From 0d806fc1d0bea83b89c5af9910e6203b76cb939d Mon Sep 17 00:00:00 2001 From: saturneric Date: Fri, 14 Jun 2024 22:11:13 +0200 Subject: [PATCH] feat: fit documents to v2.1.3 --- astro.config.mjs | 4 +- src/content/docs/advanced/key-package.md | 37 ++- .../docs/advanced/sync-all-public-keys.md | 44 ++-- .../docs/extra/algorithms-comparison.md | 84 +++++++ .../docs/{reference => extra}/dependencies.md | 0 .../docs/guides/encrypt-decrypt-file.md | 140 +++++++---- src/content/docs/guides/generate-key.md | 218 ++++++++++-------- src/content/docs/guides/sign-verify-file.md | 132 ++++++++--- .../docs/guides/symmetric-encrypt-decrypt.md | 89 ++++++- .../docs/guides/understand-interface.md | 113 ++++----- src/content/docs/guides/view-keypair-info.md | 136 +++++++++-- src/content/docs/overview/downloads.md | 1 - src/content/docs/overview/faq.md | 2 +- src/content/docs/overview/glance.md | 4 +- 14 files changed, 733 insertions(+), 271 deletions(-) create mode 100644 src/content/docs/extra/algorithms-comparison.md rename src/content/docs/{reference => extra}/dependencies.md (100%) diff --git a/astro.config.mjs b/astro.config.mjs index 8abc1ab..eea9773 100644 --- a/astro.config.mjs +++ b/astro.config.mjs @@ -45,9 +45,9 @@ export default defineConfig({ }, }, { - label: "Reference", + label: "Extra", autogenerate: { - directory: "reference", + directory: "extra", }, }, ], diff --git a/src/content/docs/advanced/key-package.md b/src/content/docs/advanced/key-package.md index 3f5868e..fd85173 100644 --- a/src/content/docs/advanced/key-package.md +++ b/src/content/docs/advanced/key-package.md @@ -70,7 +70,42 @@ To transfer the KeyPackage: 2. Once transferred, import the KeyPackage into the key management tool on the target device using the passphrase set during the creation process. -## After Transfer: Importing and Verifying +## After Transfer: Importing + +To import the KeyPackage after transferring it to the target device, follow +these steps: + +![Importing KeyPackage](https://image.cdn.bktus.com/i/2024/06/15/a086df66-bdac-74fb-9a2c-35cddd224564.webp) + +1. **Initiate Import**: + + - Open the key management tool on the target device and click on the "Import + Key" button. + +2. **Select KeyPackage Option:** + + - As shown in the image, from the dropdown menu, select the "Key Package" + option. This indicates that you will be importing a KeyPackage. + +3. **Select KeyPackage File**: + + - A file selection dialog will appear. First, choose the `.gpgpack` file that + you transferred. This file contains the packaged keys. + +4. **Select Key File**: + + - After selecting the `.gpgpack` file, another file selection dialog will + prompt you to choose the corresponding key file. This key file is used to + decrypt the KeyPackage. + +5. **Import Keys**: + - Once both files are selected, the key management tool will automatically + import the keys contained within the KeyPackage. You will be prompted to + enter the passphrase that was set during the creation of the KeyPackage to + complete the import process. + +By following these steps, you can securely import your cryptographic keys from +the KeyPackage into the key management tool on the target device. ## Best Practices diff --git a/src/content/docs/advanced/sync-all-public-keys.md b/src/content/docs/advanced/sync-all-public-keys.md index 687e553..3dc0eac 100644 --- a/src/content/docs/advanced/sync-all-public-keys.md +++ b/src/content/docs/advanced/sync-all-public-keys.md @@ -28,23 +28,37 @@ authenticate signatures made with the new subkey. GpgFrontend automates the public key synchronization process through a user-friendly interface. Here’s how to use it: -1. Open the **Key Management** interface. -2. In the list of public keys, you can now select specific keys to sync by - checking the boxes next to them. -3. Locate and click the **Sync Public Key** button. This initiates the automatic - synchronization for the selected keys. If no keys are selected, all public - keys will be synchronized. In this case, a confirmation prompt will appear to - confirm full synchronization. +1. **Open the Key Management Interface**: -![Sync Public Key -Button](https://image.cdn.bktus.com/i/2023/11/16/e2129464-6bd7-3fd4-e359-3a1f7a25bfd6.webp) + - Navigate to the Key Management interface by clicking on the "Manage Keys" + button in the main interface. -_Note: Replace the placeholder text with the actual link to the image showing -the Sync Public Key button._ +2. **Select Keys to Sync**: -The feature works by checking all the public keys in your possession against the -key server. If there's an updated version of a key you own, GpgFrontend will -import the new details to your local keyring. + - In the list of public keys, you can select specific keys to sync by + checking the boxes next to them. If you want to sync all public