For more information, check out the documentation, which is now available from http://www.pegasus.esprit.ec.org/people/arne/pgp.html in LaTeX and hypertext versions.
Is it secure? Ask Dorothy Denning:
"PGP," warns Dorothy Denning, a Georgetown University professor who has worked closely with the National Security Agency, "could potentially become a widespread problem." -- (E. Dexheimer)
MIT PGP 2.6 is a version which uses the RSAREF library from RSA Data Security. It is licensed for non-commercial use, and carries a highly restrictive license forbidding certain modifications to the source code. In addition, it is only widely available in the USA, because of ITAR export regulations. It is available from net-dist.mit.edu, in the pub/PGP directory, but there are some hoops you have to jump through first.
Note that MIT PGP 2.6 has a restricted key length, and is crippled so that after September 1st it will produce messages which cannot be read using PGP 2.3a.
ViaCrypt PGP 2.7 is compatible with MIT PGP 2.6, and legal in the US and Canada for commercial or non-commercial use. There are versions for DOS or UNIX (Mac version coming soon); contact ViaCrypt for details.
PGP 2.3a is the most recent free worldwide official PGP release. Unfortunately, it won't be able to read MIT PGP messages after September 1st.
I have produced an updated version of PGP 2.3a, modified for compatibility with MIT PGP 2.6, and with some new features added. It does not have key-length crippling, and writes messages which can be read with version 2.3a. It is known as version 2.6ui (the "ui" standing for Unofficial International version, because it isn't approved by Phil Zimmermann).
Someone else has taken my 2.6ui sources, and made an unapproved hacked version which allows very large key sizes (greater than 1024 bits). I do not approve of this version; it will likely be incompatible with future releases of PGP which will support large keys. Unfortunately, this version reports itself as 2.6ui, so please do check the signature on any copy of PGP you find.
PGP is also available in the NCSA forum on CompuServe (GO NCSA).
Remember: Do not obtain PGP from a site in the USA or Canada, unless you are physically within the borders of the USA or Canada.
Disobeying the above instruction is probably very very naughty. If you get your wrists slapped, it isn't my fault.
If you're reading this list on the World Wide Web, you can set your WWW client to load to disk and click on one of the locations.
Please try to download during hours which are off peak for the machine in question.
The source code archive is about 510KB; the DOS binary version is about 260KB. Users of serial connections may wish to make coffee.
Note that the version 2.3 release of MacPGP contains the major bug-fix which was later added to UNIX/DOS PGP 2.3. There was therefore no need for a MacPGP 2.3A release; version 2.3 already had the bug fix by the time it was released. There is no MacPGP 2.3A.
TTP executable, documentation and config files. Compiled with gcc 2.4.5 and GNUlib 93.
Sources
Diffs to the base 2.6ui sources
Compiled with gcc 2.4.4 and MiNTlib 34.
Contains diffs to the normal MS-DOS PGP23SRCA.ZIP.
There's an experimental key-server accessible on the World Wide Web. The addresses are http://www.cl.cam.ac.uk/PGP/pks-toplev.html and http://martigny.ai.mit.edu/~bal/pks-toplev.html.
Another way to get keys is by using the finger program. Try finger @wasabi.io.com for details.
Other sites which may carry PGP: