Enigmail Forum

[shane]

I just want to announce a thing that the Mobility Project has been making: it's a special security toolkit with GnuPG, built-in support for TIGER192, support for IDEA encryption through IDEA.DLL, and technology from GPG2GO allowing everything to work from any location (and leave not trace in the Windows registry). Basically, it's a mobile security toolkit supporting virtually every hashing and encryption format you're likely to need.

IdeaTiger is designed to be the encryption toolkit for Mobility Email, our forthcoming email client distribution. However, it's able to work on its own (on my own machine I use it instead of the standard GnuPG distribution).

I'd love to hear your thoughts on the toolkit, and suggestions about how to improve it.

http://mobility.shaneland.co.uk/it-index.html.

[shane]

For the insanely brave, IdeaTiger has a new development version at: http://mobility.shaneland.co.uk/it-index.html. The download link for the development version (as opposed to the normal release) is near the bottom of the page.

The latest development version has the files from GnuPG 1.4.3cvs3968, meaning it is very very cutting edge indeed.

[Adam]

How stable is the development version? Would I be safe replacing my current GnuPG installation with it do you think? And does Enigmail have any problems supporting IDEA keys?

[shane]

I'm using the development version with no errors. I have been sent IDEA encrypted messages from the CEO of Mediacrypt, and they decrypted fine using IdeaTiger. Looks like that works. Now, I'm not sure how you'd go about encrypting messages with IDEA. However, I would not recommend encrypting messages with patented systems anyway, unless they were for a closed communication purpose. Most people don't have IDEA. Same goes for TIGER192. I'd use these things mainly for legacy support and in case someone sent me something with these systems.

[Lusfert]

What's bad:

1. Unlike Enigmail, GnuPG, and Thunderbird distribution of IdeaTiger isn't signed. I think security realated applications should have a digital signature.
2. In gpg.conf option no-secmem-warning is enabled. I don't understand why it may be useful?

[shane]

I'm fixing both issues for a release later today.

What type of signature do you think is preferable? Standard or detached?

[Adam]

My opinion is that you should use the same signing method as is used for Enigmail. IDEATiger is obviously aimed at Enigmail users, so I think using the same standard format on both of them will increase user's familliarity and trust in them.

[Lusfert]

What type of signature do you think is preferable? Standard or detached?

Detached, I think. It's used for probably all software (GnuPG, Enigmail, Thunderbird, Tor, etc.) and doesn't require verifying.

[shane]

Detached it is. It'll be ready shortly

[shane]

Just to let everyone know, there is a new version of IdeaTiger out at http://mobility.shaneland.co.uk/it-index.html. For the latest version download the IdeaTiger Release 5 development distribution at the bottom of the page.

It features one of the latest builds of GnuPG 1.4.3cvs (3974), and has support for TIGER192 and IDEA.

[shane]

There is a new development version of IdeaTiger out. It features code from GnuPG 1.4.3cvs3980. Pretty cutting edge stuff.

Website: http://mobility.shaneland.co.uk/it-index.html.

Direct download: http://mobility.shaneland.co.uk/files/ideatiger-release5-dev2.zip.

Have fun

[shane]

New version of IdeaTiger out again:

IdeaTiger Release 5 Dev 5 is at http://mobility.shaneland.co.uk/it-index.html.

Direct download: http://mobility.shaneland.co.uk/files/ideatiger-release5-dev5.zip.

This version of IdeaTiger features the latest GnuPG 1.4.3cvs3984.