Polish Cipher System NATO E-mail Prospect

Updated 6 June 2001. Thanks to Pawel Krawczyk.

In update to the information posted at http://cryptome.org/pl-cipher.htm [below]

The newspapers in Poland made a lot of mess about "NATO uses cipher created by Polish cryptologists". This was not true and finally got cleared by one of the involved parties, namely Mr. Jacek Pokrasniewicz from Enigma <jacekp@enigma.com.pl>.

Fortunately, in the story quoted on Cryptome there's no hype, but it's not very accurate, mentioning the CompCrypt as the main product. The true story in a nutshell, which is rough translation of his posting on pl.comp.security newsgroup:

1. Poland as a member of NATO suggested Enigma's PKI software called PEM-HEART for use in the INFOSEC workgroup. It was tested since half of 2000 and it got some good opinnions. PEM-HEART is a general PKI application for email protection, working under Windows and Unices.

2. The system uses standard cipher suite (RSA, DSA, 3DES, AES) and may use many media for key storage, one of them being hardware PKI manager CompCrypt Delta from Comp S.A. (www.comp.com.pl). This in turn was created by several companies, including Enigma (software) and TechLab 2000 (hardware, www.tl2000.com.pl), and Comp (marketing).

3. The software was designed by Enigma under UOP (The Office for State Protection) and NATO suggestions (like introduction of DSA). It was proposed to NATO by UOP, not Enigma, but based on an agreement between the two.

The whole thing seems to be quite reasonable thing, based on good theoretical assumptions, rational ciphers' choice and design, which has been developed and verified for several years now. It got a lot of stupid hype here in Poland, just like the last OpenPGP hack, but the good thing is that it was later publicly cleared by the authors.

Pawe³ Krawczyk *** home: <http://ceti.pl/~kravietz/>
security: <http://ipsec.pl/> *** fidonet: 2:486/23

Original file.

3 June 2001. Thanks to Rafal Brzeski.

June 3, 2001

Below is a rough translation and an original text of an information published by the Teleinfo, a Polish trade weekly which covers IT and telecommunication market. It was published on the front page of the 21 issue dated 21st of May 2001.

The electronic version of the weekly:

http://www.teleinfo.com.pl

However this story was not published in the electronic version yet. (There is there only a story on the Golden Processor prize for CompCrypt)

Teleinfo (21/2001) dated 21 May 2001 (Weekly)

The UOP (Urzad Ochrony Panstwa - The State Protection Office) prepared a cipher system which might be used in the electronic mail by NATO's member states. It is based on the Comp produced hardware.

The PKI (Public Key Infrastructure ) system includes CompCrypt hardware produced by Comp and national implementation of the cipher algorithm invented by the IT Communication Security Office. Both received 18 security certificates issued by the UOP, however if the system will be accepted by the NATO other national certificates will be needed.

We would like to remind that CompCrypt solutions received the Teleinfo Golden Processor prize for the year 2001 which was presented during INFOSYSTEM fairs in Poznan.

More details regarding NATO's implementation of the Polish PKI solution might be published within few weeks. "There is quite a good chance thet this system will be accepted by the Alliance" - informed Teleinfo Magdalena Kluczynska, the UOP spokeswomen.

Original Polish:

UOP opracowal system szyfrujacy, który byc moze bedzie stosowany w poczcie elektronicznej panstw NATO. Jego podstawe stanowia urzadzenia firmy Comp. Na system PKI (Public Key Infrastructure - infrastruktura klucza publicznego) skladaja sie urzadzenia CompCrypt, firmy Comp z zaimplementowa nym narodowym algorytmem szyfrowania opracowanym przez Biuro Bezpieczenstwa Lacznosci Informatyki. Maja one 18 certyfikatów UOP-u, jesli jednak zostana zaaprobowane do wykorzystania w NATO, prawdopodobnie beda musialy uzyskac kolejne.

Przypomnijmy, ze rozwiazania CompCrypt uzyskaly w br. "Zloty Procesor TELEINFO", który wreczylismy podczas poznanskich targów Infosystem.

Szczególy dotyczace wykorzystania przez NATO polskiego systemu PKI moga zostac podane w najblizszych tygodniach. - Sa duze szanse, aby system ten uzyskal akceptacje sojuszu - powiedziala "TELEINFO" Magdalena Kluczynska, rzeczniczka UOP.