home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Monster Media 1996 #15
/
Monster Media Number 15 (Monster Media)(July 1996).ISO
/
netmail
/
terpgp40.zip
/
PGP.FAQ
< prev
next >
Wrap
PGP Signed Message
|
1996-04-07
|
15KB
|
423 lines
-----BEGIN PGP SIGNED MESSAGE-----
WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) FAQ
Revised 11 February 1996
Disclaimer -- I haven't recently verified all of the information in
this file, and much of it is probably out of date.
For questions not covered here, please read the documentation
that comes with PGP, get one of the books mentioned below, or search for
other relevant FAQ documents at rtfm.mit.edu and on the alt.security.pgp
news group.
WHAT IS THE LATEST VERSION OF PGP?
Viacrypt PGP (commercial version): 2.7.1 (4.0 is due out Real Soon Now)
MIT & Philip Zimmermann (freeware, USA-legal): 2.6.2
Staale Schumacher's International variant: 2.6.3i for non-USA; 2.6.3 for USA
WHERE CAN I GET VIACRYPT PGP?
Just call 800-536-2664 and have your credit card handy.
WHERE IS PGP ON THE WORLD WIDE WEB?
http://web.mit.edu/network/pgp-form.html
(U. S. PGP primary distribution site)
http://web.mit.edu/network/pgpfone
(PGP Fone primary distribution site)
http://www.ifi.uio.no/pgp
(International PGP primary distribution site)
http://www.csua.berkeley.edu/cypherpunks/home.html
WHERE CAN I FTP PGP IN NORTH AMERICA?
If you are in the USA or Canada, you can get PGP by following the
instructions in any of:
ftp://net-dist.mit.edu/pub/PGP/README
ftp://ftp.csn.net/mpj/README.MPJ
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp/
ftp://ftp.gibbon.com/pub/pgp/README.PGP
ftp://ftp.wimsey.bc.ca/pub/crypto/software/README
WHERE IS PGP ON COMPUSERVE?
GO NCSAFORUM. Follow the instructions there to gain access to Library 12:
Export Controlled.
AOL
Go to the AOL software library and search "PGP" or ftp from
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp or another site listed above.
It is possible to get PGP from ftp sites with hidden directories with the
following trick: (1) View the README file with the hidden directory name in
it, then quickly (2) Start a new ftp connection, specifiying the hidden
directory name with the ftp site's address, like
ftp.csn.net/mpj/I_will_not_export/crypto_xxxxxxx (where the xxxxxxx is
replaced with the current character string).
WHAT BULLETIN BOARD SYSTEMS CARRY PGP?
MANY BBS carry PGP. The following carry recent versions of PGP and
allow free downloads of PGP.
US
303-343-4053 Hacker's Haven, Denver, CO
303-772-1062 Colorado Catacombs BBS, Longmont CO
8 data bits, 1 stop, no parity, up to 28,800 bps.
Use ANSI terminal emulation.
For free access: log in with your own name, answer the questions.
314-896-9309 The KATN BBS
317-887-9568 Computer Virus Research Center (CVRC) BBS, Indianapolis, IN
Login First Name: PGP Last Name: USER Password: PGP
501-791-0124, 501-791-0125 The Ferret BBS, North Little Rock, AR
Login name: PGP USER Password: PGP
506-457=0483 Data Intelligence Group Corporation BBS
508-668-4441 Emerald City, Walpole, MA
601-582-5748 CyberGold BBS
612-690-5556, !CyBERteCH SeCURitY BBS! Minneapolis MN
914-667-4567 Exec-Net, New York, NY
915-587-7888, Self-Governor Information Resource, El Paso, Texas
GERMANY
+49-781-38807 MAUS BBS, Offenburg - angeschlossen an das MausNet
+49-521-68000 BIONIC-BBS Login: PGP
WHERE CAN I FTP PGP CLOSE TO ME?
