Debian Bug report logs - #722724
CVE-2013-4351 gnupg2: gpg2 treats no-usage-permitted keys as all-usages-permitted

version graph

Package: gnupg2; Maintainer for gnupg2 is Eric Dorland <eric@debian.org>; Source for gnupg2 is src:gnupg2.

Reported by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Date: Fri, 13 Sep 2013 17:24:01 UTC

Severity: normal

Tags: patch, upstream

Found in versions gnupg2/2.0.20-1, gnupg2/2.0.21-2

Fixed in versions gnupg2/2.0.19-2+deb7u1, gnupg2/2.0.22-1

Done: Eric Dorland <eric@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, dkg@fifthhorseman.net, Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>:
Bug#722722; Package gnupg. (Fri, 13 Sep 2013 17:24:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
New Bug report received and forwarded. Copy sent to dkg@fifthhorseman.net, Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>. (Fri, 13 Sep 2013 17:24:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gnupg: gpg treats no-usage-permitted keys as all-usages-permitted
Date: Fri, 13 Sep 2013 13:20:35 -0400
[Message part 1 (text/plain, inline)]
Package: gnupg
Version: 1.4.14-1
Severity: normal
Tags: patch upstream
Control: -1 forwarded http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138

FC 4880 permits OpenPGP keyholders to mark their primary keys and
subkeys with a "key flags" packet that indicates the capabilities of the
key [0].  These are represented as a set of binary flags, including
things like "This key may be used to encrypt communications."

If a key or subkey has this "key flags" subpacket attached with all bits
cleared (off), GnuPG currently treats the key as having all bits set
(on).  While keys with this sort of marker are very rare in the wild,
GnuPG's misinterpretation of this subpacket could lead to a breach of
confidentiality or a mistaken identity verification.

Potential Confidentiality Breach
--------------------------------

For example, if Alice has a subkey X whose "key flags" subpacket has all
bits cleared (because she is using it for something not documented in
the spec, perhaps something experimental or risky), and Bob sends Alice
an e-mail encrypted using GnuPG, Bob may accidentally encrypt the
message to key X, depsite Alice having clearly stated that the key is
not to be used for encrypted communications.  If Alice's intended use of
X turns out to compromise the key itself somehow, then the attacker can
read Bob's otherwise confidential communication to Alice.

Potential Mistaken Identity Verification
----------------------------------------

Consider the scenario above, but where Bob is in general willing to rely
on OpenPGP certifications made by Alice.  The legitimate form of these
certifications are usually made by Alice's primary key, which is marked
as "certification-capable".  Because Bob's GnuPG misinterprets the usage
flags on subkey X, Bob may be able to be tricked into believing that
Alice has certified someone else's OpenPGP identity if an attacker
manages to coax Alice into using subkey X in a way that is replayable as
an OpenPGP certification.



These risks are unlikely today (there are very few certifications in the
wild with an all-zero key flags subpacket), and they are not
particularly dangerous (for a compromise to happen, there needs to also
be a cross-context abuse of the mis-classified key, which i do not have
a concrete example of).  But the keyholder's stated intent of separating
out keys by context of use is being ignored, so there is a window of
vulnerability that should not be open.

There is also a (maybe non-security) functionality issue here, in that
GnuPG may mis-use the user's own keys if they are marked as described
above (e.g. signing messages or certifying identities with a subkey that
is explicitly marked as not being for that purpose).


This has been fixed in the master branch already, but no fix is
available yet upstream for 1.4.x.

The attached patch should work for debian.

Regards,

        --dkg

[0] https://tools.ietf.org/html/rfc4880#section-5.2.3.21

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11-rc4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gnupg depends on:
ii  gpgv          1.4.14-1
ii  libbz2-1.0    1.0.6-5
ii  libc6         2.17-92+b1
ii  libreadline6  6.2+dfsg-0.1
ii  libusb-0.1-4  2:0.1.12-23.2
ii  zlib1g        1:1.2.8.dfsg-1

Versions of packages gnupg recommends:
ii  gnupg-curl     1.4.14-1
ii  libldap-2.4-2  2.4.31-1+nmu2+b1

Versions of packages gnupg suggests:
ii  eog           3.8.2-1
pn  gnupg-doc     <none>
ii  libpcsclite1  1.8.8-4
ii  xloadimage    4.1-21

-- debconf-show failed
[fix-empty-usage-flags.patch (text/x-diff, attachment)]

Set Bug forwarded-to-address to 'http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138'. Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net> to control@bugs.debian.org. (Fri, 13 Sep 2013 17:27:04 GMT) Full text and rfc822 format available.

