PGPlib 0.98 Open PGP toolkit

See the README in pgplib for OpenPGP compliance issues.

This is a collection of cryptographic routines, mainly to access PGP files and
to demonstrate certain techniques.

opgplib is a set of routines designed to demonstrate how to implement the
OpenPGP specification.

opgp is a simple pgp5.0/OpenPGP implementation - shows how to bolt the library
routines together to actually work.

Everything works under Linux 2.0 and later.  Free BSD needs gmake and might
need other adjustments.

Many of these are works in progress, and only one set of eyes has looked at
these programs, so there are probably lots of security holes.  I am not
scrupulous about cleaning memory beyond the library free calls.  Anyone who can
examine core dumps or access the kernel image can also pick out passphrases
from tty traffic, and until there are ways of secureing that, I am not going to
worry about thoroughly wiping memory.  Although I am not going to do it, I
welcome any modifications that will increase the security of these routines.

All of these programs are freely redistributable with the only condition is
that if you make modifications, you either have to indicate what changed from
the original, or clearly disassociate it with this package, and that you use
these at your own risk - there is no warranty of any kind.

You can freely use any of these in commercial or non-commercial products
(though they are dependent on libraries with different licensing terms, and
various patents and copyright apply to the algorithms), and you can even
integrate them into other libraries and place them under new licensing terms
(subject to the above provision).

For the unmungers out there, all the source has been run through indent with
the following parameters:
-i2 -ts0 -npro -br -ce -npcs -npsl -l80 -v

==================================================
USAGE NOTES (badly out of date, look at the source or the scripts)

opgp is a not-quite compatible version of the 5.0 version.  It automatically
forks and pipes itself as necessary to go from encrypted to plaintext with
signature verification, or vice versa.  It uses tempfiles if fork and pipes
aren't available.

See opgp -q usage or the source until I can update things.  Briefly, opgp will
continue until it gets text or a literal packet given an encrypted input.

pgpe functions as

./opgp -i FILE -o FILE.pgp -l FILE -1 -t 0 [-k Sigkid] -p SigPass -3 -z -e kid

Signs, compresses, and encrypts to kid (keyid).

./opgp -i FILE.pgp -o FILE.out

Will recover the file and indicate the results of the signature check.

TESTING

test.sh will conduct a test against a 2.6.2 version or 5.0 version of PGP, or
simply against itself.  The tests do not include looking for failures on
intentionally bad encryptions or signatures.

OTHER NOTES

opgp has "-[adsxy] algorithm" parameters, which is the numeric representation
of the algorithm.  Warning: I don't indicate errors for wrong values, just
exit.  See the OpenPGP spec for values.

Note: With a weakness reported in El Gamal signatures, I have altered the
generators and the signature checking code to try to avoid this, but it will
create different values or may reject signatures from PGP based DH parameters.

The PGP5.0b8 version of pgpv will report a bad signature with anything except
SHA, since that is part of the Digital Signature Standard.  (pgp has a test in
dsaVerify rejecting everything except SHA for the hash algorithm, otherwise
DSA/MD5 or DSA/RIPEMD would work).

I haven't been as careful about wiping memory and preventing memory leaks and
other things to make the code robust.  Nor have I tried to make any of my code
thread safe, since I currently don't have such applications and would leave
that to the experts.

The keyring structure has been complicated further, so I don't do anything with
that internally (but can extract and sign key material for compatibility), but
assume you can use pgpk or manually examine the signatures or be careful what
you put on the keyring.

BACKWARDS (2.6.x) COMPATIBILITY:

opgp -O changes the Cipher Type format from new "to old ctb" format.  Note
that while it uses stdin/out, except for compression it must be in the form of
a file (to seek and insert the length back at the beginning of the packet).

(optional signature steps - this produces a correct detached signature):
  opgp -i plain -3 -d 1 -t 1 -o step.1 -k <rsakey>
literal:
  opgp -i plain -l plain >>step.1
  opgp -O -i step.1 -o step.2
compression:
  opgp -i step.2 -2 | opgp -O -o step.4
conventional:
#the following combination omits the SKESK as everything is the default
  opgp -i step.4 -x 0 -y 1 -s 1 -a 1 -c -p testpass | opgp -O >cipher.pgp
or, PK, rsa:
  opgp -i step.4 -a 1 -e <rsakey> | opgp -O -o cipher.pgp

MISC

testsig will check pgp clearsigned messages from a stream (removing the
signature stuff if used as a filter).  clearsig will process a text stream and
append an armored signature.  lookup and ringscan search and dump keyrings.
newkey generates a new keypair to pubnew.pkr and secnew.skr
