Re: Is there a Win PGP?
At 10:58 PM 11/6/96 -0500, you wrote:
subject says it all.... Im just wondering is (and where) there is a windows version of PGP.. thanks!
There are two separate issues - PGP with a Windows GUI, and PGP that really runs as a Windows process, rather than needing to fire up a DOS window. There are a dozen or so Windows GUIs for PGP, many of which are on ftp.ox.ac.uk. I especially like Private Idaho; I think the path to it is www.eskimo.com/~joelm/ (also ftp.eskimo.com). Current version is about 2.8 ; I'm not running it because it dropped support for ViaCrypt (due to problems with ViaCrypt 4.0), and I like using ViaCrypt. I'm also having problems getting the older versions to work on Windows NT (sigh...) For a real Windows version, you can buy ViaCrypt (about $100-130?) At least inside the US, to use the interesting RSA methods except through the official external interfaces to RSAREF, you need permission from RSA. Basic PGP for DOS/Unix/Mac has this, but there isn't a blessed Windows version except ViaCrypt, a commercial product. For commercial applications, you probably also need ViaCrypt anyway. It was a nice product before they added Key Escrow support. Now that Phil has bought them, they'll presumably return to political correctness on that issue. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk
In <1.5.4.32.19961107072438.00dad0cc@popd.ix.netcom.com>, on 11/06/96 at 11:24 PM, stewarts@ix.netcom.com said:
For commercial applications, you probably also need ViaCrypt anyway. It was a nice product before they added Key Escrow support. Now that Phil has bought them, they'll presumably return to political correctness on that issue.
Hmmm I don't think they actually had a Key Escrow Support. My understanding was that the user could create a master key that could be used to decrypt messages from the other keys. This was done in responce to the needs of some of their corprate users that needed a way to decrypt company info. It could be quite devistating if a vip for company x encrypted vital corporate files and then quit/fired/died and those file were nolonger able to be retreived. I am not sure exactly how they had this mechanism set up but I am pretty sure this was somthing the user had to actively set up as aposed to somthing done automatically with out the user's knowledge. I can see how this could be abused though for a GAK system though I never did see anything from ViaCrypt that they supported any of the Clipper/GAK crap from our government. Does anyone know if you can purchace a commercial license from ViaCrypt/PGP Inc. but use the standard PGP for commercial purposes? -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Cooking With Warp 4.0 Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii@amaranth.com for PGP Key and other info ----------------------------------------------------------- *MR/2 ICE: The best way to accelerate Windows is at escape velocity.
On Thu, 7 Nov 1996, William H. Geiger III wrote:
Does anyone know if you can purchace a commercial license from ViaCrypt/PGP Inc. but use the standard PGP for commercial purposes?
Yes, that's one way of doing it. Phil's mentioned this in his PGP doc, as I recall. He says, <paraphrase> 'if you use it commercially, you have to make certain I make a buck off this - either send me one, or buy a license from ViaCrypt." However, you should also know that PGP Inc. (formerly called ViaCrypt) sells *TWO* versions of the software. The PE (or personal edition) doesn't have the "master key" feature. If you don't want to use the encrypted file recovery, then don't order the software that has it. In the BE (business edition), there's an option to force Big Brother into every recipient list. This means that the boss can put him/herself onto the list of "encrypt to whom" whether you want him/her there or not. Also, the BE recognizes some nuances in keys that the freeware doesn't: You can have "sign only" and "encrypt only" keys. Thus, you can give everyone a PGP key for digital signature (because, let's say, you want those powerful non-repudiation capabilities), but if it's a sign-only key, they can't encrypt anything with it. I'm also confident that these "features" are very hackable. Someone could easily tweak the copy of the public key for Big Brother so it encrypts to something for which nobody (who can be found) holds the other half of the key pair. I'm sure there are some check digits, but I also know that it's going to be damn hard, with software sitting on my disk on my PC, for you to keep me locked out of it for very long. I'm sure that Cypherpunks could contribute something valuable in creating the "Hacking PGP 4.0 Business Edition FAQ." Anyone for a little R&D? The purpose (as it's been explained to me by PGP Inc.) for the BE/PE changes was to increase the *CHOICES* that PGP users were being given - not to change PGP into something with key escrow. (The secret keys still are secret - there is no escrow). Everyone knows full well that there are many companies who won't ever touch PGP unless it's equipped with some "fail safe" that permits them to enforce their INFOSEC policy. Recovering files that were encrypted by people whom have forgotten their pass phrases is in line with most corporate policies. Bottom line: Buy the version you want. If you don't like the BE features, then don't pay for them or use them. ------------------------------------------------------------------------- |It's a small world and it smells bad | Mark Aldrich | |I'd buy another if I had | GRCI INFOSEC Engineering | |Back | maldrich@grci.com | |What I paid | MAldrich@dockmaster.ncsc.mil| |For another mother****er in a motorcade |Quote from "Sisters of Mercy"| |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich@grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | -------------------------------------------------------------------------
On Thu, 7 Nov 1996, William H. Geiger III wrote:
In <1.5.4.32.19961107072438.00dad0cc@popd.ix.netcom.com>, on 11/06/96 at 11:24 PM, stewarts@ix.netcom.com said:
For commercial applications, you probably also need ViaCrypt anyway. It was a nice product before they added Key Escrow support. Now that Phil has bought them, they'll presumably return to political correctness on that issue.
