PGP Interactions

Versions 5.0 - 6.5.3

Go to Index Go to Chart
Go to Version 1 through 4.5 Go to Version 7 and above Go to GnuPG information

A new algorithm: PGP 5.0

This version of PGP marked the introduction of the newer DH keys. Most platforms of this (that I know of) can read the 2.x keys, but here is why we needed this page.

Four personal versions exist:

The MIT freeware version does use RSA keys but does not generate RSA keys.
The (commercial) PGP, Inc. version creates and uses both RSA and DH keys.
The plugin for Eudora version bundled ("bundleware") with Eudora (i.e. from http://www.eudora.com ) contains zero RSA support: no creation or use is allowed. (See PGP 5 and Eudora, below.)
The $5 "upgradeware" version from PGP, Inc. that allows RSA key use and creation (See PGP 5 and Eudora, below), at least until version 5.5.3.

Improvements in PGP5.0

Desktop integration (for the GUI-based Operating Systems, like Win95, WinNT, etc.)
Plugin for Outlook and Eudora (in some versions...see below). Note this version lost the plugin for Netscape due to changes on Netscape's part. (Netscape wants you to use the Verisign setup.)
PGPKeys - again, for the GUI systems, a much better way to manage keys.
Speed improvements, on the order of 4 to 10 times faster.
DH keys, which avoided the RSA legal problems.
International and US versions used basically the same source code.

PGP 5 and Eudora

Note: A version of Eudora Light 3.0.4 exists, for the people who wanted a spell-checker with Light. Eudora Pro skips this version number.

Note the plugin from MIT for Eudora will not work with v3.0.5 of Eudora without an updated pgpplugin.dll file. A chart appears here that will hopefully supply the correct file for you!

Go to Index Go to Chart

PGP 5.0i - International Version

Warning! Flaw in PGP 5.0i: PGP 5.0i has a flaw in the source code specific to Unix systems, such as Linux or various BSDs with a /dev/random device. This will generally only affect you if you created your key pair non-interactively and had no random seed file present. If you created your keys in this manner, you may want to revoke them and generate new ones. Other versions of PGP do not share this flaw. See Security Focus for more information. (Added: 6/3/2000)

First, there seems to be some confusion about the i on the end of the version number. It does not indicate that the version came from PGP, Inc; rather it indicates that this version is an International release, intended for users outside the US and Canada. The international version (or at least the code for it) was released in a book that was exportable, enabling other users to have strong encryption.

PGP5.0i can be downloaded from http://www.pgpi.com.

The precompiled (i.e. ready-to-run after installation) PGP 5.0i will use RSA keys but will not create them. If you don't mind re-compiling the program, you can set it to allow RSA key generation.

PGP 5.0ic

This version is an international, corporation version, roughly equivalent (in idea) to PGP for Business. It allows generation of both RSA and DH keys. Go to Index Go to Chart

PGP 5.5/PGP 5.5i

Both versions (Personal Privacy and Business Security) of PGP5.5 contain a feature that will remember the corporate keys (outlined in the PGP 5.5 for Business Security), and will warn you if you do encrypt to an employee's key but do not encrypt to the corporate key (if the corporation has PGP 5.5 set up to do this, of course). Note that PGP5.0 for Personal Privacy will also issue this warning for corporate keys.

Not included in the PGP5.5 bundle but available is a program that will watch the incoming email to the company. If a message is sent that is not encrypted to the corporate key as requested, this program will either send a note to the author or reject the email outright. Note this can't decrypt the email on the fly; it just watches for a message encrypted to the corporate key.

Improvements in PGP 5.5

Encryption to more than one recipient is supported.
A new key search interface.
PGPTools now allows encrypting, decrypting, signing, verifying, or wiping files from Win95's Explorer window.
Improved key-signing capabilities.
GUI icon to indicate when a key has a corporate decryption key request.

Personal Privacy

Similar to PGP5.0, but with the enhanced Business Security features outlined above for dealing with corporate keys. Two versions seem to exist:

The commercial PGP, Inc. version handles both RSA and DH fully.
The freeware version from PGP, Inc does no RSA at all.

PGP 5.5 and Eudora

The version that comes with Eudora does not allow RSA key use or generation.
The $5 upgrade version does use RSA keys but will not generate them.

Business Security

This version of PGP is meant for, of course, businesses (in the US/Canada, not to be exported). Most of the features are configurable by the system administrator; however, this version can create and use both RSA and DH keys. Note the sys admin can turn RSA creation off. This version can use the message recovery features outlined in PGP4.5 for Business, plus it can send a note asking anyone who encrypts to an employee of the company to also encrypt to the corporate key.