DE
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/
ftp://ftp.uni-kl.de/pub/aminet/util/crypt
ftp://ftp.uni-paderborn.de/pub/aminet/util/crypt
ES
ftp://goya.dit.upm.es
IT
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP
FI
ftp://ftp.funet.fi/pub/crypt
NL
ftp://ftp.nl.net/pub/crypto/pgp
ftp.nic.surfnet.nl/surfnet/net-security/encryption/pgp
NZ
ftp://ftphost.vuw.ac.nz
SE
ftp://leif.thep.lu.se
TW
ftp://nctuccca.edu.tw/PC/wuarchive/pgp/
UK
ftp://ftp.demon.co.uk/pub/amiga/pgp
ftp://ftp.ox.ac.uk/pub/crypto/pgp
ftp://src.doc.ic.ac.uk/aminet/amiga-boing
ftp://unix.hensa.ac.uk/pub/uunet/pub/security/virus/crypt/pgp
ZA
ftp://ftp.ee.und.ac.za/pub/crypto/pgp
HOW CAN I GET PGP BY EMAIL?
If you have access to email, but not to ftp, send a message saying
"help" to ftpmail@decwrl.dec.com or mailserv@nic.funet.fi
WHERE CAN I GET MORE PGP INFORMATION?
http://www.csn.net/~mpj
http://www.mit.edu:8001/people/warlord/pgp-faq.html
http://www.eff.org/pub/EFF/Issues/Crypto/ITAR_export/cryptusa_paper.ps.gz
ftp://ds.internic.net/internet-drafts/draft-pgp-pgpformat-00.txt
ftp://ds.internic.net/internet-drafts/draft-ietf-pem-mime-08.txt
http://www-mitpress.mit.edu/mitp/recent-books/comp/pgp-source.html
http://web.cnam.fr/Network/Crypto/(c'est en francais)
http://web.cnam.fr/Network/Crypto/survey.html(en anglais)
http://www2.hawaii.edu/~phinely/MacPGP-and-AppleScript-FAQ.html
http://www.pgp.net/pgp
http://www.sydney.sterling.com:8080/~ggr/pgpmoose.html
WHAT ARE SOME GOOD PGP BOOKS?
Protect Your Privacy: A Guide for PGP Users
by William Stallings
Prentice Hall PTR
ISBN 0-13-185596-4
US $19.95
PGP: Pretty Good Privacy
by Simson Garfinkel
O'Reilly & Associates, Inc.
ISBN 1-56592-098-8
US $24.95
E-Mail Security: How to Keep Your Electronic Mail Private
"Covers PGP/PEM"
by Bruce Schneier
Wiley Publishing
The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data
Protection, and PGP PRivacy Software
by André Bacard
Peachpit Press
ISBN 1-56609-171-3
US $24.95
800-283-9444 or 510-548-4393
THE OFFICIAL PGP USER'S GUIDE
by Philip R. Zimmerman
MIT Press
April 1995 - 216 pp. - paper - US $14.95 - ISBN 0-262-74017-6 ZIMPP
Standard PGP documentation neatly typeset and bound.
PGP SOURCE CODE AND INTERNALS
by Philip R. Zimmerman
April 1995 - 804 pp. -
US $55.00 - 0-262-24039-4 ZIMPH
How to Use PGP, 61 pages, (Pub #121) from the Superior Broadcasting Company,
Box 1533-N, Oil City, PA 16301, phone: (814) 678-8801 (about US $10-$13).
IS PGP LEGAL?
Pretty Good Privacy is legal if you follow these rules:
Don't export PGP from the USA except to Canada, or from Canada except to the
USA, without a license.
If you are in the USA, use either Viacrypt PGP (licensed for commercial use)
or MIT PGP using RSAREF (limited to personal, noncommercial use). Outside of
the USA, where RSA is not patented, you may prefer to use a version of PGP
(2.6.3i) that doesn't use RSAREF to avoid the restrictions of that license.
If you are in a country where the IDEA cipher patent holds in
software (including the USA, Canada, and some countries in Europe), make
sure you are licensed to use the IDEA cipher commercially before using
PGP commercially. (No separate license is required to use the freeware
PGP for personal, noncommercial use). For direct IDEA licensing, contact
Ascom Systec:
Erhard Widmer, Ascom Systec AG, Dep't. CMVV Phone +41 64 56 59 83
Peter Hartmann, Ascom Systec AG, Dep't. CMN Phone +41 64 56 59 45
Fax: +41 64 56 59 90
e-mail: IDEA@ascom.ch
Mail address: Gewerbepark, CH-5506 Maegenwil (Switzerland)
Viacrypt has an exclusive marketing agreement for commercial
distribution of Philip Zimmermann's copyrighted code. (Selling
shareware/freeware disks or connect time is OK). This restriction does
not apply to PGP 3.0, since it is a complete rewrite by Colin Plumb.
