gcs@polari.UUCP (Greg Sheppard) (05/25/91)
Looking for sources for unix programs to encrypt text files (something which would require a key to decrypt). What I'd like to do is decrypt my mailbox before reading and then re-encrypt it when finished. Doesn't have to be insanely secure...but the more difficult to break the better. -- Greg Sheppard Internet: imop@wa-ngnet.army.mil WAARNG, Tacoma, WA, USA UUCP: ...!polari!gcs Voice: +1 206 581 8924 --
fischer@iesd.auc.dk (Lars P. Fischer) (05/28/91)
Greg> Looking for sources for unix programs to encrypt text files (something Greg> which would require a key to decrypt). I have (several) such programs, using either the DES or UNIX crypt algorithm. Furthermore, I know of at least one FTP site that have such programs. BUT, you cannot have these programs. In it's wisdom, your government has decided that such programs are a threat to your national security and therefore must not be traded between a person in the U.S.A. and a person outside the U.S.A. These programs are easy to implement, as the algorithms are Public Domain and not under any export restrictions. It is only the software implementations that are not allowed. This is why these programs are readily available all over the world. SO: I have this program, but since the US government feel that it would be a threat to it's security to have anyone outside the US have it, I am not allowed to send it to you, since you are inside the US and I am outside. I can, on the other hand, freely send it to anyone NOT in the US, including a person in the USSR. You might like to discuss this with your congressman (or whatever you call it). (In case you are asking yourself: WHY?, the answer is: "technical trade restriction". Look it up). /Lars -- Lars Fischer, fischer@iesd.auc.dk | It takes an uncommon mind to think of CS Dept., Univ. of Aalborg, DENMARK. | these things. -- Calvin
eeh@Dixie.Com (Ed Howland) (05/30/91)
gcs@polari.UUCP (Greg Sheppard) writes: >Looking for sources for unix programs to encrypt text files (something >which would require a key to decrypt). What I'd like to do is >decrypt my mailbox before reading and then re-encrypt it when finished. >Doesn't have to be insanely secure...but the more difficult to break the >better. Why not just use the crypt(1) filter program? Assuming you are using unix. My system also provides the library function run_encrypt(3X) which handles the neccesary popen() calls to crypt(1) from inside your program. This is (BTW) how vi can encrypt/decrypt your files while letting you work in plaintext. If you want the sources to a public domain DES c version, they are even on the net or avaliable via anon ftp. Reply to this post and I'll direct you further. Ed Howland. eeh@dixie.com ..[emory,uunet]!rsiatl!eeh
eeh@Dixie.Com (Ed Howland) (05/30/91)
fischer@iesd.auc.dk (Lars P. Fischer) writes: >In it's wisdom, your government has decided that such programs are a >threat to your national security and therefore must not be traded >between a person in the U.S.A. and a person outside the U.S.A. >These programs are easy to implement, as the algorithms are Public >Domain and not under any export restrictions. It is only the software >implementations that are not allowed. This is why these programs are >readily available all over the world. >SO: I have this program, but since the US government feel that it >would be a threat to it's security to have anyone outside the US have >it, I am not allowed to send it to you, since you are inside the US >and I am outside. I can, on the other hand, freely send it to anyone >NOT in the US, including a person in the USSR. Question: If one were to implement a program using one of these DES schemes, and then compile the code, and use the resulting binary (presumably, harder to reverse-engineer) in a system that was then exported to say, Canada, would one be in violation? If one had say, Unix SYSVR4 loaded on his T5100 laptop and were to fly to Alaska with a layover in Vancouver, and lost his luggage enroute, would one be in violation? Just wondering. Ed Howland eeh@dixie.com ..[emory,uunet]!rsiatl!eeh
clewis@ferret.ocunix.on.ca (Chris Lewis) (05/31/91)