The Business Security Suite version also contains (essentially) keyserver software (called 'certserver') and the email watcher outlined above.

PGP 5.5.1, PGP 5.5.2

Bugfix releases.

PGP 5.5.3

Freeware & Bundleware: No RSA support at all.
Upgradeware: Use RSA, but not generate.

PGP 5.5.3i (International version)

The precompiled version will handle RSA keys fully (as well as DH keys, of course).

PGP 5.5.3a (Preston Wilson modified version) for Windows

Full RSA support.
Distributer (Preston Wilson) fixed a backup keyring bug.
This version is meant to be very easy-to-use, especially for the new PGP user, but still has the advanced features more experienced users want.
Precompiled/source code versions both available at Preston Wilson's Home on the Web.
Note that this version requires the PGPPLUGIN.DLL file supplied on the site if you are going to use it with Eudora Light/Pro 3.0.5.
This version is available to US/Canada residents only and is not supported by NAI, Inc. in any way!

PGP 5.5.3iCKT (Cyber-Knights Templar modified version)

Based on the v5.5.3 source code from PGP International.
Allows RSA keys up to 8192 bits in length.
Adds a KeyID column to PGPLog.
Precompiled/source code versions both available at Cyber-Knights Templar.
This version is available to US/Canada residents only and is not supported by NAI, Inc. in any way!

PGP 5.5.3iCKT-6/22/98 Build:

Source and precompiled versions available at Cyber-Knights Templar.
Support for RSA keys up to 16384 bits, DH Keys up 8192 bits, and DSA keys up to 2048 bits.
Expanded List of key servers.
Easy one click key size selection in key size wizard dialog.
Enhanced PGPLog with key ID column.
Enhanced Decrypt Dialog with more key information.
Root Directory problem fixed.

PGP 5.5.3iaLP

Use/Generate RSA keys up to 8192 bits.
Shows KeyID in PGPLog.
Improves the standard wipe algorithm to make it more secure.
Fixes the backup keyring bug.
Limits number of backup keyrings to 1 instead of 4
Found at ftp://basement.replay.com/pub/replay/pub/incoming/ with the filename pgp553ialp.zip. A text file describing it and signature file also exist in that directory.
Note from RJ: While the person who actually modified this version remains unknown, I've received email from another saying he uses it with no problem, and it works as advertised. The actual code was checked by a software engineer and contains no nasty surprises.

PGP 5.5.3fr

This is a French version of PGP 5.5.3 for Windows. It can be found at http://www.cl.cam.ac.uk/~fapp2/pgp. The page is in French and English. The page does not specify whether RSA is supported, but I would guess that it probably is fully supported. Please let me know if you know for sure!

PGP 5.5.4

PGP skipped this number.

PGP 5.5.5

This version is identical to 5.5.3; the only changes are in the About boxes and license information to reflect the NAI buyout of PGP, Inc. Also, "PGP 5.5.5 for Business Security" was renamed "PGP for Email and Files".
Go to Index Go to Chart

PGP 6.0

This is complicated. I'll make it as simple as I can.

NAI released 5 versions to get started. They are:

PGP Desktop Security 6.0.0 DH
PGP Desktop Security 6.0.0 RSA Add-on
PGP Personal Privacy 6.0.0. DH
PGP Personal Privacy 6.0.0 RSA Add-on
PGP Freeware 6.0.0 DH

The versions marked DH handled only DH keys, while the versions marked RSA allowed the generation and use of RSA keys. However, the Personal Privacy 6.0.0 RSA was not intended to be released with RSA key generation enabled (it was supposed to only be able to use them, not generate them). NAI realized their mistake quickly and pulled it off the market within a few days, then released a correction with a slight version alteration:

PGP Personal Privacy 6.0.0a RSA Add-on

PGP 6.0.1

A bug was discovered in the RSA code that handled keys larger than 2048 bits. NAI released a fix for it, and decided to drop support for RSA keys larger than 2048 bits (2048-bit and smaller keys are okay) in this and all subsequent RSA products. The bugfix versions are:

PGP Desktop Security 6.0.1 RSA Add-on
PGP Personal Privacy 6.0.1 RSA Add-on

The Desktop Security version allows the generation and use of RSA keys. However, the Personal Privacy version only allows the use of RSA keys.

PGP 6.0.2

NAI then did a maintenance release:

PGP Desktop Security 6.0.2 DH
PGP Desktop Security 6.0.2 RSA Add-on
PGP Personal Privacy 6.0.2 DH
PGP Personal Privacy 6.0.2 RSA Add-on
PGP Freeware 6.0.2 DH

The RSA versions both allow RSA key generation (this is not a mistake or typographical error). Why the change of heart? NAI decided not having RSA generation was too much of a headache for users.

