North Little Rock, AR
Login name: PGP USER Password: PGP
506-457=0483 Data Intelligence Group Corporation BBS
508-668-4441 Emerald City, Walpole, MA
601-582-5748 CyberGold BBS
612-690-5556, !CyBERteCH SeCURitY BBS! Minneapolis MN
914-667-4567 Exec-Net, New York, NY
915-587-7888, Self-Governor Information Resource, El Paso, Texas
GERMANY
+49-781-38807 MAUS BBS, Offenburg - angeschlossen an das MausNet
+49-521-68000 BIONIC-BBS Login: PGP
WHERE CAN I FTP PGP CLOSE TO ME?
IT
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP
FI
ftp://ftp.funet.fi/pub/crypt/pgp/
NL
ftp://ftp.nl.net/pub/crypto/pgp
ftp.nic.surfnet.nl/surfnet/net-security/encryption/pgp
NO
ftp://menja.ifi.uio.no/pub/pgp/
NZ
ftp://ftphost.vuw.ac.nz
SE
ftp://leif.thep.lu.se
TW
ftp://nctuccca.edu.tw/PC/wuarchive/pgp/
UK
ftp://ftp.ox.ac.uk/pub/crypto/pgp
HOW CAN I GET PGP BY EMAIL?
If you have access to email, but not to ftp, send a message saying
"help" to [email protected] or [email protected]
WHERE CAN I GET MORE PGP INFORMATION?
http://www.csn.net/~mpj
http://www.mit.edu:8001/people/warlord/pgp-faq.html
http://www.eff.org/pub/EFF/Issues/Crypto/ITAR_export/cryptusa_paper.ps.gz
ftp://ds.internic.net/internet-drafts/draft-pgp-pgpformat-00.txt
ftp://ds.internic.net/internet-drafts/draft-ietf-pem-mime-08.txt
http://www-mitpress.mit.edu/mitp/recent-books/comp/pgp-source.html
http://web.cnam.fr/Network/Crypto/(c'est en francais)
http://web.cnam.fr/Network/Crypto/survey.html(en anglais)
http://www2.hawaii.edu/~phinely/MacPGP-and-AppleScript-FAQ.html
http://www.pgp.net/pgp
http://www.sydney.sterling.com:8080/~ggr/pgpmoose.html
http://www.ifi.uio.no/pgp/
http://inet.uni-c.dk/~pethern/privacy.html
WHAT ARE SOME GOOD PGP BOOKS?
Protect Your Privacy: A Guide for PGP Users
by William Stallings
Prentice Hall PTR
ISBN 0-13-185596-4
US $19.95
PGP: Pretty Good Privacy
by Simson Garfinkel
O'Reilly & Associates, Inc.
ISBN 1-56592-098-8
US $24.95
E-Mail Security: How to Keep Your Electronic Mail Private
"Covers PGP/PEM"
by Bruce Schneier
Wiley Publishing
The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data
Protection, and PGP PRivacy Software
by André Bacard
Peachpit Press
ISBN 1-56609-171-3
US $24.95
800-283-9444 or 510-548-4393
THE OFFICIAL PGP USER'S GUIDE
by Philip R. Zimmerman
MIT Press
April 1995 - 216 pp. - paper - US $14.95 - ISBN 0-262-74017-6 ZIMPP
Standard PGP documentation neatly typeset and bound.
PGP SOURCE CODE AND INTERNALS
by Philip R. Zimmerman
April 1995 - 804 pp. -
US $55.00 - 0-262-24039-4 ZIMPH
How to Use PGP, 61 pages, (Pub #121) from the Superior Broadcasting Company,
Box 1533-N, Oil City, PA 16301, phone: (814) 678-8801 (about US $10-$13).
IS PGP LEGAL?
Pretty Good Privacy is legal if you follow these rules:
Don't export PGP from the USA except to Canada, or from Canada except to the
USA, without a license.
If you are in the USA, use either Viacrypt PGP (licensed for commercial use)
or MIT PGP using RSAREF (limited to personal, noncommercial use). Outside of
the USA, where RSA is not patented, you may prefer to use a version of PGP
(2.6.3i) that doesn't use RSAREF to avoid the restrictions of that license.
If you are in a country where the IDEA cipher patent holds in
software (including the USA, Canada, and some countries in Europe), make
sure you are licensed to use the IDEA cipher commercially before using
PGP commercially. (No separate license is required to use the freeware
PGP for personal, noncommercial use). For direct IDEA licensing, contact
Ascom Systec:
Erhard Widmer, Ascom Systec AG, Dep't. CMVV Phone +41 64 56 59 83
Peter Hartmann, Ascom Systec AG, Dep't. CMN Phone +41 64 56 59 45
Fax: +41 64 56 59 90
e-mail: [email protected]
Mail address: Gewerbepark, CH-5506 Maegenwil (Switzerland)
Viacrypt has an exclusive marketing agreement for commercial
distribution of Philip Zimmermann's copyrighted code. (Selling
shareware/freeware disks or connect time is OK). This restriction does
not apply to PGP 3.0, since it is a complete rewrite by Colin Plumb.
