Technology and Trends
 USENET Archives
  
Path: gmdzi!unido!fauern!ira.uka.de!sol.ctr.columbia.edu!spool.mu.edu!
mips!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!
msuinfo!news
From: rior...@clvax1.cl.msu.edu (Mark Riordan)
Newsgroups: sci.crypt
Subject: rpem: Privacy Enhanced Mail/public key program
Message-ID: <1991May16.031811.28382@msuinfo.cl.msu.edu>
Date: 16 May 91 03:18:11 GMT
Sender: ne...@msuinfo.cl.msu.edu
Organization: Michigan State University
Lines: 66

Announcing the initial release of "rpem", a mostly public domain 
Privacy Enhanced Mail system incorporating a public key encryption system.

"rpem" is a program that encrypts messages and encodes the result
into a printable form suitable for inclusion into mail messages.
(Of course, unencoding and decryption are also provided.)
In general, adherence to RFCs 1113-1115 is attempted, but complete
adherence is not possible because a different public key scheme is used.

Possibly of greatest interest to sci.crypt readers is the public
key encryption code that comes with rpem.  In fact, this project's goal was  
initially to provide simply the public key functions; the privacy
enhanced mail program was a "demo" program that got out of hand.

The public key encryption algorithm used in rpem is Rabin's:  
     ciphertext = plaintext^2 mod pq  (p, q are primes)
The public component of the key is pq, and the private component 
is p and q.  Rabin's algorithm is probably slower (on decryption) and less
aesthetically pleasing than RSA, for instance, but it's in the 
public domain.  Also, unlike RSA, breaking Rabin's scheme is provably
as hard as factoring a product of two primes.

A crude means of registering public keys via email to and anonymous
FTP from dcssparc.cl.msu.edu is provided.  This is not meant as a
serious answer to the problem of public key distribution.

rpem is distributed in source form via anonymous FTP from
dcssparc.cl.msu.edu (35.8.1.6).   Following the model of MIT Project
Athena's Kerberos distribution, there are two files: 
    pub/crypt/rpem.tar.Z  for recipients in the USA, and
    pub/crypt/rpem_export.tar.Z  for all others.
If you are outside the USA, retrieve the latter file only.
It includes everything in rpem.tar.Z but "des.c".	 

   Export of this software from the United States of America is
   assumed to require a specific license from the United States
   Government.  It is the responsibility of any person or
   organization contemplating export to obtain such a license
   before exporting.

Most of the code in the distribution was written by me, but the 
project would not have been possible without valuable contributions
by Bennet Yee, Marc Ringuette, Arjen Lenstra, Michael Rabin, and Phil Karn. 
These people should not be held responsible for any shortcomings in the
product.  

Nearly all of the code is in the public domain; a few routines 
are distributed under GNU-like restrictions.

The source code is entirely in C.  Some pains have been taken to
make it portable; rpem has been ported to PCs running OS/2 and PC-DOS, 
and a number of Unix boxes, including Sun 3, Sun 4, NeXT, HP 9000/3xx,
IBM RT, Silicon Graphics, VAX, DECstation, and Convex.  If you port
the code to another platform, please tell me what it took and send
me the output from "make benchmark".

I expect to make enhancements to this package, especially in the
area of digital signatures.  Hence, if you want a more polished product,
I recommend waiting until later this summer.  However, I have been putting off 
distribution of the package long enough.  Besides, I want to take
a break for about a month to work on another project.  

I'm not a genuine cryptographic expert.  Send comments, criticisms,
and suggestions for improvement to:

Mark Riordan   Michigan State University   rior...@clvax1.cl.msu.edu

Path: gmdzi!unido!math.fu-berlin.de!ira.uka.de!sol.ctr.columbia.edu!
samsung!usc!rpi!batcomputer!cornell!rochester!pt.cs.cmu.edu!
daisy.learning.cs.cmu.edu!mnr
From: m...@daisy.learning.cs.cmu.edu (Marc Ringuette)
Newsgroups: sci.crypt
Subject: Re: rpem: Privacy Enhanced Mail/public key program
Message-ID: <13066@pt.cs.cmu.edu>
Date: 16 May 91 13:43:54 GMT
Organization: Carnegie-Mellon University, CS/RI
Lines: 47


Here's my personal recommendation for actually trying out the rpem program,
and email security in general.  It's nifty to see it work, and you may get
some bugs out of your thinking about how to go about being secure.  I'd be
happy to exchange secure mail with you using rpem.

I've put my public key in my .signature, and I encourage any of you to do so.
I really think it's great to have the _option_ to communicate securely, and
I'm interested in seeing the wider Internet community tune in to this
technology at some point.  

