GnuPG binaries with IDEA

David Shaw dshaw at
Mon Sep 8 22:04:02 CEST 2003

On Mon, Sep 08, 2003 at 10:47:45AM -0500, Keith Ray wrote:

> Quoting Werner Koch <wk at>:
> > On Tue, 26 Aug 2003 09:28:42 -0400, David Shaw said:
> > > I know about the Nullify release of GnuPG.  It's questionable whether
> > > this is compliant with the GPL.
> > 
> > It is released in violation of the GPL.  The trick with the IDEA
> > module is there to workaround this license problems in the few
> > countries where IDEA is not patented.  The GPL is about distribution
> > and not about running a program, so using an already existing module
> > is okay.  It is not okay to distribute it.
> I can understand your complaint about compiling IDEA in the binary, but
> how can distributing the IDEA cipher in DLL/module form be a violation of
> the GPL?

There might be an issue with your SHA-256/384/512 code as well.  I
emphasize "might", since I am offline and not able to check it at the
moment.  The Nullify GnuPG supported the "wide SHAs" before the
regular GnuPG did.  I seem to recall that the code used was old BSD
licenced (with the advertising clause) and thus not GPL compatible.

There may be no issue with this if the wide SHA code in the Nullify
GnuPG is GPL-compatible, and/or you switched over to using the SHA
code from the regular GnuPG (which is GPLed, of course).


More information about the Gnupg-devel mailing list