TUCoPS :: Privacy :: pfaq.txt

NoiseNet Privacy Echo FAQ

-----BEGIN PGP SIGNED MESSAGE-----


                        NoiseNet Privacy Echo
                     Frequently-Asked Questions
                           16 March 1994
                   'Copyleft' Rob Szarka (1:320/42)
                       mrnoise@econs.umass.edu


1.  Why this FAQ?

While more than one excelent privacy-related FAQ is available on the
Internet, this FAQ is intended to be posted to the NoiseNet Privacy
Echo, Fidonet Public Keys Echo, & other appropriate amateur networks.
I will attempt to keep it a good deal shorter than the comparable
Internet versions to preserve bandwidth & allow frequent posting,
while providing information of particular concern to BBS users.

Please send pertinent information to me at the addresses above, or
search your nodelist for 'Szarka' or 'Mr. Noise'.  I can also be reached
in NOISE_PRIVACY, PUBLIC_KEYS, or on my BBS at +1-203-886-1441.  This
document is CopyLeft 1993 by Robert Szarka.  Unattributed quotations
throughout are from the PGP documentation by Phil Zimmerman.

The latest copy of this FAQ is available for FREQ at 1:320/42 as PFAQ.

The following people have contributed to this FAQ (directly or
unknowingly by posting useful information):

christopher.baker@f14.n374.z1.fidonet.org
rudy.crespin@f101.n265.z1.fidonet.org
dt194@kanga.ins.cwru.edu (Kevin Lo)

Also, a big 'thank you' to the sysops who have volunteered to be listed
as sources for PGP below.


2.  What is PGP?  What is public-key cryptography?

PGP (Pretty Good Privacy) is a free public-key cryptography program
written by Phil Zimmerman.  To use such a program, you must first
generate a 'key pair', consisting of a 'public key' & 'secret key'.
You then distribute the public key, which allows others to encrypt a
message so that it can be decoded only with your secret key;  the secret
key, & the passphrase that you use with it, must be kept secure.  The
PGP documentation gives an excellent discussion of the subject, & it is
recommend reading even if you're just interested & never intend to use
the program.


3.  Is PGP illegal?  What is ViaCrypt PGP?

There are two issues here:  export controls & patent infringement.

Technically, it is illegal to export the executable versions of PGP from
the United States.  The government takes the view that cryptography has
military applications, & is thus a 'munition'.  Never mind that the most
recent versions of PGP originated in Europe & were *imported* to the
U.S.;  our government has never been what you could call open-minded
about things like this.  People are working to change this situation, &
you should certainly contact your Congresscritters to support their
efforts.  Source code is a murkier matter.  It ought to be exportable
under the technical data exception to the law, but the government is
currently investigating (i.e., harrassing) folks for doing so.

Public Key Partners also contends that PGP violates their patent on the
RSA algorithmn used as part of PGP (the text is encrypted using IDEA, but
the IDEA key is then encrypted using RSA).  (Note that the U.S. is the
only country that allows patents on algorithms, so PGP is still legal is
the rest of the world!)  Zimmerman, & others, tried to obtain a license
for PGP, but to no avail.

In November, ViaCrypt (+1-602-944-1543) released a commercial version of
PGP (at an introductory price of $100) under their license with Public
Key Partners.  ViaCrypt PGP is compatible with PGP & solves the legal
questions for businesses & others that don't want to chance violating
the law.  (Note that government employees can use the RSA algorithim for
official business anyway, as it was developed with tax dollars.)


4.  Where do I get PGP?  Is it available for (insert your OS here)?

Many sysops make PGP available for FREQ using the following magic names:

PGPFILES        PGP/privacy/encryption filelist.
PGP             Current version of MSDOS PGP executables and docs.
PGPSRC          Current version of PGP source files.
PGPALL          Both MS-DOS executables and source.
PGPAMIGA        Amiga version of PGP.
PGPATARI        Atari version of PGP.
PGPMAC          Macintosh version of PGP.
PGPOS2          OS/2 version of PGP.

On Fido, the following sites have PGP available for FREQ (sites with an
asterix also have it available for download on the first call):

SOURCE CODE:  1:320/42; *1:102/903; 1:106/1776; 1:352/333; *1:273/937
MS-DOS EXECUTABLES:  *1:102/903; *1:106/1776; 1:3607/25; 1:352/333;
                     *1:273/937; *1:3807/110
OS/2 EXECUTABLES:  1:352/333; *1:3807/110
MAC EXECUTABLES:  *1:3807/110; *1:106/1776
AMIGA EXECUTABLES:  1:352/333; 1:374/14; *1:106/1776
ATARI EXECUTABLES:  *1:3807/110; *1:106/1776

On Internet, the best place to start is the cypherpunks FTP site at
soda.berkeley.edu.


5.  Where do I get public keys?

Those on Fidonet should pick up the PKEY_DROP echo, intended for the
posting of public keys.  In addition, many sysops make public keys
available via FREQ using the following magic names:

PGPKEY          The sysop's PGP public key.  (Make the filename
                distinctive with your node number or name.)
KEYRING         Complete public keyring.  (Make the filename
                similarly distinctive.)
PEMKEY          PEM public-key
PEMRING         PEM public-keyring

You may FREQ KEYRING from 1:320/42 for a large collection of public
keys, including many from the Internet key servers.  Those with HST may
wish to FREQ INETKRNG.ARJ from 1:376/74 or 1:376/76 for a complete
Internet keyring current to December 1993.

Several keyservers are available via Internet, including the following:

        pgp-public-keys@demon.co.uk
        pgp-public-keys@sw.oz.au
        pgp-public-keys@dsi.unimi.it
        pgp-public-keys@kiae.su
        pgp-public-keys@fbihh.informatik.uni-hamburg.de
        pgp-public-keys@pgp.ox.ac.uk
        public-key-server@martigney.ai.mit.edu

If you don't know how to use a key server, send email to a server with
the subject 'HELP'.


6.  How do I clearsign a message with PGP?

Remember that *second* doc file?  ;-)  Here's the relevant portion of
the docs:

     To enable this feature, set CLEARSIG=ON, and set ARMOR=ON (or use
     the -a option), and set TEXTMODE=ON (or use the -t option).  For
     example, you can set CLEARSIG directly from the command line:
      
          pgp -sta +clearsig=on message.txt
      

7.  I want to put my public key ring up for freq, but I don't want my
trust parameters available to anyone else.  What's the easiest way to
extract all the keys on my keyring?

There is an undocumented feature in PGP for doing a wholesale
extraction using the * parameter:

pgp -kxa * publicringfilename

will extract all the keys you've collected to an ASCII output file. Such
output does not contain anything but keys and signatures.  (Remember:  a
large file like this may get split into chunks if ArmorLines is
different from zero in your config.)  Leave the -a off, of course, if
you don't want ASCII encoding.


8.  How do I view the 'fingerprint' of a public key?

Again, from volume 1 of the PGP documentation:

     To view the "fingerprint" of a public key, to help verify it over 
     the telephone with its owner:
          pgp -kvc [userid] [keyring]
      

9.  How can I help the cause?

Phil Zimmerman has not yet been sued or charged with a crime, but
there's no telling what will happen tommorrow--sooner or later this
thing has got to come to a head.  The Electronic Frontier Foundation has
already stepped forward to provide moral & financial support, and you can
do your part by mailing a contribution to Zimmerman's lawyer for his
defense:

        Philip Dubois, Esq.
        2305 Broadway
        Boulder, CO  80304
        +1-303-444-3885

Zimmerman, & the others who have stepped forward to help with PGP's
development over the years, have done us a great service.  They deserve
our support.  One idea that I'm trying here at Sea of Noise is to
earmark 10% of contributions to the BBS for Zimmerman's defense; I hope
other sysops will join me.


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLYa66VMuzCoJtKg7AQHe4QQAl6cY2r0QlihwT4UyfE9ZUlfzNXzHaDls
XQ6cuJlsUIAWhkgRmjcrKGsIp/XVlmkz2MqoO5q+uD9Pm5oRNWKpnmfd86PzutKp
Cj7E17uvYdLfqsAV6qF7peNccs4UcHvZOMwJ7uEpPO4GFSD/RxKNO1dBp0K+/SjP
CQjSKWqC/Y4=
=DjR8
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH