It looks like the GPG modules now live in the GnuPG:: namespace.

Alan

If you get stuck installing GnuPG.pm on FreeBSD because the 'make test' hangs on generating the key, here's what to do:

* As root:
# vmstat -i

make note of the irqs that have nonzero rates
and are not clk* or rtc*

Issue the command:
# rndcontrol -s n

for 2 or 3 of these irqs where "n" is the irq number

What you are doing here is telling the OS to use these devices to coll
+ect randomness from.
[download]

For a longer term solution you can add these irqs to your rc.conf file so they are saved through reboot:

 
rand_irqs={some good irq numbers here}
[download]

I'm interested in supporting GPG as an open source alternative. Are there solutions available for decrypting it on Mac & Windows? (ie, will PGP encryption tools work?). Or asked another way: Is there any reason _not_ to use GPG in favor of PGP? Thanks, -mark

I am not entirely familiar with GPG on Mac and Windows platforms. Your best bet would be to go to www.gnupg.org and check it out there.

As for GPG/PGP compatability... The big difference between the two packages is, PGP supports encryption algorithms with license restrictions such as RSA, while GPG does not (yet?). It uses algorithms which are at least as secure as PGP's, but which are not under patent or license protection, such as Diffie-Hellman. Recent versions of PGP can handle D-H keys, and GPG and newer versions of PGP are compatable with these keys. GPG can't encrypt and decrypt with RSA PGP keys, however.

If you're starting from scratch, and the keys don't already exist, GPG would be a great alternative, especially because "personal" versions of PGP which can be used for free (under the correct circumstances) can be used to decrypt the GPG messages even if GPG doesn't have good Mac/Windows support.

But, if you're going to be collecting foreign public keys from the Real World, where PGP has been in use for a lot longer than GPG has, you may run into problems with too many RSA keys that you can't use with GPG.

In the past, the PGP people have at times been quite aggressive in pursuing license violations (such as using a non-batch PGP license for batch processing encryption/decryptions). And, for small companies, their licensing can be quite expensive for setting up small batch processing systems (where "batch processing" pretty much means anything done by a script instead of a human). For that reason, we've been using GPG instead of PGP wherever possible. The only tricky part has been getting the customers to create Diffie-Hellman, and Not RSA keys with their personal PGP packages...

Alan

To answer my own question, I just noticed that GnuPG::Tie.pm does what I want. There is example code here:

http://search.cpan.org/doc/FRAJULAC/GnuPG-0.07/GnuPG/Tie.pm

..except the example code is failing for me. Here's what I have so far. It's dying when I try to read $ciphertext back from the filehandle. Can you offer suggestions or example code? Thanks! -mark

sub encrypt_text {
        use GnuPG::Tie::Encrypt;
    
    tie *CIPHER, 'GnuPG::Tie::Encrypt', armor => 1, recipient => $PUBL
+IC_KEY_USER_ID || die;
    print CIPHER  shift || die;
        local $/ = undef;
    my $ciphertext = <CIPHER> || croak "died here: $!";
    close CIPHER;
    untie *CIPHER;
    
    return $ciphertext;
    
}
[download]

Sample usage:

    use Crypt::OpenPGP;
    my $pgp = Crypt::OpenPGP->new( PubRing => $pubring);
    my $ciphertext = $pgp->encrypt(
                   Data       => $data,
                   Recipients => $key_id,
                   Armour     => 1,
             );
[download]