Bug 722722 cloned as bug 722724 Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net> to control@bugs.debian.org. (Fri, 13 Sep 2013 17:36:05 GMT) Full text and rfc822 format available.

Bug reassigned from package 'gnupg' to 'gnupg2'. Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net> to control@bugs.debian.org. (Fri, 13 Sep 2013 17:36:06 GMT) Full text and rfc822 format available.

No longer marked as found in versions gnupg/1.4.14-1. Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net> to control@bugs.debian.org. (Fri, 13 Sep 2013 17:36:07 GMT) Full text and rfc822 format available.

Marked as found in versions gnupg2/2.0.21-2. Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net> to control@bugs.debian.org. (Fri, 13 Sep 2013 17:36:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#722724; Package gnupg2. (Fri, 13 Sep 2013 17:45:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. (Fri, 13 Sep 2013 17:45:10 GMT) Full text and rfc822 format available.

Message #20 received at 722724@bugs.debian.org (full text, mbox):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: 722724@bugs.debian.org
Subject: patch for gnupg2
Date: Fri, 13 Sep 2013 13:42:01 -0400
[Message part 1 (text/plain, inline)]
attached is the patch for gnupg2 to ensure that gnupg2 treats empty key
flags subpackets as "no standard usages permitted" instead of "all
standard usages permitted".

Regards

	--dkg
[fix-empty-usage-flags.patch (text/x-patch, inline)]
commit 8f8f3984e82a025cf1384132a419f67f39c7e07d 
Author: Werner Koch <wk@gnupg.org>
Date:   Fri Mar 15 15:46:03 2013 +0100

    gpg: Distinguish between missing and cleared key flags.
    
    * include/cipher.h (PUBKEY_USAGE_NONE): New.
    * g10/getkey.c (parse_key_usage): Set new flag.
    --
    
    We do not want to use the default capabilities (derived from the
    algorithm) if any key flags are given in a signature.  Thus if key
    flags are used in any way, the default key capabilities are never
    used.
    
    This allows to create a key with key flags set to all zero so it can't
    be used.  This better reflects common sense.

	Modified g10/getkey.c
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1553,13 +1553,19 @@
 
       if(flags)
 	key_usage |= PUBKEY_USAGE_UNKNOWN;
+
+      if (!key_usage)
+	key_usage |= PUBKEY_USAGE_NONE;
     }
+  else if (p) /* Key flags of length zero.  */
+    key_usage |= PUBKEY_USAGE_NONE;
 
   /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
      capability that we do not handle.  This serves to distinguish
      between a zero key usage which we handle as the default
      capabilities for that algorithm, and a usage that we do not
-     handle. */
+     handle.  Likewise we use PUBKEY_USAGE_NONE to indicate that
+     key_flags have been given but they do not specify any usage.  */
 
   return key_usage;
 }
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -65,6 +65,11 @@
 #define PUBKEY_USAGE_CERT    GCRY_PK_USAGE_CERT  /* Also good to certify keys. */
 #define PUBKEY_USAGE_AUTH    GCRY_PK_USAGE_AUTH  /* Good for authentication. */
 #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN  /* Unknown usage flag. */
+#define PUBKEY_USAGE_NONE    256                 /* No usage given. */
+#if  (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \
+      | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256
+# error Please choose another value for PUBKEY_USAGE_NONE
+#endif
 
 #define DIGEST_ALGO_MD5       /*  1 */ GCRY_MD_MD5
 #define DIGEST_ALGO_SHA1      /*  2 */ GCRY_MD_SHA1
[signature.asc (application/pgp-signature, attachment)]

Changed Bug title to 'CVE-2013-4351 gnupg2: gpg2 treats no-usage-permitted keys as all-usages-permitted' from 'gnupg: gpg treats no-usage-permitted keys as all-usages-permitted' Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net> to control@bugs.debian.org. (Fri, 13 Sep 2013 19:51:10 GMT) Full text and rfc822 format available.

