[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PGPlib-0.2 available
--- begin forwarded text
To: [email protected]
Subject: PGPlib-0.2 available
Date: Fri, 30 May 1997 15:06:42 +0200
From: Tage Stabell-Kulo <[email protected]>
Reply-To: [email protected]
Sender: [email protected]
Precedence: list
-----BEGIN PGP SIGNED MESSAGE-----
Announcing PGPlib-0.2
=====================
We are pleased to announce a new verison of PGPlib. You can obtain
the newest version (that is 0.2 as of today) from
ftp://dslab1.cs.uit.no/pub/PGPlib.tar.gz
In short, you will find a library that enables your software to read
and write "packages" which can be decrypted and/or verified by means
of PGP. In other words, you can incorporate PGP compatibility in your
software without having to run PGP.
When you uncompress and un-tar the file, you will obtain four files in
the CURRENT directory. These files are
README Describing how to preceed
PGPlib-0.2.tar The library, manual pages and so on
PGPlib-0.2.tar.asc A detached signature for verification
pubkey.asc My public key (again, for verification)
It is described in README how to verify the release you have obtained,
how to unpack, what you will actually get when you unpack, and so on.
What is there for you
=====================
PGPlib is a library that lets you generate (and manipulate) PGP
packets without having to run PGP. In particular there is code to
generate and understand the following types of PGP packets:
- Literal with filename, mode, etc. You can create literate
packages from files, or from buffers, and create files from
literate packets;
- Convential encrypted (IDEA with Zimmermann's context sensitive
feedback). The library can both read (decrypt) and write
(encrypt) convential packets (in PGP format);
- Armor. You can (de)armor a buffer or a file into a buffer or a
file;
- UserID packets are read and written in a variety of formats;
- Keys can be obtained from a database (which is provided) or by
parsing keyrings. Keys can be kept in buffers or on files;
- You can maintain a PGP public-key database (I use this library to
maintain a database with ~40.000 keys). There is code to use DBM
as supplied from Berkeley or, if you prefer, GDBM from GNU;
- You can verify RSA signatures on public keys and on buffers
(files);
- You can encrypt data (file or buffer) with public keys. The DEK
is naturally written as a separate packet;
- With a secret key you can sign other keys and buffers. Keys can
be read from databases or files; they are decrypted on the fly.
We have made a small program that will (de)armor anything, a parser to
parse PGP files (including decryption and so on), a shell to
manipulate a keydatabase, a keyserver to run on top of such a
database, a program to verify signatures on keys and/or files, a
program to split keyrings in smaller parts and a program that will
sign files for you. You will find all these (and more) in the
applications/ directory. None of these uses PGP, the library provides
all the functionality you need.
What you need
=============
- You must have the SSLeay library as I have not implemented any
cryptographic functionality; I hope SSLeay is a good choice. I
did not major in mathematics and can thus not judge the quality
of their work, although it looks solid (to me). I link with their
version 0.6.6. I rely on SSLeay for great many things, in
particular their BIGNUMs, RSA encryption and IDEA. I use
"fprintf(stderr" when problems occur, but integration into the
SSLeay "error-system" might happen. You can obtain SSLeay from:
* ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/ - SSLeay source
* ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/ - SSL applications
* http://www.psy.uq.oz.au/~ftp/Crypto/ssl.html - SSLeay Programmer
Reference
SSLeay is quite large and I only use a fraction of it. On the
other hand, SSLeay seems to be well maintained and their
crypto-library might very well shrink or become more modular as
time passes.
Your Feedback
=============
Your feedback is solicited. Peter Simons <[email protected]> has
created a mailinglist for PGPlib. To subscribe, send an e-mail to
the address [email protected] and write the
command SUBSCRIBE into the BODY. If you want to be subscribed under
a different address than the one you're mailing from, you can also
use SUBSCRIBE [email protected] to do the trick. To post to
the list, send an e-mail to [email protected] as usual.
There is also an [email protected]. Subscribe by
sending an e-mail to [email protected] with
SUBSCRIBE in the body. The latter list will be very low-volume.
If you write a nice application based on this library (the ultimate
feedback :-), please feel free to send it to me and I will include
it in the next release;
Where to get PGPlib
===================
ftp://dslab1.cs.uit.no/pub/PGPlib.tar.gz
COPYRIGHT (yum, yum)
=========
The library and included applications are all available under
"Berkely style" copyright terms. Basically, this means that it is
FREE for commercial and non-comercial use, and that you can do
almost anything with the code. The only thing you can not do is to
say that you wrote it. See the file COPYING for details.
Let's go to work
================
I hope you like it, that you find is useful, that you will find no
bugs, and that you will provide valuable feedback by means of the
mailing list.
Tage Stabell-Kul�
Castelmaggiore, Italy
30. May 1997
//// Tage Stabell-Kuloe | e-mail: [email protected] ////
/// Department of Computer Science/IMR | Phone : +47-776-44032 ///
// 9037 University of Tromsoe, Norway | Fax : +47-776-44580 //
/ "'oe' is '\o' in TeX" | URL:http://www.cs.uit.no/~tage/
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.2, an Emacs/PGP interface
iQCVAwUBM47QfAMzZ6tx+9RpAQFHJQQAmsrh3sqgeRdOFscXWAb7/bV5ivdgnB4+
IpgGpGPMhNYfAzDJvz2rdvt1Z38NhLjOHOTEl+RhKGUGmc7cDXiaAE38Vh3OJIPu
FijHtMgr++GdxZS5/WvcUxlvvMQjyjDaX84eG0clG1djYizMzR+7HwsIaaJeLtOb
wlBORx01NRo=
=Q5Ed
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
PGP Library Announcements
--- end forwarded text
-----------------
Robert Hettinga ([email protected]), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/