If you modify PGP (other than porting it to another platform, fixing a bug,
or adapting it to another compiler), don't call it PGP (TM) or Pretty Good
Privacy (TM) without Philip Zimmermann's permission.
IMPORTANT:
Please note that there is an official distribution site for MIT
PGP and another for the International version:
WorldWideWeb references:
U.S/Canada non-commercial use: http://web.mit.edu/network/pgp-form.html
Norway/International non-commercial use: http://www.ifi.uio.no/pgp/
U.S. commercial use: http://www.viacrypt.com
WHAT IS PHILIP ZIMMERMANN'S LEGAL STATUS?
Philip Zimmermann was under investigation for alleged violation of export
regulations, with a grand jury hearing evidence for about 28 months, ending
11 January 1996. The Federal Government chose not to comment on why it
decided to not prosecute, nor is it likely to. The Commerce Secretary stated
that he would seek relaxed export controls for cryptographic products, since
studies show that U. S. industry is being harmed by current regulations.
Philip endured some serious threats to his livelihood and freedom, as well as
some very real legal expenses, for the sake of your right to electronic
privacy. The battle is won, but the war is not over. The regulations that
caused him so much grief and which continue to dampen cryptographic
development, harm U. S. industry, and do violence to the U. S. National
Security by eroding the First Ammendment of the U. S. Constitution and
encouraging migration of cryptographic industry outside of the U. S. A. are
still on the books. If you are a U. S. Citizen, please write to your U. S.
Senators, Congressional Representative, President, and Vice President
pleading for a more sane and fair cryptographic policy.
WHERE CAN I GET WINDOWS & DOS SHELLS FOR PGP?
http://www.dayton.net/~cwgeib
ftp://oak.oakland.edu/SimTel/msdos/security/apgp22b.zip
http://alpha.netaccess.on.ca/~spowell/crypto/pwf31.zip
ftp://ftp.netcom.com/pub/dc/dcosenza/pgpw40.zip
ftp://ftp.firstnet.net/pub/windows/winpgp/pgpw40.zip
http://www.eskimo.com/~joelm(Private Idaho)
ftp://ftp.eskimo.com/~joelm
http://www.xs4all.nl/~paulwag/security.htm
http://www.LCS.com/winpgp.html
http://netaccess.on.ca/~rbarclay/index.html
http://netaccess.on.ca/~rbarclay/pgp.html
ftp://ftp.leo.org/pub/comp/os/os2/crypt/gcppgp10.zip
ftp://ftp.leo.org/pub/comp/os/os2/crypt/pmpgp.zip
http://iquest.com/~aegisrcs
WHAT OTHER FILE ENCRYPTION (DOS, MAC) TOOLS ARE THERE?
PGP can do conventional encryption only of a file (-c) option, but
you might want to investigate some of the other alternatives if you do
this a lot. Alternatives include Quicrypt and Atbash2 for DOS, DLOCK for
DOS & UNIX, Curve Encrypt (for the Mac), HPACK (many platforms), and a
few others.
Quicrypt is interesting in that it comes in two flavors: shareware
exportable and registered secure. Atbash2 is interesting in that it generates
ciphertext that can be read over the telephone or sent by Morse code. DLOCK
is a no-frills strong encryption program with complete source code. Curve
Encrypt has certain user-friendliness advantages. HPACK is an archiver (like
ZIP or ARC), but with strong encryption. A couple of starting points for your
search are:
U.S. only availability:
ftp://ftp.csn.net/mpj/qcrypt11.zip
ftp://ftp.csn.net/mpj/README
ftp://ftp.miyako.dorm.duke.edu/pub/GETTING_ACCESS
International availability:
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/file/
ftp://ftp.dsi.unimi.it/pub/crypt/code/
HOW DO I SECURELY DELETE FILES (DOS)?
If you have the Norton Utilities, Norton WipeInfo is pretty good. I
use DELETE.EXE in del110.zip, which is really good at deleting existing
files, but doesn't wipe "unused" space.
US
ftp://ftp.csn.net/mpj/public/del120.zip
NL
ftp://utopia.hacktic.nl/pub/replay/pub/security/del120.zip
UK
ftp://ftp.demon.co.uk/pub/ibmpc/security/realdeal.zip
WHAT DO I DO ABOUT THE PASS PHRASE IN MY WINDOWS SWAP FILE?
The nature of Windows is that it can swap any memory to disk at any
time, meaning that all kinds of interesting things could end up in your
swap file.
ftp://ftp.firstnet.net/pub/windows/winpgp/wswipe.zip
WHERE DO I GET PGPfone(tm)?
PGPfone is in beta test for Macintosh and Windows'9 users.
