Nouvelle clé GPG…

Il fut un temps… le bon vieux temps comme ils disent… où j’utilisais PGP v2.6.3i (sous M$ Windows, la loose) notamment avec la messagerie…

J’ai commencé à chiffrer les messages à peu près au même moment ou j’ai découvert UNIX et Linux. Les clients messagerie lourds géraient déjà assez bien le chiffrement par certificats (avec des formats différents) mais ne prenaient pas du tout en compte les clés PGP, sauf à passer par des extensions. Les navigateurs web ne gèrent pas du tout les clés PGP (sauf avec un projet type Monkeysphere) mais comprennent nativement les certificats.

Vint forcément le moment ou je laissais tomber PGP pour les certificats, une autorité de certification… et SSH.

Mais les certificats imposent une infrastructure et ne résolvent pas intuitivement la sécurisation des échanges entres personnes. Ils ne sont vraiment performant que dans un modèle hiérarchique, donc soit en entreprise soit sous le contrôle d’une autorité sur internet.

Et aujourd’hui?
Je vois que Horde prend en compte les clés PGP pour le chiffrement de messages. Pour un webmail, pas mal :-)
Pour Nebule, clairement le modèle hiérarchique des relations entre certificats n’est pas viable. Il reste le modèle à la PGP, horizontale.

Conclusion, il me faut une nouvelle clé, mais GnuPG cette fois-ci !


Freeware PGP versions (sourcedownload) :

PGP 2.3a This is the « classic » PGP version, and until a couple of years ago, this was the version generally used all over the world. You may still use PGP 2.3a if you want to, but you may experience problems when trying to process messages and keys generated with PGP 2.6 and later versions, or when using keys that are larger than 1280 bits (the maximum size is now 2048 bits). PGP 2.3a is presumably illegal to use within the USA because of patent restrictions.
PGP 2.6ui This is an unofficial, « hacked » version of PGP 2.3a, which aimed at correcting the incompatibility problems introduced by MIT PGP 2.6. Please observe that PGP 2.6ui is not a « true » 2.6 version as it is based on the source code for PGP 2.3a, and as such does not include the improvements and bug fixes found in the newer versions. PGP 2.6ui was published by mathew in the UK, but is no longer supported.
PGP 2.62ui Tony Lezard in the UK based this version of PGP on mathew’s 2.6ui, but tried to bring it up-to-date with the latest PGP 2.6x improvements (bigger keys, bug-fixes, new command options etc.). PGP 2.62ui can be downloaded from ftp.mantis.co.uk.
PGP 2.64ui This is the most current version of the ui series. It is published by Steve Crompton. It contains fixes and features not available in other versions of PGP. For more information including download locations, see The Unofficial International PGP Home Page
MIT PGP 2.6.2 This is a US-only version of PGP, released and distributed by MIT. It has the following restrictions :
1/ It creates messages that cannot be read by PGP versions prior to 2.5.
2/ It uses the RSAREF encryption library, making it slightly slower on most platforms. Furthermore, it does not understand the old signature format used by PGP 2.2 and earlier versions. PGP 2.6.2 is illegal to export from USA, but once exported anyone may use it freely. This version corrects a number of bugs found in PGP 2.6 and 2.6.1.
PGP 2.6.2g This is a « rebel version » of PGP (the ‘g’ stands for ‘guerilla’). It supports 4096-bit keys, doesn’t use RSAREF, and fixes many bugs found in MIT PGP 2.6.2. I don’t know much about this version, but you can get it here.
PGP 2.6.3i This version of PGP is based on the source code for MIT PGP 2.6.2 and modified for international use. PGP 2.6.3i differs from MIT PGP 2.6.2 in the following ways:
– It does not use the RSAREF encryption library
– It is 100% compatible with all other PGP 2.x versions
– It corrects a number of bugs present in PGP 2.6.2(i)
– It compiles « out of the box » for many new platforms
– It adds some new features without breaking compatibility with earlier versions
PGP 2.6.3i is probably illegal to use within the USA, so if you are a US citizen, you should not use it. You can download PGP 2.6.3i here
PGP 2.6.3ia This release fixes a few minor problems in PGP 2.6.3i. Here’s the patch.
PGP 2.6.3 If you compile the source code for PGP 2.6.3i using the -DUSA option and linking with RSAREF (rsaglue2.c) instead of MPILIB (rsaglue1c.), you will get a version that identifies itself as PGP 2.6.3. It contains all the same bug-fixes and improvements as PGP 2.6.3i, but it will be slightly slower, and the « legal kludge » cannot be disabled. PGP 2.6.3 is not an official PGP version, but is still perfectly legal to use inside the USA. It is only distributed as source code. However, some helpful individuals that have compiled it for their own use, have also made it available to the general public:
MS-DOS, by Preston Wilson
Macintosh, by Zbigniew Fiedorowicz
I cannot guarantee the authenticity of these compilations. On the other hand, I have no reason to believe that the source code has been tampered with, either.
PGP 2.6.3in PGP 2.6.3in is based on PGP 2.6.3i, but adds many of the features found in PGP 5.0. I don’t know much about this version, but you can find it here.
PGP 3.0 PGP 3.0 is an older name for PGP 5.0. This version took almost three years to complete, and because ViaCrypt had already released PGP version 4.0, the name was changed from 3.0 to 5.0 before release.
PGP 5.0 PGP 5.0 (formerly known as PGP 3.0) represents a new generation of PGP versions. It adds many new features not found in earlier versions, including support for other encryption algorithms than RSA and IDEA. PGP 5.0 is the first version that is fully integrated with the Windows 95/NT and Macintosh graphical user interfaces.
PGP 5.0i PGP 5.0i is the latest international version of PGP for MS-DOS, OS/2, Amiga, Atari and Unix. It is basically the same version as PGP 5.0, but because it was compiled from source code that was scanned and OCRed from printed books that were legally exported from the US, it is legal to use in almost any country in the world. You can download PGP 5.0i here.
PGP 5.5i PGP 5.5i is only available for Windows 95/NT and Macintosh.
PGP 6.0i This is the latest international PGP version for Windows 95/98/NT and Macintosh.

Laisser un commentaire