PGP 2.5 changes

[Hal]

Below I have included the contents of the file newfor25.doc from the
PGP 2.5 beta release which I just grabbed.  It says that old (pre
2.3) signatures will not verify under 2.5.  That's too bad.  Also, key
sizes are limited to 1024 bits.  Tough luck for people who made bigger
ones, I guess.

Looks to me like there may still be a market for a non-RSAREF PGP.
Anyway, here's the file:

Changes to PGP 2.5:

                 ***** MOST IMPORTANT *****

This version of PGP uses RSAREF 2.0, so it's legal in the U.S.!  The
RSAREF license forbids you to (among other things; see the license for
full details) "use the program to provide services to others for which
you are compensated in any manner", but that still covers a lot of
people.  If you want to use it in a commercial or governmental
setting, talk to ViaCrypt (2014 West Peoria Avenue, Phoenix, Arizona
85029, +1 602 944-0773).

PGP 2.5 should always be distributed with a copy of the RSAREF 2.0
license of March 16, 1994 from RSA Data Security, Inc., so that all
users will be aware of their obligations under the RSAREF license.

Since the RSAREF license conflicts with the GNU General Public License that
PGP was formerly distributed under, the GPL had to go.  PGP is still
freely distributable, though.  (From a copyright point of view; export
controls or some other legal hassle may apply.)

*** IMPORTANT CHANGE:

RSAREF 2.0 can understand only the pkcs_compat=1 formats for signatures
and encrypted files.  This has been the default since 2.3, so old files
should not be too much of a problem, but old key signatures will
encounter difficulties.  This change will result in a hole being ripped
in the "web of trust" as many old signatures are invalidated.  Please check
your key rings (pgp -kc) and re-issue any signatures that have been
invalidated.  PGP by default offers to remove such signatures.  Even if you
leave them in, they are not trusted.

Another RSAREF limitation is that it cannot cope with keys longer than
1024 bits.  PGP now prints a reasonably polite error message in such a
case.

OTHER CHANGES:

The support files are thinner.  The various contrib directory utilities
have not been updated since 2.3a, and since the PGP developers know how
annoying it is to have people using an ancient version and complaining
about a bug in a program that was fixed a year ago, they have been
omitted rather than annoy the contributors in this way.  Also, the
language translation file, language, is incomplete.  The strings
that were in 2.3a are there, and some that could be updated without
much knowledge of the language, but others that are new to 2.5 are
untranslated.  The format should be obvious and some tools for
manipulating the language traslations are included in the contrib
directory.

Printed KeyIDs have been incresed to 32 bits, as there were enough keys
out there that 24-bit keyIDs were no longer sufficiently unique.  The
previous 24-bit keyID is the LAST 6 digits of an 8-digit 32-bit keyID.
For example, what was printed as A966DD now appears as C7A966DD.

The config-file options
	pubring=<filename>,
	secring=<filename>, and
	randseed=<filename>
have been added.  Hopefully, the uses will be obvious.  With these, you can
keep keyrings anywhere you like.  Of course, they can also be specified on
the command line with +pubring= (or abbreviated to +pub=).

If the line
	comment=<string>
appears in the config file, the line "Comment: <string>" appears in
ASCII armor output.  Of course, you can also use this from the
command line, e.g. to include a filename in the ASCII armor, do
"pgp -eat +comment=filename filename recipient".

PGP now enables clearsig by default.  If you sign and ascii-armor a
text file, and do not encrypt it, it is clearsigned unless you ask
for this not to be done.

The now enables textmode.  Textmode detects non-text files and
automatically turns itself off, so it's quite safe to leave on all
the time.  If you haven't got these defaults yourself, you might
want to enable them.

All prompts and progress messages are now printed to stderr, to make them
easier to find and ensure they don't get confused with data on standard
output such as pgp -m output.

PGP now wipes temp files (and files wiped with pgp -w) with pseudo-random
data in an attempt to force disk compressors to overwrite as much data as
possible.

On Unix, if the directory /usr/local/lib/pgp exists, it is searched
fror help files, language translations, and the PGP documentation.  On
VMS, the equivalent is PGP$LIBRARY:.  (This is PGP_SYSTEM_DIR, defined
in fileio.h, if you need to change it for your site.)

Also, it is searched for a default global config.  This file may
be overridden by a local config, and it may not set pubring,
secring, randseed or myname (which should be strictly personal)

The normal help files (pgp -h) are pgp.hlp or <language>.hlp, such as
fr.hlp.  Now, there is a separate help file for pgp -k, called pgpkey.hlp,
or <language>key.hlp.  No file is provided by default; PGP will use
its one-page internal help by default, but you can create such a file
at your site.

On Unix systems, $PGPPATH defaults to $HOME/.pgp.

PGP used to get confused if you had a keyring containing signatures from
you, but not your public key.  (PGP can't use the signatures in this case.
Only signatures from keys in the keyring are counted.)
PGP still can't use the signatures, but prints better warning messages.
Also, adding a key on your secret key ring to your public keyring
now asks if the key should be considered ultimately-trusted.
Prviously, you had to run pgp -ke to force this check, which was
non-obvious.

Due to a few people distributing PGP without the manual (including one
run of a few thousand CD-ROMs), and the resultant flood of phone calls
from confused users, PGP now looks to make sure a manual is somewhere in
the vicinity when running to discourage this sort of thing.  (If you're
getting this warning and need details on how to get rid of it, try pgp -kg.)

On Unix, PGP now figures out the resolution of the system clock at run
time for the purpose of computing the amount of entropy in keystroke
timings.  This means that on many Unix machines, less typing should be
required to generate keys.  (SunOS and Linux especially.)

The small prime table used in generating keys has been enlarged, which
should speed up key generation somewhat.

There was a bug in PGP 2.3a (and, in fact in 2.4 and dating back to 1.0!)
when generating primes 2 bits over a multiple of the unit size (16 bits
on PC's, 32 bits on most larger computers), if the processor doesn't deal
with expressions like "1<<32" by producing a result of 1.  In practice,
that corresponds to a key size of 64*x+4 bits.

Code changes:

At the request of Windows programmers, the PSTR() macro used to translate
string has been renamed to LANG().

The random-number code has been *thoroughly* cleaned up.  So has the
IDEA code and the MD5 code.  The MD5 code was developed from scratch and
is available for public use.

The Turbo C makefile was dropped in favour of a Borland C .prj file.
You can use makefile.msc as a guide if you need one for a command-line
Turbo C.