keys, you + do not need to select any specific keys. + +3. **Click the Sync Public Key Button**: + + - Locate and click the **Sync Public Key** button. This button is represented + by a cloud icon with a refresh symbol, located in the toolbar at the top of + the Key Management interface. + - If you have selected specific keys, the synchronization process will + initiate for those keys. If no keys are selected, a confirmation prompt + will appear, asking you to confirm if you want to synchronize all public + keys. + +4. **Synchronization Process**: + - The feature works by checking all the public keys in your possession + against the key server. If there is an updated version of a key you own, + GpgFrontend will import the new details to your local keyring. + +![Sync Public Key](https://image.cdn.bktus.com/i/2024/06/15/8771cd76-1a46-321e-8bf9-93d8db2a9f78.webp) + +By following these steps, you can ensure that your public keys are always +up-to-date, enhancing the security and reliability of your cryptographic +communications. ### Choosing the Right Key Server @@ -53,7 +67,7 @@ To know which key server GpgFrontend interacts with, follow these steps: 1. Go to the settings section of GpgFrontend. 2. The default key server configured will be listed here. -![Default Key Server Setting](https://image.cdn.bktus.com/i/2023/11/16/9bcac7e1-e058-84a0-520b-039c64eb3443.webp) +![Default Key Server Setting](https://image.cdn.bktus.com/i/2024/06/15/03471d32-54f2-2be7-53a3-eeee03f74372.webp) _Note: Replace the placeholder text with the actual link to the image showing the key server settings._ diff --git a/src/content/docs/extra/algorithms-comparison.md b/src/content/docs/extra/algorithms-comparison.md new file mode 100644 index 0000000..37308b5 --- /dev/null +++ b/src/content/docs/extra/algorithms-comparison.md @@ -0,0 +1,84 @@ +--- +title: Comparison of Cryptographic Algorithms +sidebar: + label: Comparison of Algorithms +--- + +When choosing cryptographic algorithms for key management and data security, +it's important to understand the differences and use cases for RSA, DSA, ECDSA, +and ECDH. Here’s a detailed comparison to help you make an informed decision: + +## RSA (Rivest-Shamir-Adleman) + +- **Key Characteristics**: RSA is one of the most widely used public key + algorithms. It was introduced in 1977 and is based on the difficulty of + factoring large prime numbers. +- **Key Sizes**: Typically, RSA keys are 2048 bits or larger. For higher + security, keys up to 4096 bits are used. +- **Use Cases**: RSA is versatile and can be used for both encryption and + digital signatures. It is widely supported in legacy systems and remains a + standard for SSL/TLS certificates. +- **Performance**: RSA operations, particularly key generation and decryption, + can be slower compared to elliptic curve algorithms due to larger key sizes. +- **Security**: Provides strong security, but larger key sizes are required as + computational power increases. + +## DSA (Digital Signature Algorithm) + +- **Key Characteristics**: DSA, introduced by NIST in 1991, is primarily used + for digital signatures and is not suitable for encryption. +- **Key Sizes**: Typically uses 1024 to 3072-bit keys, with a recommended + minimum of 2048 bits for new deployments. +- **Use Cases**: Mainly used for digital signatures in various security + protocols. It is less common than RSA and ECDSA. +- **Performance**: Faster at generating keys compared to RSA but slower in + verification. Requires a secure random number for each signature, which if + compromised, can lead to vulnerabilities. +- **Security**: Suitable for digital signatures, but less versatile and not as + widely supported as RSA and ECDSA. + +## ECDSA (Elliptic Curve Digital Signature Algorithm) + +- **Key Characteristics**: ECDSA is based on elliptic curve cryptography (ECC) + and provides equivalent security to RSA with much shorter key lengths. +- **Key Sizes**: Commonly uses 224-bit keys for the same security level as + 2048-bit RSA keys. Higher security levels can be achieved with 256, 384, or + 521-bit keys. +- **Use Cases**: Used for digital signatures, particularly in constrained + environments like mobile devices and IoT due to its efficiency. +- **Performance**: More efficient and faster than RSA for the same security + level. Requires less computational power and bandwidth. +- **Security**: Offers strong security with smaller key sizes, making it + suitable for environments with limited + resources. + +## ECDH (Elliptic Curve Diffie-Hellman) + +- **Key Characteristics**: ECDH is used for key exchange based on elliptic curve + cryptography. It is commonly paired with ECDSA for secure communications. +- **Key Sizes**: Similar to ECDSA, ECDH uses shorter keys for equivalent + security levels (e.g., 256-bit ECDH