[ale] PGP/GPG Compatibility Issues
Jerry Z. Yu
z.yu at voicecom.com
Tue Jun 18 17:30:49 EDT 2002
glad to learn that their definition of 'commericial' is similar to
SSH's. I'll start to use it for my GnuPG then. Equipped only with GPG, I
have always been a little afraid that someday a big customer may show up
with some 'idea' :-)
On Tue, 18 Jun 2002, Michael H. Warfield wrote:
#On Tue, Jun 18, 2002 at 04:16:50PM -0400, Jerry Z. Yu wrote:
#> I believe he's talking the other way around. GPG doesn't have "idea" (as
#> it is patented. or it expires too? ).
#
# Right... That's the point. Gpg doesn't come packaged with
#idea. It has to be loaded as a plugin. That's what the instructions
#are for. You can load idea as a plugin to gpg. Of course, there are
#the patent issues.
#
# This is from the "MediaCrypt" web site, <http://www.mediacrypt.com>
#who claim to be the "Home of IDEA" (Ascom is a cofounder) and to be able
#to license IDEA commercially to you...
#
# <http://www.mediacrypt.com/engl/Content/patent_info.htm,
#
#] IDEA is protected by International copyright law and in addition has
#] been patented in several countries. Because MediaCrypt wants to make
#] this highly secure algorithm widely available, the non-commercial use of
#] this algorithm is free. However, whenever you or your company sells
#] any products including the IDEA algorithm in any of the countries
#] listed below, it needs a license granted by MediaCrypt. See more detailed
#] description in the Licensing Policy section.
#
# That says outright that non-commercial use is free and that
#if you are selling a product which incorporates IDEA, you need a
#license. Gnupg is free. The only question is the use of IDEA
#with gnupg in a commercial environment where it (and IDEA) are not
#being sold. The implication is that this is acceptable and they have
#not indicated anything to the contrary on their site. There are lots
#of other sites with other, older, information but their site should
#be authoritative on IDEA patent and licensing issues.
#
# I wasn't able to dig any finer refinement out of their site.
#
# So you can download idea and load it into gpg as a plugin
#and gpg then supports IDEA. It can't be included as an integral
#feature of gpg because of the patent. But you can still load it
#and use it. If you sell it, you are in violation of the license.
#If you use it for non-commercial purposes, you are safe. If you
#use it for compatibility purposes, it's a little grey but nobody
#has complained to date. It's your determination to make.
#
#> The FAQ 5.4 may have the answer at http://www.gnupg.org/faq.html#q5.4
#> 5.4) Why is PGP 5.x not able to encrypt messages with some keys?
#>
#> PGP Inc refuses to accept ElGamal keys of type 20 even for
#> encryption. They only support type 16 (which is
#> identical at least for decryption). To be more
#> inter-operable, GnuPG (starting with version 0.3.3) now also uses
#> type 16 for the ElGamal subkey which is created if the
#> default key algorithm is chosen. You may add an type 16
#> ElGamal key to your public key which is easy as your key
#> signatures are still valid.
#>
#> On Tue, 18 Jun 2002, Michael H. Warfield wrote:
#>
#> #On Tue, Jun 18, 2002 at 10:47:58AM -0400, Randy Janinda wrote:
#> #> I'm managing a corporate PGP (ebiz 7.0.1) program and have recently
#> #> received GPG keys for a customer. Unfortunately, the keys can be
#> #> inserted on the keyring, but encryption fails when this key is used.
#> #> Does anyone have info about GPG/PGP interoperability and what the
#> #> problem and solution may be? I really want this to work and not force
#> #> the customer into the clutches of NAI.
#> #
#> # Your problem is probably the IDEA encryption algorithm.
#> #You'll have to download the pluggin, build it, then add it to
#> #your configuration.
#> #
#> # The following was blatently plagerized from a message from
#> #Calum Mackay <calum.mackay at sun.com> posted recently to the gnupg-users
#> #mailing list which sums it up very nicely...
#> #
#> #] Quick answer:
#> #]
#> #] o Download ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c
#> #]
#> #] o Compile:
#> #]
#> #] gcc -Wall -O2 -shared -fPIC -o idea idea.c
#> #]
#> #] o Copy "idea" into your extensions dir, e.g <.../lib/gnupg>
#> #]
#> #] o Add to ~/.gnupg/options:
#> #]
#> #] load-extension idea
#> #]
#> #] You can now decrypt files you may have previously encrypted with "pgp -c".
#> #]
#> #] cheers,
#> #] Calum.
#> #
#> # In this case, you can also deal with messages and keys with
#> #IDEA as the encryption preference.
#> #
#> # If that's NOT the problem, you are going to have to post more
#> #information, like the specific failures and error messages you encountered.
#> #
#> #> Thanks,
#> #
#> #> Randy Janinda
#> #
#> #
#> # Mike
#> #--
#> # Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
#> # /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
#> # NIC whois: MHW9 | An optimist believes we live in the best of all
#> # PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
#> #
#> #---
#> #This message has been sent through the ALE general discussion list.
#> #See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
#> #sent to listmaster at ale dot org.
#> #
#>
#> Jerry Z. Yu +1-404-487-8544 (O)
#> systems engineer z.yu at voicecom.com
#> is support, voicecom, llc www.voicecom.com
#
#--
# Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
# /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
# NIC whois: MHW9 | An optimist believes we live in the best of all
# PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
#
Jerry Z. Yu +1-404-487-8544 (O)
systems engineer z.yu at voicecom.com
is support, voicecom, llc www.voicecom.com
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list