Announcing the availability of RIPEM 1.0, a public key encryption program oriented toward use with electronic mail. It's been a long time coming, but finally the necessary local permissions have been obtained. RIPEM provides capabilities very similar to Privacy-Enhanced Mail (PEM), as described by Internet RFC's 1113-1115. However, RIPEM lacks the concept of a "certificate", a document which guarantees that you have the correct public key of a correspondant. RIPEM does implement a simple public key server, plus key lookup via finger, but these are much less secure than the certificate-based key management described in those RFC's. RIPEM uses DES and RSA as its encryption mechanisms, as specified by the RFC's. HOW RIPEM IS USED RIPEM simply reads a plaintext or ciphertext message, and produces a ciphertext or plaintext message. It is not an electronic mail program, and has a horrible user interface. However, interfaces to RIPEM for specific Unix mailers have been written, and more are expected. RIPEM is not intended to be invoked directly by the average user. RIPEM is documented via a User's Manual (available in the RIPEM distribution in both plain ASCII and Postscript forms) and a "man" page. These are too lengthy to reproduce here. To give you a taste of what RIPEM is like, I present an abbreviated description of its calling sequence: Usage: ripem {-e | -d | -g | -c} out [-r recipient] [-m {encrypted | mic-only | mic-clear}] [-u myusername] [-h head] [-b #_of_bits_in_gen_key] [-p publickey_infile] [-s privatekey_infile] [-k key_to_private_key or -] [-P publickey_outfile] [-S privatekey_outfile] [-y pub_key_server_name] [-Y key_sources] [-T recip_opts] [-i infile] [-o outfile] [-D debug_level] [-Z debug_out_file] [-R random_sources] [-F random_input_file] [-C random_string] where: random_sources is one or more of "cefkms", specifying "random" input from Command line, Entire command, File, Keyboard, Message, or running System. key_sources is a string of one or more of "fgs", which tell ripem to look for public keys from a File, finGer, or Server, in the order specified. head is one or more of "ipr", for Include headers in msg; Prepend headers to output; get Recipients from headers. recip_opts is one or more of "amn", for Abort if can't find keys for all users; include Me as a recipient if encrypting; None of the above. Relevant environment variables: RIPEM_PUBLIC_KEY_FILE, RIPEM_PRIVATE_KEY_FILE, RIPEM_KEY_TO_PRIVATE_KEY, RIPEM_USER_NAME, RIPEM_RANDOM_FILE, RIPEM_SERVER_NAME, RIPEM_ARGS PLATFORMS SUPPORTED RIPEM has been ported to the following platforms: -- Unix (non-386): NeXTStep 2.x and 3.x, SunOS 4.x, Sun Solaris 2.x, IBM RS/6000 AIX, DEC ULTRIX, HP 9000/700 HP/UX, Convex C2xx**, IBM 370 AIX, Silicon Graphics Irix 4.x, Motorola 88000 System V/88**, IBM RT CMU Mach**. -- These variants of Unix on 386/486 platforms: Linux 0.98*, SCO ODT 2.0, Jolitz 386BSD, IBM AIX/386. -- MS-DOS: Vanilla 8086*, Vanilla 8086 w/ FTP Software PC/TCP support, DJGCC 386 DOS-extender*. -- Macintosh* (straight port of the Unix version; others are considering improving the user interface). * Does not support Internet access to key servers. ** These ports may not be current. Ports to other platforms are planned, but your help is needed. LICENSING RIPEM itself (i.e., the code I wrote) is in the public domain. However, RIPEM is based on RSA Data Security's RSAREF cryptographic toolkit. RSAREF is not in the public domain, but its authors, RSA Data Security, do license it free of charge for non-commercial use. Because RIPEM uses RSAREF, use of RIPEM is subject to the RSAREF license agreement. The RSAREF program license seems pretty straightforward. It can be obtained via anonymous FTP from rpub.cl.msu.edu, and is distributed along with the RIPEM source. Also, I intend to post the RSAREF license to sci.crypt. You should read the license before using RIPEM, because use of RIPEM is dependent upon your agreeing to the RSAREF terms. HOW TO GET RIPEM RIPEM is distributed in both source and executable forms. The binaries are distributed merely as a convenience to you, as the source distribution contains all necessary source to build RIPEM, including the source to RSAREF. RIPEM is distributed via non-anonymous FTP from rpub.cl.msu.edu. You must apply for an "account" on this machine, as described below. I do not distribute RIPEM via email, because past experience has taught me that I can't handle the load. However, RSA Data Security will soon begin distributing RIPEM along with RSAREF. I believe that their distribution mechanism is electronic mail. You can also get RIPEM from friends or other sites that will eventually carry RIPEM. But I specifically stipulate that you must abide by the RSAREF license terms, and you must not export RIPEM outside the USA and Canada. The following is the contents of the file GETTING_ACCESS, available on rpub.cl.msu.edu: Dear FTP user, To access the RIPEM cryptographic software archive at rpub.cl.msu.edu, you must have an "account" on my custom FTP server. Traditional anonymous FTP login is allowed, but anonymous users are prevented from