For about the last year I've had an ongoing stream of mail asking, demanding and occasionally imploring me to add PGP support to Pegasus Mail. For those of you unfamiliar with it, PGP is a freely-distributed encryption system which offers public key cryptography (so you can add digital signatures to messages to guarantee their authenticity) and probably some of the strongest message encryption available at present. This message has two parts: the first is a description of why I cannot support PGP at present, the second is a description of ways you can help me to do so in the future. If you have no interest in this subject, you probably don't need to read any further, since this is likely to get technical and dry in places. Let me say at the outset that I am a PGP enthusiast: I have personally contributed to Phil Zimmerman's trial fund and like the whole idea of PGP immensely - there is nothing I would like more than to provide seamless support for PGP in Pegasus Mail. The problem is with PGP itself... You have to appreciate that at this stage, PGP is a DOS application; it is designed to be run with a commandline syntax, and is quite large. Furthermore, an examination of the source code reveals that a certain amount of the quality of its encryption depends on its ability to interact with the user directly - it builds a pool of random numbers based on the time between keystrokes when you type in your personal security code, and that pool of random numbers is (as far as I can tell) a critical component of the cryptographic processes which follow. This creates some real headaches for me: 1: DOS; Pegasus Mail for DOS would seem to be the easiest platform for implementing PGP support, because it's a text mode application. The problem is that PGP can require up to 384K of RAM to run, and that's more than is available in a typical Pegasus Mail/DOS session without swapping to EMS/XMS, something which has been getting less and less reliable as systems have become more and more loaded with other protected-mode drivers and applications. 2: Windows; Apart from the fact that it's quite complicated to run a DOS application from a Windows application (as those of you who have implemented user-defined gateways for WinPMail have found, there's a great deal of fiddling around with PIF files), PGP's desire to interact with the user on a text-mode display is a real killer; it means that more or less any time WinPMail needed PGP's services it would have to open a DOS window and allow PGP to interact with the user. 3: Macintosh; There IS a version of PGP for the Macintosh, but the problems under WinPMail are increased by an order of magnitude on the Mac, a system which has traditionally made it very, very difficult to run another application in a co-ordinated manner. By and large, this list of problems makes it nearly impossible for me to implement PGP support on any of the platforms supported by Pegasus Mail - let alone to implement it in a tidy, well-integrated fashion. I want to make it abundantly clear that this is not just a case of "David being a lazy programmer", or "David is finding excuses not to do it" - we are really dealing here with technical issues which do not admit of any adequate solution. I actually spent over 12 hours last Saturday going over the PGP source to see if I could transform it into something I could use and finally decided that I don't know enough about cryptography or about the internals of how PGP works to be able to do it. This is possibly where you can help - mostly by keeping your eyes open. It became basically impossible for me to deal with both e-mail and NetNews over a year ago, so I had to abandon News: since then it's been difficult for me to keep abreast of developments in fields like PGP, even though I know there's a lot of work going on. What I really need is a version of PGP which has a well-defined application programmer's interface - something like a DLL for Windows would be perfect. If any of you see references to something like this, or if you know someone who might have the time and inclination to take the source code of PGP and produce something like this, please get in touch with me. I just want to reiterate that I really WANT to put PGP support into Pegasus Mail - I am only prevented from doing so by technical issues which are not in my province and which I cannot personally solve. I don't doubt, however, that it will become possible in time, and by acting as my eyes and ears you can help make that time come sooner rather than later. Cheers! -- David --