pgp 2.6.3i vs pgp5i vs gnupgp
I would like to setup a key to eventually be used for Debian related
activities (the kind nm's need). I would like to use an existing version
of pgp on a set of solaris systems I have access to, the problem is they
have PGP version 2.6.3i. I'm unsure as to whether this is a secure version
of PGP and what kinds of bugs it has in it.
Reading through the Debian packages I find that pgp is up to version
2.6.3i-9, and reading it's changelog I do not see significant reason to
use a version newer than 2.5.3i. The description does say it "is obsolete
compared to PGP 5." I have also seen patches for 2.6.3i, but I don't know
if any are necessary, or significantly useful to me.
pgp5i's description says "This is version 5.0i, and has significant changes
compared to 2.6.3a. You may want to consider keeping the old version
handy." I don't know what any of these significant change are or why I'd
still want the old version. Hmm, it also seems to have a potential bug in
it's description by saying "it does not have a license for its use of the
RSA cryptosystem, on which some nasty people claim a patent." I think pgp
maintainers removed those kinds of strings from their package as the RSA
cryptosystem patent expired?
My understanding of gnupg, is that it's the same as pgp5i, but without the
patented IDEA related stuff.
Is the version that I have available good enough? What other benefits
might a newer version provide (as related to Debian)?
Below is the text I get from pgp on this Solaris system.
Pretty Good Privacy(tm) 2.6.3i - Public-key encryption for the masses.
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-01-18
International version - not for use in the USA. Does not use RSAREF.
Current time: 2003/03/17 20:09 GMT
For details on licensing and distribution, see the PGP User's Guide.
For other cryptography products and custom development services, contact:
Philip Zimmermann, 3021 11th St, Boulder CO 80304 USA, phone +1 303
For a usage summary, type: pgp -h