doing GETs on files containing cryptographic software. Anonymous access is allowed so that you can get README-type files like this one, and files containing descriptions of software licensing terms. To apply for FTP access to rpub.cl.msu.edu, send an email message to ripem@rpub.cl.msu.edu. State your citizenship (must be USA or Canadian, or you must be a permanent resident of one of these countries) and your willingness to comply with relevant export laws and software licenses. (You should get and read the file "rsaref-license.txt" on this host, so you know what you are agreeing to.) Also state the "canonical" Internet domain name of your host. (If you are not sure of the primary name of your host, FTP to rpub.cl.msu.edu under user anonymous. The FTP server will inform you of your hostname.) Also state the country in which your host resides. Here's a sample email message you might send to ripem@rpub.cl.msu.edu: Dear Mark, Please give me access to rpub.cl.msu.edu. I am an American citizen, and I agree to comply with crypto export laws and RSAREF license terms. My hostname is hobbit.egr.bigu.edu; this host is located in the United States. Thank you. When I receive your message, with luck I'll promptly issue you a special FTP username and password by return email. This username will work only from the hostname you specify in your message. In the case of RIPEM, you may redistribute the code, but only to others in the USA and Canada, and only under the terms of the RSAREF license agreement mentioned above. Thank you. (This rather complex distribution mechanism is largely an attempt to satisfy local admins, not a requirement of program license terms.) SOME HISTORY AND INEVITABLE COMPARISONS RIPEM is my third attempt at writing freely distributable public key encryption software. The first attempt, unnamed, never made it out the door because I found to my surprise that the RSA algorithm was patented. The second attempt, RPEM, met a great deal of controversy in May 1991 due to its use of the Rabin encryption algorithm. Public Key Partners claimed that it infringed upon their patents. RPEM was withdrawn. RIPEM is a near-complete rewrite of RPEM, based on the licensed RSAREF toolkit; it's faster, more full-featured, and more legal. The inevitable comparison, of course, is to Pretty Good Privacy (PGP), an RSA and IDEA-based crypto program by Phil Zimmerman and others. PGP has several advantages over RIPEM, especially in the area of key management for non-networked users. RIPEM is arguably better-suited for use with Internet-based email. PGP is said to infringe upon public key encryption patents, whereas RIPEM has the blessing of the holders of those patents. FUTURE RIPEM RELEASES I expect that a number of minor improvements to RIPEM will be released in the weeks following this announcement. If nothing else, I expect to see RIPEM ported to several other platforms. Your help in this is appreciated. If no one beats me to it, I will unpack my Windows NT and OS/2 2.x beta CD-ROMs and attempt a port to these platforms. However, there are other platforms, such as the Commodore Amiga, to which I have no access. Your help in porting RIPEM to new platforms is appreciated. The level of support I will provide will depend upon the demand and upon the availability of free time. In other words, I am not promising anything. However, the complete source code to RIPEM is readily available, so enhancements can be done by anyone. If input continues at the rate that I've been getting during Beta testing, I expect to distribute new releases fairly frequently. The frequent release of new versions is intended to ease the coordination of source code amoungst developers. As a RIPEM user (as opposed to developer), do not feel compelled to download the latest version of RIPEM whenever the version number changes. Consult the file "changes.txt" on rpub.cl.msu.edu for a description of the latest changes, to determine whether it's worth your while to obtain the latest version. RIPEM TO-DO LIST RIPEM beta testers have asked for more sophisticated key management for non-network-based users. This will probably be added. Some have suggested adding compression to RIPEM. This might be done. The ability to encipher binary files without manually sending them through uuencode is desirable. This might also be done. It has been suggested that alternative single-key encryption algorithms be added, to supplement DES. For instance, IDEA has been proposed. I have confidence in DES when used in CBC mode with a unique key for every message, and have no plans to incorporate IDEA. However, if there is sufficient demand and if I could find IDEA code written in the USA or Canada, I might be talked into adding it. CREDITS RIPEM was written by me, Mark Riordan (mrr@scss3.cl.msu.edu). A number of testers contributed code, ideas, and support. Amoung these are Richard Outerbridge, Greg Onufer, Mark Henderson, Marc VanHeyningen, Mark Windsor, Uri Blumenthal, Jeff Thompson, and others. The RSAREF toolkit was written by persons unknown at RSA Data Security. Mark Riordan mrr@scss3.cl.msu.edu 21 December 1992