SSH_CIPHER_NONE 0 No encryption
SSH_CIPHER_IDEA 1 IDEA in CFB mode
SSH_CIPHER_DES 2 DES in CBC mode
SSH_CIPHER_3DES 3 Triple-DES in CBC mode
SSH_CIPHER_TSS 4 An experimental stream cipher
SSH_CIPHER_RC4 5 RC4
All implementations must support SSH_CIPHER_3DES, the rest are optional.
We'll also need an MD5 implementation for data integrity checking.
RSA is also used for intial authentication.
RSA provides RSAREF is a public library that allows you to use RSA encryption for non-profit uses. Otherwise you need to license the RSA encryption technology from them.
Some of the source code aggregated with this distribution is licensed
third parties under different terms, so the restrictions above may not
apply to such components.
We do not imply to give any licenses to any patents or copyrights
third parties. As far as we know, all included source code is used in
accordance with the relevant license agreements and can be used and
distributed freely for any purpose (the GNU license being the most
restrictive); see below for details.
The RSA algorithm and even the concept of public key encryption
claimed to be patented in the United States. These patents may interfere
with your right to use this software. It is possible to compile the
software using the RSAREF2 library by giving --with-rsaref on the
configure command line. This may or may not make it legal to use this
software for non-commercial purposes in the United States (we have sent a
query about this to RSADSI (on July 10, 1995), but have not received a
final answer yet). The RSAREF2 distribution is not included in this
distribution, but can be obtained from almost any ftp site world-wide
containing cryptographic materials. Using RSAREF is not recommended
outside the United States. See "http://www.cs.hut.fi/crypto/" if you have
trouble finding the RSAREF library.
The IDEA algorithm is claimed to be patented in the United States
several other countries. We have been told by Ascom-Tech (the patent
holder) that IDEA can be used freely for non-commercial use. A copy of
their letter is at the end. The software can be compiled without IDEA by
specifying the --without-idea option on the configure command line.
The DES implementation in this distribution is derived from the
library by Eric Young <email@example.com>. It can be used under the Gnu
General Public License (libdes-COPYING) or the Artistic License
(libdes-ARTISTIC), at your option. See libdes-README for more
information. Eric Young has kindly given permission to distribute the
derived version under these terms. The file crypt.c is fcrypt.c from
SSLeay-0.4.3a by Eric Young; he permits free use.
The GNU Multiple Precision Library, included in this release and
into the executable, is distributed under the GNU Library Public License.
A copy can be found in gmp-2.0/COPYING.LIB.
The zlib compression library is copyright Jean-loup Gailly and Mark
Anyone is permitted to use the library for any purpose. A copy of the
license conditions can be found in zlib-1.0.4/README.
The make-ssh-known-hosts script was contributed by Tero Kivinen
<firstname.lastname@example.org> and is distributed under the GNU General
Public License. A copy can be found in gnu-COPYING-GPL.
Some files, such as memmove.c and random.c, are owned by the Regents
the University of California, and can be freely used and distributed.
License terms are included in the affected files. The file scp.c is
derived from code owned by the Regents of the University of California,
and can be used freely.
The TSS encryption algorithm implementation in tss.c is copyright
Rinne <email@example.com> and Cirion Oy. It is used with permission, and
permission has been given for anyone to use it for any purpose as part of
The MD5 implementation in md5.c was taken from PGP and is due to
Plumb. Comments in the file indicate that it is in the public domain.
The 32-bit CRC implementation in crc32.c is due to Gary S. Brown.
in the file indicate it may be used for any purpose without restrictions.
In some countries, particularly France, Russia, Iraq, and Pakistan,
be illegal to use any encryption at all without a special permit, and the
rumor is that you cannot get a permit for any strong encryption.
If you are in the United States, you should be aware that while
software was written outside the United States using information
publicly available everywhere, the United States Government may
consider it a criminal offence to export this software from the United
States once it has been imported. The rumor is that "the federal
mandatory sentencing guidelines for this offence are 41 to 51 months
in federal prison". The rumor says that the US government considers
putting the software available on an ftp site the same as exporting
it. Contact the Office of Defence Trade Controls if you need more
information. Also, please write to your congress and senate
representatives to get these silly and unconstitutional restrictions
Note that any information and cryptographic algorithms used in this
software are publicly available on the Internet and at any major
bookstore, scientific library, and patent office world-wide. More
information can be found e.g. at "http://www.cs.hut.fi/crypto/".
The legal status of this program is some combination of all these
permissions and restrictions. Use only at your own responsibility. You
will be responsible for any legal consequences yourself; we are not making
any claims whether possessing or using this is legal or not in your
country, and we are not taking any responsibility on your behalf.
Below is a copy of a message that we received from Ascom, the holder
the IDEA patent.
Date: Tue, 15 Aug 95 09:09:59 CET
From: IDEA@ascom.ch (Licensing Systec)
Encoding: 3001 Text
Subject: Phone Call 15.8.95
Dear Mr. Ylonen
Thank you for your inquiry about the IDEA encryption algorithm.
Please excuse the delay in answering your fax sent 26.6.95.
Here is the information you requested :
Non commercial use of IDEA is free. The following examples (regarding
PGP) should clarify what we mean by commercial and non-commercial use
Here are some examples of commercial use of PGP:
1. When PGP is used for signing and/or encrypting e-mail messages
exchanged between two corporations.
2. When a consultant uses PGP for his communications with his client
3. When a bank makes PGP available to its clients for telebanking and
charges them money for it (directly or indirectly).
4. When you use the software you receive from a company for commercial
purposes (telebanking included).
Some examples of non commercial use:
1. When an individual uses PGP for his private communications.
2. When an individual obtains PGP on the Internet and uses it for
telebanking (assuming this is approved by the bank).
