[ale] PGP/GPG Compatibility Issues

Michael H. Warfield mhw at wittsend.com
Tue Jun 18 17:00:08 EDT 2002 

On Tue, Jun 18, 2002 at 04:16:50PM -0400, Jerry Z. Yu wrote:
> I believe he's talking the other way around. GPG doesn't have "idea" (as 
> it is patented. or it expires too? ). 

	Right...  That's the point.  Gpg doesn't come packaged with
idea.  It has to be loaded as a plugin.  That's what the instructions
are for.  You can load idea as a plugin to gpg.  Of course, there are
the patent issues.

	This is from the "MediaCrypt" web site, <http://www.mediacrypt.com>
who claim to be the "Home of IDEA" (Ascom is a cofounder) and to be able
to license IDEA commercially to you...

	<http://www.mediacrypt.com/engl/Content/patent_info.htm,

] IDEA is protected by International copyright law and in addition has
] been patented in several countries.  Because MediaCrypt wants to make
] this highly secure algorithm widely available, the non-commercial use of 
] this algorithm is free. However, whenever you or your company sells
] any products including the IDEA algorithm in any of the countries
] listed below, it needs a license granted by MediaCrypt. See more detailed
] description in the Licensing Policy section.

	That says outright that non-commercial use is free and that
if you are selling a product which incorporates IDEA, you need a
license.  Gnupg is free.  The only question is the use of IDEA
with gnupg in a commercial environment where it (and IDEA) are not
being sold.  The implication is that this is acceptable and they have
not indicated anything to the contrary on their site.  There are lots
of other sites with other, older, information but their site should
be authoritative on IDEA patent and licensing issues.

	I wasn't able to dig any finer refinement out of their site.

	So you can download idea and load it into gpg as a plugin
and gpg then supports IDEA.  It can't be included as an integral
feature of gpg because of the patent.  But you can still load it
and use it.  If you sell it, you are in violation of the license.
If you use it for non-commercial purposes, you are safe.  If you
use it for compatibility purposes, it's a little grey but nobody
has complained to date.  It's your determination to make.

> The FAQ 5.4 may have the answer at http://www.gnupg.org/faq.html#q5.4
> 5.4) Why is PGP 5.x not able to encrypt messages with some keys? 
> 
>                PGP Inc refuses to accept ElGamal keys of type 20 even for 
> encryption. They only support type 16 (which is
>                identical at least for decryption). To be more 
> inter-operable, GnuPG (starting with version 0.3.3) now also uses
>                type 16 for the ElGamal subkey which is created if the 
> default key algorithm is chosen. You may add an type 16
>                ElGamal key to your public key which is easy as your key 
> signatures are still valid.
> 
> On Tue, 18 Jun 2002, Michael H. Warfield wrote:
> 
> #On Tue, Jun 18, 2002 at 10:47:58AM -0400, Randy Janinda wrote:
> #> I'm managing a corporate PGP (ebiz 7.0.1) program and have recently
> #> received GPG keys for a customer. Unfortunately, the keys can be
> #> inserted on the keyring, but encryption fails when this key is used.
> #> Does anyone have info about GPG/PGP interoperability and what the
> #> problem and solution may be? I really want this to work and not force
> #> the customer into the clutches of NAI.
> #
> #	Your problem is probably the IDEA encryption algorithm.
> #You'll have to download the pluggin, build it, then add it to
> #your configuration.
> #
> #	The following was blatently plagerized from a message from
> #Calum Mackay <calum.mackay at sun.com> posted recently to the gnupg-users
> #mailing list which sums it up very nicely...
> #
> #] Quick answer:
> #] 
> #] o Download ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c
> #] 
> #] o Compile:
> #] 
> #]        gcc -Wall -O2 -shared -fPIC -o idea idea.c
> #] 
> #] o Copy "idea" into your extensions dir, e.g <.../lib/gnupg>
> #] 
> #] o Add to ~/.gnupg/options:
> #] 
> #]         load-extension idea
> #] 
> #] You can now decrypt files you may have previously encrypted with "pgp -c".
> #] 
> #] cheers,
> #] Calum.
> #
> #	In this case, you can also deal with messages and keys with
> #IDEA as the encryption preference.
> #
> #	If that's NOT the problem, you are going to have to post more
> #information, like the specific failures and error messages you encountered.
> #
> #> Thanks,
> #
> #> Randy Janinda
> #
> #
> #	Mike
> #-- 
> # Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
> #  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
> #  NIC whois:  MHW9      |  An optimist believes we live in the best of all
> # PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
> #
> #---
> #This message has been sent through the ALE general discussion list.
> #See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> #sent to listmaster at ale dot org.
> #
> 
> Jerry Z. Yu					+1-404-487-8544 (O)
> systems engineer				z.yu at voicecom.com
> is support, voicecom, llc			www.voicecom.com

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list