for 128-bit security). +- **Use Cases**: Ideal for establishing shared secrets over an insecure channel, + often used in conjunction with ECDSA for encryption and authentication. +- **Performance**: Efficient in terms of computational power and key size. + Suitable for applications requiring secure key exchange. +- **Security**: Provides robust security with smaller keys, making it efficient + for both performance and security. + +## Algorithm Flexibility in Primary Keys and Subkeys + +Primary keys are typically limited to RSA, DSA, and ECDSA due to their critical +role in establishing trust and signing other keys. These algorithms are +well-established and extensively audited, providing robust security for identity +verification. + +Subkeys, however, are often used for specific operational tasks such as +encryption and authentication. This allows them to utilize a broader range of +algorithms like ECDH, which is optimized for key exchange. The flexibility in +choosing algorithms for subkeys enhances their efficiency and allows +cryptographic operations to be tailored to specific use cases, providing both +performance and security benefits. + +By understanding the strengths and appropriate use cases for each algorithm, you +can choose the best cryptographic solution for your needs, ensuring both +security and efficiency in your operations. diff --git a/src/content/docs/reference/dependencies.md b/src/content/docs/extra/dependencies.md similarity index 100% rename from src/content/docs/reference/dependencies.md rename to src/content/docs/extra/dependencies.md diff --git a/src/content/docs/guides/encrypt-decrypt-file.md b/src/content/docs/guides/encrypt-decrypt-file.md index c43887e..71be3e3 100644 --- a/src/content/docs/guides/encrypt-decrypt-file.md +++ b/src/content/docs/guides/encrypt-decrypt-file.md @@ -6,63 +6,113 @@ GpgFrontend offers a fast and convenient method for working with files. The encryption and decryption process for files is nearly identical to that of text, with the exception that file operations involve binary input and output. -## File Extension Introduction +## Using File Browser for Encryption and Decryption -For ciphertext in ASCII format, the file extension is typically "asc" and these -files can be opened with a text editor. On the other hand, if the ciphertext is -in binary format, the file extension will be "gpg". Binary ciphertext files are -generally smaller than ASCII format. +After clicking the **File Browser** button, a system directory selection dialog +will appear. Follow these steps to perform encryption, decryption, and signing +operations: + +1. **Open File Browser**: + + - Click the **File Browser** button in the toolbar at the top of the + interface. This will open a system dialog allowing you to choose a + directory. + +2. **Select Directory**: + + - In the system dialog, navigate to the desired directory and select it. Once + selected, a new tab named "File Browser" will open in GpgFrontend, + displaying the contents of the chosen directory. + +3. **Select a File**: + + - In the File Browser tab, you will see a list of files and folders within + the selected directory. Click on the file you want to encrypt, decrypt, or + sign. + +4. **Encrypt the File**: + + - To encrypt a file, first select the file in the File Browser. Then, in the + **Key Toolbox** on the right, select the public key of the recipient by + checking the box next to the desired key. Finally, click the **Encrypt** + button in the toolbar at the top. + +5. **Decrypt the File**: + + - To decrypt a file, select the encrypted file in the File Browser. Ensure + you have the corresponding private key in your keyring. Click the + **Decrypt** button in the toolbar. If the correct key is available, the + file will be decrypted. + +![File Operations](https://image.cdn.bktus.com/i/2024/06/15/a8d7bf2f-54f6-ccc6-7bdd-8bb0d2ba44af.webp) + +By following these steps, you can easily manage file encryption, decryption, and +signing using the GpgFrontend's File Browser feature. This streamlined process +allows you to handle your cryptographic needs directly from the file system +interface. + +## File Extension Requirements + +GpgFrontend supports different file extensions for various cryptographic +operations. Understanding these extensions helps in properly managing encrypted +and signed files. Here’s a breakdown of the file extensions used: + +#### ASCII Format + +- **.asc**: Files with the ".asc" extension are in ASCII format. These files + contain ASCII-armored ciphertext, which is a text representation of the + encrypted data. ASCII format is typically used for easy sharing via email or + text editors, as it ensures compatibility with text-based applications. + +#### Binary Format + +- **.gpg**: Files with the ".gpg" extension are in