Pretty Good Privacy

Introduction

PGP 2 is a freely-redistributable public key cryptosystem for MS-DOS, Amiga, Atari ST and UNIX. With it, you can communicate securely with other people -- without having to meet beforehand to exchange secret keys!

See the pgp.com web pages for more information.

Is it secure? Ask Dorothy Denning:

"PGP," warns Dorothy Denning, a Georgetown University professor who has worked closely with the National Security Agency, "could potentially become a widespread problem." -- (E. Dexheimer)

Legal Issues

People often claim that PGP is illegal. It isn't. A companion document to this one explains the legal issues.

Version Update

For the very latest information on international versions of PGP, check The International PGP Home Page.

PGP is now available in five basic flavours.

MIT PGP is a version which uses the RSAREF library from RSA Data Security. It is licensed for non-commercial use, and carries a highly restrictive license forbidding certain modifications to the source code. In addition, it is only widely available in the USA, because of ITAR export regulations. It is available from net-dist.mit.edu, in the pub/PGP directory, but there are some hoops you have to jump through first.

Note that MIT PGP has a restricted key length, and is crippled so that after September 1st 1994 it produces messages which cannot be read using PGP 2.3a.

ViaCrypt PGP 2.7 is compatible with MIT PGP, and legal in the US and Canada for commercial or non-commercial use. There are versions for DOS or UNIX (Mac version coming soon); contact ViaCrypt for details.

Because PGP 2.3a wouldn't read MIT PGP messages after September 1st 1994, I produced an updated version of PGP 2.3a, known as 2.6ui. It was modified for compatibility with MIT PGP 2.6, and had some new features added. It doesn't have key-length crippling, and writes messages which can be read with version 2.3a. The "ui" stands for Unofficial International version, because it isn't approved by Phil Zimmermann.

Someone else has taken my 2.6ui sources, and made an unapproved hacked version which allows very large key sizes (greater than 1024 bits). I do not approve of this version; it will likely be incompatible with future releases of PGP which will support large keys. Unfortunately, this version reports itself as 2.6ui, so please do check the signature on any copy of PGP you find.

Ståle Schumacher has produced a version of PGP which uses the bulk of the MIT PGP source code, but with the RSAREF crypto routines removed and Phil Zimmermann's original (faster) routines put back in. Further enhancements are in the pipeline, including a Mac release based on the MIT MacPGP code (which was legally exported after all the PGP code had been removed). I recommend Ståle's version of PGP for general use outside the USA. For more information, see the International PGP Home Page at http://www.pgpi.com.

Obtaining PGP

Note: Much of the information below is out of date. Check the The International PGP Home Page for more up to date information.

Here are some places from which you can download PGP. Look down the list to find the section for the machine or OS you're using -- DOS, UNIX or whatever. Then look in that section for a site which is near to you.

PGP is also available in the NCSA forum on CompuServe (GO NCSA).

Remember: Do not obtain PGP from a site in the USA or Canada, unless you are physically within the borders of the USA or Canada.

Disobeying the above instruction is probably very very naughty. If you get your wrists slapped, it isn't my fault.

If you're reading this list on the World Wide Web, you can set your WWW client to load to disk and click on one of the locations.

Please try to download during hours which are off peak for the machine in question.

The source code archive is about 510KB; the DOS binary version is about 260KB. Users of serial connections may wish to make coffee.

All versions

You can get pretty much every version of PGP from ftp://ftp.cert.dfn.de/pub/tools/crypt/pgp/.

PGP 2.6ui (UNIX, VMS and DOS)

If you put PGP 2.6ui on an FTP site, please tell me the site name and pathname so I can add it to this list.

The various files are available from mail-server@mantis.co.uk if you don't have FTP. They're also on ftp.mantis.co.uk in /pub/cryptography Please note that Mantis only has a 19.2k leased line, so ftp access is restricted. Please try other sites first.

UNIX PGP

Compiles best with GCC 2.4.x or higher. A straight port from DOS, so hardened UNIX users find it a bit chatty.

MS-DOS PGP

Program

Source code

Compiles with Microsoft Visual C++, and can be persuaded to compile with Borland C++.

MacPGP 2.3

A slightly souped-up port of PGP to the Mac. Has help menus and other goodies, but is still not a real Mac application. However, it works.

Note that the version 2.3 release of MacPGP contains the major bug-fix which was later added to UNIX/DOS PGP 2.3. There was therefore no need for a MacPGP 2.3A release; version 2.3 already had the bug fix by the time it was released. There is no MacPGP 2.3A.

Program

Source code

Requires Think C.

OS/2 PGP

You can, of course, run the DOS version of PGP under OS/2.

Program

These are native OS/2 binaries.

Source code

Amiga PGP

Source

Atari PGP

Atari ST / STE / TT / Falcon, TOS

Atari ST MiNT

Sources

Archimedes PGP

Documentation Only

Want to know more about PGP, but too scared to download the actual program in case the Feds bust down your door? Fetch this.

Foreign Language Modules

These are suitable for most PGP versions.

Italian

Spanish

German

Swedish

Russian

Other sites

Some cryptographic software is available from ftp://ftp.wimsey.com/pub/crypto/software/. They're worried about ITAR regulations, so you'll have to read the README file and proceed from there.

There's an experimental key-server accessible on the World Wide Web. The address is http://martigny.ai.mit.edu/~bal/pks-toplev.html.

Another way to get keys is by using thefingerprogram. Try finger @wasabi.io.comfor details.

Other sites which may carry PGP: