ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: opgp91 uploaded - version d :)

1998-03-30 21:39:08
from [nospam-seesignature] [Permanent Link] 
On Mon, 30 Mar 1998, Hal Finney wrote:


This is a remarkable accomplishment!  OpenPGP compatible encryption,
decryption, and signatures in under 6000 lines of C code, making use of
standard libraries like SSLeay.  Those who are reluctant to wade through
the 100000+ lines of PGP 5.X may find this implementation easier to
digest.  I want to congratulate tzeruch for producing this implementation
so quickly, and thank him for his interoperability testing with PGP 5.X.

Hal Finney


Not so fast, now 0.91d (a pre 0.92) is there.  Our T1 went down, and I
found a few small problems, but have full V4 signatures in one pass form
(I merged routines so it is smaller too).  There is always 1 more bug.
But it is easier to find in fewer lines and usually something stupid I did
recently.  But my TODO list has no more features (unless the spec
changes), and there isn't too much more to clean up.

A fixed test suite will be up tomorrow (My 75Mhz 486 laptop is fast enough
for development, but not to generate the test cases, and I don't want to
upload using a modem).

It also wasn't that quickly - I already had a 2.6.2 lib (my minipgp
directory originally). The first version actually predated the scanned
code (I has all but S2K for the things that were turned on, and bought the
5 volumes which now have post-it notes every few pages when the scanning 
effort seemed stopped at 95%).

Also remember I am leaving it to pgpk to handle keyrings and trust, and I
don't do packet parsing.  Someone else can do a shell script or GUI or
something else as a wrapper.  I use the routines as a general crypto
library, but it is nice to be compatible with an application.  But for PGP
internals, I think it is a good reference.  Now that it works.

After the scanned code was available, I could more easily turn things on,
so I could verify more things ( f(f**-1(x))=x, f and f**-1 being different
implemntations if possible).

Now that I have a real (or sometimes surreal) spec, it is easier.

But part of the effort was to produce a cleaner reference source - the
S2Ks get/put for example are mirror images, and except for the hashing,
monolithic.

--- reply to tzeruch - at - ceddec - dot - com ---
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Test Suite - and S2K Detail missing from the spec, nospam-seesignature
Next by Date:  Re: Conventional works, but pgpv needs armor, John W. Noerenberg
Previous by Thread:  Re: opgp91 uploaded, Hal Finney
Next by Thread:  Testcases and opgp91f.tgz, nospam-seesignature
Indexes:  [Date] [Thread] [Top] [All Lists]