In article <20170@rsiatl.Dixie.Com> eeh@Dixie.Com (Ed Howland) writes: >fischer@iesd.auc.dk (Lars P. Fischer) writes: >>SO: I have this program, but since the US government feel that it >>would be a threat to it's security to have anyone outside the US have >>it, I am not allowed to send it to you, since you are inside the US >>and I am outside. I can, on the other hand, freely send it to anyone >>NOT in the US, including a person in the USSR. >Question: If one were to implement a program using one of these DES >schemes, and then compile the code, and use the resulting binary >(presumably, harder to reverse-engineer) in a system that was then >exported to say, Canada, would one be in violation? The short answer is: yes. Technically. My understanding of this situation is as follows (pieced together from experiences with filling out Export Licensing forms, and a chat that Rich Salz had with a chap from the NSA (and I think the CIA) when I brought this issue up over a comp.sources.unix posting back in around '86. Plus some other research. The situation may have changed, so you are advised to check) Encryption implementations are classified as a "munition" in the states, and the regulations supercede the more normally applicable Dept. of Commerce rules. Under the COCOMM rules, each country is placed in a group w.r.t. the permissibility of exporting items to it. There are certain countries where you cannot export advanced technology (eg: 386 processors, high performance disks, weaponry, encryption implementations, software etc.) at all, only under specific conditions/licenses, or freely. The rules restrict encryption *implementations*, not algorithsms. After all, the DES algorithm has been published in many places over the years, so restricting it is pointless (not that this matters to the bureaucrats, but never mind). Encryption technology is fairly highly restricted. One example is that you apparently cannot export Enigma (now considered obsolete German encryption system from WWII) to Britain. Which is kinda ironic, since Britain delivered the thing to the US in the first place. The rules for Canada for DES is that (last I heard), you can only export DES implementations to Canada for "authentification" purposes (ie: ATM machines) but not encrypted communication. Further, each exportation of such technology must be cleared via export license first. As other confirmation, one should be aware that most US companies delivering UNIX have created an "international" version, which doesn't contain the crypt(1) utility. Or, have separated the encryption stuff (crypt(1), ed's encryptor and encrypted mail) into a separate package that cannot be exported out of the US. There have been claims that this wasn't really necessary (including, I think, from Dennis Ritchie), but given RS's account of his conversation with the people who would be the ones charging violations, I wouldn't want to test it without being prepared to challenge it in court. I know that both AT&T and ISC have had this policy as recently as their 386 UNIXen. One additional complication to bear in mind is that many countries have reciprocal agreements with the USA, where these other countries have to apply for US export licenses for their own exports. For example, a Canadian company once got into serious trouble with both US and Canadian governments for exporting locomotives to Cuba. In that particular case, they were locomotives built in Canada under license from a US company, but this may apply to designed/built in Canada stuff too, depending on the classification. Things must get really wierd when you consider that some of the DES chip sets are produced in off-shore plants. I believe at least one DES chip manufacturer has ceased production of the chips, and I know of other manufacturers abandoning products built with these chips because of the export license stuff. At times, US restrictions have gone to considerably more ridiculous lengths to "protect their interests". In one particular instance (possibly apocryphal) US officials have blocked Russian scientists from making presentations in American conferences... This was back in the bad old days where NSA had defacto prior approval on all publications and patents in advanced technology fields, but this is no longer true. Therefore, if you were to ship product to Canada without acquiring an export license for an embedded DES implementation, you would indeed be in violation. Most (if not all) UNIX vendors are already aware of this eventuality, and have stripped it out of export versions of their UNIX. On the other hand, I am unaware of any prosecutions of this. DES implementations have been posted on the net a couple of times. It may very well be that the powers-that-be don't consider these breaches to be worth pursuing. >If one had say, Unix SYSVR4 loaded on his T5100 laptop and were to fly to >Alaska with a layover in Vancouver, and lost his luggage enroute, would >one be in violation? Good question. -- Chris Lewis, Phone: (613) 832-0541, Domain: clewis@ferret.ocunix.on.ca UUCP: ...!cunews!latour!ecicrl!clewis; Ferret Mailing List: ferret-request@eci386; Psroff (not Adobe Transcript) enquiries: psroff-request@eci386 or Canada 416-832-0541. Psroff 3.0 in c.s.u soon!