Mailing List Archive

On Tue, Aug 29, 2000 at 05:28:04PM -0400, Kurt Yoder wrote:
> Hello
>
> Is gnupg going to be supporting rsa anytime soon? I had heard its patent
> expires after August.
>
Actully it is September, IDEA though is around untill 2011.

It _can_ now do RSA and IDEA (commerical limits apply) have a look at:
http://www.gnupg.org/gph/en/pgp2x.html

Good Luck
John

John C. Place
jcplace@attglobal.net
http://profile.guru.com/placej
http://placej.interactivecore.com/public_key.txt

Reboot America.

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Tue, 29 Aug 2000, Kurt Yoder wrote:

> Is gnupg going to be supporting rsa anytime soon? I had heard its patent
> expires after August.

Yes, there will be a release on Sep 20th which support RSA. I am
currently not sure whether we can also do key generation because this
needs some additional changes which I am currently implementing in
the development branch and which have to be backported to the stbale
branch.

However, eben with RSA you can't encrypt to PGP 2 keys becuase the
IDEA algorithm will not be supported. If you just want to use your
existing RSA key, this will work fine.

Werner


--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

You, Werner Koch, wrote:

> However, eben with RSA you can't encrypt to PGP 2 keys becuase the
> IDEA algorithm will not be supported.

But IDEA _is_ supported with a plugin. Is there a reason why you
consequently "forget" to mention this?

Only for key generation you need pgp, but pgp 2.x will do fine for
generating a RSA key.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Wed, 30 Aug 2000, Johan Wevers wrote:

> But IDEA _is_ supported with a plugin. Is there a reason why you
> consequently "forget" to mention this?

I never forget IDEA. But using the module available from the FTP
server would infringe on the patent in most countries. Therefore it
is not usable for most folks.

Several folks have tried to convince Ascom to give a free license for
GPLed programs - but either they refused to do or didn't answer at all.
Even a charity organisation is not allowed to use IDEA - you can only
use it at home for your private mail with PGP 2.

Werner


--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Jean-Francois wrote:

> Yes but you should buy a license to use this part of the code, becasue
> IDEA is patented.

Not that I care much about such patents, but I thought that software patents
are not possible in Europe. I recently signed an on-line petition against a
proposal from the EU that would make them possible. Can someone with more
juridical knowledge than I have please explain how it is possible to patent
IDEA in Europe?

Werner Koch wrote:

>I never forget IDEA. But using the module available from the FTP
>server would infringe on the patent in most countries. Therefore it
>is not usable for most folks.

I really doubt most folks care.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

According to Johan Wevers:
> Werner Koch wrote:
>
> >I never forget IDEA. But using the module available from the FTP
> >server would infringe on the patent in most countries. Therefore it
> >is not usable for most folks.
>
> I really doubt most folks care.

If your supposition is that most people do not care whether or not
they are breaking the law, then I object. It is a serious matter,
whether one agrees with said law or not.

As the main developer of gnupg, Werner is the person who is most
likely to feel the 'long arm of the law' reach out and so his
discretion is both understandable and correct.

Best Wishes,

--
Alastair |
alastair@calliope.demon.co.uk |
http://www.calliope.demon.co.uk | PGP Key : A9DE69F8
-------------------------------------------------------------------

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Quoting Alastair <alastair@calliope.demon.co.uk>, who wrote:
> According to Johan Wevers:
> > I really doubt most folks care.
>
> If your supposition is that most people do not care whether or not
> they are breaking the law, then I object. It is a serious matter,
> whether one agrees with said law or not.

And even if you don't care about patent law, and consider it wrong
to patent algorithms, you might want to consider not using patented
algorithms. Using them gives support to their developers and patent
holders, and reduces support for non-patented algorithms.

Sam

--
Sam Roberts (sam@cogent.ca), Cogent Real-Time Systems (www.cogent.ca)

Sam Roberts wrote:

> And even if you don't care about patent law, and consider it wrong
> to patent algorithms, you might want to consider not using patented
> algorithms. Using them gives support to their developers and patent
> holders, and reduces support for non-patented algorithms.

I have 2 main criteria for an encryption algorithm: 1 is its strength,
and 2 is how compatible it is. IDEA scores best on point 2 while certainly
not being weaker than the other ones.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Alastair wrote:

> If your supposition is that most people do not care whether or not
> they are breaking the law, then I object. It is a serious matter,
> whether one agrees with said law or not.

That depends on the law. Almost all computer users I know have several
Crazy Bytes or Twilight CD-ROMs, so that says enough. I'd say that this
type of laws is as much respected here as trafic rules for bycycles in
Amsterdam.

But further, I still don't know how a company _can_ patent IDEA in Europe.
As far as I know, European laws don't permit it.

> As the main developer of gnupg, Werner is the person who is most
> likely to feel the 'long arm of the law' reach out and so his
> discretion is both understandable and correct.

I had not thought of that point. If this is the case I can understand his
position.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Wed, 30 Aug 2000, Sam Roberts wrote:

> And even if you don't care about patent law, and consider it wrong
> to patent algorithms, you might want to consider not using patented
> algorithms. Using them gives support to their developers and patent
> holders, and reduces support for non-patented algorithms.

That is why I don't suggest IDEA or RSA. RSA is no problem except for
the U.S. but I still don't see a reason to promote RSA for the next 20
days.

Afaik, there is no way in Europe to sue the author of software using a
patented algorithm. The algorithm itself is not patentable in Europe
but running it on some hardware is. So the program is not patentable
but the process is. The European patent office is going to change
this rule which then would enable patent owners to sue the author of
a software.

Werner


--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Wed, 30 Aug 2000, L. Sassaman wrote:

> BTW, currently there *is* a bug in the GnuPG regarding RSA. It is not
> possible to encrypt and sign a message if you are using an RSA v3
> key. (Well, you can do the encrypt/sign operation, but it creates a
> literal packet where it shouldn't, and consequently PGP can't decrypt it,
> because it treats the signature as a detached sig.)

You are talking about the fact, that GnuPG is not able to create
signature packet in the way PGP 2 did it:

signature . signed-data

GnuPG can only do it the v4 way:

[one-pass-sig . ] signed-data . signature

Another thing is that it has to use partial length encoding at some
places. There is no way to avoid this without using temporary files or
large amounts of memory. The suggested solution is to enhance the pgpgpg
wrapper to post-process the data. There is already one option to help
for that implemented, I have the counterpart of this option already on
file but I am still waiting for some legal papers :-(

Werner


> -----BEGIN PGP SIGNATURE-----
> Comment: OpenPGP Encrypted Email Preferred.
>
> iD8DBQE5rXUWPYrxsgmsCmoRAhpQAJ9hqbu8jHgUjxR6XCYorCYTK6SumQCeMvTY
> 0ljnjmAcUpW26BQt2BUB9lI=
> =2Sh0
> -----END PGP SIGNATURE-----
>
> --
> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
>
>

--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Thu, 31 Aug 2000, L. Sassaman wrote:

> Hrmm. How hard would it be to fix that? (Right now, if a user has an RSA
> v3 key and GnuPG, they are unable to send signed and encrypted email to
> someone using PGP of any version. Neeedless to say, this is inconvenient.)

Hmmm, does that mean that PGP 6 requires that an encrypted and signed
message using a v3 key for the encryption is not able to cope with
signature after signed-data?

Ooops, I didn't know that. If this is really true, a hack to allow
GnuPG to create the signed-data after signature - at least for small
message (say a few hundred k) - might be worth to think about.

Werner

--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org