binary format. Binary + ciphertext files are more compact than their ASCII counterparts and are + generally used for more efficient storage and transmission. They cannot be + viewed directly in text editors, as the content is in a binary format. + +#### Combined Content + +- **.gpg**: When you use the encryption and signing functions together, + GpgFrontend generates a file with the ".gpg" extension. This file contains + both the encrypted content and the signature, ensuring that the recipient can + verify that the ciphertext originates from you. + +To perform decryption and verification operations, you need to use files with +either the ".gpg" or ".asc" extension. These files contain the necessary +ciphertext and signature content required for these operations. + +By adhering to these file extension requirements, you can ensure that your +encrypted and signed files are correctly recognized and processed by +GpgFrontend. + +### Default Output Mode Before version 2.0.4, GpgFrontend generated ciphertext files exclusively in ASCII format. However, beginning with version 2.0.4, GpgFrontend now generates ciphertext files in binary format by default. This setting can be adjusted in the program's settings. -![image-20220112073548736](https://image.cdn.bktus.com/i/2023/11/16/980bff72-7271-b639-e63b-ff1d274edc95.webp) +### Changing Output Mode -## File Browser +To change the output mode between ASCII and binary formats, follow these steps: -From the top menu's "File" option, you can access the file browser by pressing -Ctrl/Command + B. After choosing target directory at system navigator, you -can then use the file browser tab to do some operations on files. By using the -file browser, you can navigate to your working directory and right-click on the -file you wish to work with. This will open a pop-up menu, where you can select -the operation you want to perform on the file. +1. **Open Settings**: -![image-20220112072034647](https://image.cdn.bktus.com/i/2023/11/16/6a137a63-ae76-d45c-b425-5c3e5961aa2d.webp) + - Navigate to the GnuPG Controller settings within GpgFrontend. This can be + done by accessing the settings menu from the main interface. -Located at the top of the file tab are two control buttons. The button on the -left allows you to navigate up one level in the directory hierarchy, while the -button on the right refreshes the input box on the left with the corresponding -path. +2. **Locate Binary Mode Option**: -On the far right of the file tab, there is a button with useful options that you -can select to show system files or hidden files. + - In the settings interface, under the "General" section, locate the option + labeled "Use Binary Mode for File Operations". -![image-20220112072335503](https://image.cdn.bktus.com/i/2023/11/16/1cc208dc-75f7-6e1f-f802-149ed18095af.webp) +3. **Toggle Binary Mode**: + - Check or uncheck this option to switch between binary (gpg) and ASCII (asc) + output formats. Checking the box will enable binary mode, while unchecking + it will revert to ASCII format. -### Encrypt & Sign +By following these steps, you can customize how GpgFrontend handles the format +of ciphertext files according to your preference or needs. -GpgFrontend recommends using the encryption and signature functions in this -method, so that the recipient can verify that the ciphertext originates from -you. You can select one or more recipients' public keys as well as your own -private key to complete this operation. - -When the operation is complete, a file with the ".gpg" extension is generated. -This file contains both encrypted content and signed content. - -![Peek 2022-01-12 07-26](https://image.cdn.bktus.com/i/2023/11/16/e7b1cf22-483d-91a4-e1d1-475ba10c51ad.gif) - -### Decrypt & Verify - -When decrypting this ciphertext, it undergoes verification, which enhances -security. Additionally, you can perform a "Only Verify" operation which verifies -the content without decrypting it. To use this operation, you must select a file -with a ".gpg" or ".asc" extension, which contains the ciphertext and signature -content. - -To encourage users to verify whether the ciphertext is signed or not when -decrypting, Gpg Frontend does not provide a separate decryption operation for -this. - -![Peek 2022-01-12 07-24](https://image.cdn.bktus.com/i/2023/11/16/bf3cca62-d28a-83bd-8676-7cb1bcf94f4c.gif) +![Locate Binary Mode Option](https://image.cdn.bktus.com/i/2024/06/15/1a82922d-4a68-d315-f388-5571a4d93e8f.webp) diff --git a/src/content/docs/guides/generate-key.md b/src/content/docs/guides/generate-key.md index c52f6d9..540ecbf 100644 --- a/src/content/docs/guides/generate-key.md +++ b/src/content/docs/guides/generate-key.md @@ -4,125 +4,110 @@ sidebar: order: 3 --- -Sure, let's go through the process of generating a key pair and subkeys. +GpgFrontend