Using GPG in the US
bem at cmc.net
Sun Nov 22 19:55:27 CET 1998
On Sun, Nov 22, 1998 at 09:51:47PM -0500, Jimmy Kaplowitz wrote:
> I have a few questions. I tried to answer them for myself by checking
> the archives and the PGP5-GPG HOWTO, but if they were answered there, it
> wasn't clear to me. So if I'm asking a really common question, please
> put up with me.
> 1) Is it legal for me to use GPG in the US? I would think so, but all
> the download servers are outside of the US, and I am not sure if I am
> allowed to download from one of those. If it is legal to use GPG in the
> US, from where can I legally download it?
Yes, you can use it (just not the RSA and IDEA plugins) in the US.
There are several problems that PGP has faced over the years:
1) Patented code in the RSA and IDEA algorithms. Fortunately, last
year Diffie-Hellman expired and the ElGamal variation on it has
no patent claims. There is a (non-credible, IMHO) claim that
the Digital Signature Standard is patented, but NIST says its
not and that it's freely available. Since PGP5 moved to (mostly)
Elgamal and CAST5 the patent issue is moot.
2) Export laws. Can't have the badguys like Werner having crypto, so
you can't export it. (Unless it's on paper....) That's why the
real work is not done in the US. You can -import- it all you
want, just tell your friends abroad to get it themselves instead
of sending them a copy.
Because of the export laws, no one in the US will put it up for FTP
(where bad guys can get it). So ftp it from Germany or the UK or
wherever. This keeps GPG free of both points above.
> 2) Is there any way I can exchange encrypted messages with PGP users
> without installing PGP myself to retrieve keys and fingerprints, and to
> prepare them for import into gpg?
Yep. The only thing I use PGP for is compatibility testing. The
current release works quite well in getting along with PGP5.
I use this script to grab keys:
# gpget -- fetch the key listed on the command line
/usr/bin/GET http://pgpkeys.mit.edu:11371/pks/lookup\?op=get\&exact=on\&search=$1 | gpg --import
(Okay, so it's stupid, but I couldn't make aliases do it right....)
You may need to replace GET with 'lynx -dump' or some other web fetcher.
GET comes with the Perl LWP module. And, yep, that's grabbing keys from
a PGP5 server.
Using Mutt, PGP/GPG stuff is automatic. My only problem is that Mutt
doesn't let me use 'encryptself' so I can't read what I send unless I cc
myself, but I may hack a patch for that.
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster
More information about the Gnupg-devel