PGP Interactions

Versions 5.0 - 6.5.3

Go to Index   Go to Chart
Go to Version 1 through 4.5   Go to Version 7 and above   Go to GnuPG information

A new algorithm: PGP 5.0

This version of PGP marked the introduction of the newer DH keys. Most platforms of this (that I know of) can read the 2.x keys, but here is why we needed this page.

Four personal versions exist:

Improvements in PGP5.0

PGP 5 and Eudora

Go to Index  Go to Chart

PGP 5.0i - International Version

Warning! Flaw in PGP 5.0i:   PGP 5.0i has a flaw in the source code specific to Unix systems, such as Linux or various BSDs with a /dev/random device. This will generally only affect you if you created your key pair non-interactively and had no random seed file present. If you created your keys in this manner, you may want to revoke them and generate new ones. Other versions of PGP do not share this flaw. See Security Focus for more information. (Added: 6/3/2000)

First, there seems to be some confusion about the i on the end of the version number. It does not indicate that the version came from PGP, Inc; rather it indicates that this version is an International release, intended for users outside the US and Canada. The international version (or at least the code for it) was released in a book that was exportable, enabling other users to have strong encryption.

PGP5.0i can be downloaded from

The precompiled (i.e. ready-to-run after installation) PGP 5.0i will use RSA keys but will not create them. If you don't mind re-compiling the program, you can set it to allow RSA key generation.

PGP 5.0ic

Go to Index  Go to Chart

PGP 5.5/PGP 5.5i

Both versions (Personal Privacy and Business Security) of PGP5.5 contain a feature that will remember the corporate keys (outlined in the PGP 5.5 for Business Security), and will warn you if you do encrypt to an employee's key but do not encrypt to the corporate key (if the corporation has PGP 5.5 set up to do this, of course). Note that PGP5.0 for Personal Privacy will also issue this warning for corporate keys.

Not included in the PGP5.5 bundle but available is a program that will watch the incoming email to the company. If a message is sent that is not encrypted to the corporate key as requested, this program will either send a note to the author or reject the email outright. Note this can't decrypt the email on the fly; it just watches for a message encrypted to the corporate key.

Improvements in PGP 5.5

Personal Privacy

Similar to PGP5.0, but with the enhanced Business Security features outlined above for dealing with corporate keys. Two versions seem to exist:

PGP 5.5 and Eudora

Business Security

This version of PGP is meant for, of course, businesses (in the US/Canada, not to be exported). Most of the features are configurable by the system administrator; however, this version can create and use both RSA and DH keys. Note the sys admin can turn RSA creation off. This version can use the message recovery features outlined in PGP4.5 for Business, plus it can send a note asking anyone who encrypts to an employee of the company to also encrypt to the corporate key.

The Business Security Suite version also contains (essentially) keyserver software (called 'certserver') and the email watcher outlined above.

PGP 5.5.1, PGP 5.5.2

PGP 5.5.3

PGP 5.5.3i (International version)

PGP 5.5.3a (Preston Wilson modified version) for Windows

PGP 5.5.3iCKT (Cyber-Knights Templar modified version)

PGP 5.5.3iaLP

PGP 5.5.3fr

This is a French version of PGP 5.5.3 for Windows. It can be found at The page is in French and English. The page does not specify whether RSA is supported, but I would guess that it probably is fully supported. Please let me know if you know for sure!

PGP 5.5.4

PGP skipped this number.

PGP 5.5.5

This version is identical to 5.5.3; the only changes are in the About boxes and license information to reflect the NAI buyout of PGP, Inc. Also, "PGP 5.5.5 for Business Security" was renamed "PGP for Email and Files".
Go to Index  Go to Chart

PGP 6.0

This is complicated. I'll make it as simple as I can.

NAI released 5 versions to get started. They are:

The versions marked DH handled only DH keys, while the versions marked RSA allowed the generation and use of RSA keys. However, the Personal Privacy 6.0.0 RSA was not intended to be released with RSA key generation enabled (it was supposed to only be able to use them, not generate them). NAI realized their mistake quickly and pulled it off the market within a few days, then released a correction with a slight version alteration:

PGP 6.0.1

A bug was discovered in the RSA code that handled keys larger than 2048 bits. NAI released a fix for it, and decided to drop support for RSA keys larger than 2048 bits (2048-bit and smaller keys are okay) in this and all subsequent RSA products. The bugfix versions are: The Desktop Security version allows the generation and use of RSA keys. However, the Personal Privacy version only allows the use of RSA keys.

PGP 6.0.2

NAI then did a maintenance release: The RSA versions both allow RSA key generation (this is not a mistake or typographical error). Why the change of heart? NAI decided not having RSA generation was too much of a headache for users.