Hmmm I don't think they actually had a Key Escrow Support. My understanding was that the user could create a master key that could be used to decrypt messages from the
Does anyone know if you can purchace a commercial license from ViaCrypt/PGP Inc. but use the standard PGP for commercial purposes?
William H. Geiger III http://www.amaranth.com/~whgiii
PGP Inc. (http://www.pgp.com/) is now marketing Viacrypt PGP. There are two packages, Viacrypt PGP Personal Edition which is PGP, like we all know and love. PE also is available as DOS, MS-Windows, Mac, and UNIX. So Viacrypt PGP/PE for DOS should feel similar if not identical to MIT's PGP, though I haven't tested it yet. You could license IDEA single-license and license RSAREF for commerical usage (http://www.consensus.com/ or JonathanZ@consensus.com), but why bother? They also have a Business Edition which supports key escrowing, not some US government backdoor, but a 'master key' for businesses to recover encrypted information if an employee forgets a passphase (which they do), dies (which they do, if the information is very important), is on vacation (sometimes it happens), etc. In a commerical environment, key escrowing is for data recovery, not for spying on employees. If you want to use your employer's email system for your personal email, then use a personal public key. -Michael
In <Pine.OSF.3.90.961107161755.5877A-100000@olympus.mta.ca>, on 11/07/96 at 05:06 PM, "Michael C Taylor (CSD)" <mctaylor@olympus.mta.ca> said:
PGP Inc. (http://www.pgp.com/) is now marketing Viacrypt PGP. There are two packages, Viacrypt PGP Personal Edition which is PGP, like we all know and love. PE also is available as DOS, MS-Windows, Mac, and UNIX. So Viacrypt PGP/PE for DOS should feel similar if not identical to MIT's PGP, though I haven't tested it yet. You could license IDEA single-license and license RSAREF for commerical usage (http://www.consensus.com/ or JonathanZ@consensus.com), but why bother?
Well their are several reasons I myself would rather use the "free" version in a commercial enviromet: 1. Source code is not available for the ViaCrypt version. 2. No OS/2 version 3. I really don't like the Windows GUI that ViaCrypt has developed. (I am biased by the fact that I have written my own <G>). On # 1 this is a problem for those that like to have the source code and compile the program themselfs and without the source code one is unable to run it on an unsupported platform (see #2) On #2 this is a bussiness dicision made by ViaCrypt. I'll leave it at that. (no sense starting an OS war). On #3 this again is just a personal preference issue and would not rate it as a big factor. I am corresponding with PGP Inc. on the legal issues of using the "free-ware" version in a commercial enviroment. -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Cooking With Warp 4.0 Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii@amaranth.com for PGP Key and other info ----------------------------------------------------------- *MR/2 ICE: "Luke! I'm your father!" Bill Gates, 1980
On Thu, 7 Nov 1996, William H. Geiger III wrote: !
I am not sure exactly how they had this mechanism set up but I am pretty sure this was somthing the user had to actively set up as aposed to somthing done automatically with out the user's knowledge.
I have both versions. They call it the "Business Edition", and the master key is optional, not required. The master key has to be in place before anyone else generates their key, otherwise the master key won't work. You have to go in and turn this on so it isn't something that gets implemented without *someone* knowing. As for everyone else knowing that there was a master key generated... #include <standard.disclaimer> _ __ __ _____ ____ / | / /__ / /_/ ___/__ _______/ __/__ _____ / |/ / _ \/ __/\__ \/ / / / ___/ /_/ _ \/ ___/ / /| / __/ /_ ___/ / /_/ / / / __/ __/ / ================/_/=|_/\___/\__//____/\__,_/_/==/_/==\___/_/===============
stewarts@ix.netcom.com wrote:
At 10:58 PM 11/6/96 -0500, you wrote:
subject says it all.... Im just wondering is (and where) there is a windows version of PGP.. thanks!
There are two separate issues - PGP with a Windows GUI, and PGP that really runs as a Windows process, rather than needing to fire up a DOS window. There are a dozen or so Windows GUIs for PGP, many of which are on ftp.ox.ac.uk. I especially like Private Idaho; I think the path to it is www.eskimo.com/~joelm/ (also ftp.eskimo.com). Current version is about 2.8 ; I'm not running it because it dropped support for ViaCrypt (due to problems with ViaCrypt 4.0), and I like using ViaCrypt. I'm also having problems getting the older versions to work on Windows NT (sigh...)
For a real Windows version, you can buy ViaCrypt (about $100-130?) At least inside the US, to use the interesting RSA methods except through the official external interfaces to RSAREF, you need permission from RSA. Basic PGP for DOS/Unix/Mac has this, but there isn't a blessed Windows version except ViaCrypt, a commercial product. For commercial applications, you probably also need ViaCrypt anyway. It was a nice product before they added Key Escrow support. Now that Phil has bought them, they'll presumably return to political correctness on that issue.
I did a port of PGP to a Windows DLL a long time back, but I never got around to releasing it. I could bring it up to date and put it out there if there is popular demand. Cheers, Ben. -- Ben Laurie Phone: +44 (181) 994 6435 Email: ben@algroup.co.uk Freelance Consultant and Fax: +44 (181) 994 6472 Technical Director URL: http://www.algroup.co.uk/Apache-SSL A.L. Digital Ltd, Apache Group member (http://www.apache.org) London, England. Apache-SSL author
participants (6)
-
Ben Laurie -
Mark O. Aldrich -
Michael C Taylor (CSD) -
NetSurfer -
stewarts@ix.netcom.com -
William H. Geiger III