Reply sent to Eric Dorland <eric@debian.org>:
You have taken responsibility. (Sat, 05 Oct 2013 22:36:05 GMT) Full text and rfc822 format available.

Notification sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Bug acknowledged by developer. (Sat, 05 Oct 2013 22:36:05 GMT) Full text and rfc822 format available.

Message #27 received at 722724-close@bugs.debian.org (full text, mbox):

From: Eric Dorland <eric@debian.org>
To: 722724-close@bugs.debian.org
Subject: Bug#722724: fixed in gnupg2 2.0.22-1
Date: Sat, 05 Oct 2013 22:33:27 +0000
Source: gnupg2
Source-Version: 2.0.22-1

We believe that the bug you reported is fixed in the latest version of
gnupg2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 722724@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Eric Dorland <eric@debian.org> (supplier of updated gnupg2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 05 Oct 2013 17:45:28 -0400
Source: gnupg2
Binary: gnupg-agent scdaemon gpgsm gnupg2 gpgv2
Architecture: source amd64
Version: 2.0.22-1
Distribution: unstable
Urgency: low
Maintainer: Eric Dorland <eric@debian.org>
Changed-By: Eric Dorland <eric@debian.org>
Description: 
 gnupg-agent - GNU privacy guard - password agent
 gnupg2     - GNU privacy guard - a free PGP replacement (new v2.x)
 gpgsm      - GNU privacy guard - S/MIME version
 gpgv2      - GNU privacy guard - signature verification tool (new v2.x)
 scdaemon   - GNU privacy guard - smart card support
Closes: 722724 725433
Changes: 
 gnupg2 (2.0.22-1) unstable; urgency=low
 .
   * New upstream version. Fixes CVE-2013-4402 and CVE-2013-4351. (Closes:
     #725433, #722724)
   * debian/gnupg2.install: Install gnupg-card-architecture.png for the
     info file.
Checksums-Sha1: 
 5d11168167056e5d5a9f98255d71eedb075b6c71 1665 gnupg2_2.0.22-1.dsc
 9ba9ee288e9bf813e0f1e25cbe06b58d3072d8b8 4277117 gnupg2_2.0.22.orig.tar.bz2
 17e4e5cdb50481644ff44f14ec7d59e8382a4afa 16677 gnupg2_2.0.22-1.debian.tar.bz2
 bb6e27c703b1769f7413df4b642a71943dd6b51a 264174 gnupg-agent_2.0.22-1_amd64.deb
 0b70b45d9bbd75be7d5a759650f5cdecf14ac14e 196566 scdaemon_2.0.22-1_amd64.deb
 283a83bdb152709a01b3b750c7effa49507cff5e 227504 gpgsm_2.0.22-1_amd64.deb
 f04ef2ad65f848fa625c58f0e7d68d63af0092d0 1344314 gnupg2_2.0.22-1_amd64.deb
 c7b111ce694cf4e133db0fb47a729eb21516dd3e 178966 gpgv2_2.0.22-1_amd64.deb
Checksums-Sha256: 
 83fa1c1c7311e7d43b57605d6af1359a53b45c1aaa41507f86e6145a4e2d2376 1665 gnupg2_2.0.22-1.dsc
 437d0ab259854359fc48aa8795af80cff4975e559c111c92c03d0bc91408e251 4277117 gnupg2_2.0.22.orig.tar.bz2
 430ac8e40a0acd845e0aa3c01b50ba114a7f6d70a9fb6e576b8680e79af08574 16677 gnupg2_2.0.22-1.debian.tar.bz2
 7bb1607bf1f276612773efdeeba9bf49308b263c1cbae8c927766dcabf5d25e2 264174 gnupg-agent_2.0.22-1_amd64.deb
 c0fa4e9e80669fe0b7f444c31bfdd9531dba4d007b488f791c589c91bcb7d244 196566 scdaemon_2.0.22-1_amd64.deb
 fb5882c3c65fb932c73de665d64c2a07d47ae9c4ce494bd6a3c2f9ca950821a1 227504 gpgsm_2.0.22-1_amd64.deb
 baab694b8cad14c14e164a45a492fb8b5e61bcd63d50fd73afc4b7aea67a1629 1344314 gnupg2_2.0.22-1_amd64.deb
 90868f964697e932c6b367d090df013deedbcaf0844eb76385d905a478f87400 178966 gpgv2_2.0.22-1_amd64.deb
Files: 
 90104f8cb30b82c8a9e4d8f6cce6e6db 1665 utils optional gnupg2_2.0.22-1.dsc
 ee22e7b4fdbfcb50229c2e6db6db291e 4277117 utils optional gnupg2_2.0.22.orig.tar.bz2
 ba860fa8186a19bc96c9d62ed484c5fa 16677 utils optional gnupg2_2.0.22-1.debian.tar.bz2
 e53d9026310199b20c27988d4e656392 264174 utils optional gnupg-agent_2.0.22-1_amd64.deb
 0487ca101fca3e98a0047fd710181e05 196566 utils optional scdaemon_2.0.22-1_amd64.deb
 dd629468833495c1cdd392d00af7ce36 227504 utils optional gpgsm_2.0.22-1_amd64.deb
 a9ac610945d41e26947a5f46f3be6fb8 1344314 utils optional gnupg2_2.0.22-1_amd64.deb
 ba03e0cb639428daf3cd9fde6eab2595 178966 utils optional gpgv2_2.0.22-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlJQkVsACgkQYemOzxbZcMY8tACfYVohJZRq/n/2QO9Q3mLeP7fU
SpMAn3ffajnADePd0qV1w8amKvcglpNU
=lb/2
-----END PGP SIGNATURE-----