makes it easy to generate a key pair or a subkey for encryption, +signing, and authentication. Follow the steps below to create your own keys. -To generate a key pair using GpgFrontend, follow these steps: +## Steps to Generate a Key Pair -1. Open GpgFrontend and click on the "Generate Key" button. -2. Fill in the required information, such as your name and email address. -3. Choose the type of key you want to generate (RSA, DSA or ECC). -4. Set the key size and expiration date, if desired. -5. Create a passphrase to protect your private key. -6. Click "Generate" to create your key pair. +![Generate A Key Pair](https://image.cdn.bktus.com/i/2024/06/15/5df15149-1890-2645-8452-e7c4798ccd16.webp) -Once your key pair is generated, you can add subkeys to it by following these -steps: +1. **Open Key Management**: -1. Select the key pair you want to add a subkey to. -2. Click on the "Add Subkey" button. -3. Choose the type of subkey you want to add (encryption, signing, - authentication, or all). -4. Set the subkey size and expiration date, if desired. -5. Create a passphrase to protect your subkey. -6. Click "Add" to create your subkey. + - Click on the "New Keypair" button in the Key Management interface. This + will open the Generate Key dialog box. -You can add multiple subkeys to a key pair, each with their own specific -purposes. This allows you to have more control over your key pair's security and -usage. +2. **Fill in Basic Information**: -## Generate Key Pair + - **Name**: Enter your name. The name should be at least 5 characters long. + - **Email Address**: Enter your email address. It should follow the correct + email format. + - **Comment**: Optionally, add a comment to help differentiate this key pair + from others. -You can quickly understand the process of generating a key pair by watching the -following animation. +3. **Set Expiration Date**: -![GIF](https://image.cdn.bktus.com/i/2023/11/16/711f0379-eea6-ee25-2072-8e77d07d2ad5.gif) + - Choose an expiration date for the key pair. By default, GpgFrontend + suggests setting the expiration date to two years after generation. + - Alternatively, you can check the "Never expire" checkbox to make the key + pair permanent. This option can be changed later, even after the key has + expired. -### Name & Email & Comment +4. **Select Key Size and Type**: -The three fields, including name, email, and comment, are used to help users -differentiate this key pair from other key pairs they may have. Among these -three options, name and email are mandatory, while comment is optional. + - **Key Size**: Choose the key size. The default size is 2048 bits. Note that + the size option is only applicable when the key type is RSA or DSA. + - **Key Type**: Select the type of key you want to generate. Available + options include RSA, DSA, ECDSA, ECDSA + ECDH, ECDSA + ECDH NIST P-256, and + ECDSA + ECDH BrainPool P-256. For key types with a plus sign (e.g., ECDSA + + ECDH), a primary key and a corresponding subkey will be generated. -It is important to note that the name should be at least 5 characters long, and -the email should follow the correct format (no actual email account is -required). +5. **Set a Passphrase**: -![uid](https://image.cdn.bktus.com/i/2023/11/16/3ad515e0-6d9e-6507-552c-55101da16836.webp) + - It is crucial to set a passphrase to protect your private key. Uncheck the + "Non Pass Phrase" checkbox and enter a strong, unique passphrase. + - If you prefer not to set a passphrase (not recommended for security + reasons), you can leave the "Non Pass Phrase" checkbox checked. -### Expiration Date +6. **Select Key Usage**: -Setting an expiration date for the key pair is a way to limit the validity of -the key over time. Once the expiration date is reached, the key can still be -used, but its operations, especially signature operations, will be considered -invalid. By default, GpgFrontend suggests setting the expiration date to two -years after generation, but you can also choose to check the "Never expire" -checkbox to make the key pair permanent. + - Specify the usage for the key pair. Options include: + - **Encryption**: For encrypting data. + - **Signing**: For creating digital signatures. + - **Certification**: For certifying other keys (only for primary keys). + - **Authentication**: For authentication purposes, such as SSH keys. + - Note that some usages may not be available depending on the selected key + type. For example, the DSA algorithm does not support encryption. -It's important to note that this option can be changed at any time after -generation, even after the expiration date has passed, as long as the primary -key still exists. +7. **Generate the Key Pair**: + - After filling in all the necessary information and selecting the desired + options, click the "OK" button