-----BEGIN PGP SIGNED MESSAGE----- ************************************************************* * CHANGES IN THIS BUILD - 26 OCTOBER 1998 ************************************************************* None on the features side, therefore I have not bothered to change the readme file. It's basically the same as the 10 OCTOBER 1998 build, except for the following changes:- 1) Updated the links in the about dialog to point to the new c-kt home page. 2) Changed the installer so that it will get your name and company from the windows registry. 3) Re compiled with MS VC++ 5.0, instead of MS VC++ 6.0. Note that this is not an official c-kt build yet. So if you encounter any problem please let me know. Best Regards, and Happy Encrypting, Imad R. Faiad -----BEGIN PGP SIGNATURE----- Version: PGP 5.5.3ckt http://members.tripod.com/IRFaiad Comment: KeyID: 0x833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBNjP5XLzDFxiDPxutAQFSDAf+IxVkRWiGvCtxNFs39CoaFcnQxlJQ/8TJ TfMrHvyzhcF0UGZBfNW7aS0GXQ6sUKi4oFgZpuMpJMTOgA4mpaZ7wze305U9IK+s Zf1+HycG+jLhk1roLXEV1tbRAPNOclf4D/WWFM4rlLMHJyFBf2g0/oeJxQLEJqyU wsl53lgD60o6Ltj82vHzDQLYTuBaZNbt8y6rYHGuJ8aMPWDsPG/BFI7+PYCdJvb1 Y+lh66SpQnz3tnyd6FSGBn88rEpH0kHX2qJECj66CrKQhvRAuzUiDHvnXuQ26epW Zd8u8HyS3f/pemNJAgKShXUTDBi2uxUy5ovLY36QN/b7+qy6uN45jQ== =FCBg -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- This is the C-KT build of PGP, it is based on the v5.5.3 source code released by PGPi.com. ************************************************************* * FEATURES IN THIS BUILD - 10 OCTOBER 1998 ************************************************************* * 1) Support for RSA keys up to 16384** bits. * 2) Support for DH keys up to 8192** bits. * 3) User selectable support for DSA keys up to 2048** bits. * 4) User selectable hash algorithm for RSA keys. * 5) Expanded list of key servers. * 6) Easy one click key size selection in key size wizard dialog. * 7) Enhanced signing key dialogs, with DS key size & key id info. * 8) Key ID column in recipient dialog. ***NEW*** * 9) Enhanced PGPLog with key ID column. * 10) Enhanced decrypt dialog with more key information. * 11) Root directory problem fixed. * 12) User selectable number of key rings backups. * 13) Wipe function fixed. * 14) Floppy disk prompt when keyring is on diskette. * 15) Auto signing key id and fingerprint in comment block. * 16) User defined / selectable version string. * 17) Enhanced Explorer context menu. ***NEW*** * 18) Expanded pre-defined key sizes in key search dialog. ***NEW*** * 19) Expanded quick links in about dialog. ***NEW*** * 20) A message from Philip Zimmermann regarding large keys is * enclosed. ************************************************************* ** I urge all users to read the message from Philip Zimmermann regarding large keys (Please See Below). It has been modified to allow the use and generation of RSA keys up to 16384 bits in length. It has also been modified to allow the use and generation of DH keys up to 8192 bits in length with DSA keys up to 2048 Bits in length. The 2048 bits DSA key used to be supported in the PGP5.0 beta release and was subsequently limited to 1024 bits in the final releases of PGP5.0 and PGP5.x.x. I must thank The owner of the cypherlist watch mailing list, Mr. Mark Anthony Berry, for pointing this out to me, and suggesting that the 2048 bits DSA key length capability be restored to PGP5.5.3. How is the DSA key size determined? The maximum DSA key size is selected by the user in the key size wizard dialog's DSA key size group of radio buttons, namely, the "up to 1024 bits" and the "up to 2048 bits" radio buttons. The DSA key size is set either to the same size as the DH key or to the user specified maximum DSA key size, which ever is smaller. When the DSA key size is greater than 1024 bits PGP5.5.3 uses the double width NIST SHA-1 hash algorithm. This algorithm is supported in all the of the PGP5.x.x implementations. In this build the user may select his preferred hash algorithm. The selected hash algorithm will thereafter be used whenever signing with an RSA key. The user may set this feature via the "preferred hash algorithm" combo box in the "Advanced" tab of the PGP preferences dialog. I have added some key servers, namely, PGP.ai.mit.edu, PGP5.ai.mit.edu (Bal's Key servers), and those of the PGP.net. The default server in this build is: Idap://certserver.PGP.com. I have enhanced the key size dialog which now presents to the user radio buttons with all the supported key sizes in 1k bits increment. So that, selecting a key size is as simple as clicking on the desired key size radio button. I have enhanced the signing