The 6.0.2 maintenance release changed the implementation of the RSA algorithm used. In all 6.0.0 and 6.0.1 versions, and the 6.0.2 RSA versions, NAI used RSADSI (RSA Data Security, Inc) code called "BSAFE". However, in the 6.0.2 DH versions for Windows, PGP uses CAPI (Microsoft's Cryptographic API). So...what can the DH versions do with RSA keys? Well, that depends on the version of CAPI you happen to have:

Internet Explorer 4, 40-bit encryption: you will not be able to encrypt or decrypt, but you should be able to sign and verify with RSA keys.
Internet Explorer 4, 128-bit encryption: you should be able to use RSA keys for encryption, decryption, signing and verification, but you cannot generate RSA keys.
Internet Explorer 3: Unknown. Let me know and I'll make sure it appears here and the interested people will find out.

None of these versions will allow the creation of RSA keys. Also, CAPI is known to have problems with "odd" keysizes, so you may have to stick to keys of 1024, 1536, or 2048 bits. All of the RSA key functions in the "DH-only" versions are a bonus, remember. If you need truly reliable RSA key use then you need to buy one of the RSA Add-on versions from NAI.

Features of 6.0.x

One of the nicest new features of the 6.0 series is the "Use Current Window" option in PGPTray. This allows you to encrypt a message right in the window you are working in, rather than having to cut, encrypt, and paste. This is especially handy for users of email packages not normally supported by PGP.

PGP 6.0.2i

This version does not support the generation of RSA keys. All of the other features are supported.

PGP 6.0.2iCKT

Build 03: On March 1, 1999, the Cyber-Knights Templar released their PGP 6.0.2ckt Build 3. This build supports RSA key use and generation, but not the huge key sizes that their 5.5.3ckt did. (I've added the i in the designation to clarify that this is in fact an international version.) See http://members.tripod.com/IRFaiad or http://members.tripod.com/cyberkt for more information. PGPdiskCKT is also included in this package.
Build 04: Somewhere between 03 and 05 CKT released 04. I missed the info on this one.
Build 05: On March 20, 1999, CKT released PGP 6.0.2ckt Build 5. This version supports the large key sizes that PGP 5.5.3ckt did. See either of the pages above or http://www.sierranv.net/~mbg4 for more information.
Build 07: As of 1/15/2000, Build 07 was available on the CKT home page.

Go to Index Go to Chart

PGP 6.5

NAI released PGP Desktop Security 6.5 for Windows NT on April 5, 1999. Versions for other platforms (Win95/98, Macintosh) were released sometime in the second quarter of 1999 as 6.5.1.

Changes

PGPNet, used to secure TCP/IP connections, implements the IKE and IPsec internet standards and works with other software and hardware that uses those standards. Pretty cool stuff.
Self-Decrypting Archives, for sending files to users who do not use PGP.
X.509 and CA authentication.
Scheduled Free Space Wiping, used to automatically wipe the deleted files from your hard disc for security (requires Windows Task Scheduler).
Hotkeys, especially for the "Use Current Window" feature of 6.0.

This version follows the same as the 6.0 releases in terms of which support RSA key generation; essentially, if you buy the RSA version you get RSA key generation, otherwise you have to rely on CAPI for your RSA key support.

PGP 6.5.1 & PGP Command Line

NAI released PGP 6.5.1 in several flavors:

PGP Desktop Security 6.5.1
PGP Personal Privacy 6.5.1 (30-day trial available)
PGPfreeware 6.5.1 for Win 95/98/NT
PGPfreeware 6.5.1 for MacOS
PGP Command Line Freeware 6.5.1 for Linux/Solaris/NT
PGP Certificate Server Freeware 2.5 for Solaris/NT

While that last one does not apply to the average home user, it was part of the announcement, so I included it! This announcement covers the freeware versions.

The differences between the versions are mainly:

PGP Desktop Security 6.5.1 includes administration features for enterprise-type environments.
PGP Personal Privacy 6.5.1 does not include the admin features, but does contain PGPdisk, X.509 authentication in PGPnet, and Secure Gateway support in PGPnet.
PGPfreeware 6.5.1 is similar to PGP Personal Privacy but does not include PGPdisk, X.509 Authentication in PGPnet, or Secure Gateway support in PGPnet.

In keeping with the original, long-lost purpose of this page, all 6.5.1 versions support RSA fully, even the Freeware versions!

The Freeware versions can be downloaded from http://web.mit.edu/network/pgp.html . Warning: If you have PGPdisk installed from PGP 6.0.2 and you upgrade to PGPfreeware 6.5.1, you will lose PGPdisk functionality!

