Porting GNUPG

Matthew Mastracci mmastrac at ucalgary.ca
Sat Sep 12 16:26:32 CEST 1998

I don't think implementing a strong RNG in Windows would be too difficult.
You can even use the built-in Microsoft Crypto API (CryptGenKey) to generate
good keys.

If you don't want to trust the Great Satan to generate the keys, however,
you can probably get enough entropy from using the a combination of:

 - Content of mouse and keyboard messages ("bang you keyboard with your
 - Time between messages, measured using the high-resolution multimedia
 - Various system parameters (OS version, CPU type, etc)
 - Name of the computer
 - Name of the user
 - The previous MD5'd string

Combine somehow (concatenate in a string) and mix thouroughly.  MD5 to
taste.  I think this would yield enough entropy to make most people happy.
Run though this data at least 10  times to yield the next 8 bytes of data.

I can help on this part if you need it.

 /\/\att /\/\astracci                  mmastrac at acs.ucalgary.ca

"Toutes choses sont dites deja, mais comme personne n'ecoute, il faut
toujours recommencer."
-----Original Message-----
From: Dave Smith <dave at raystewart.com>
To: GNU Privacy Guard <g10 at net.lut.ac.uk>
Date: Saturday, September 12, 1998 12:39 PM
Subject: Porting GNUPG

>Hi all...
>I recently ran across GNUPG in my search for a PGP replacement and was
>delighted by the functionality (and cost) :)
>I'm interested in porting a subset of the GNUPG program to Windoze. I can
>hear the questions already..."Why in the *world* do you want to port such a
>beautiful piece of software to such a ugly OS?!" :)
>Basically, I need to be able to decrypt/encrypt stuff on the Windoze OS.
>generation will take place on a secured Linux box, so the RNG (or lack
>thereof in Windows) won't really be a big deal (will it!?). What I'd like
>do is keep the source modification to a minimum so that I can keep the two
>versions (Linux/Windows) in synch.  I know there is currently a binary
>version of GNUPG for NT, but that is stamped for version 2.10 (which is a
>little old). Does anyone know who built that version? I could really use
>makefiles (or VC project files) that where used. I guess I could figure it
>out on my own, but it would be siginficantly more efficient to stand on
>someone else's shoulders... :)
>Thanks. :)

More information about the Gnupg-devel mailing list