to generate your key pair. -![expiration-date](https://image.cdn.bktus.com/i/2023/11/16/ce9b446d-a7a0-2944-b8e4-3517c0d3a861.webp) +By following these steps, you can generate a secure key pair using GpgFrontend, +tailored to your specific needs for encryption, signing, and authentication. -### Key Size & Algo +## Steps to Generate a Subkey -Setting an expiration date for the key pair is a way to limit the validity of -the key over time. Once the expiration date is reached, the key can still be -used, but its operations, especially signature operations, will be considered -invalid. By default, GpgFrontend suggests setting the expiration date to two -years after generation, but you can also choose to check the "Never expire" -checkbox to make the key pair permanent. +![Generate A Subkey](https://image.cdn.bktus.com/i/2024/06/15/a56c83bc-72ad-6232-1764-6fef5aeceddd.webp) -It's important to note that this option can be changed at any time after -generation, even after the expiration date has passed, as long as the primary -key still exists. +1. **Open Key Management**: -![keysize-algo](https://image.cdn.bktus.com/i/2023/11/16/4ce5ecfa-7ad0-7a81-cbe1-2ea93f7872ea.webp) + - In the Key Management interface, right-click on the key pair you wish to + add a subkey to. Select the "New Subkey" option from the context menu. -### Passphrase +2. **Fill in Basic Information**: -Setting a password to protect the primary key is crucial in case of a security -breach. If the "Do not set password" checkbox is unchecked, you will be prompted -to enter a password during the key pair generation process. Follow the prompts -to set the password. Once the password is set, whenever you need to use the -primary key for an operation, you will need to enter the password to unlock it -(some systems have a password manager to automate this process). + - **Key Type**: Select the type of subkey you want to generate. Available + options include RSA, DSA, ECDSA, ECDH, ECDH NIST P-256, ECDH NIST P-384, + ECDH NIST P-521, ECDH BrainPool P-256, ECDH BrainPool P-384, and ECDH + BrainPool P-512. + - **Key Size**: Choose the key size. This option is only applicable when the + key type is RSA or DSA. + - **Expiration Date**: Set an expiration date for the subkey. You can also + choose to check the "Never expire" checkbox to make the subkey permanent. -However, you can also check the "Do not set password" checkbox to skip setting a -protection password for the primary key. But this is not recommended due to -security concerns. +3. **Set a Passphrase**: -### Usage + - If the primary key has a passphrase, the subkey's passphrase must be equal + to it. Ensure that the "Non Pass Phrase" checkbox is unchecked if you want + to set a passphrase. -When generating a key pair, you can specify the usage for the first subkey, -which is the primary key. There are four options: +4. **Select Key Usage**: -![usages](https://image.cdn.bktus.com/i/2023/11/16/f9bae59d-9181-2cb8-53a6-b51c0698c613.webp) + - Specify the usage for the subkey. Options include: + - **Encryption**: For encrypting data. + - **Signing**: For creating digital signatures. + - **Authentication**: For authentication purposes, such as SSH keys. + - Note that the certification usage is not available for subkeys. -- Encryption: Once generated, this key can be used for encryption purposes. +5. **Generate the Subkey**: + - After filling in all the necessary information and selecting the desired + options, click the "OK" button to generate your subkey. -- Signing: Once generated, this key can be used for signature purposes. +By following these steps, you can generate a subkey using GpgFrontend, which +enhances the functionality of your primary key pair for various cryptographic +operations. -- Certification: This key can be used to certify or verify other keys. Only the - primary key can have this usage. - -- Authentication: This key can be used for authentication purposes, such as with - SSH keys. - -The third of these four uses (authentication purposes) can only be owned by the -primary key. In addition, some usages are not available when using certain -algorithms for encryption. For example, when the DSA algorithm is selected, the -encryption uses are disabled. - -## Generate Subkey - -It is possible to append subkeys to an existing key pair. The subkey does not -require the input of a name, email, or comment, as the remaining steps are -essentially identical to those for generating a key pair. - -![Generate Subkey](https://image.cdn.bktus.com/i/2023/11/16/4871ee77-5da5-5473-a2be-2d9c29d6b842.gif) - -### Extra note +## Extra Note Below are some guidelines that may prove useful in comprehending the aforementioned concepts and utilizing this tool accurately. @@ -168,8 +153,8 @@ but also provides flexibility in key usage and