There are some interesting issues that come up, under the general heading of
"how to have privacy and security on the net," and more work to be done.
Clearly the next big one is key distribution.  Just putting a public key in
your .signature is fine for preventing eavesdropping, but you're still
vulnerable to tampering.  A secure key server fixes that, but you have to
trust the server.  I don't have the perfect solution...maybe a dozen secure
servers that you can check against each other?

Other issues are
 -- Traffic analysis / anonymous mail / electronic cash.  David Chaum's work
      is interesting, and we could implement some of it.
 -- Secure netnews (in the sense that I can be sure I'm reading what everyone
      else is).  If we had this, we could just post our public keys to the net.
      One suggestion:  a subset of us signs the news we read, and posts the
      signatures.
 -- What procedures do we give someone who wants to be secure?  Eventually
    we have to make this easy to do.


Send me mail (securely, of course) if you're interested, so I know who's out
there.  Meanwhile, sci.crypt is a good place to discuss this.


 ----------------- -------------------------- --------------------------------
| Marc Ringuette  |  Cucumber Science Dept.  | What does a blonde say when    |
| m...@cs.cmu.edu  |  Cranberry Melon Univ.   | you blow in his/her ear?    __ |
| 412-268-3728    |  Pittsburgh, PA  15213   | "Thanks for the refill."    \/ |
 ----------------- -------------------------- --------------------------------
User: m...@DAISY.LEARNING.CS.CMU.EDU
Rabin-Modulus:
 UaCUDY+bd7EvAtkaZ9S1fRz7LO/MONro+pVvD/tNS52wf3tJZp4dcOKmEYNlhZh6
 -----------------------------------------------------------------------------
| I use the "rpem" public domain public key email system, with the above key. |
| Clip and save!  For info on rpem, send mail to rior...@clvax1.cl.msu.edu. |
| To get it, ftp from dcssparc.cl.msu.edu, file pub/crypt/rpem.tar.Z (in USA).|
 -----------------------------------------------------------------------------

Path: gmdzi!unido!mcsun!uunet!zaphod.mps.ohio-state.edu!think.com!yale!
mintaka!bloom-beacon!bloom-picayune.mit.edu!athena.mit.edu!jim
From: j...@chirality.rsa.com (Jim Bidzos)
Newsgroups: sci.crypt
Subject: Re: rpem: Privacy Enhanced Mail/public key program
Message-ID: <JIM.91May16101804@chirality.rsa.com>
Date: 16 May 91 14:18:04 GMT
References: <1991May16.031811.28382@msuinfo.cl.msu.edu>
Sender: ne...@athena.mit.edu (News system)
Organization: RSA Data Security, Inc.
Lines: 53
In-Reply-To: riordanmr@clvax1.cl.msu.edu's message of 16 May 91 03:18:11 GMT

The author of the following message does not have direct Internet
access.  Paper mail will follow to Mark Riordan and Michigan State
University.

----------------------------------------------------------------------
				May 16, 1991
Dear Mr. Riordan,

We refer to your posting to sci.crypt of May 16, 1991:

> Announcing the initial release of "rpem", a mostly public domain 
> Privacy Enhanced Mail program incorporating a public key encryption system

> The public key encryption algorithm used in rpem is Rabin's:  
>      ciphertext = plaintext^2 mod pq  (p, q are primes)
> The public component of the key is pq, and the private component 
> is p and q.  Rabin's algorithm is probably slower (on decryption) and less
> aesthetically pleasing than RSA, for instance, but it's in the 
> public domain.  Also, unlike RSA, breaking Rabin's scheme is provably
> as hard as factoring a product of two primes.

	The Massachusetts Institute of Technology and the Board of
Trustees of the Leland Stanford Junior University have granted Public
Key Partners exclusive sublicensing rights to the following patents
registered in the United States, and all of their corresponding
foreign patents:

	Cryptographic Apparatus and Method
	("Diffie-Hellman") .......................... No. 4,200,770

	Public Key Cryptographic Apparatus
	and Method ("Hellman-Merkle") ............... No. 4,218,582

	Cryptographic Communications System and
	Method ("RSA") .............................. No. 4,405,829

	Exponential Cryptographic Apparatus
	and Method ("Hellman-Pohlig") ............... No. 4,424,414

	These patents cover most known methods of practicing the art
of public-key cryptography, including the system commonly known as
"Rabin," which is NOT, contrary to your claim, public domain, and is
covered by at least two of the patents listed above.

	WE HEREBY PLACE YOU AND ALL USERS OF YOUR IMPLEMENTATION OF
PUBLIC KEY, ON NOTICE THAT THEY ARE INFRINGING ON THESE PATENTS AND WE
RESERVE ALL OF OUR RIGHTS AND REMEDIES AT LAW.

				Yours,
				Public Key Partners

				Robert B. Fougner, Esq.
				Director of Licensing