Reply sent to Eric Dorland <eric@debian.org>:
You have taken responsibility. (Sat, 12 Oct 2013 19:57:38 GMT) Full text and rfc822 format available.

Notification sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Bug acknowledged by developer. (Sat, 12 Oct 2013 19:57:38 GMT) Full text and rfc822 format available.

Message #32 received at 722724-close@bugs.debian.org (full text, mbox):

From: Eric Dorland <eric@debian.org>
To: 722724-close@bugs.debian.org
Subject: Bug#722724: fixed in gnupg2 2.0.19-2+deb7u1
Date: Sat, 12 Oct 2013 19:53:09 +0000
Source: gnupg2
Source-Version: 2.0.19-2+deb7u1

We believe that the bug you reported is fixed in the latest version of
gnupg2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 722724@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Eric Dorland <eric@debian.org> (supplier of updated gnupg2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 08 Oct 2013 02:04:01 -0400
Source: gnupg2
Binary: gnupg-agent scdaemon gpgsm gnupg2
Architecture: source amd64
Version: 2.0.19-2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Eric Dorland <eric@debian.org>
Changed-By: Eric Dorland <eric@debian.org>
Description: 
 gnupg-agent - GNU privacy guard - password agent
 gnupg2     - GNU privacy guard - a free PGP replacement (new v2.x)
 gpgsm      - GNU privacy guard - S/MIME version
 scdaemon   - GNU privacy guard - smart card support
Closes: 722724 725433
Changes: 
 gnupg2 (2.0.19-2+deb7u1) wheezy-security; urgency=high
 .
   * debian/patches/{03-cve-2013-4402_p1.diff,04-cve-2013-4402_p2.diff}:
     Fix for CVE-2013-4402, "infinite recursion in the compressed packet
     parser". (Closes: #725433)
   * debian/patches/05-cve-2013-4351.diff: Fix for CVE-2013-4351, "treats
     no-usage-permitted keys as all-usages-permitted". (Closes: #722724)
Checksums-Sha1: 
 188f9f96286422a2e1a20c2eab12ffbae3436a99 1623 gnupg2_2.0.19-2+deb7u1.dsc
 190c09e6688f688fb0a5cf884d01e240d957ac1f 4187460 gnupg2_2.0.19.orig.tar.bz2
 8bb1172b5b250b3d9f7117d1dcf1f8e0a4b0da7b 20489 gnupg2_2.0.19-2+deb7u1.debian.tar.bz2
 cf614b8fe2bf6c6acbe552d7862a8b8a78b03980 465060 gnupg-agent_2.0.19-2+deb7u1_amd64.deb
 0c155ead33951b35206637f1181ea09ec955b5fa 217696 scdaemon_2.0.19-2+deb7u1_amd64.deb
 3d4a9a6d64624420396ac0e93b64f55b5751e372 256134 gpgsm_2.0.19-2+deb7u1_amd64.deb