key dialogs, it is now wider and the combo box shows the user ID, full key size information including the DS key size, and the key ID. Many Thanks to Mr. Michael Ray for proposing this change. New in this build is the Key ID column in the recipient dialog. The key ID column is sortable. To sort on the Key ID simply click on the column heading. This should make the selection of recipient keys much easier. I have also added a KeyID column to PGPlog. I must give credit to Lincoln Yeoh and the anonymous poster of a message in alt.security.PGP, for this handy enhancement to PGPlog. The KeyID column modification in this build implements a much cleaner patch to SigEvent.c as suggested by Lincoln Yeoh and later fixed by the original anonymous poster. Many thanks to both Lincoln Yeoh and the anonymous poster. This build also implement the enhancements to the decrypt dialog as suggested by the anonymous poster. This makes the decrypt dialog box more user friendly and informative. 1) It shows the full user ID in the first column, the key size in the second, and the key ID in the third. 2) It displays the key ID of any unknown private keys. The user ID will be reported as "Unknown Private Key" and the size will be reported as "???" 3) It places a key pair icon to the left of the user ID. This will show whether the key is RSA or DH and whether it's active, expired, revoked, or not on your secring file. Unknown keys will display a question mark icon. Please note that for both of the above enhancement the Key ID will be reported correctly in these two instances:- 1) if the key is an RSA key or 2) if the key is DH/DSA and is in your key ring. That is, if the key is a DH/DSA key, and it is not in your keyring the Key ID of the DSA key will be reported instead of the DH key ID. The full text of the usenet posting is available in the file PGPlogmod.txt. If you have agent you may just import this file for easy reading. There was a problem in PGP5.5.3 which caused an un-controled proliferation of key ring backups to occur when the key rings were stored in the root directory. This problem has been addressed in a safe manner in this build. In this build the user may select the number of backup key rings to be maintained by the program. This may be set by the user from the "Number of Key Rings Backups" combo box in the "Files" tab of the PGP preferences dialog. You may chose to maintain from One to Four key rings backup sets, however, I urge all users to set it to the default Four, so that in case of key rings corruption one may always roll back to a previous key rings backup set. So, you assess the risk, and cautiously set this feature accordingly. This build implements the wipe function fix as suggested by Mr. John P. Maassen. It ensures that file is physically flushed to disk before it is closed and deleted. Many thanks to Mr. John P. Maassen for this fix, see PGPlogmod.txt for details about this fix. In this build, if the secret key ring is stored on a diskette, the user is prompted once per program session to insert the floppy into the disk drive, so as to prevent an endless spin of the diskette drive when the user forgets to load it with his key ring diskette. This feature was implemented at the insistence of Patricia Hoskins, thank you Pat. I have always liked to embed my signing key ID and it's fingerprint in the PGP comment block. I never did so, as I have many keys, this meant that for the information to be useful, I should update the comment block whenever I change the signing key, a tedious and error prone process to say the least. So I have addressed this problem in the following way:- In this build is the auto signing key ID and it's fingerprint in the comment block. What this feature does is append on the fly your signing key ID and it's fingerprint to the comment block (please see the signature block of this message below). This should be quite a relief for those who have multiple keys, as you no longer need to manually update your comment block with the new singing key information. Also, it leaves no doubts to you or to the recipient of the message as to what signing key was used (yes some users do not have the Key ID column in PGPlog). The user may toggle this feature via the "Append key Information to comment" check box in the "General" tab of the PGP preferences dialog. In short, the extra information that you provide about your key will assist and encourage the recipient to get your key from the server (if she/he does not have it) in order to authenticate your message. At the request of many users, I have changed the default preferred encryption algorithm to "IDEA". This version of PGP is pre-set to identify itself as:- "PGP Cyber-Knights Templar build 5.5.3ckt". But, if you don't like it:- In this build is the user defined / selectable version string. This feature may be accessed via the "Version String Preference" combo box in the "email" tab of the "PGP Preferences" dialog. I have pre-set the list to 35+ different version strings from various PGP builds, as well as non existent builds at the time of writing. If you do not like any of the pre-set version strings, you may define your own. To do so, enter your own version string in the combo box then click OK. Your custom version string will be stored as the first item in the drop down list. It will remain there until you explicitly change it. You may, in the meantime select any other version string from the list without losing your custom version string. Many thanks to Ghengus Khan, Marty and Nape for suggesting this feature. Please use this feature responsibly. In the old 2.6x PGP you could "double" encrypt a file. That is, first encrypt it with a public key and then encrypt it a second time with conventional encryption to hide the key id. With PGP 5.5.3 once a file has been encrypted with a public key and the file suffix has been changed to .PGP or .ASC you can no longer (from an Explorer context menu) request that it be encrypted again without first removing the .PGP or .ASC file suffix. To remedie this problem, the behavior of the explorer PGP context menu has been changed so that the full compliment of the PGP sub-menu items are shown regarless of the file type. Many thanks to Gogoo for proposing this feature. At the request of Gregory the list of predefined key sizes has been expanded in the key size combo box in the key search dialog. It now includes keysizes up to 16384 bits in one 1k bit increment. The about dialog has now a combo box with many useful links. The links include PGP.com, PGPi.com, the Cyber-Knights Templar home page, Marty's home page, my home page, and the Replay.com ftp site. The build information is now reported in the about dialog. Please note that all my public keys may be found in the signatures directory in the PGP install directory. Please also note that the PGP Outlook Express plugin is not included in this build. Since the source code, as far as I know, has never been released by NAI. For those seeking the Outlook Express plugin, please check in this url for the most recent version:- ftp://ftp.replay.com/pub/replay/pub/PGP/PGP50/3rdparty/outlook/ *************************************** * FAQ - How to install *************************************** If you have an existing version of PGP 5.x.x or PGP6.x on your machine, and you wish to install the C-KT build of PGP, do the followings:- 1) Un-install whatever version of PGP you have (5.x.x or 6.x). 2) Re-boot. 3) Delete these files (if any):-c:\windows\system\PGP*.dll. 4) Install the C-KT build of PGP. 5) Enjoy! Should you have any problems or suggestions, please do not hesitate to contact me. *************************************** * About Large Keys. *************************************** I urge all users to read the " A Message From Philip Zimmermann" section of this file, which contains a message from Philip Zimmermann regarding large keys According to the Open PGP standard, and the source code for PGP5.5.3, a PGP key can be as large as 64k bits (65536 bits) in length. However, certain limits have been set too low in the current releases of PGP. Consequently, these limits may constrain and thus choke a plain vanilla implementation of PGP when dealing with very large keys. For more information of the Open PGP standard please refer to the following IETF internet draft:- http://www.ietf.org/internet-drafts/draft-ietf-openPGP-formats-05.txt In short, it is an implementation issue, and the changes required to enable a given implementation of PGP to handle large keys are implementation limits which may easily be adjusted. Therefore, please note that some versions of PGP that lack very large key support may not be compatible with RSA keys larger than 8192 bits in length. Also note that some versions of PGP that lack very large key support may not be compatible with DH keys larger than 4096 bits in length. According to tests done thus far, any PGP5.x.x implementation should be able to handle DSA keys up to 2048 bits in length. Also note, that very large keys in general take a long time to generate, and that large DH keys take considerably more time to generate than RSA keys. In order not to confuse the user, the following changes were made to the source code:- In the keygen wizard's RSA key size dialog, changed caption next to the Custom key edit text box to read :"512 - 16384 bits". In the keygen wizard's DH/DSA key size dialog, changed caption next to the Custom key edit text box to read :"512 - 8192 bits"." If the RSA key size is greater than 8192 bits, a warning dialog message is issued as follows:- "Warning versions of PGP that lack very large key support may not be compatible with RSA keys larger than 8192 bits. Proceed using your specified key size?" If the DH key size is greater than 4096 bits, a warning dialog message is issued as follows:- "Warning versions of PGP that lack very large key support may not be compatible with DH keys larger than 4096 bits. Proceed using your specified key size?" ******************************** I have built this version for my own personal use. I can state that as far as I am aware, there are no back-doors in this build, that the program can generate and use RSA keys up to 16384 bits in length, DH keys up to 8192 bits in length with DSA keys up to 2048 bits in length, and that the integrity of the program has not been compromised by my modifications. Please note, that this is not a "Warezed" version of PGP. And I, the compiler of the source code, hereby declare that I do not own or claim ownership of the binaries so produced. It is being made available "Gratis" to facilitate the process of satisfying the PGP users community that the current commercial release of PGP is still secure and trustworthy. Therefore, it is my fervent hope, that all users of this package observe all applicable laws with regards to copyrights, patents, and other laws that may govern its use. Finally, many thanks to all the users and beta testers who have contributed to this release, your input has been very valuable to us. Best Regards, and Happy Encrypting, Imad R. Faiad PS If you are reading this from CKT.HLP the signature will not verify DISCLAIMER THIS SOFTWARE AND THE ACCOMPANYING FILES ARE DISTRIBUTED "AS IS" AND WITHOUT WARRANTIES WHATSOEVER, EXPRESS OR IMPLIED. SO USE IT AT YOUR OWN RISK. *************************************** * A Message From Philip Zimmermann *************************************** -----BEGIN PGP SIGNATURE----- Version: PGP 5.5.3ckts http://members.tripod.com/IRFaiad Comment: KeyID: 0x833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBNhubS7zDFxiDPxutAQF+jQf/V5PpQSUl7m5evghuxLcSvder6hQY2bJ6 XOoN706/DjwoclVHbbx7fl7FALe0cZdPjwjsdv3EWibJtsPrUrWKC+9FBpim3sP4 rE7vCoVq7RLyz9thV2Tb0h59c6zsopTSfcxs3f46ZRP2XdS1eVb1AGIqg/E5eUqx 1pwXelezLd2vkOyVTvfLx1hm+SfflgdUhCVF22UYCFW2g97p+OZu3BuFtAL31Rhp stcbIBs9F0oW89KMdCBQFpqDV+fuKL2PPsbpHKkoAkffU22nrTk1TwKNImHqIa0b TFdruyE3+3/Wv8rY/X6de7i43mQdG1Dwq28QPSN9U8HjD1ft9qDFQg== =ZJse -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is no advantage for using the keys larger than about 3000 bits. The 128-bit session keys have the same work factor to break as a 3000 bit RSA or DH key. Therefore, the larger keys contribute nothing to security, and, in my opinion, spread superstition and ignorance about cryptography. They also slow everything down and burden the key servers and everyone's keyrings, as well as cause interoperability problems with present and future releases of PGP. Perhaps even more importantly, they also undermine other people's faith in their own keys that are of appropriate size. While it may have been well-intentioned, this massive expansion of key size is a disservice to the PGP community. Also, larger DSA keys don't contribute anything unless the hash grows bigger with it. That requires selecting a good well-designed bigger hash that has been specifically designed to have the full work factor for breaking it. Using two SHA1 hashes in that manner has not been adequately shown to achieve this result. Anyone with a sophisticated understanding of cryptography would not make the keys bigger this way. Experimental code that we put into PGP during its development should not be used. It was protected with conditional compilation flags and should never have been revealed to uninformed users who decide to perform a "public service" by enabling the code and releasing it. This is part of the reason why we ask people not to release code changes on their own, but to send them to us, so that we may incorporate some of them (if they seem like good ideas) into our next product release. That is how PGP enhancements from the user community have always been managed since PGP source code was released in 1991. -Philip Zimmermann -----BEGIN PGP SIGNATURE----- Version: PGP 6.0b16 iQA/AwUBNcIZ0GPLaR3669X8EQIblACePP3jorZ6Y+wjYDRomxMfKgLF2h4AoNmI tjDuzHfhdIqDd6s5BUNIlhBu =3BJC -----END PGP SIGNATURE-----