It's probably good to discuss how PGP works here, for educational purposes, but I would expect people to get the source code if they really are interested. I can give some pointers here to answers to some of the questions people have asked.
Thanks for the answers, Hal. I have been digging into the original RSA paper and the PGP 2.0 sources. By the way, sorry if my response time is long; I've been traveling for work lately. I suggested leaving the minimum set of compute-intensive routines in C and implementing the higher-level stuff in some higher-level language ("HLL"), possibly interpreted. Hal pointed out some of the crunching jobs other than modmult. Using an HLL has cons as well as pros to it. The main advantage (for my purpose here) is that C code has a lot of noise that gets in the way of understanding. This could also be improved by some coding style changes--for instance, using some object-oriented stuff (data structures that handle more of their own details) and, ahem, fewer #ifdefs... Another advantage of an HLL is ease of trying out different, er, schemes. If I used an HLL, I think it would be one that had very C-like syntax. The main drawback of an HLL is that it's another program that you have to trust. Sometimes inner parts of interpreters and compilers are hard to write so that they are correct *and seem* correct when you look at them. A couple of things they can do are automatic space allocation, garbage collection and "burning" data that's no longer in use ("garbage burning?"). -fnerd quote me fnerd@smds.com (FutureNerd Steve Witham)