FAQ and pgp 6+ test

Werner Koch wk at isil.d.shuttle.de
Thu Feb 18 21:20:34 CET 1999


Philippe Laliberte <arsphl at oeil.qc.ca> writes:

> 1- When I read in the documentation that GnuPG is compatible with PGP5+
> keys, am I correct in understanding that it includes PGP 6 products?

Should work but I do not have a pgp 6 here (for Unix).

> 2- Has GnuPG been put thru a methodic safety test? If so is there a paper
> on the subject?

Are you talking about general software safety (bufferoverflows and all
such things) or about the the cryptographic security?

The algorithms do pass the testvectors so we can assume they are
correct.  I don't know of any testsuite for rfc2440 so we have to
check it manually and by comparing against the other
implementation(s).

I hope that a lot of people have reviewed the source to make sure that 
confidential information don't leak out and that all parameters are
choosen safely.

> and it doesn't seems so. So I did setup a user maintained Automatic
> FAQ for it. It is situated at http://www.oeil.qc.ca/auto_faq/gnupg/

I'll put a link on the web page - okay?


  Werner


-- 
ceterum censeo RSA esse delendam





More information about the Gnupg-devel mailing list