The comp.security.pgp FAQ

Bugs related to MIT PGP should be sent to pgp-bugs@mit.edu. You will want to check the MIT PGP FAQ with the complete bug list for MIT PGP before reporting a bug to make sure that the bug hasn't been reported already. If it is a serious bug, you should also post it to comp.security.pgp.announce or .tech. Serious bugs are bugs that affect the security of the program, not compile errors or small logic errors.

Post all of your bug reports concerning non-MIT versions of PGP to comp.security.pgp.tech, and forward a copy to me for possible inclusion in future releases of the FAQ. Please be aware that the authors of PGP might not acknowledge bug reports sent directly to them. Posting them on USENET will give them the widest possible distribution in the shortest amount of time.

The following list of bugs is limited to version 2.4 and later, and is limited to the most commonly seen and serious bugs. For bugs in earlier versions, refer to the documentation included with the program. If you find a bug not on this list, follow the procedure above for reporting it.

• The PGP 2.6.2 sources do not build under Linux/ELF. To build an ELF binary for PGP 2.6.2, two changes to source files 80386.S and zmatch.S are necessary. Both files contain an #ifdef directive that needs to be changed. Change #ifndef SYSV to
  #if !defined(SYSV) && !defined(__ELF__) and change #ifdef SYSV to
  if defined(SYSV) || defined(__ELF__).
• MIT PGP 2.6 had a bug in the key generation process which made keys generated by it much less random. Fixed in 2.6.1.
• All versions of PGP except MIT PGP 2.6.2 are susceptible to a "buglet" in clearsigned messages, making it possible to add text to the beginning of a clearsigned message. The added text does not appear in the PGP output after the signature is checked. MIT PGP 2.6.2 now does not allow header lines before the text of a clearsigned message and enforces RFC 822 syntax on header lines before the signature. Since this bug appears at checking time, however, you should be aware of this bug even if you use MIT PGP 2.6.2 - the reader may check your signed message with a different version and not read the output.
• MIT PGP 2.6.1 was supposed to handle keys between 1024 and 2048 bits in length, but could not. Fixed in 2.6.2.
• MIT PGP 2.6.2 was supposed to enable the generation of keys up to 2048 bits after December 25, 1994; a one-off bug puts that upper limit at 2047 bits instead. It has been reported that this problem does not appear when MIT PGP is compiled under certain implementations of Unix. The problem is fixed in versions 2.7.1 and 2.6.2i, as well as the Mac versions.
• PGP 2.6ui continues to exhibit the bug in 2.3a where conventionally encrypted messages, when encrypted twice with the same pass phrase, produce the same ciphertext.
• MIT MacPGP cannot find your secret key when your user ID is not specified, even though it can find the secret keyring. This is due to an uninitialized pointer, which is supposed to point to your user ID. The workaround is simple: edit the configuration file so it has Myname = "your userid", and MacPGP will be able to find your secret key. This has been fixed in FatMacPGP 2.6.2 and 2.6.3. See also question 2.13.
• ViaCrypt has reported a bug in freeware PGP affecting at least PGP 2.3a and MIT PGP 2.6, 2.6.1, and 2.6.2. This bug affects signatures made with keys between 2034 and 2048 bits in length, causing them to be corrupted. Practically speaking, this bug only affects versions of PGP that support the longer key lengths. ViaCrypt reports that this only seems to be a problem when running PGP on a Sun SPARC-based workstation. ViaCrypt PGP 2.7.1 and PGP 2.6.2i do not suffer from this bug. The following patch will fix the problem in MIT PGP 2.6.2:

  <===== begin patch (cut here)
  - --- crypto.c.orig     Mon Mar 20 22:30:29 1995
  +++ crypto.c    Mon Mar 20 22:55:32 1995
  @@ -685,7 +685,7 @@
      byte class, unitptr e, unitptr d, unitptr p, unitptr q, unitptr u,
                                 unitptr n)
   {
  - -     byte inbuf[MAX_BYTE_PRECISION], outbuf[MAX_BYTE_PRECISION];
  +       byte inbuf[MAX_BYTE_PRECISION], outbuf[MAX_BYTE_PRECISION+2];
          int i, j, certificate_length, blocksize,bytecount;
          word16 ske_length;
          word32 tstamp; byte *timestamp = (byte *) &tstamp;
  <===== end patch (cut here)
  

• The initial release of PGP 2.6.2i contained a bug related to clearsigned messages; signed messages containing international characters would always fail. For that reason, it was immediately pulled from distribution and re-released later, minus the bug. If you have problems with 2.6.2i, make sure you downloaded your copy after 7 May 1995.
• As reported by Steven Markowitz <Steven-Markowitz@deshaw.com>, the following bugs exist in PGP 4.0 Business Edition (the commercial version):
  1. Signature retirement does not work. When I retire a key signature, PGP still treats the key as signed. If I remove the signature from pubring.pgp, but leave the retirement certificate in the keyring, PGP still treats the key as signed.
  2. Although encrypt-only keys cannot be used to sign documents, PGP allows them to be used to make key signatures.
• The international version of PGP has the undocumented +makerandom command, which can generate a file full of random data. Unfortunately, it does not work as intended, because the random number generator is not initialized properly. This does not affect normal PGP operation; the bug is only present when +makerandom is used.