
Bifroest	Mr. Tines	CTC Home	CTClib	MacCTC	CTCjava

CTClib 2.0

Release 2.0 is PGP5.x inter-operable. It includes:-

Reading and interpreting PGP5.0 packet headers
Verifying PGP5.0 signatures signed with DSA keys.
Encrypting message to ElGamal public keys.
All symmetric cyphers (although there are problems with conventional encryption)
SHA-1 hash function

Together these allow exchanging messages with all variants of PGP using all types of PGP public-key.

Missing

Regretably there are currently the following inter-operability problems:-

Conventional encryption with 3DES is not inter-operable. (Hybrid encryption with 3DES is inter-operable.)[1]
Non-IDEA conventional encryption (in practice using CAST) is possible but currently very awkward.[2]
CTC does handle, use or generation of DSA/DH secret-keys[3]

We did not consider it was worth delaying the release to try to include these. We do intend to include them in a future release.

Extras

In addition to PGP5.0 cyphers, CTC supports a number of ciphers not handled by PGP variants. These include:-

Public Key

Elliptic curve

Symmetric Ciphers

3-way
Blowfish
TEA
DES (single)

Miscellaneous

Modes of operation other than CFB.
uuencode: as an alternative to PGP ASCII-armour (less obviously an encrypted message)
Splay compress: As an alternative to Deflation.

Compatibility

We believe that CTClib2.0 is largely source upwards compatible with respect to 1.0. Note however that include file modifications mean that all source using CTC header files should be recompiled. The known incompatibilities are:-

The addition of a new port_io entry point vf_writeline_xt()

If any further incompatibilities are noted in the course of undating the documentation, they will be listed here.

Components

We have released the following components.

CTClib 2.0
Manuals
MacCTC2.0 for PowerPC
MacCTC2.0 for 68k
MacCTC2.0 source kit

All are available for download.

[1]: We have 3-DES implementation and works when encrypting to a PGP-key, but not with conventional encryption. Probably this is due to slightly different pass-phrase to key conversion. However this has yet to be investigated. We hope to have this fixed soon. Note that in the course of making CTC (at say 2.1) inter-operable with PGP, it might then not be inter-operable on this type of encryption with the unmodified version. You are accordingly recommended not to use CTC2.0 for 3-DES conventional encryption.

[2]: PGP adds an extra packet to non-IDEA conventionally encrypted messages identifying the cipher used. CTC currently neither reads nor generates these. Accordingly you have to set the decryption cipher manually. This is especially difficult CTC->PGP.

[3]: The main difficulty is actually reading and decrypting the PGP secret key packets. We haven't worked precisely what the format is yet. Actually using the keys once we have get them is very little extra work.

webmaster@bifroest.demon.co.uk