If you modify PGP (other than porting it to another platform, fixing a bug,
or adapting it to another compiler), don't call it PGP (TM) or Pretty Good
Privacy (TM) without Philip Zimmermann's permission.
WHAT IS PHILIP ZIMMERMANN'S LEGAL STATUS?
Philip Zimmermann was under investigation for alleged violation of export
regulations, with a grand jury hearing evidence for about 28 months, ending
11 January 1996. The Federal Government chose not to comment on why it
decided to not prosecute, nor is it likely to. The Commerce Secretary stated
that he would seek relaxed export controls for cryptographic products, since
studies show that U. S. industry is being harmed by current regulations.
Philip endured some serious threats to his livelihood and freedom, as well as
some very real legal expenses, for the sake of your right to electronic
privacy. The battle is won, but the war is not over. The regulations that
caused him so much grief and which continue to dampen cryptographic
development, harm U. S. industry, and do violence to the U. S. National
Security by eroding the First Ammendment of the U. S. Constitution and
encouraging migration of cryptographic industry outside of the U. S. A. are
still on the books. If you are a U. S. Citizen, please write to your U. S.
Senators, Congressional Representative, President, and Vice President
pleading for a more sane and fair cryptographic policy.
WHERE CAN I GET WINDOWS & DOS SHELLS FOR PGP?
http://www.dayton.net/~cwgeib
ftp://oak.oakland.edu/SimTel/msdos/security/apgp22b.zip
http://alpha.netaccess.on.ca/~spowell/crypto/pwf31.zip
ftp://ftp.netcom.com/pub/dc/dcosenza/pgpw40.zip
ftp://ftp.firstnet.net/pub/windows/winpgp/pgpw40.zip
http://www.eskimo.com/~joelm(Private Idaho)
ftp://ftp.eskimo.com/~joelm
http://www.xs4all.nl/~paulwag/security.htm
http://www.LCS.com/winpgp.html
http://netaccess.on.ca/~rbarclay/index.html
http://netaccess.on.ca/~rbarclay/pgp.html
ftp://ftp.leo.org/pub/comp/os/os2/crypt/gcppgp10.zip
ftp://ftp.leo.org/pub/comp/os/os2/crypt/pmpgp.zip
http://iquest.com/~aegisrcs
WHAT OTHER FILE ENCRYPTION (DOS, MAC) TOOLS ARE THERE?
PGP can do conventional encryption only of a file (-c) option, but
you might want to investigate some of the other alternatives if you do
this a lot. Alternatives include Quicrypt and Atbash2 for DOS, DLOCK for
DOS & UNIX, Curve Encrypt (for the Mac), HPACK (many platforms), and a
few others.
Quicrypt is interesting in that it comes in two flavors: shareware
exportable and registered secure. Atbash2 is interesting in that it generates
ciphertext that can be read over the telephone or sent by Morse code. DLOCK
is a no-frills strong encryption program with complete source code. Curve
Encrypt has certain user-friendliness advantages. HPACK is an archiver (like
ZIP or ARC), but with strong encryption. A couple of starting points for your
search are:
ftp://ftp.csn.net/mpj/qcrypt11.zip
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/file/
ftp://ftp.csn.net/mpj/README
ftp://ftp.miyako.dorm.duke.edu/pub/GETTING_ACCESS
HOW DO I SECURELY DELETE FILES (DOS)?
If you have the Norton Utilities, Norton WipeInfo is pretty good. I
use DELETE.EXE in del110.zip, which is really good at deleting existing
files, but doesn't wipe "unused" space.
ftp://ftp.csn.net/mpj/public/del120.zip
ftp://ftp.demon.co.uk/pub/ibmpc/security/realdeal.zip
WHAT DO I DO ABOUT THE PASS PHRASE IN MY WINDOWS SWAP FILE?
The nature of Windows is that it can swap any memory to disk at any
time, meaning that all kinds of interesting things could end up in your
swap file.
ftp://ftp.firstnet.net/pub/windows/winpgp/wswipe.zip
WHERE DO I GET PGPfone(tm)?
PGPfone is in beta test for Macintosh users. A Windows 95 version is
being developed.
http://web.mit.edu/network/pgpfone
ftp://net-dist.mit.edu/pub/PGPfone/README
ftp.hacktic.nl/pub/pgp/pgpfone
WHERE DO I GET NAUTILUS?
