[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hardware RNG support for PGP 2.63



-----BEGIN PGP SIGNED MESSAGE-----


There is now support for using a hardware random number generator
with the most recent version of PGP, (pgp263i)

Version pgp 2.63i is now supported.

The files for this modification of pgp
are at the export controled ftp site in the directory:

ftp://ftp.csn.net/mpj/I_will_not_export/crypto_????????/pgp/rng

the files are:	
		rg263.zip	(compiled both ways, so there
				are executables approapriate for
				both inside and outside USA.)


Sources for the modifications are included. Executables are
included for OS/2 and MSDOS.

In the above ????????? varies because of the export control
scheme. To get the files if you are in the U.S. and Canada
first get the file ftp://ftp.csn.net/mpj/README.MPJ and
follow the instructions.

Many thanks to [email protected] for providing storage at the
export controled ftp site. Other ftp sites are welcome to
store these files. Be aware of ITAR.

By the way I used to use the mail address:
[email protected]
But I now use:
[email protected]
because it is faster. But you can tell it is the same
person because I sign with the same PGP key.

Here is the README file that comes with the modifications.
- ------------------------------------------
	       Hardware Random Number Support for PGP.
	           PGP 263 international version

Ever get tired of typing in keyboard timing strokes while generating a
PGP key? Ever want to use PGP unattended, but be foiled because there is
no one there to type the keyboard timing strokes?

Ever wonder if PGP's method of generating random number might have some
subtle flaw which would expose it to cryptanalysis?


This is a modified version of PGP which allows it to be used with a
hardware random number generator. Two kinds of RNG are supported: 
First, any RNG with a IO driver that makes the RNG look like a file that
can be opened (fopen) such that each byte read is a random byte. Second,
a bus RNG under the x86 architecture such that random bytes my be
obtained with a simple "IN" instruction. The CALNET/NEWBRIDGE RNG is an
example of this kind of RNG. A crude sanity check is done to check that
the bytes appear to be random.

To use the hardware random number generator feature of this software,
you must define _ONE_ of the new configuration file parameters RNGDRIVER
or RNGPORT in config.txt or from the command line.  If you have a RNG of
the first type, define RNGDRIVER to be the complete path to the RNG
driver. If you have a RNG of the second type, define RNGPORT to be the
port number from which to get random numbers. You can use hexadecimal
i.e. 0x300.

Examples:

RNGDRIVER=/dev/random

or

RNGPORT=0x300


If neither of these are defined the modified PGP will get its RANDOM
numbers in exactly the same way that regular PGP does, through keyboard
timing. If one of these parameters is set correctly, the modified PGP
will get its random numbers from the RNG and you will never be asked to
type keyboard timing stokes.



I have compiled a version of PGP that supports a hardware RNG for MSDOS
and OS/2. I have included the source files for each file that has been
modified. To compile get the original source files, put in the modified
files and compile as usual. 

The new source files and this software are covered by the same license
as the original, the MIT licence.

The USA version pgp263 (without the i) is covered by the RSA license.


If someone out there has an PSI-LINE random number generator that
attaches to a RS-232 port as if it were a modem,  please test it with
this software. If the software line characteristics (baud rate, flow
control, stopbits, ect) are set correctly (You will have to do this
yourself, as this modified PGP does not do this) then all you should
have to do is set RNGDRIVER to the RS232 device name. I have not tested
this because I do not have this kind of RNG.

Someone may wish to add code to set the software line characteristics,
but this may be difficult, as the code would vary by operating system
and even among the various flavors of UNIX.

If you do such a test please report the results to alt.security.pgp and
cypherpunks.



The executables in the subdirectory "USA" are linked with the 
RSA library and will not allow you to disable the legal kludge.
They should be OK to use in the USA.

The executables in the "I" subdirectory are not linked to the RSA
library and allow you to disable the legal kludge. It should be
OK to use in countries outside the USA such as CANADA.


The executables in the subdirectories "DOS" can be used with
MSDOS. The executables in the subdirectories "EMX" can be used
with OS/2 if you have the EMX runtime system installed. The
executables in the subdirectories "OS2" can be used with OS/2.

The zip file should be unziped with the "-d" switch if using pkunzip.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMRZneM29s2mG+tTVAQEeVgP/dHnlQd73Yyyzw4uB1lwo76aDZOiVe+i4
VV5aUBpTtBYTknPNeKFaUhLOxZo2tykSrByPXuAQ0dzKyL5MxIOAt52sBx2nQoOi
EOFq6mlQH+yUfcfRcjnFGoWtyasBfpdEzO07/shiB8Ts1rRxSR2z0rCoXNuRM8a6
5oU8NDc1vVw=
=H9r8
-----END PGP SIGNATURE-----