management. - **Secure Storage**: The primary key should be stored in a highly secure location, preferably offline or in a hardware security module (HSM), to - prevent unauthorized access. This is because the loss or compromise of the - primary key jeopardizes the entire cryptographic framework. + prevent unauthorized access. The loss or compromise of the primary key + jeopardizes the entire cryptographic framework. - **Key Generation and Maintenance**: While tools like GpgFrontend provide user-friendly interfaces for managing keys, they may lack support for advanced @@ -205,3 +190,52 @@ maintaining the integrity and security of cryptographic operations. By adhering to best practices for key usage, storage, and renewal, users can safeguard their digital identities and ensure the confidentiality and authenticity of their communications. + +#### Additional Note on Subkey Algorithm Types + +Subkeys in GpgFrontend offer more algorithm types than primary keys due to their +specialized roles. While primary keys focus on establishing identity and trust, +subkeys are often dedicated to specific tasks like encryption or authentication. +This task-specific design allows subkeys to utilize a broader range of +algorithms, enhancing their flexibility and functionality. For instance, while +primary keys may be restricted to certain secure algorithms for signing, subkeys +can employ diverse algorithms optimized for encryption, like ECDH, ensuring +efficient and secure operations tailored to the user's needs. + +**Primary Key Supported Algorithms:** + +- RSA +- DSA +- ECDSA + +**Subkey Supported Algorithms:** + +- RSA +- DSA +- ECDSA +- ECDH +- ECDH NIST P-256 +- ECDH NIST P-384 +- ECDH NIST P-521 +- ECDH BrainPool P-256 +- ECDH BrainPool P-384 +- ECDH BrainPool P-512 + +**Explanation:** + +The broader range of algorithms available for subkeys arises because subkeys are +designed for specific functions and can therefore leverage specialized +algorithms optimized for those functions. For example, ECDH (Elliptic Curve +Diffie-Hellman) is highly efficient for encryption tasks and is commonly used +for subkeys dedicated to encryption. This flexibility in algorithm choice +ensures that cryptographic operations can be optimized for both performance and +security based on the specific use case. + +Primary keys, however, are central to the user's cryptographic identity and are +primarily used for signing and certifying subkeys. This critical role +necessitates the use of well-established and highly secure algorithms to ensure +the integrity and trustworthiness of the entire cryptographic system. + +By differentiating the algorithms and roles of primary keys and subkeys, +GpgFrontend enhances both security and operational efficiency, allowing users to +maintain a robust and flexible cryptographic setup​. diff --git a/src/content/docs/guides/sign-verify-file.md b/src/content/docs/guides/sign-verify-file.md index c25ddd6..7693bf4 100644 --- a/src/content/docs/guides/sign-verify-file.md +++ b/src/content/docs/guides/sign-verify-file.md @@ -49,55 +49,115 @@ a user-friendly manner. By accommodating binary file operations, it ensures that digital signatures are accessible and applicable across a broad spectrum of file types, reinforcing the pillars of trust and security in digital communications. -## Introduction to File Extensions +## Sign & Verify File -For ASCII-formatted ciphertext, the filename suffix is usually "asc", and these -files can be opened directly with a text editor. However, if the ciphertext is -binary, its file extension will be "sig" or "gpg". Typically, binary ciphertext -files are smaller than ASCII-formatted ones. +GpgFrontend extends its utility from handling text-based operations to +facilitating file operations with ease and security. The principle behind +signing and verifying files mirrors that of text, leveraging the robust +framework of digital signatures. However, a significant distinction lies in the +nature of the input and output for file operations, which can be binary, +accommodating a wider range of file types beyond simple text documents. -Prior to v2.0.4, the ciphertext files generated by GpgFrontend were all in ASCII -format. But starting with v2.0.4, GpgFrontend defaults to generating -binary-formatted ciphertext files. You can modify this setting in the settings. +## Using File Browser for Signing and Verifying -![image-20220112073548736](https://image.cdn.bktus.com/i/2023/11/16/980bff72-7271-b639-e63b-ff1d274edc95.webp) +After clicking the **File Browser** button, a system directory selection dialog +will appear. Follow these steps to perform signing and verifying operations: -## File Browser +1. **Open File Browser**: -You can open the file browser (Ctrl/Command + B) via the top menu file option. -After selecting a target