PGP for OS/390 and MVS

This site is physically located in Germany and has nothing to do with IBM

You can email me if you have questions at alan@nichols.de

A new (1.9.2002) fix level is now available with the following changes/fixes PGP 2.6.3is

.

On September 20th 2000 the RSA patent expires so the binaries can be used in America

On September 6th RSA announced that:

it has released the RSA public key encryption algorithm into the public domain, allowing anyone to create products that incorporate their own implementation of the algorithm. This means that RSA Security has waived its rights to enforce the patent for any development activities that include the RSA algorithm occurring after September 6, 2000.

pgp 2.6.3i contains one other patented algorythm.

The IDEA patent is owned by ASCOM SYSTEC AG and is now marketed by Media Crypt AG both swiss companies the per user license is cheap. You need a license for *comercial* use of IDEA. Non commercial use of freeware containing the IDEA algorythm does not require a license. You can license your use of the IDEA algorythm on-line via Media Crypt AG Web Server

The port is not perfect and has a few restrictions especially if you are using it on *datasets* as DCB support is not in the product, you need to use SMS to fill in DCB info if needed (lrecl for example) and the keygen function requires that you use the +NOMANUAL switch as it cant find the manuals :-( .

The encryption de-encryption key management and generation functions work fine up to a key size of 2048 or less.

Downloading it from my site is NOT illegal for US or non US citizens. But if a US based person were to download pgp and place it on a US site where a non US citizen then downloaded it, that would be illegal. (Re-Exporting), so please take care not to do that.


#make os390                                                      
make all CPP=/lib/cpp OBJS_EXT="c370.o"  CFLAGS=" -O -DC370"          
cc -O -DC370 -c pgp.c                                                 
cc -O -DC370 -c crypto.c                                              
cc -O -DC370 -c keymgmt.c                                             
cc -O -DC370 -c fileio.c                                              
WARNING CBC3236 ./c370.h:114   Macro name ENOENT has been redefined.  
FSUM3065 The COMPILE step ended with return code 4.                   
cc -O -DC370 -c mdfile.c                                              
cc -O -DC370 -c more.c                                                
cc -O -DC370 -c armor.c                                               
cc -O -DC370 -c mpilib.c                                              
cc -O -DC370 -c mpiio.c                                               
cc -O -DC370 -c genprime.c                                            
cc -O -DC370 -c rsagen.c                                              
cc -O -DC370 -c random.c                                              
cc -O -DC370 -c idea.c                                                
cc -O -DC370 -c passwd.c                                              
cc -O -DC370 -c md5.c                                                 
cc -O -DC370 -c system.c                                              
cc -O -DC370 -c language.c                                            
cc -O -DC370 -c getopt.c                                              
cc -O -DC370 -c keyadd.c                                              
cc -O -DC370 -c config.c                                              
cc -O -DC370 -c keymaint.c                                            
cc -O -DC370 -c keymaint.c                                                      
cc -O -DC370 -c charset.c                                                       
cc -O -DC370 -c randpool.c                                                      
cc -O -DC370 -c noise.c                                                         
cc -O -DC370 -c zbits.c                                                         
cc -O -DC370 -c zdeflate.c                                                      
cc -O -DC370 -c zfile_io.c                                                      
cc -O -DC370 -c zglobals.c                                                      
cc -O -DC370 -c zinflate.c                                                      
cc -O -DC370 -c zip.c                                                           
cc -O -DC370 -c zipup.c                                                         
cc -O -DC370 -c ztrees.c                                                        
cc -O -DC370 -c zunzip.c                                                        
cc -O -DC370 -c rsaglue1.c                                                      
cc -O -DC370 -c c370.c                                                          
cc -o pgp pgp.o crypto.o keymgmt.o fileio.o  mdfile.o more.o armor.o mpilib.o mp
iio.o  genprime.o rsagen.o random.o idea.o passwd.o  md5.o system.o language.o g
etopt.o keyadd.o  config.o keymaint.o charset.o  randpool.o noise.o zbits.o zdef
late.o zfile_io.o zglobals.o  zinflate.o zip.o zipup.o ztrees.o zunzip.o rsaglue
1.o c370.o                                                                      
#ls -lisa pgp                                                              
  5951544 -rwxr-xr-x   1 BPXOINIT OOMVSUSR  790528 Sep 20 13:54 pgp             
#cp pgp /usr/local/bin
#pgp                                                                     
No configuration file found.                                                    
Pretty Good Privacy(tm) 2.6.3ia - Public-key encryption for the masses.         
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-03-04          
International version - not for use in the USA. Does not use RSAREF.            
Current time: 2000/09/20 12:16 GMT                                              
                                                                                
