Extending GnuPG to support PGP 2.x keys

The standard distribution of GnuPG does not support PGP 2.x keys since PGP 2.x uses IDEA as its symmetric cipher and RSA for its public key cipher. These algorithms are patented[1] and may only be used under certain restrictions. It is a GNU policy not to use patented algorithms, since patents on algorithms are a contradiction to the spirit of free software. Employing these algorithms limits your freedom to use GnuPG as you wish.

It may or may not be legal to use RSA and IDEA without licensing these algorithms. RSA is only patented in the United States, so it is legal to build RSA versions outside of the United States. The extension module for GnuPG is such a version and it may be legally used outside the United States, but it is illegal to use it in the United States. In the United States there exists a reference implementation for RSA called RSAREF, available at ftp.funet.fi or at debian.org, that may be used legally without a charge in the USA for non commercial use. Due to export restrictions this code cannot be exported, so there are two ways to integrate RSA into GnuPG: one for the USA and Canada, and one for the rest of the world.

The situation for IDEA is simpler. IDEA is patented in Europe and in the USA, and a patent for Japan is pending. The patent holder, Ascom, grants a non-commerical license for no charge, but the definition of non-commercial use is rather strict You need to buy a license from Ascom if you want to use IDEA commercially.

To use the extension modules first obtain their source code, idea.c and rsa.c or rsaref.c from the directory of code contributed to GnuPG. Once you have the code, it must be compiled. If you use gcc, you would compile it as follows:

alice% gcc -Wall -O2 -shared -fPIC -o idea idea.c  
alice% gcc -Wall -O2 -shared -fPIC -o rsa rsa.c  
[...] # or
alice% gcc -Wall -O2 -shared -fPIC -o rsa rsaref.c /usr/lib/rsaref.a

The last argument /usr/lib/rsaref.a must be replaced with the real location of the RSAREF library on your local machine.

Once compiled, GnuPG must be instructed to load it. This may be done using the option load-extension, either on the command line or in the options file although typically it is done in the options file. For example, if you have put idea and rsa in your ~/.gnupg directory, in the options file you may add

load-extension ~/.gnupg/idea  
load-extension ~/.gnupg/rsa      

If you do not specify an explicit path, GnuPG searches the extension modules in the default GnuPG module directory, which is /usr/local/lib/gnupg. If you compiled GnuPG with a different install prefix using --prefix PREFIX when you configured your GnuPG source, then the module directory is PREFIX/lib/gnupg. Copy the two files `rsa' and `idea' into the module directory described above. Make sure everyone can read these files. You do not have to make these files executable as these files are not programs but shared modules.



The RSA patent expires in September 2000. The IDEA patent expires in 2011.