Bill Dorsey, Pat Mullarky, and Paul Rubin have come out with a
program called Nautilus that enables you to engage in secure voice
conversations between people with multimedia PCs and modems capable of
at least 7200 bps (but 14.4 kbps is better). See
ftp://ripem.msu.edu/pub/crypt/GETTING_ACCESS
ftp://ripem.msu.edu/pub/crypt/other/nautilus-phone-0.9.2-source.tar.gz
ftp://ftp.csn.net/mpj/README
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
ftp://ftp.dsi.unimi.it/pub/security/crypt/cypherpunks/nautilus
ftp://ftp.ox.ac.uk/pub/crypto/misc
HOW DO I ENCRYPT MY DISK ON-THE-FLY?
Secure File System (SFS) is a DOS device driver that encrypts an entire
partition on the fly using SHA in feedback mode.
Secure Drive also encrypts an entire DOS partition, using IDEA, which is
patented.
Secure Device is a DOS device driver that encrypts a virtual, file-hosted
volume with IDEA.
Cryptographic File System (CFS) is a Unix device driver that uses DES.
http://www.cs.auckland.ac.nz/~pgut01/sfs.html
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/disk/
ftp://ftp.csn.net/mpj/README
ftp://miyako.dorm.duke.edu/mpj/crypto/disk/
ftp://ftp.nic.surfnet.nl/surfnet/net-security/encryption/disk/
ftp://ftp.demon.co.uk/pub/ibmpc/secdev/secdev14.arj
WHERE IS PGP'S COMPETITION?
RIPEM is the second most popular freeware email encryption package. I like
PGP better for lots of reasons, but if for some reason you want to check or
generate a PEM signature, RIPEM is available at ripem.msu.edu. There is also
an exportable RIPEM/SIG.
ftp://ripem.msu.edu/pub/GETTING_ACCESS
HOW DO I PUBLISH MY PGP PUBLIC KEY?
Send mail to one of these addresses with the single word "help" in the
subject line to find out how to use them. These servers sychronize keys with
each other. There are other key servers, too.
pgp-public-keys@keys.pgp.net
pgp-public-keys@keys.de.pgp.net
pgp-public-keys@keys.no.pgp.net
pgp-public-keys@keys.uk.pgp.net
pgp-public-keys@keys.us.pgp.net
WWW interface to the key servers: http://www.pgp.net/pgp/www-key.html
http://www-swiss.ai.mit.edu/~bal/pks-toplev.html
For US $20/year or so, you can have your key officially certified and
published in a "clean" key database that is much less susceptible to
denial-of-service attacks than the other key servers. Send mail to
info-pgp@Four11.com for information, or look at http://www.Four11.com/
Of course, you can always send your key directly to the parties you wish to
correspond with by whatever means you wish.
CAN I COPY AND REDISTRIBUTE THIS FAQ?
Yes. Permission is granted to distribute unmodified copies of this FAQ.
Please e-mail comments to mpj@csn.net
Michael Paul Johnson mailto:mpj@csn.net M i k e ><> ><> ><>
PO Box 1151 http://www.csn.net/~mpj
Longmont CO 80502-1151 Colorado Catacombs BBS 303-772-1062 Jesus is Lord!
mpj8:F25EA1C1A6CFEF71 121F91926AEDAEA9 mpjA:3E67A5800DFBD16A 6D52D3A91C074E41
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850
iQEVAwUBMR7hpW+Iqt/O4EnZAQHRzAgAmAyrxgG7EL1j1ixVYZpdvw2lQQvvFy8x
AEM1Es5kx21bgfdfA8RcOKmG1wr3e0qw07beJuTxJz2Zldunepk6sD/sZMdEqDrE
Qr6hpnO+JsHoEgm/IhCBTUQcgScVfuRMuBKYF8Rn8XZoyVL4Il/DeRcPZgzNZMaF
Vf+cG0+9bZAFHvGBhaO4OekUhY2Z8rGKZraoHJRLGigJwIxrKljIcnV13aHRYL1b
sTr93xJ1mLlbgjZv2ohlj0DRl0jlW1+2/IdDjJzt9RrJ35bfxKKIfIhDgDAXzQZk
BIo4pH9DiYQ9HbDlLr7LKcG3i+t/zcbuZr3U5ODfrxFjkuXyNegYvA==
=EwPf
-----END PGP SIGNATURE-----