Porting GNUPG

Werner Koch wk at isil.d.shuttle.de
Mon Sep 14 09:54:35 CEST 1998


Dave Smith <dave at raystewart.com> writes:

> operations does GNUPG use the RNG for?

ElGamal needs a very strong RNG.  Cryptographic strongs random numbers
are used in amyn places:  As initialization vectors, for padding and
to create the session key.

> ./configure i386--mingw32

There is a section about cross-compiling in INSTALL.

  ./configure --target=i386--mingw32

should do it.

> I would prefer to use GNUPG on a Linux/GNU box, but my customers are all
> based on the lovely Windows system. The big thing is getting the data I
> generate for them to them securely. If all else fails, I could go with a
> symmetric cipher (such as Blowfish) but I would prefer to use asymmetric

Symmetric ciphers are more secure than asymmetric ciphers. One reason
is that you can more easily change the key.

What about adding a serial number to the key for each customer.

> If the only thing that's holding back the port of GNUPG to a Windows box is
> the need for a RNG, I would be glad to start working on one...

Please see Peter Gutmann's paper about "practically strong random
numbers"; this scheme should be used.


Werner





More information about the Gnupg-devel mailing list