 4a4ce12f53d8f2970acf33239a1b1eb874df882c 2284332 gnupg2_2.0.19-2+deb7u1_amd64.deb
Checksums-Sha256: 
 40f3f6ef844e56a90a4de2f3ca59e720121871bc110c865ab1f476361f21f28b 1623 gnupg2_2.0.19-2+deb7u1.dsc
 efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622 4187460 gnupg2_2.0.19.orig.tar.bz2
 c70c6b065e460b8cc733811d3c1d1fb343dd887ff9064431a1ba4f6465dda42f 20489 gnupg2_2.0.19-2+deb7u1.debian.tar.bz2
 f0be6fd88957279fcc4c1874289fd942150664bd27bc532bb473f48534289d42 465060 gnupg-agent_2.0.19-2+deb7u1_amd64.deb
 286927c805631f20ec389c0871e5a14fa01c2437206b2b69de5754c2682e2a21 217696 scdaemon_2.0.19-2+deb7u1_amd64.deb
 503f9463f5dd61c60e5c630fa4f920a6fa2a646923ca0109f8309dd808010ae0 256134 gpgsm_2.0.19-2+deb7u1_amd64.deb
 5a4d0f15ab5543bd224a92eee67d7452c1748eab18d0bc27a8b1846eefd1caac 2284332 gnupg2_2.0.19-2+deb7u1_amd64.deb
Files: 
 ec23631be9966f51c684ca4dc055437c 1623 utils optional gnupg2_2.0.19-2+deb7u1.dsc
 6a8589381ca1b0c1a921e9955f42b016 4187460 utils optional gnupg2_2.0.19.orig.tar.bz2
 0f2a7a3a0c140fabc417b7e6a9a35332 20489 utils optional gnupg2_2.0.19-2+deb7u1.debian.tar.bz2
 9d9b07f8fdc1fbb5e9aa93307f118f88 465060 utils optional gnupg-agent_2.0.19-2+deb7u1_amd64.deb
 4abe39af1caee492192ea4541cd89b11 217696 utils optional scdaemon_2.0.19-2+deb7u1_amd64.deb
 b1e10ce508a887f95031988a593557ab 256134 utils optional gpgsm_2.0.19-2+deb7u1_amd64.deb
 644bc452a0d68dd4017663a43d2e055a 2284332 utils optional gnupg2_2.0.19-2+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlJU3/4ACgkQYemOzxbZcMaO7QCdFyOISzbDSkPXHNpHbb1/D3Dp
EUgAmwSwoeO/FWmeG8bm+zpjYy/aF6UQ
=Vx/A
-----END PGP SIGNATURE-----




Marked as found in versions gnupg2/2.0.20-1. Request was from Adrian Bunk <bunk@stusta.de> to control@bugs.debian.org. (Fri, 25 Oct 2013 09:30:04 GMT) Full text and rfc822 format available.

Severity set to 'serious' from 'normal' Request was from Adrian Bunk <bunk@stusta.de> to control@bugs.debian.org. (Fri, 25 Oct 2013 09:30:06 GMT) Full text and rfc822 format available.

Severity set to 'normal' from 'serious' Request was from "Thijs Kinkhorst" <thijs@debian.org> to control@bugs.debian.org. (Fri, 25 Oct 2013 11:36:16 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 29 Dec 2013 07:26:14 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 00:24:07 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.