3. When you use the software you receive from a company for private
purposes (telebanking excluded).
You may use IDEA freely within your software for non commercial use.
If you include IDEA in your software, it must include the following
copy right statement :
1. Copyright and Licensing Statement
IDEA(tm) is a trademark of Ascom Systec AG. There is no license fee
required for non-commercial use. Commercial users of IDEA may
obtain licensing information from Ascom Systec AG.
fax: ++41 64 56 59 54
For selling the software commercially a product license is required:
The PRODUCT LICENSE gives a software developer the right to implement
IDEA in a software product and to sell this product worldwide. With
the PRODUCT LICENSE we supply a source listing in C and a software
manual. We charge an initial fee per company and a percentage of sales
of the software product or products (typically between .5 and 4 per
cent of the sales price, depending on the price and the importance of
IDEA for the product).
For further information please do not hesitate to contact us.
Ascom Systec Ltd
IDEA Licensing @@@@@ @@@@@ @@@@@ @@@@@ @@@@@@@
Gewerbepark @ @ @ @ @ @ @ @
CH-5506 Maegenwil @@@@@ @@@@@ @ @ @ @ @ @
Switzerland @ @ @ @ @ @ @ @ @
Phone ++41 64 56 59 54 @@@@@ @@@@@ @@@@@ @@@@@ @ @ @
Fax ++41 64 56 59 98
This library contains a number of algorithms which are covered by
These algorithms are Diffie-Hellman, DSA, IDEA, RC5, and RSA. A number of
patent holders have very generously granted a license for royalty-free use of
the algorithms in the library under certain circumstances, as explained below.
Diffie-Hellman and DSA:
The practice of Diffie-Hellman key exchange is covered by
Patent No 4,200,770 ('Cryptographic Apparatus and Method') which expires in
September 1997. The Canadian equivalent expires in September 1998.
The practice of all other public key algorithms is covered
by United States
Patent No 4,218,582 ('Public Key Cryptographic Apparatus and Method') which
expires in October 1998. Numerous equivalent patents have been issued in
Europe and Japan which expire in October 1998. These patents are licensed
exclusively by Cylink Corporation of Sunnyvale, California. Cylink has
granted a license to all users of this library for non-commercial use,
including research by non-profit institutions. This means you may
incorporate this library in software which is distributed for free, provided
you include the following notice in the software and all collateral
documentation which states:
The use of the public key algorithms in this software is
covered by US
Patents No 4,200,770 ('Cryptographic Apparatus and Method') and 4,218,582
('Public Key Cryptographic Apparatus and Method') which are licensed
exclusively by Cylink Corporation.
In order to promote open standards for public key algorithms,
initiated a low cost licensing program for commercial use of public key. For
more information, contact Cylink's web page at www.cylink.com or e-mail
The IDEA algorithm is patented by Ascom Systec Ltd. of CH-5506
Switzerland, who allow it to be used on a royalty-free basis for certain
non-profit applications. Commercial users must obtain a license from the
company in order to use IDEA. IDEA may be used on a royalty-free basis under
the following conditions:
Free use for private purposes:
The free use of software containing the algorithm is strictly
limited to non
revenue generating data transfer between private individuals, ie not serving
commercial purposes. Requests by freeware developers to obtain a
royalty-free license to spread an application program containing the
algorithm for non-commercial purposes must be directed to Ascom.
Special offer for shareware developers:
There is a special waiver for shareware developers.
Such waiver eliminates
the upfront fees as well as royalties for the first US$10,000 gross sales of
a product containing the algorithm if and only if:
1. The product is being sold for a minimum of US$10 and a
maximum of US$50.
2. The source code for the shareware is available to the public.
Special conditions for research projects:
The use of the algorithm in research projects is free provided
that it serves
the purpose of such project and within the project duration. Any use of the
algorithm after the termination of a project including activities resulting
from a project and for purposes not directly related to the project requires
Ascom Tech requires the following notice to be included for
This software product contains the IDEA algorithm as described
and claimed in
US patent 5,214,703, EPO patent 0482154 (covering Austria, France, Germany,
Italy, the Netherlands, Spain, Sweden, Switzerland, and the UK), and Japanese
patent application 508119/1991, "Device for the conversion of a digital block
and use of same" (hereinafter referred to as "the algorithm"). Any use of
the algorithm for commercial purposes is thus subject to a license from Ascom
Systec Ltd. of CH-5506 Maegenwil (Switzerland), being the patentee and sole
owner of all rights, including the trademark IDEA.
Commercial purposes shall mean any revenue generating purpose
not limited to:
i) Using the algorithm for company internal purposes (subject
to a site
ii) Incorporating the algorithm into any software and distributing
software and/or providing services relating thereto to others (subject to
a product license).
iii) Using a product containing the algorithm not covered
by an IDEA license
(subject to an end user license).
All such end user license agreements are available exclusively
Systec Ltd and may be requested via the WWW at http://www.ascom.ch/systec or
by email to firstname.lastname@example.org.
Use other than for commercial purposes is strictly limited
generating data transfer between private individuals. The use by government
agencies, non-profit organizations, etc is considered as use for commercial
purposes but may be subject to special conditions. Any misuse will be
The RC5 algorithm is patented by RSA Data Security Inc. 100
Redwoord City, California 94065, ph.+1 415 595-8782, fax +1 415 595-1873, and
cannot be used commercially in the US without a license.
The RSA algorithm is patented by RSA Data Security Inc. 100
Redwoord City, California 94065, ph.+1 415 595-8782, fax +1 415 595-1873, and
cannot be used commercially in the US without a license. RSA licenses can
most easily be obtained by waiting until the year 2000 when the patent
Page Maintained by: Timothy Chen. Opinions on this page should be freely ignored. Let us know if this page has been useful to you in some way.