--- begin forwarded text To: pgplib-announce@petium.rhein.de Subject: PGPlib-0.2 available Date: Fri, 30 May 1997 15:06:42 +0200 From: Tage Stabell-Kulo <tage@acm.org> Reply-To: tage@acm.org Sender: pgplib-announce-owner@petium.rhein.de Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Announcing PGPlib-0.2 ===================== We are pleased to announce a new verison of PGPlib. You can obtain the newest version (that is 0.2 as of today) from ftp://dslab1.cs.uit.no/pub/PGPlib.tar.gz In short, you will find a library that enables your software to read and write "packages" which can be decrypted and/or verified by means of PGP. In other words, you can incorporate PGP compatibility in your software without having to run PGP. When you uncompress and un-tar the file, you will obtain four files in the CURRENT directory. These files are README Describing how to preceed PGPlib-0.2.tar The library, manual pages and so on PGPlib-0.2.tar.asc A detached signature for verification pubkey.asc My public key (again, for verification) It is described in README how to verify the release you have obtained, how to unpack, what you will actually get when you unpack, and so on. What is there for you ===================== PGPlib is a library that lets you generate (and manipulate) PGP packets without having to run PGP. In particular there is code to generate and understand the following types of PGP packets: - Literal with filename, mode, etc. You can create literate packages from files, or from buffers, and create files from literate packets; - Convential encrypted (IDEA with Zimmermann's context sensitive feedback). The library can both read (decrypt) and write (encrypt) convential packets (in PGP format); - Armor. You can (de)armor a buffer or a file into a buffer or a file; - UserID packets are read and written in a variety of formats; - Keys can be obtained from a database (which is provided) or by parsing keyrings. Keys can be kept in buffers or on files; - You can maintain a PGP public-key database (I use this library to maintain a database with ~40.000 keys). There is code to use DBM as supplied from Berkeley or, if you prefer, GDBM from GNU; - You can verify RSA signatures on public keys and on buffers (files); - You can encrypt data (file or buffer) with public keys. The DEK is naturally written as a separate packet; - With a secret key you can sign other keys and buffers. Keys can be read from databases or files; they are decrypted on the fly. We have made a small program that will (de)armor anything, a parser to parse PGP files (including decryption and so on), a shell to manipulate a keydatabase, a keyserver to run on top of such a database, a program to verify signatures on keys and/or files, a program to split keyrings in smaller parts and a program that will sign files for you. You will find all these (and more) in the applications/ directory. None of these uses PGP, the library provides all the functionality you need. What you need ============= - You must have the SSLeay library as I have not implemented any cryptographic functionality; I hope SSLeay is a good choice. I did not major in mathematics and can thus not judge the quality of their work, although it looks solid (to me). I link with their version 0.6.6. I rely on SSLeay for great many things, in particular their BIGNUMs, RSA encryption and IDEA. I use "fprintf(stderr" when problems occur, but integration into the SSLeay "error-system" might happen. You can obtain SSLeay from: * ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/ - SSLeay source * ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/ - SSL applications * http://www.psy.uq.oz.au/~ftp/Crypto/ssl.html - SSLeay Programmer Reference SSLeay is quite large and I only use a fraction of it. On the other hand, SSLeay seems to be well maintained and their crypto-library might very well shrink or become more modular as time passes. Your Feedback ============= Your feedback is solicited. Peter Simons <Peter.Simons@gmd.de> has created a mailinglist for PGPlib. To subscribe, send an e-mail to the address pgplib-dev-request@petium.rhein.de and write the command SUBSCRIBE into the BODY. If you want to be subscribed under a different address than the one you're mailing from, you can also use SUBSCRIBE yourname@somewhere.else to do the trick. To post to the list, send an e-mail to pgplib-dev@petium.rhein.de as usual. There is also an pgplib-announce@petium.rhein.de. Subscribe by sending an e-mail to pgplib-announce-request@petium.rhein.de with SUBSCRIBE in the body. The latter list will be very low-volume. If you write a nice application based on this library (the ultimate feedback :-), please feel free to send it to me and I will include it in the next release; Where to get PGPlib =================== ftp://dslab1.cs.uit.no/pub/PGPlib.tar.gz COPYRIGHT (yum, yum) ========= The library and included applications are all available under "Berkely style" copyright terms. Basically, this means that it is FREE for commercial and non-comercial use, and that you can do almost anything with the code. The only thing you can not do is to say that you wrote it. See the file COPYING for details. Let's go to work ================ I hope you like it, that you find is useful, that you will find no bugs, and that you will provide valuable feedback by means of the mailing list. Tage Stabell-Kul¯ Castelmaggiore, Italy 30. May 1997 //// Tage Stabell-Kuloe | e-mail: tage@ACM.org //// /// Department of Computer Science/IMR | Phone : +47-776-44032 /// // 9037 University of Tromsoe, Norway | Fax : +47-776-44580 // / "'oe' is '\o' in TeX" | URL:http://www.cs.uit.no/~tage/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 Comment: Processed by Mailcrypt 3.2, an Emacs/PGP interface iQCVAwUBM47QfAMzZ6tx+9RpAQFHJQQAmsrh3sqgeRdOFscXWAb7/bV5ivdgnB4+ IpgGpGPMhNYfAzDJvz2rdvt1Z38NhLjOHOTEl+RhKGUGmc7cDXiaAE38Vh3OJIPu FijHtMgr++GdxZS5/WvcUxlvvMQjyjDaX84eG0clG1djYizMzR+7HwsIaaJeLtOb wlBORx01NRo= =Q5Ed -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ PGP Library Announcements --- end forwarded text ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/