-----BEGIN PGP SIGNED MESSAGE----- ---------------------------------------------------------- PGP 6.5.8ckt - Build06 - Read me file - 06/04/2001 ---------------------------------------------------------- This is the 6.5.8ckt Build06 binary distribution. What's New: 1) To make the distribution as light as possible the source code archive is no longer bundled. The source code archive may be downloaded separately from my site. Also, I have omitted the visual studio redistributable files. If you are running an older win9x or win nt system, you may download these from:- http://download.microsoft.com/download/vc60pro/Update/1/ W9XNT4/EN-US/VC6RedistSetup_enu.exe (please concat the above two lines to obtain the full URL). 2) V4 signature verification support. 3) Allows the user to specify the public key algorithm when generating sub-keys. 4) Sort by key type in PGPKeys. 5) Hash algorithm display for certificates in the tree display and key property. 6) Correct public key algorithms display in the tree and key property dialog for v4 RSA keys. 7) Hash algorithm display in the PGP verification block. 8) Key ID and lock algorithm display in the sub keys list. 9) Verification block string in the verification block. This may be accessed from the "Verification Block String (VBS) Preferences" group of controls in the email tab of the PGP preferences. The verification block string will prefix all verification block lines. You have a choice, of custom, verification date/time, random, or none. The default is verification date/time. 10) "Remove Non PGP Block Data" check box in the Email tab of the PGP preferences dialog. What this does is remove all data which were not within a PGP block when displaying a verfied/decrypted message. This (9) & 10)) is to prevent attacks based on composite messages containing make believe PGP verification blocks designed to mislead the user. 11) Better user control over the symmetric algorithm preferences. These may be set to your liking using the "Symmetric Algorithm Preferences" group of controls in the advanced tab of the PGP preferences dialog. 12) Support for ElGamal Sign/Encrypt keys, this is to make PGP more compatible with GnuPG. 13) Better control over the Preferred Hashing algorithm (Advanced tab, pgp preferences dialog). Setting this option to default will result in the following:- RSA keys -> MD5 will be used DSS or Elgamal Sign/Encrypt -> SHA1 will be used. If it is set to MD5 and the key is DSS then SHA1 will be used. The program is able to verify a DSS signed message where MD5 was used, however will not allow you to use MD5 with a DSS key. This should make PGP more compatible with GnuPG. 14) I have widened the hotkeys fields in the hotkeys tabs of the PGP preferences dialog, as it overflowed in certain languages e.g. with German systems "Strg+Umschalt+D" will make the fields overflow. 15) Samopal Corporation's PGP ICQ plugin is bundled with this build. To install it select "Samopal PGP ICQ Plugin", this will be installed in your ICQ directory. You may need to copy your Keyrings to the ICQ directory so that the plugin may use them. The source code for the PGP ICQ plugin may be obtained from:- http://www.samopal.com/soft/pgpicq/ Many thanks to Samopal Corporation! 16) Trust and Validity display for signatures in PGPKeys. Should there be any problems which are build specific, please do not hesitate to contact me (matic@cyberia.net.lb). As always, Enjoy! Best Regards, and Happy Encrypting, Imad R. Faiad -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ iQEVAwUBOxtxhrzDFxiDPxutAQFbzQgAjO5oqRZHp3TSIlnBenjikj8JaASejD4f ZtDofCuGdE4OkviEfrG4/c+sxNQNoBToADFjToK6kZAnPcnxrM1uVgoFqTDBCjvj NS7SCFfBEysxpEUY8nxRU2qUMDmcwYGGSfE5wRwVl5yjnx1kRoo0uyR/uPDngSvK dhUHUvdDYRYLDDvKzJ/7NT9HesyWCuScTtlKPiab1hl/11ny6sm7CB/7IiG3SMtn HTrq81dAM9MEHQk3Iwx6/tgTuEgNA+46qJ9jXNb+WTyqpzSGXPMAkR4JqE/9ItR0 OINfXxnKMwuOxEv8TqDgVW8nCxqc1CuVuRN8ejQp/oNUz1PcsEPv4Q== =OJ4Q -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- ---------------------------------------------------------- PGP 6.5.8ckt - Build05 - Read me file - 04/20/2001 ---------------------------------------------------------- This is the 6.5.8ckt Build05 binary distribution, which also contains the source code distribution. What's New: 1) Twofish / AES hashing fixes (by Stefan Keller). 2) Enabled subkey generation > 4096 in the subkey creation dialog. 3) Fixes for Klima & Rosa style attacks on DSA Keys. 4) Fixed a bug in the PGP explorer context menu, which cause the wipe dialog to appear when "encrypt & sign" is selected for ".asc" & ".pgp" files. 