The MIT has shut down their ftp distribution of PGPfone <tm> for
Macintosh and Windows'95, so within the U.S/Canada you must obtain
PGPfone <tm> using a WorldWideWeb browser.
U.S. only availability:
http://web.mit.edu/network/pgpfone
International availability:
DK
ftp://ftp.datashopper.dk/pub/users/pethern/pgp/
NL
ftp://utopia.hacktic.nl/pub/replay/pub/voice/
NO
ftp://menja.ifi.uio.no/pub/pgp/mac/
ftp://menja.ifi.uio.no/pub/pgp/windows/
WHERE DO I GET NAUTILUS?
Bill Dorsey, Pat Mullarky, and Paul Rubin have come out with a
program called Nautilus that enables you to engage in secure voice
conversations between people with multimedia PCs and modems capable of
at least 7200 bps (but 14.4 kbps is better). See:
U.S. only availability:
ftp://ripem.msu.edu/pub/crypt/GETTING_ACCESS
ftp://ripem.msu.edu/pub/crypt/other/nautilus-phone-0.9.2-source.tar.gz
ftp://ftp.csn.net/mpj/README
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
International availability:
ftp://ftp.ox.ac.uk/pub/crypto/misc
ftp://utopia.hacktic.nl/pub/replay/pub/voice/
The official Nautilus homepage is at:
http://www.lila.com/nautilus/
HOW DO I ENCRYPT MY DISK ON-THE-FLY?
Secure File System (SFS) is a DOS device driver that encrypts an entire
partition on the fly using SHA in feedback mode.
Secure Drive also encrypts an entire DOS partition, using IDEA, which is
patented.
Secure Device is a DOS device driver that encrypts a virtual, file-hosted
volume with IDEA.
Cryptographic File System (CFS) is a Unix device driver that uses DES.
CryptDisk is a ShareWare package for Macintosh that uses strong IDEA
encryption like PGP.
U.S. only availability:
ftp://ftp.csn.net/mpj/README
ftp://miyako.dorm.duke.edu/mpj/crypto/disk/
International availability:
http://www.cs.auckland.ac.nz/~pgut01/sfs.html
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/disk/
ftp://ftp.nic.surfnet.nl/surfnet/net-security/encryption/disk/
ftp://ftp.ox.ac.uk/pub/crypto/misc/
ftp://menja.ifi.uio.no/pub/pgp/mac/
ftp://utopia.hacktic.nl/pub/replay/pub/disk/
WHERE IS PGP'S COMPETITION?
RIPEM is the second most popular freeware email encryption package. I like
PGP better for lots of reasons, but if for some reason you want to check or
generate a PEM signature, RIPEM is available at ripem.msu.edu. There is also
an exportable RIPEM/SIG.
U.S. only availability:
ftp://ripem.msu.edu/pub/GETTING_ACCESS
International availability:
ftp://ftp.dsi.unimi.it/pub/crypt/code/
HOW DO I PUBLISH MY PGP PUBLIC KEY?
Send mail to one of these addresses with the single word "help" in the
subject line to find out how to use them. These servers sychronize keys with
each other. There are other key servers, too.
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
WWW interface to the key servers: http://www.pgp.net/pgp/www-key.html
http://www-swiss.ai.mit.edu/~bal/pks-toplev.html
For US $20/year or so, you can have your key officially certified and
published in a "clean" key database that is much less susceptible to
denial-of-service attacks than the other key servers. Send mail to
[email protected] for information, or look at http://www.Four11.com/
Of course, you can always send your key directly to the parties you wish to
correspond with by whatever means you wish.
CAN I COPY AND REDISTRIBUTE THIS FAQ?
Yes. Permission is granted to distribute unmodified copies of this FAQ.
Please e-mail comments to Peter Herngaard <[email protected]>
Look for the latest html version of this FAQ at
http://inet.uni-c.dk/~pethern/getpgp.html
-----BEGIN PGP SIGNATURE-----
Version: 2.7.1
iQEVAgUBMaftOm+Iqt/O4EnZAQHk8ggAwL5UcRF4Gv1F6eO7NaQcb45Xa+ST3l3S
+6sPHN5vFn/LvUsNHO4o9gDBDJB3Bd8S3nDfRxoSolD1ijNtKGOvJzzXtAf2lXFI
95YXCuF+DyhBrghBfwNzFePjuiDZ/92aeXn90oAEpHc5gaUFoSo+o9Gu8sD0TMo7
p3houk0AdVRRQBTTljWDin2yoJcGLzbmY6ewRcdkYnEqmcv2oW9drSKky04bcg2A
KGfOKk/5i1Mw3CPKJu/eHy1gi0P4hd5WbH23Jc3cHQVk2BvmR6lLL+ffl4TGjkxt
o61fzYYunxuQzLOi4EeQWWhq31+WJwOO0CuW35nA1XzoQXALdBfF8A==
=1NGG
-----END PGP SIGNATURE-----