I'm concerned about the product "Pretty Safe Mail" for the Macintosh, by a company called Highware. I was wondering whether anyone here had tried evaluating it at all. It is a complete PGP implementation (not a front-end). They claim to have licensed some of PRZ's code from PGP. However, as far as I can tell, they are not making any of the source code available. As someone on the comp.security.pgp newsgroups pointed out, writing a wonderful user interface on a PGP trojan horse that either crippled the session key generator or used the session key to leak random portions of secret key primes would be a perfect tactic for a government wishing to penetrate PGP security. With such a great interface, compared to the original PGP, it can't help but become widely used. I realize that without the source code, it's a major hassle, but has anyone looked at Pretty Safe Mail (previously called Safemail) at all for suspicious behavior? For example: 1) non-random session key generation? 2) non-random key pair generation? 3) unnecessary disk access to secret keys? 4) anything else? Any findings, positive or negative, would be appreciated.