For details on licensing and distribution, see the PGP User's Guide.            
For other cryptography products and custom development services, contact:       
Philip Zimmermann, 3021 11th St, Boulder CO 80304 USA, phone +1 303 541-0140    
                                                                                
For a usage summary, type:  pgp -h                                              


#./pgp +NOMANUAL -kg                                                 
No configuration file found.                                              
Pretty Good Privacy(tm) 2.6.3ia - Public-key encryption for the masses.   
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-03-04    
International version - not for use in the USA. Does not use RSAREF.      
Current time: 2000/09/20 12:30 GMT                                        
                                                                          
Pick your RSA key size:                                                   
    1)   512 bits- Low commercial grade, fast but less secure             
    2)   768 bits- High commercial grade, medium speed, good security     
    3)  1024 bits- "Military" grade, slow, highest security               
Choose 1, 2, or 3, or enter desired number of bits: 3                     
3                                                                         
                                                                          
Generating an RSA key with a 1024-bit modulus.                            
                                                                          
You need a user ID for your public key.  The desired form for this        
user ID is your name, followed by your E-mail address enclosed in         
, if you have an E-mail address.                          
For example:  John Q. Smith <12345.6789@compuserve.com>                   
Enter a user ID for your public key:                                      
Al Nichols                                               
Al Nichols                                               
                                                                          
You need a pass phrase to protect your RSA secret key.                    
Your pass phrase can be any sentence or phrase and may have many          
words, spaces, punctuation, or any other printable characters.            
                                                                          
Enter pass phrase: blahblah                                               
                                                                          
Enter same pass phrase again: blahblah                                    
                                                                          
Note that key generation is a lengthy process.                            
                                                                          
We need to generate 952 random bits.  This is done by measuring the       
time intervals between your keystrokes.  Please enter some random text    
on your keyboard until you hear the beep:                                 
 952 sdf sdf sdf
 816 iohafdg h
 736 oihsdoihf s
 640 sdof hiohdsf
 536 pihsdfhpsd
 448 s
 432 s
 416 sdofkjps jspdjf
 288 posjdpfjosfd
 184 psojdfoj spojdf ojsdpjof sdf psodjf psodjf
   0 * -Enough, thank you.                                                                        
........................**** ...................................................
................................................................................
.****
Pass phrase is good.  Just a moment....
Key signature certificate added.
Key generation completed.  
#chmod 700 secring.pgp 
#pgp -kxa Al Nichols
No configuration file found.
Pretty Good Privacy(tm) 2.6.3ia - Public-key encryption for the masses.
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-03-04
International version - not for use in the USA. Does not use RSAREF.
Current time: 2000/09/20 12:43 GMT

Extracting from key ring: 'pubring.pgp', userid "Al".

Key for user ID: Al Nichols 
1024-bit key, key ID FE4A5AD5, created 2000/09/20

Transport armor file: Nichols.asc

Key extracted to file 'Nichols.asc'.  

