-----BEGIN PGP SIGNED MESSAGE----- There is now support for using a hardware random number generator with the most recent version of PGP, (pgp263i) Version pgp 2.63i is now supported. The files for this modification of pgp are at the export controled ftp site in the directory: ftp://ftp.csn.net/mpj/I_will_not_export/crypto_????????/pgp/rng the files are: rg263.zip (compiled both ways, so there are executables approapriate for both inside and outside USA.) Sources for the modifications are included. Executables are included for OS/2 and MSDOS. In the above ????????? varies because of the export control scheme. To get the files if you are in the U.S. and Canada first get the file ftp://ftp.csn.net/mpj/README.MPJ and follow the instructions. Many thanks to mpj@netcom.com for providing storage at the export controled ftp site. Other ftp sites are welcome to store these files. Be aware of ITAR. By the way I used to use the mail address: mg5n+alias!rngaugp@andrew.cmd.edu But I now use: rngaugp@alpha.c2.org because it is faster. But you can tell it is the same person because I sign with the same PGP key. Here is the README file that comes with the modifications. - ------------------------------------------ Hardware Random Number Support for PGP. PGP 263 international version Ever get tired of typing in keyboard timing strokes while generating a PGP key? Ever want to use PGP unattended, but be foiled because there is no one there to type the keyboard timing strokes? Ever wonder if PGP's method of generating random number might have some subtle flaw which would expose it to cryptanalysis? This is a modified version of PGP which allows it to be used with a hardware random number generator. Two kinds of RNG are supported: First, any RNG with a IO driver that makes the RNG look like a file that can be opened (fopen) such that each byte read is a random byte. Second, a bus RNG under the x86 architecture such that random bytes my be obtained with a simple "IN" instruction. The CALNET/NEWBRIDGE RNG is an example of this kind of RNG. A crude sanity check is done to check that the bytes appear to be random. To use the hardware random number generator feature of this software, you must define _ONE_ of the new configuration file parameters RNGDRIVER or RNGPORT in config.txt or from the command line. If you have a RNG of the first type, define RNGDRIVER to be the complete path to the RNG driver. If you have a RNG of the second type, define RNGPORT to be the port number from which to get random numbers. You can use hexadecimal i.e. 0x300. Examples: RNGDRIVER=/dev/random or RNGPORT=0x300 If neither of these are defined the modified PGP will get its RANDOM numbers in exactly the same way that regular PGP does, through keyboard timing. If one of these parameters is set correctly, the modified PGP will get its random numbers from the RNG and you will never be asked to type keyboard timing stokes. I have compiled a version of PGP that supports a hardware RNG for MSDOS and OS/2. I have included the source files for each file that has been modified. To compile get the original source files, put in the modified files and compile as usual. The new source files and this software are covered by the same license as the original, the MIT licence. The USA version pgp263 (without the i) is covered by the RSA license. If someone out there has an PSI-LINE random number generator that attaches to a RS-232 port as if it were a modem, please test it with this software. If the software line characteristics (baud rate, flow control, stopbits, ect) are set correctly (You will have to do this yourself, as this modified PGP does not do this) then all you should have to do is set RNGDRIVER to the RS232 device name. I have not tested this because I do not have this kind of RNG. Someone may wish to add code to set the software line characteristics, but this may be difficult, as the code would vary by operating system and even among the various flavors of UNIX. If you do such a test please report the results to alt.security.pgp and cypherpunks. The executables in the subdirectory "USA" are linked with the RSA library and will not allow you to disable the legal kludge. They should be OK to use in the USA. The executables in the "I" subdirectory are not linked to the RSA library and allow you to disable the legal kludge. It should be OK to use in countries outside the USA such as CANADA. The executables in the subdirectories "DOS" can be used with MSDOS. The executables in the subdirectories "EMX" can be used with OS/2 if you have the EMX runtime system installed. The executables in the subdirectories "OS2" can be used with OS/2. The zip file should be unziped with the "-d" switch if using pkunzip. -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: cp850 iQCVAgUBMRZneM29s2mG+tTVAQEeVgP/dHnlQd73Yyyzw4uB1lwo76aDZOiVe+i4 VV5aUBpTtBYTknPNeKFaUhLOxZo2tykSrByPXuAQ0dzKyL5MxIOAt52sBx2nQoOi EOFq6mlQH+yUfcfRcjnFGoWtyasBfpdEzO07/shiB8Ts1rRxSR2z0rCoXNuRM8a6 5oU8NDc1vVw= =H9r8 -----END PGP SIGNATURE-----