From: Stanton McCandlish <anton@hydra.unm.edu> Subject: Dolphin Encrypt To: cypherpunks@toad.com Date: Wed, 19 May 93 6:39:04 MDT

...

The recipient captures the entire message as, say, G.ENC, then runs:

DE D G.ENC G.DEC /t

(Of course, she has to know the encryption key.) Dolphin Encrypt skips over P1 to get at C2 and writes G.DEC containing P2. Voila!

My question is, how does the recipient get the key, and how do they (she, whatever) know to use that long de command? What would happen if they didn't, just get gibberish?

1. I'm sure Stanton is aware (though perhaps there are some people who are not) that there were cryptosystems in existence before PGP, and before public key cryptography was invented. DES is an example. Such cryptosystems (in contrast to PGP) are called "symmetric key" systems since the key used to encrypt is the same as the key used to decrypt. This being so, there is the problem of how to get the key to the person decrypting the received ciphertext. (This is as true for DES as for any other symmetric key system.) There are ways, more or less secure. A secure way is to use PGP to transmit the encrypted key. If your only encryption need is transmitting encrypted email then PGP may be all you need. If you want to encrypt lots of 1MB database files, either to keep around or to transmit, then a faster encryption process is needed. 2. They know how to use "that long de command" (actually I think it's quite short) because they've RTFM or had it explained to them, just as for PGP. 3. If they didn't use it they'd just have a block of what looks like uuencoded stuff in the middle of the received message. If they put a wrapper around it and uudecoded they'd get *real* gibberish.

From: Eric Hughes <hughes@soda.berkeley.edu> To: cypherpunks@toad.com Subject: Mixing ciphertext and plaintext

...

If you wish to mix plaintext and ciphertext in an email message then you can use Dolphin Encrypt.

What cryptosystem does Dolphin Encrypt use? Is the algorithm published somewhere?

Eric

The encryption process was developed and refined, with no input from any government agency, during the last few years. A general description of it is given in the manual that comes with Dolphin Encrypt. I shall post this description in the following message. Comments are welcome. Although this description is quite detailed, it is not sufficient to work through the process with pencil and paper, since it is too complex. The complete details can only be understood from a study of the C source code, which is provided with the Dolphin Encryption Library, a C library usable by programmers to add encryption capabilities to application programs. More details available by snailmail; requests by email or to 512-479-9208. (We finally had our cute executive secretary record the message; sounds better now - and, no, she doesn't throw the Selectric typewriter ribbons in the trash. In fact, we feed *all* our cast-off confidential data to the hogs out back. Best security method we've ever used, though the dobermans are pretty good too.) -- Peter Meyer P.S. Info going out by snailmail to all who requested it.