The 6.0.2 maintenance release changed the implementation of the RSA algorithm used. In all 6.0.0 and 6.0.1 versions, and the 6.0.2 RSA versions, NAI used RSADSI (RSA Data Security, Inc) code called "BSAFE". However, in the 6.0.2 DH versions for Windows, PGP uses CAPI (Microsoft's Cryptographic API). So...what can the DH versions do with RSA keys? Well, that depends on the version of CAPI you happen to have:

None of these versions will allow the creation of RSA keys. Also, CAPI is known to have problems with "odd" keysizes, so you may have to stick to keys of 1024, 1536, or 2048 bits. All of the RSA key functions in the "DH-only" versions are a bonus, remember. If you need truly reliable RSA key use then you need to buy one of the RSA Add-on versions from NAI.

Features of 6.0.x

One of the nicest new features of the 6.0 series is the "Use Current Window" option in PGPTray. This allows you to encrypt a message right in the window you are working in, rather than having to cut, encrypt, and paste. This is especially handy for users of email packages not normally supported by PGP.

PGP 6.0.2i

This version does not support the generation of RSA keys. All of the other features are supported.

PGP 6.0.2iCKT

Go to Index  Go to Chart

PGP 6.5

NAI released PGP Desktop Security 6.5 for Windows NT on April 5, 1999. Versions for other platforms (Win95/98, Macintosh) were released sometime in the second quarter of 1999 as 6.5.1.


This version follows the same as the 6.0 releases in terms of which support RSA key generation; essentially, if you buy the RSA version you get RSA key generation, otherwise you have to rely on CAPI for your RSA key support.

PGP 6.5.1 & PGP Command Line

NAI released PGP 6.5.1 in several flavors:

While that last one does not apply to the average home user, it was part of the announcement, so I included it! This announcement covers the freeware versions.

The differences between the versions are mainly:

In keeping with the original, long-lost purpose of this page, all 6.5.1 versions support RSA fully, even the Freeware versions!

The Freeware versions can be downloaded from . Warning: If you have PGPdisk installed from PGP 6.0.2 and you upgrade to PGPfreeware 6.5.1, you will lose PGPdisk functionality!

The source code release for PGP 6.5.1 included the source to PGPfone. See the README file for some more information.

PGP 6.5.1int

An international version of PGP 6.5.1 is available in both GUI and command line versions. It does not include PGPdisk. See for the program. Also, the source code release is on their FTP server.

PGP 6.5.1ifr

A French translation of PGP 6.5.1i. (Note they don't use the letter "i" in the name of it. I added it so that it is clear this is an international version.) Available at (the page has both French and English text).

PGP 6.5.1ckt

The Cyber-Knights Templar release of PGP 6.5.1ckt, build 06. CKT usually implements very large key sizes, which may be incompatible with certain versions of PGP. The CKT home page is at

Go to Index  Go to Chart

PGP 6.5.2/PGP 6.5.2a/PGP Command Line 6.5.2

Due to an error on NAI's part, PGP 6.5.2 was not intended to be released but was sold through the McAfee website and other places. To reduce confusion, when NAI did release the "proper" version, they named it 6.5.2a. (If you have a copy of 6.5.2, you are eligible for a free upgrade to 6.5.2a.)

To see what version you have, you can check:

The "About" boxes are identical, so you can't use that to tell.

Rumor has it NAI intends this to be the last version released before PGP 7.

Versions 6.5.2 and 6.5.2a both support RSA key generation and use, a feature that has been in all PGP editions since 6.5.0.

Version 6.5.2a corrects several bugs in version 6.5.1, especially for PGPnet. Read the Personal Privace and Desktop Security announcement here. I have the freeware version announcement available as well.

Features for Windows:

Features for Mac:

Warning: If you have PGPdisk installed from a previous version and you upgrade to PGPfreeware 6.5.2a, you will lose PGPdisk functionality!

PGP Command Line 6.5.2/PGP E-Business Server

This program comes under two names, depending on intended user:

They support several operating systems:

PGP 6.5.2a ADK Hotfix (Macintosh)

This corrects a bug associated with ADKs. (A fixed copy of the program is indistinguishable from the original.) The Hotfix announcement is available here.

PGP 6.5.3

Bugfix release, no new features. This version only exists for Windows platforms, not Mac. This is the first version that could be legally exported in executable form.

PGP 6.5.3 ADK Hotfix (Windows)

This corrects a bug associated with ADKs. (A fixed copy of the program is indistinguishable from the original.) The Hotfix announcement is available here.

PGP 6.5.8

This version fixes the ADK vulnerability. It is available in Macintosh and Windows versions, in all three flavors: PGPfreeware, PGP Desktop Security, and PGP Personal Privacy. See the MIT PGP Distribution site for the freeware versions and for the other versions. I have the announcements for the Freeware versions and the Personal Privacy versions available.

There were also two PGP 6.5.8 Command Line versions, freeware and commercial. You can read the announcement here.

The source code is available for this version at I have the announcement available.

PGP 6.5.8ckt

This version is compiled by the Cyber-Knights Templar. Many users are switching to this version in light of NAI's announcement that NAI will no longer release all of the PGP source code.

Go to Index  Go to Chart

Written by RJ Marquette on 12/10/97. Version 2.1.4 4/21/2001.
Copyright © 2000 RJ Marquette.