PGP compatibility

Mark H. Wood mwood@IUPUI.Edu
Fri, 24 Sep 1999 08:32:10 -0500 (EST)


On Thu, 23 Sep 1999, R. Jackson wrote:

> Ok, this may make me sound stupid, but how compatible is GPG 1.0 with
> PGP (any version)? I've read the FAQs and documentation, but I'm
> confused about which versions of PGP will not work with feature X or Y
> of GPG, and vice versa. For example:
>
> Can PGP encrypted items using algorithms X and Y be properly decrypted
> by GPG?
> Which PGP versions can't read GPG signatures that use algorithm X?
My interpretation: If algorithm X requires that you pay for the right to use it, GPG doesn't have it. (These requirements are considered unenforceable in some parts of the world, and people have built addons that can be used in such places. If you live elsewhere, I would advise against using the addons.) If algorithm X requires that you not disclose source, GPG doesn't have it. (Again there may be exceptions in some parts of the world.) If an implementation of algorithm Y may be published in source and distributed without fee, then it's either in GPG or someone is probably working on it. RSA is not free. IDEA is not free. There are addons for them but it is arguably illegal to use them in many parts of the world. Sorry -- that's the best I can do. I think that R. Jackson wanted something like: PGP2 PGP5 GPG RSA X X IDEA X X DSA X X X Twofish X X etc. but I don't know enough to supply it. (In fact the table above is probably inaccurate.) Could someone who *does* know the score work up a compatibility table and insert it into the GPG documentation? Personally, the bulk of the signed mail I get evokes one or more "unsupported algorithm" complaints and winds up being unverifiable. I'm seeing an increase in verifiable signatures, but no decrease in unverifiable ones. So the news is good and bad. :-/ ++++++++++++++ IANAL but I believe that U.S. patents may be extended (once) upon application. The extension grants an additional 17 years. If RSADSI has something waiting in the wings that will make more money than continuing to sell RSA then they may allow the RSA patent to expire, but if not then they may apply for an extension. Don't get your hopes up too high. (I have no idea how this affects anyone in any other country -- I have enough trouble understanding only U.S. laws.) -- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu Please, no more software products offering a "richer experience"! I have indigestion of the brain already. Give me a more ascetic experience.