The source code release for PGP 6.5.1 included the source to PGPfone. See the README file for some more information.

PGP 6.5.1int

An international version of PGP 6.5.1 is available in both GUI and command line versions. It does not include PGPdisk. See http://www.pgpi.org for the program. Also, the source code release is on their FTP server.

PGP 6.5.1ifr

A French translation of PGP 6.5.1i. (Note they don't use the letter "i" in the name of it. I added it so that it is clear this is an international version.) Available at http://www.cl.cam.ac.uk/~fapp2/pgp/ (the page has both French and English text).

PGP 6.5.1ckt

The Cyber-Knights Templar release of PGP 6.5.1ckt, build 06. CKT usually implements very large key sizes, which may be incompatible with certain versions of PGP. The CKT home page is at http://members.tripod.com/IRFAIAD/.

Go to Index Go to Chart

PGP 6.5.2/PGP 6.5.2a/PGP Command Line 6.5.2

Due to an error on NAI's part, PGP 6.5.2 was not intended to be released but was sold through the McAfee website and other places. To reduce confusion, when NAI did release the "proper" version, they named it 6.5.2a. (If you have a copy of 6.5.2, you are eligible for a free upgrade to 6.5.2a.)

To see what version you have, you can check:

The background of the installer will say which version it is in the upper-left corner.
The "What's New" file (probably in the installed PGP directory).

The "About" boxes are identical, so you can't use that to tell.

Rumor has it NAI intends this to be the last version released before PGP 7.

Versions 6.5.2 and 6.5.2a both support RSA key generation and use, a feature that has been in all PGP editions since 6.5.0.

Version 6.5.2a corrects several bugs in version 6.5.1, especially for PGPnet. Read the Personal Privace and Desktop Security announcement here. I have the freeware version announcement available as well.

November 4, 1999: PGPfreeware Version 6.5.2a is available at http://web.mit.edu/network/pgp.html.
Personal Privacy and Desktop Security are available as well.

Features for Windows:

Support for Windows 2000.
Windows 2000 IPSec Interoperability: PGPnet running on non-Windows 2000 systems can establish VPN connections with the built-in Windows 2000 IPSec client. (The Windows 2000 system must be running the Windows 2000 High Encryption Pack.)
Intel Pentium III Random Number Generator Support: Some systems have a built-in random number generator from Intel; PGP will use this in addition to its own entropy for random data. Sources say that Intel's random number generator is very good.
Email plugins are automatically selected.

Features for Mac:

MacOS9 Compatibility: PGP 6.5.2a is compatible with MacOS9's Multiple Users feature.
Windows 2000 IPSec Interoperability: PGPnet will work with those systems (see Windows features above).
HFS+ FreeSpace Wiping on Startup Volume.
Outlook Express 5.0 Support (as well as OE4.5).

Warning: If you have PGPdisk installed from a previous version and you upgrade to PGPfreeware 6.5.2a, you will lose PGPdisk functionality!

PGP Command Line 6.5.2/PGP E-Business Server

This program comes under two names, depending on intended user:

Individual use: PGP Command Line 6.5.2
Corporate use: PGP E-Business Server

They support several operating systems:

Windows NT/95/98/2000
AIX
HPUX
Solaris
Linux (.tar.gz & .RPM)

PGP 6.5.2a ADK Hotfix (Macintosh)

This corrects a bug associated with ADKs. (A fixed copy of the program is indistinguishable from the original.) The Hotfix announcement is available here.

PGP 6.5.3

Bugfix release, no new features. This version only exists for Windows platforms, not Mac. This is the first version that could be legally exported in executable form.

PGP 6.5.3 ADK Hotfix (Windows)

This corrects a bug associated with ADKs. (A fixed copy of the program is indistinguishable from the original.) The Hotfix announcement is available here.

PGP 6.5.8

This version fixes the ADK vulnerability. It is available in Macintosh and Windows versions, in all three flavors: PGPfreeware, PGP Desktop Security, and PGP Personal Privacy. See the MIT PGP Distribution site for the freeware versions and pgp.com for the other versions. I have the announcements for the Freeware versions and the Personal Privacy versions available.

There were also two PGP 6.5.8 Command Line versions, freeware and commercial. You can read the announcement here.

The source code is available for this version at http://web.mit.edu/network/pgp.html. I have the announcement available.

PGP 6.5.8ckt

This version is compiled by the Cyber-Knights Templar. Many users are switching to this version in light of NAI's announcement that NAI will no longer release all of the PGP source code.

Go to Index Go to Chart