5) Fixes for the so called "ASCII Armor Parser Vulnerability", http://www.atstake.com/research/advisories/2001/a040901-1.txt Please note that the above is not a PGP problem, it's a windows problem, and is not limited to ASCII armored files. The PGP dll's are now protected via the KnownDLLs registry entries. Also the user is prompted for the location where he wishes to save the decoded file should the program detect an encoded .dll file. 6) There are now two PGPmemlock and PGPdisk drivers for windows NT/2K, One is compiled with the windows 2000 DDK, and the other is compiled with the NT 4 DDK. The OS specific one will be selected by the installer. Fixes and enhancements by Disastry:- 7) Splitting 3DES, AES192, AES256, Twofish key now works properly. 8) When creating a key the preferred cipher is used to encrypt it (before CAST5 was always used). 9) Display of all preferred ciphers in key properties. 10) Displays cipher used to protect private key in key properties 11) Key sort by 4 byte Key ID's in PGPKeys. 12) Allows different passphrase for subkeys. 13) Allows ascii armor when signing clipboard. This may be accessed from the "armored output" check box in the "Enter Passphrase" dialog. 14) Support for RSA v4 keys. This is still work in progress, it was enabled so as to allow more users to evaluate this feature, and report any problems. Should there be any problems which are build specific, please do not hesitate to contact me (matic@cyberia.net.lb). As always, Enjoy! Best Regards, and Happy Encrypting, Imad R. Faiad -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: KeyID: 0x833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBOuAIJbzDFxiDPxutAQFDSAgAkozHYyoc5RTBc99l99B2+Xpv5WiV2Fru bUamgYEwUc1QdZKUYDQweGJ6yOZmhJh6Wpfptl4Fy9AUXw+Si3d7KhmLWEAb6VMi H9ua5TlNUBgEQFdUdUdVnhX0+Yo9QQin8vOkmfqgObwMnhlBqGS/On5XwgSTIaHV VjGoElXi3akVbh6Gy9BBFoUomZ0yBxW6pvQ+n5dmU9639sN1/txtP+UeYJA4sJdp 7mpKvg1QOzcu5WL6qfJQDEuys5butah2i0aCuXzgT6kN40WwxyuN701W+tu8/krf ApGSyKwMXzgKIv4ChZjrf7L6/UfL+q8fp8cT9LH4PNvnkVkJ4Ukuyw== =zv1C -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- ---------------------------------------------------------- PGP 6.5.8ckt - Build04 - Read me file - 02/23/2001 ---------------------------------------------------------- This is the 6.5.8ckt Build04 binary distribution, which also contains the source code distribution. What's New: 1) Further refined the 64 bits key ID display. The signing key ID in the verification block will be displayed according to the user's preferred setting in the "64 bits Key ID Display" check box in the advanced tab of the PGP preferences dialog. As it seems that this feature has created a lot of confusion. However, I recommend and encourage users to refer to PGP Key ID's as 64 bits entities because this is how they are handled internally by the program. Let's put it this way, it is not that hard to spoof a PGP Key ID to 32 bits of precision, however it is very hard to spoof the PGP Key ID to 64 bits of precision. A discussion of PGP Key ID's is beyond the scope of this read me file. If Sam or Tom are reading this, then I take this opportunity to suggest that they both add a section in their respective PGP FAQ's about PGP Key ID's :-) 2) Updated the links in the about box and added some more. 3) Updated the preset version strings. I have acquired a new domain name http://www.ipgpp.com. And will be moving to a new host soon. Please update your book mark. As always, Enjoy! Best Regards, and Happy Encrypting, Imad R. Faiad -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: KeyID: 0xBCC31718833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBOpcc37zDFxiDPxutAQHQbwf9GRwhxndSlr8TsT7/LGg0fuijfKWMRICh U40KLW3Vnevno2OicAuxakO47jCj2qqw43zygDQHxId1Ii4Uvl/c0LY9Sa4hlLuS CT/lGmrNqgXtlxBNMRt1EbxsgIfIk2SS4kepJ00PohhQD3t7uaCB3tfL9WL1t9M0 vLV3ZBnhJvTtIsu+wEATUxAZAuCH6ZPlN98/Mk8IdLst4u1uys8IwFO+tgBrKv/D 7WZoG2+/RFQUfLIl7FSnJkPkhTXKNazdrrVdx5fdWT5boqfa+1BeNJu+gon9TSei VJoJESRF0Pl8JqAm/DLpTzj1NKr0vZs8MEW6D3H89MzM88xsHKNMRg== =XUOz -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- ---------------------------------------------------------- PGP 6.5.8ckt - Build03 Updated - Read me file - 02/17/2001 ---------------------------------------------------------- This is the 6.5.8ckt Build03 updated binary distribution, which also contains the updated source code distribution. Note that this distribution of 6.5.8ckt Build 03 supersedes the one dated 02/12/2001. What's New: 1) Added Key properties display to the matching key found pop up dialog. 2) Fixed the "Allowed Algorithms"'s check boxes in the advanced tabs of the PGP preferences dialog. As some of them could not be un-checked. 3) Fixed the mnemonics in the advanced tabs of the PGP preferences dialog. 4) Fixed the tab order in the advanced tabs of the PGP preferences dialog. 