Using GPG in the US

M Taylor mctaylor at
Tue Nov 24 14:28:17 CET 1998

RSA system is patented in US (#4,405,829) by Public Key Partners. You can
license RSA for usage (commercial or non-commercial) from RSA Data
Security (RSADSI as part of their various toolkits. RSAREF is
only available for non-commercial usage (they dropped licensing of it for
commercial usage ~1996).

IDEA block cipher is patented in US (#5,214,703) by Ascom Tech AG and is
also patented in Europe (#0482154), and Japan. For licensing details see:

DES is/was patented by IBM in US but allowed for free usage, as part of an
agreement with NBS/ NIST in accepting it as a NIST standard, AFAIK.

>From RSAREF 2.0 doc/license.txt
    b.   The Program may not be used directly for revenue-generating
          purposes. You may not:

          (i)  use the Program to provide services to others for which
               you are compensated in any manner;

 "You can't use RSAREF in any commercial (moneymaking) manner of any type,
 nor can you use it to provide services of any kind to any other party."

IANAL but it would prevent the usage of GPG w/RSA from being use "on the
job" for services such as USENET newsfeed (a service for paying customers),
or encrypting business email (your work is the service you are compensated
for). You could use it for your office hockey pool. :)

Thus RSA support with or without using RSAREF cannot be official supported
as part of a GNU package since the license and patant restrictions prevent
it from meeting the requirements of the GNU Public License 2.0.

Since all this goes against the GNU ideology, those who need PGP w/RSA
support should consider licensing PGP 2.6.x or PGP 6.x from Network
Associates or Network Associates International BV. Then just let the rest
of us get on with GnuPG and its development.

M Taylor   mctaylor@  / |

More information about the Gnupg-devel mailing list