RC2 in libgcrypt

Nikos Mavroyanopoulos nmav@gnutls.org
Tue, 24 Jun 2003 10:09:46 +0300

On Tue, Jun 24, 2003 at 08:43:25AM +0200, Werner Koch wrote:

> > Is there any chance into including RC2 in libgcrypt? Without
> > it, it is not possible to create a real pkcs-12 packet parser.
> As I already told here, PC2 is patented and anyway obsolete.  We won't
No RC2 is not patented. As far as I know it has the same status as RC4
(was a trade secret). There is also an informational RFC on it
at http://www.faqs.org/rfcs/rfc2268.html

> include it.  Furthermore importing a 40 bit RC2 encoded certificate
> is really silly as this can be broken trivially and it must be assumed
> that such a certificate has already ben compromised.
Certificates do not need much protection, that's why the browsers use
weak encryption on them. The only thing protected in a PKCS12 structure
with strong encryption is the private key.

> > An RC2 implementation under the public domain can be found at:
> > ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/rc2/rrc2.tar.gz
> There is nothing like public domain in most European countries and
> such the legel status of such an implementation might get us in trouble
> later on.

Well not having RC2 means that the whole work I've done on PKCS12 
packets is useless, since I cannot decrypt them.

> -- 
> Werner Koch                                      <wk@gnupg.org>
> The GnuPG Experts                                http://g10code.com
> Free Software Foundation Europe	                 http://fsfeurope.org

Nikos Mavroyanopoulos