5) Cleaned up the labeling of all the modified code blocks in the source code. They are more consistent, and all changes to the source code may be easily found by doing a global search for "//BEGIN ". Best Regards Imad R. Faiad -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: KeyID: 0xBCC31718833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBOo8Bi7zDFxiDPxutAQG8egf8Cdo0LahHUw8zqjqFxdTJz+pateaUIh5w /LarK8gvVSzLCPvsr8MVGefRpMM5UkNwxrkdqINLrqObfFpbLRujKNUbjrSSWzdv n2K2EUHyroQhXherKEGAFhzWFpmImjSyF9dt3Wtc2pR1CvhkcCm6ToyVaE/7emqu vPqw+4/Q1dEXtcZF6wjpOb94MyAHCYwWIBh7ZoRSRyZ+YF39yiISr3/jvnwU7hCD atRv9hV6dvZUVObYNjU4yLUoQs16jmEZ6K2Ra32Rfuxhen5cEnFoQzqN8PgQqbw1 NvuCLGylpey3r2gUl97VJBHLC86c2NMEGVBy80vqa7KM1tJDPtgcdQ== =2NdD -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- -------------------------------------------------- PGP 6.5.8ckt - Build03 - Read me file - 02/12/2001 -------------------------------------------------- This is the 6.5.8ckt Build03 binary distribution, which also contains the source code distribution. What's New: ----------- 1) This build incorporates Disastry's modifications to support more ciphers. Many thanks to Disastry, for sharing this with us. Currently, the following additional ciphers are supported:- a) Blowfish-128. b) Twofish-256. c) AES-128. d) AES-192. e) AES-256. I do not encourage the use of Blowfish, as it is not implemented in any of the official PGP builds. It is provided so as to make PGP more compatible with GPG. Whether you intend to use those additional ciphers or not, should you come across a key using any one of those ciphers, you will be equipped to handle them. 2) Added the ability to display the creation and expiration dates of a key in long date/time format i.e. the time is also displayed. This feature may be toggled via the "Long Date Display" check box, in the advanced tab of the PGP preferences dialog. Checking it will display the creation or expiration time of the key, in addition to the date. In it unchecked state the creation and expiration will be displayed in the traditional format i.e. date only. 3) Fine tuned the 64 bits Key ID display feature. The Key ID will now be displayed in your preferred display format. i.e. As per your selection via the "64 bits Key ID Display" check box, in the advanced tab of the PGP preferences dialog. In it's unchecked state the key ID's will be displayed in the traditional 32 bits format, otherwise, the full 64 bits format will be used. Note that the Key ID's in the signing key selection Combo and the verification blocks will be displayed in 64 bits format regardless of your preferred Key ID display setting. Finally I hope that you will enjoy this build, as much as I had enjoyed putting it together. I also hope, that you will find it useful, and that it will encourage you to use PGP on a more regular basis. Should there be any problems which are specific to this build, please do not hesitate to contact me (matic@cyberia.net.lb). Enjoy! Best Regards, and Happy Encrypting, Imad R. Faiad -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: KeyID: 0xBCC31718833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBOoiMprzDFxiDPxutAQFHFwf/UzCYrTb0qcXuHUtjJouu4ikYD15vm/7X ymK4aC46EPRDZhqjaQ7/H8EB3yGkEYoRS28NpKP1SbmbUCIH8FK+uO4bBc6cNaBU UV6VWTWxSFgCFdTxO398EJIwIvigSf4scG+6NAilvSq44IlIJ4uGVpVRmsCrpL2t zaSsN13A9ew5cDyMtR8DQ2yya77Gzvmu7krvPucz4CBRcKiz5Vvmft4UZN3Ptrac +xq6J7msDz2bq9kt4wKyWl4LMHCk8iz2Nv1K0HRi4s+vtT1I+xrgr+pd5VnU+tYd nuKu8UMsQiIu5yMkSNk+vVXago7JrYQJ27AzM9mxkNIC/RaAxxI6vA== =wdBa -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- -------------------------------------------------- PGP 6.5.8ckt - Build02 - Read me file - 09/27/2000 -------------------------------------------------- This is the 6.5.8ckt Build02 binary distribution, which also contains the source code distribution. What's New: ----------- 1) In Build01 I forgot to add the column header in the Key ID 64 column of PGPKeys. This has now been fixed. 2) Added the ability to toggle whether one wishes to block ADK requests or not. This feature may be accessed from the advanced tab of the PGP preferences dialog by checking or un-checking the "Block ADK requests" check box. 3) The user may now select whether he wishes the Key ID to be display in 64 bits format, or the traditional 32 bits format, in the key property sheets and tree display of PGPKeys. The preferred Key ID display may be set thru the "64 Bits Key ID Display" check box, in the advanced tab of the PGP Preference Dialog. Finally, please note that the Adobe Acrobat PGP documentations have been omitted from this distribution to make it as light as is possible. However, I strongly recommend that you peruse them. They may be downloaded from: http://irfaiad.virtualave.net The name of the item to download is PGP 6.5.1 .pdf documentations. As always, Enjoy! Best Regards, and Happy Encrypting, Imad R. Faiad -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: KeyID: 0xBCC31718833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBOdJ9k7zDFxiDPxutAQEm9Af+LP6rQ3oVVhRS13e+uURmLMqRHH0Ugim7 nvxx36ZlIkvFtAl1eXpQidofQc9+/jxXJ+thLpqGOtuU0ERbW3IKqKSE9aQ47PSx tZyBKNAWqN7g7fDLeqN441gQlxzCX+vOGHQgnnAvCD+yH678VbBqfpUVfm/AuSUO qLvh66mlKLJLSAtDGSTYDtZRX0o673VIMHhC35X4YNQWPrD8QkinMI4K/2/Y10Lh 0Hud1lAZph58uYGIcwVL08C/KWlYa2dJQqWcA7nBLwgj6262X5tjtWhAIMPFWUHI EHz6qFaOvMJckInlE8Q7UPGGXZjSAalWyrkyrYZI3WlB+8w0Fqgr5w== =BE/7 -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- -------------------------------------------------- PGP 6.5.8ckt - Build01 - Read me file - 09/22/2000 -------------------------------------------------- This is the 6.5.8ckt Build01 binary distribution. Well you asked for it, and we bought it to you. There isn't much to add, it's really PGP 6.5.1ckt Build08. As 6.5.1 and 6.5.8 are more or less the same. I have not included the Lotus Notes, and groupwise plugins. I figured that if you really need them then chances are that you should buy the commercial release from NAI. What's New ---------- Ported all the ckt goodies to PGP 6.5.8. Cleaned up the shell extension context menu mod, it needed it. Without boring you too much, I have attached the read me file of 6.5.1ck Build07. Should there be any problems which are specific to this build, please do not hesitate to contact me (matic@cyberia.net.lb). Enjoy! Best Regards, and Happy Encrypting, Imad R. Faiad -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: KeyID: 0xBCC31718833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBOc0krrzDFxiDPxutAQFsTwf+IRhOCvf5MqXpxOG+uNh8ODWwOjGM5Rrm 3dITbCNT9Cl7d/QYbpuybhR/3FRuaHeN5RBMMnTW7hLc0HY1ml4x+9/7g236DJI0 HUEhO3xFyxsSxHyKDfF4P630Sq6/oPTF55RyPhK6opvH/GetzeCM0ZOnEK0b4crj CGyt5oR1OOzKPr7k5pys8/ufqJSJwo+vNcqTkHb4zKkXOkFm5LSoRNQxY5mmufoR 7nwG+oVxJmnnVClddvsOuZIEotaF5zfVWl/IFzhr05q9gvg0E+ddQzW8D8ALc3+h bALXa/KKDOvEL3kHyZC1A+95WUoXLGGSaeWi83qPDQCix8tW5vRYyA== =U62j -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- -------------------------------------------------- PGP 6.5.1ckt - Build07 - Read me file - 09/20/2000 -------------------------------------------------- This is the 6.5.1ckt Build07 binary distribution. What's New:- ------------ 1) Fixed the ADK bug. The program will no longer honor any ADK's be they legitimate or otherwise. Should you have a need for the ADK feature I suggest that you purchase the commercial release from NAI. 2) Fixed this typo in the verification block:- *** Singer Key Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 changed Singer to Signer 3) In build 06, the PGPMemlock driver was linked by accident using the 2k DDK, this caused the driver to fail to load under the windows NT platform. This problem has been fixed. 4) The source code archive which is bundled with this distribution has been updated to reflect the changes made up to Build 07. You will find the archive in the same directory where PGP was installed, it's the file pgp651ckt07.zip. As always, Should you have any problems or suggestions which are specific to this build, please do not hesitate to email me (matic@cyberia.net.lb). Enjoy! Best Regards, and Happy Encrypting, Imad R. Faiad -----BEGIN PGP SIGNATURE----- Version: 6.5.1ckt http://www.ipgpp.com/ Comment: KeyID: 0xBCC31718833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBOch8BbzDFxiDPxutAQESCAf+ICLpIbOGmYgsk7fQspy8pgqNPszD4GVG NkFJnvoX3VcNRZMa3OjBjxVM78eGwumca3uKfvHWwl/eue9c3xyIwHWQWMKXEw7c drjV5hZDODmMrsecm43S4gqTtjephVG6tjhsPIXOiPQZ3eoXSl0W9ZpqMIEN/wAq zhbMKgse3dHAL7tY6ZJCuj1aVqen7x9ts1cSiDNk3JRYUr6nptRDnUao7EtmqxtV dqnmfFXre5/bRrukL+TicDbNbq1Hx//szKCrPRl3iAQEM6Pg6NG1fC61A6RfG1bo rxgskExcrieRfKhhheWpQ98HvSlKPztcczZ2McGj7p7p8s1SN6kujw== =oLdH -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- -------------------------------------------------- PGP 6.5.1ckt - Build06 - Read me file - 05/27/2000 -------------------------------------------------- This is the 6.5.1ckt Build06 binary distribution. Please note that this is an updated binary distribution of Build05. So, there is no need to move to this build unless you are affected by the issues which were fixed. What's new:- ------------ The PGPNet SetAdapter executable was not included in the installer in the earlier distribution. This update corrects this. The windows 9x PGPdisk driver was recompiled using the latest release of DriverStudio 2.0b1, namely NuMega VtoolsD 3.05. The PGP command line was not statically linked in build 05. This problem has been corrected, the new compiled binary no longer imports from any of the PGP SDK dll's. Fixed some win2k issues in the PGPDisk windows NT driver. Fixed a typo in the verification block strings. Also, revised the verification block strings to be more consistent. This is the new verification block:- *** PGP Signature Status: good *** Signer: Imad R. Faiad *** Signer Key ID: 0xBCC31718833F1BAD *** Singer Key Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 *** Signed: 5/27/2000 12:13:59 PM *** Verified: 5/27/2000 12:14:41 PM *** BEGIN PGP VERIFIED MESSAGE *** This was the old one:- *** PGP Signature Status: good *** Signer: Imad R. Faiad *** Signing Key ID: 0xBCC31718833F1BAD *** Singing Key Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 *** Signed: 2/5/2000 8:33:44 PM *** Verified: 2/5/2000 8:33:49 PM *** BEGIN PGP VERIFIED MESSAGE *** Note the typo "Singing Key Fingerprint" which was fixed. Also note the change from "Signing Key" to "Signer Key". For the record, the MS platform SDK, April 2000 was used to compile this build. Should there be any problems which are specific to this build, please do not hesitate to contact me:- matic@cyberia.net.lb. Best Regards Imad R. Faiad -----BEGIN PGP SIGNATURE----- Version: 6.5.1ckt http://www.ipgpp.com/ Comment: KeyID: 0xBCC31718833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBOS+GnrzDFxiDPxutAQFlQQgAlOgB1tuVR2dqoP4MN5U2exkpan+UEHGA 9UUs0towIPsMDP7wj7xlNri6NVCvy0HhydM6KBSQDcZI8GwYEZHSgvSAIeXNsJHX 7/shuvzDt3Q7Kco09lDZhPsIFgooZ1QOdkZZesG5C+aUheO2TNilKv9kOsCdXlap hvCzYcv8DWhRVW71CkJtkeSkNtvmaowkWe8Nkvp7Z+vQm9uvJIg1lkQ5m5SeOnfM i0cSE4JZ5h7aJjHkl7lX0YntRuReuOHyi/G/bBcr9U0sQvARQbmGCfVJN+aqa29C m+0qcmazJvR+lq/58+VgP8E1+dT1X+BDYZZrX7DgnJ7yBp6N+MATzg== =A5lr -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- -------------------------------------------------- PGP 6.5.1ckt - Build05 - Read me file - 02/05/2000 -------------------------------------------------- This is build 05 in the 6.5.1ckt series. It is based on the PGP 6.5.1 source code books which were scanned by pgpi.com. For the complete list of the changes which were made to the plain vanilla 6.5.1i source code please refer to this read me file as well as all those of the previous builds in the 6.5.1ckt series which are appended to this document. Or better still:- All the modifications are documented in the source code. This binary distribution also contains the source code archive used for this build. It will be automatically copied to the same directory where you installed this build by the PGP installer. In this build the source code archive is in the file pgp651ckt05s.zip. Please note that the source code only distribution for this build is also available at my site:- http://www.ipgpp.com/ I have been informed that in a certain foreign usenet newsgroup it has been purported (Anonymously of course) that the ckt source code are never released. I do find this a bit puzzling as we have always made our source code available as soon as the source code tree has become stable. But then again that particular newsgroup is rife with rumors. And often times, I am told, the rumors are apparantly dispelled by their propagators (under another alias of course)! I hereby certify that I have never found any backdoors in any version of PGP. I have been hacking the source code of PGP since PGP 5.0. In the process, I never found any piece of code which is questionable. If there were any backdoors I am sure they would have been discovered by now. So, to the rumor mill camp, I have this to say:- What is your agenda? Changes in this Build:- 1) I have moved to the pgpi.com source code. The previous builds used the source code which was downloaded from the zedz.com ftp site (the only one available at that time). The proofread pgpi.com source code was released in late November 1999. The source code distributed by pgpi.com is a better baseline in my view. Of course all the modifications which were carried out in the previous builds were successfully ported to the new baseline code. 2) I have enhanced the PGP verifiction block. It now shows the singing key ID in it's full 64 bits, the signing key fingerprint is also shown. The following is a sample verification block, which I do hope will be self explanatory:- *** PGP Signature Status: good *** Signer: Imad R. Faiad *** Signing Key ID: 0xBCC31718833F1BAD *** Singing Key Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 *** Signed: 2/5/2000 8:33:44 PM *** Verified: 2/5/2000 8:33:49 PM *** BEGIN PGP VERIFIED MESSAGE *** This is a test message to demo the new improved verifiction block. New Improved! LOL *** END PGP VERIFIED MESSAGE *** 3) Most of the key ID's in the program are now displayed in 64 bits format. They are too numerous to mention individually, but should be obvious to users of any build in the 6.5.x series. e.g. look at the signing key id in the comment block of this message. 