#cat Nichols.asc
Type Bits/KeyID    Date       User ID
pub  1024/FE4A5AD5 2000/09/20 Al Nichols 

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAznIsA4AAAEEALE9XKaQGSV5eAzc0nQrGYyXZfQr/OyllP2xVzq0RnV4i/nQ
yXjwX5wpw2MZxchy1qmCHqiGA8nxanV0FKZ8BQzZdCZzUJXgLvRKny+QodKnVak5
uabsKA7RRSghQSHEiAqt8g/8/UfzED0nN151MAVFM4Ya4wV4Xt42SO7+SlrVAAUR
tBxBbCBOaWNob2xzIDxhbGFuQG5pY2hvbHMuZGU+iQCVAwUQOciwDt42SO7+SlrV
AQEjzAQAjDZGw5oY4a1qpfCqGDnZgtV0fdruzUMIdijT5SqX+4NDCS7cWTFZwy/F
P52gG1WDetbYXFkmIo6Rweui5T64vCB1PMcaobC6UW9ygbyY47q6GdkPCIoRSmr2
dlYHH+Hc5w/swVmYC92EL4Kbq+WoohluUk6UGIBx24GiuSlh0RM=
=aSBx
-----END PGP PUBLIC KEY BLOCK-----     


 

You can then cut and paste this and send it to other PGP users or put in on the world wide web.

pgp runs and works in the shell and in batch and under TSO. //JOBNAMES JOB (ACCOUNT),AL,MSGCLASS=X,MSGLEVEL=(1,1), // NOTIFY=&SYSUID,CLASS=A,REGION=6M //INET EXEC PGM=BPXBATCH,REGION=4096K,TIME=NOLIMIT, // PARM='SH /usr/local/bin/pgp -d testout2.txt.pgp ' //CEEDUMP DD SYSOUT=* //SYSERR DD PATH='/tmp/pgpbatch.syserr', // PATHOPTS=(OWRONLY,OCREAT,OTRUNC), // PATHMODE=SIRWXU //STDOUT DD PATH='/tmp/pgpbatch.stdout', // PATHOPTS=(OWRONLY,OCREAT,OTRUNC), // PATHMODE=SIRWXU //STDERR DD PATH='/tmp/pgpbatch.stderr', // PATHOPTS=(OWRONLY,OCREAT,OTRUNC), // PATHMODE=SIRWXU //SYSOUT DD PATH='/tmp/pgpbatch.sysout', // PATHOPTS=(OWRONLY,OCREAT,OTRUNC), // PATHMODE=SIRWXU //STDIN DD PATH='/u/myhome/passin' The user id that runs the job has their pgp ring files in their home directory. The pgp binary is in the path.

If you want to run it in *MVS* or from TSO then use the

following link job (or in 2.9 just usethe cp command). Please note the SYSLMOD below should reference a PDS-E //LKED EXEC PGM=IEWBLINK,REGION=2M, // PARM='LIST,NCAL,LET,MAP' //SYSPRINT DD SYSOUT=X //SYSLMOD DD DSN=SYS1.LOCAL.LINKLIB,DISP=SHR //* //PGP DD PATH='/usr/local/bin/pgp' //SYSLIN DD * INCLUDE PGP NAME PGP(R) /*

Here is an example of running pgp as a batch job directly. WITHOUT the use of Unix System Services (ie NOT BPXBATCH). If you just want to run in batch then use BPXBATCH to execute a shell wrapper for pgp //STEP1 EXEC PGM=PGP,PARM='+NOMANUAL -e TEXTDATA alan' //SYSIN DD * //SYSOUT DD SYSOUT=* //SYSPRNT DD SYSOUT=* and here is another //STEP1 EXEC PGM=PGP, // PARM='+NOMANUAL +ARMORLINES=0 -d um.out.asc' //SYSIN DD * blahblah //SYSOUT DD SYSOUT=* //SYSPRNT DD SYSOUT=*

You can generate keys in batch or under TSO, but this is NOT RECOMMENDED. Please use an ssh session to generate your private/public keypair.

If you are dealing with ascii machines note that an encoded ascii file from a PC will be *still* be ascii when you decode it on OS/390. Use the dosfix program from bbtools package on the tools download page to convert it into the write code page, (or use iconv if you are feeling brave :-). dosfix has the advantage of dealing with those CRLF issues.

Now read and understand the pgp documentation included in the package.

The OS/390 Docs are *ONLY* concerned with OS/390 specifics .