Have you seen a write-up explaining what ciphertexts, keys and sigs work with which file crypto tools (PGP2, 5, 6, GPG) (and which MUAs for that matter - and I suppose I should mention S/MIME in Netscape) ??? (And which algorithms are actually widely trusted.) I guess such a HOW-TO is in one of the new tarballs somewhere - I just don't have 10 hours to hunt for it if someone on the list has already seen it - or written it. ----------------- Why do I ask ? I just got the quarterly bulletin from CERT, and it has thrown me into some confusion about choosing the lowest hassle way to keep mail private. I recently installed mutt, and over the weekend got my SuSE rpm copy of PGP 2.6.3 working - I was very impressed by the slick key management, prz's great documentation, and the integration with mutt. (Er... I redden with shame as I only used Lotus Notes for strong-ish encryption up to now, and reading Phil Z I realize I should have been verifying unsigned keys.) Now CERT are getting rid of their RSA key and going to PGP 6.5 with a new key - to get a *wider* audience. Meanwhile the gossip is about GPG which is apparently nearly ready for 1.0 release, does not fall under the IDEA or RSA patents and is compatible with PGP 5.x (although how it verifies a PGP sig without using RSA and IDEA is a mystery I didn't read deep enough to fathom) but needs a glue script to be command-line-compatible. Messages and sigs from any of these are (I guess) not readable with 2.6.3 Now I haven't seen official SuSE rpm's for any of these, but I guess there wouldn't be much trouble downloading the source for each of these, compiling and playing with it, non-commercially (I don't see a 'stable' 0.8x release of GPG.) I don't imagine there would be any conflict with SuSE tools, though the progs may conflict with each other unless I am careful with the make options. No the real problem for me is making sense of all these new algorithms and file formats. Which type of keys would I make, what software should I encourage less experimental users to learn, what should they agree with their friends about tools and algorithms? If anyone has summarized the issue, we could come up with our own answers to these questions. dproc