4) Recompiled PGPDisk using DriverStudio 1.5 RC1. For installation instruction please refer to the read me file of build 04 below. Should there be any problems which are specific to this build please do not hesitate to contact me. I have built this version for my own personal use. I can state that as far as I am aware, there are no back-doors in this build, that the program (PGP) can generate and use RSA keys up to 16384 bits in length, DH keys up to 8192 bits in length, will handle DSA keys up to 2048 bits in length, and that the integrity of the program has not been compromised by my modifications. Please note, that this is not a "Warezed" version of PGP. And I, the compiler of the source code, hereby declare that I do not own or claim ownership of the binaries so produced. It is being made available "Gratis" to facilitate the process of satisfying the PGP users community that the current commercial release of PGP is still secure and trustworthy. Therefore, it is my fervent hope, that all users of this package observe all applicable laws with regards to copyrights, patents, and other laws that may govern its use. I appeal to all users of this build to buy the commercial product from NAI. It's only $15. As PGP users we owe it ourselves to make sure that a good product such as PGP does not get discontinued because it is not profitable for it makers. Furthermore, by actively supporting the PGP team you will ensure that PGP will evolve to meet your future security needs. $15 or even a lot more is not that much to pay to protect your privacy. As always, Enjoy! Best Regards Imad R. Faiad -------------------------------------------------- DISCLAIMER -------------------------------------------------- THIS SOFTWARE AND THE ACCOMPANYING FILES ARE DISTRIBUTED "AS IS" AND WITHOUT WARRANTIES WHATSOEVER, EXPRESS OR IMPLIED. SO USE IT AT YOUR OWN RISK. -----BEGIN PGP SIGNATURE----- Version: 6.5.1ckt http://www.ipgpp.com/ Comment: KeyID: 0xBCC31718833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBOJ1vKrzDFxiDPxutAQGaogf/Z873jK7KirggyNJebC2inIRlgbXDNT2k CW+gW67UQ20ksl1fumOYnzxG0mMJayqqNyXTqMCyqMnWzb4pVOdvjhX8HIBTx67d d6vRlHS4pky65yEc5SfJzvjouBX94xyj+5sWblLUpARqKazmFY32WIUtnaA5jNYn Iqx1Bd1eACP0YwpTYWTeNr01UXjQ8KhToXnphAAnIOrxl8rOZgIdN3UtkLvy68gs cUbjdxs7C3b57fUnlsCQHgskYOR7WaSS8b18yfR7XA0WGUzJiTU7xZc79IcZEvFq fOqC4M+wAA8XtwJJyu8Tj/PhGPXT9RDQJ3sphFoOmQYlshBL785BKA== =oV4B -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- -------------------------------------------------- PGP 6.5.1ckt - Build04 - Read me file - 01/05/2000 -------------------------------------------------- Happy new millenium! What's New:- 1) Added a column to PGPKeys which displays the Key ID in 64 bits. This feature may be accessed from "Views"|"Key ID 64 bits" menu in PGPKeys. 2) Fixed a bug in the CBT hook proc which caused the "Current Window" feature not to work in the windows 2000 environment. 3) Fixed a bug in the installer which prevented it from automatically finding the Outlook Express install directory in the windows 2000 environment. 4) The installer will no longer install this build if it finds that another build of PGP is already installed. It is better to un-install manually, re-boot, clean up the shared dll files in order to insure that a clean install of this build is performed. Please refer to the installation procedure bellow. 5) Recompiled everything using the latest MS Platform SDK (January 2000) and Numega DriverWorks. 6) Updated the icons in the list control of the Enter Passphrase dialog to PGP 6.x.x style icons. In the builds prior to this we were still using PGP 5.x.x icons. Check it out it's neat. 7) Since the last build, I have migrated to the Windows 2000 platform. I can therefore state that this build works like a charm under the above platform (Win 2k Build: 2128). Known Issues:- The Auto-Unmount after feature is grayed out in win2k. Also there has been reports that it does not work on other windows platforms too. Looking at the source code, this feature is classified as a PGP 7.0 feature in the PGP preferences. I am not sure whether this is build specific or not. Off to Build 05, Best regards Imad R. Faiad ------------------------------- IMPORTANT - BEFORE YOU INSTALL: ------------------------------- Before you install do the followings (yes I know it's time consuming, but please do it none the less, this will save a lot of your precious time should you have any problems):- 1) Exit all programs. 2) Un-install PGP. 3) Re-boot. 4) Delete these files, if any:- for windows 95/98 systems:- a) c:\windows\pgp*.* b) c:\windows\system\pgp*.* or for windows NT / 2000 systems:- a) c:\winnt\pgp*.* b) c:\winnt\system32\pgp*.* 5) Install this build. 6) re-boot. 7) Enjoy. 8) Let me know if you find any problems. -----BEGIN PGP SIGNATURE----- Version: 6.5.1ckt http://www.ipgpp.com/ Comment: KeyID: 0x833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBOHMZ0bzDFxiDPxutAQG8/wgAnUiQL6vnB6nTwyrtryF+0CccWuHZgIbc EYZb4T/d98jX0Wam9bIv8zipPBfmv/Ad1w9jFtG6JAW0wi550p23t9tXVvlIuE/u H+ZN4+/eNB8kPZrCmVR7gWItFkLexymz/J9B4o2WnAI2L5UcqlMiT5h6bFL96Z9W GvCMNvrdx8g2fTSPsGHacpV1vhavcmRdoXCfyX8Qj8eYrQ48DvIbNcgXotKAtFh5 r/4hewuoieBYpX0FMKRCwkhWPv2wDTMBLarWOiHtal+s9RpePJFcr1EMPSORPb1p DBTUNzFO7+w0irQZ4wblReRkAHoSlhVYaxiQqoLtO1p1zuBU8jw3Aw== =Vaz3 -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- ------------------------------------------------ PGP 6.5.1ckt - Build03 - Read me file - 11/27/99 ------------------------------------------------ 1) Ported the key ring backup feature. That is, the user may select the number of backup key rings to be maintained by the program. This may be set by the user from the "Preferred Number of Key Rings Backups" combo box in the "Files" tab of the PGP preferences dialog. You may chose to maintain from One to Four key rings backup sets, however, I urge all users to set it to the default Four, so that in case of key rings corruption one may always roll back to a previous key rings backup set. So, you assess the risk, and cautiously set this feature accordingly. 2) Expanded the web links in the about dialog. There are some very useful PGP links there, so check them out. 3) Recompiled PGPDisk with the latest version of DriverStudio, V1.5b1. 4) I have added support for the SHA-Double hash algorithm. The Program will successfully decode / verify a PGP message where the SHA-Double hash algorithm is used. However, this algorithm may not be selected by the user, it is invoked by the program when signing with a DSA key > 1024 bits. As a bye product of this, DSA keys up to 2048 bits are now supported, however they may not be generated. Please be aware that the use of the SHA-Double hash algorithm is deprecated and should be avoided for three reasons:- * It offers no added security over the other provided hash algorithms. * It causes inter-operability problems with other implementations of PGP. (PGP 5.x.x is the only official build of PGP that I am aware of that supports the SHA1x hash algorithm). * It may not be possible to implement in future versions of PGP. 5) Cleaned the preset version strings, added a couple more. 6) Ported the preferred hash algorithm feature. The user may select his preferred hash algorithm. The selected hash algorithm will thereafter be used whenever signing with an RSA key. The user may set this feature via the "Preferred Hash Algorithm" combo box in the "Advanced" tab of the PGP preferences dialog. Please note that the default hash algorithm when signing with an RSA key is MD5. However, in addition to the default, this build gives you a choice of the SHA1 and the RIPEMD-160 hash algorithms. A note to QDPGP users:- The program will honor QDPGP hash algorithm settings when the selected hash algorithm (in QDPGP) is other than the default MD5. If you wish to sign a message from within QDPGP using the default MD5 hash algorithm, please make sure that your PGP Preferred Hash Algorithm is also set to MD5. 7) Ported the Key ID column in PGPlog feature. It is based on the PGP 5.5.3 PGPLog patch, I must therefore give credit to Lincoln Yeoh and the anonymous poster of a message in alt.security.PGP, for this handy enhancement to PGPlog. 8) Ported the key ID in signing key dialogs features. It is now wider and the combo box shows the user ID, full key size information including the DS key size, and the key ID. Many Thanks to Mr. Michael Ray for proposing this change in PGP 5.5.3ckt. 9) The key size wizard dialog has been recoded. It now displays PRZ's message in the top part. The bottom part has a combo box containing all the supported key sizes in .5k bits increment, and an edit box for custom key sizes. The range of the supported key sizes is correctly displayed in the custom key size radio button's caption. Also, the key sizes which may cause incompatibilities with other PGP versions are clearly marked with an "*" in the key size selection combo box. 10) This build also implement the enhancements to the decrypt dialog as originally suggested by the anonymous poster. This makes the decrypt dialog box more user friendly and informative. * It shows the full user ID in the first column, the key size in the second, and the key ID in the third. * It displays the key ID of any unknown private keys. The user ID will be reported as "Unknown Private Key" and the size will be reported as "???" * It places a key pair icon to the left of the user ID. This will show whether the key is RSA or DH and whether it's active, expired, revoked, or not on your secring file. Unknown keys will display a question mark icon. Please note that double clicking on an unknown key in the above dialog will cause the program to attempt to get that key from the default key server. Please also note that for both of the above enhancement the Key ID will be reported correctly in these two instances:- * if the key is an RSA key or * if the key is DH/DSA and is in your key ring. That is, if the key is a DH/DSA key, and it is not in your keyring the Key ID of the DSA key will be reported instead of the DH key ID. 11) Enabled support (handling and generation) for RSA keys up to 16k bits in length. 12) Enabled support (handling and generation) for DH keys up to 8k bits in length. How to Install? --------------- 1) Un-install whatever windows version of PGP you have installed on your machine. 2) Re-boot. 3) Delete these files(if any):- c:\windows\system\pgp*.dll (for win95/98 systems) c:\winnt\system32\pgp*.dll (for windows nt system) 4) Install this build of PGP. 5) Re-boot. Should there be any problems which are specific to this build, please do not hesitate to contact me (matic@cyberia.net.lb). Off to Build04 Best Regards Imad R. Faiad ------------------------------------------------ PGP 6.5.1ckt - Build02 - Read me file - 10/29/99 ------------------------------------------------ 1) Implemented the explorer context menu feature. That is, the full compliment of the PGP sub-menu items are shown regardless of the file type. 2) Changed the column layout in PGPKeys so that the Key ID will display in the default view next to the key name. 3) I have added the Key ID column to the key selection dialog. The key ID column is sortable. To sort on the Key ID simply click on the column heading. This should make the selection of recipient keys much easier. 4) Updated the mfc dll files. 5) PGPNet has been re-compiled the way it should. The compile in build01 was somehow hacked. 6) Modified the InstallShield script, so that install is allowed under win2k. 7) Re-compiled PGPDisk using the latest version of DriverStudio v1.01, namely VtoolsD 3.01 and Driverworks v2.2. For the record, the previous build was compiled using VtoolsD 2.04 (bug heaven), and Driverworks 1.20. So, to sum up, expect some improvements in PGPDisk, as many bugs were ironed out in the latest releases of both VtoolsD and Driverworks. As always, should there be any problems please do not hesitate to contact me. Off to Build03 Best regards Imad R. Faiad ------------------------------------------------ PGP 6.5.1ckt - Build01 - Read me file - 10/13/99 ------------------------------------------------ Finally the first build in the 6.5.1 series. The source code was obtained from the replay.com ftp site. Unlike previous ckt builds, this one was compiled with the Desktop Security flags set. This, I am told will enable the industrial strength PGPNet to be compiled. For the record this build does not use BSAFE for RSA operations, it uses the PGP Inc's home brewed libraries for that purpose. It contains PGP 6.5.1 GUI, PGP 6.5.1 CLI, PGPDisk, and PGPNet. I have omitted the mfc dll files and the .pdf files to make the installer as light as possible. Please do not select "User's Manual" in the installer, as this will copy empty files with the same name as the real documentation files. The following ckt features have been ported so far:- 1) Enabled support (generation and use) for RSA keys up to 8k bits in length. 2) Web Links in the About Dialog. 3) User selectable / defined version strings. 4) Append signing Key ID to comment block. 5) Append signing Key Fingerprint to comment block. I have not tested PGPNet, nor do I intend to ever test it. If you install it, and have some problems which are build specific, please let me know so that this may be fixed. This is a private build, and is not intended for general distribution. Therefore, I would appreciate if this is never re-distributed. Not that I do not want it to be propagated, but because the good folks at NAI do not appreciate the ckt builds! I hope you will enjoy this build, there is more to come of course. Should you find any problems, please do not hesitate to contact me matic@cyberia.net.lb Off to Build02, Best regards Imad R. Faiad To Install:- 1) Verify the authenticity of the installer, the signature file should be in the .zip archive. 2) UnZip the archive into some temporary directory. 3) Un-install whatever version of PGP GUI you have installed on your machine. 4) Re-Boot. 5) Delete these files, if any:- c:\windows\system\pgp*.dll 6) Run the installer. 7) Enjoy. 8) Let me know if there are any problems. -----BEGIN PGP SIGNATURE----- Version: 6.5.1ckt http://www.ipgpp.com/ Comment: KeyID: 0x833F1BAD Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45 iQEVAwUBOD+98LzDFxiDPxutAQGtrggAm41qqc5ZSxfWzXH5pf+2h1k42rLoNUBK cmBObAImBeR8KKftSxXIk+1RRZt+bL5Ri5nr+O0ta8gC0WncUkni0Evv9zb2jkra Puh22iLmPV+dG+FQ4A403Dk2bA5eQ3Lv0OX79W5UZe9Er1PoSGzlW4rYf+Pf5nsr Z8q1XHbfmb0a60CQlhRnmmX7w0W0Q7RWP1Zrt7xFXexzWjLsjQu2FKacYXKn6lBJ RvJVNeop0lGewMyRNaLO1QqiqumMLB06MkexBRz0Hiup/6dh9dhZ/sKeq4GMW7gT fMDiCPTQPC/Naa+DVN/N+DIDwqwOS1D+PWX+9h2WvjWr55zXXQqx3A== =LVby -----END PGP SIGNATURE-----