directory at system navigator, you can get a new File -browser tab. Using the file browser, navigate to your working directory. Then, -right-click the file you wish to operate on, and select the desired operation -from the pop-up menu. + - Click the **File Browser** button in the toolbar at the top of the + interface. This will open a system dialog allowing you to choose a + directory. -![File Browser](https://image.cdn.bktus.com/i/2023/11/16/6a137a63-ae76-d45c-b425-5c3e5961aa2d.webp) +2. **Select Directory**: -Two control buttons are located at the top of the file tab. The one on the left -allows you to go up a level, and the one on the right enables you to enter or -refresh the corresponding path in the input box on the left. + - In the system dialog, navigate to the desired directory and select it. Once + selected, a new tab named "File Browser" will open in GpgFrontend, + displaying the contents of the chosen directory. -On the far right is a button offering useful options, such as displaying system -files or hidden files. +3. **Select a File**: -![File Browser 2](https://image.cdn.bktus.com/i/2023/11/16/1cc208dc-75f7-6e1f-f802-149ed18095af.webp) + - In the File Browser tab, you will see a list of files and folders within + the selected directory. Click on the file you want to sign or verify. -### Sign +4. **Sign the File**: -Through the right-click menu, you can rapidly sign a file. This operation will -generate a file with a "sig" or "asc" suffix, which contains the signature -content. In this scenario, you need to pass both this file and the original file -to the other party to allow them to verify it. + - To sign a file, first select the file in the File Browser. Then, in the + **Key Toolbox** on the right, select your private key by checking the box + next to your key. Finally, click the **Sign** button in the toolbar at the + top. -![Sign File](https://image.cdn.bktus.com/i/2023/11/16/ae18811f-12f8-4059-e46f-831929e59414.gif) +5. **Verify the File**: -### Verify + - To verify a file, select the signed file in the File Browser. Ensure you + have the corresponding public key in your keyring. Click the **Verify** + button in the toolbar. If the correct key is available, the file's + signature will be verified. -This operation requires you to select a file with a "gpg" suffix (this may be -invalid for binary file ciphertext) or a file with a "sig" suffix for -verification. +![File Operations](https://image.cdn.bktus.com/i/2024/06/15/e157e4ff-ddaa-3a24-1a6f-a3fb80a55661.webp) -When selecting a file with the "sig" suffix, ensure that the source file is also -present in this directory. This implies that the source file's name is simply -missing a "sig" suffix. +By following these steps, you can easily manage file signing and verifying using +the GpgFrontend's File Browser feature. This streamlined process allows you to +handle your cryptographic needs directly from the file system interface. -![Verify File](https://image.cdn.bktus.com/i/2023/11/16/dbb4d69c-d1a8-d5dc-6422-1cf300bea533.gif) +## File Extension Requirements + +GpgFrontend supports different file extensions for various cryptographic +operations. Understanding these extensions helps in properly managing signed +files. Here’s a breakdown of the file extensions used: + +#### ASCII Format + +- **.asc**: Files with the ".asc" extension are in ASCII format. These files + contain ASCII-armored signatures, which are a text representation of the + signed data. ASCII format is typically used for easy sharing via email or text + editors, as it ensures compatibility with text-based applications. + +#### Binary Format + +- **.sig**: Files with the ".sig" extension are in binary format. Binary + signature files are more compact than their ASCII counterparts and are + generally used for more efficient storage and transmission. They cannot be + viewed directly in text editors, as the content is in a binary format. +- **.gpg**: Files with the ".gpg" extension are also used for binary signatures. + These files are used when both encryption and signing are performed together, + containing both the encrypted content and the signature. + +To perform verification operations, you need to use files with either the +".sig", ".gpg", or ".asc" extension. These files contain the necessary signature +content required for these operations. + +By adhering to these file extension requirements, you can ensure that your +signed files are correctly recognized and processed by GpgFrontend. + +### Default Output Mode + +Before version 2.0.4, GpgFrontend generated signature files exclusively in ASCII +format. However, beginning with version 2.0.4, GpgFrontend now generates +signature files in binary format by default. This setting can be adjusted in the +program's settings. + +### Changing Output Mode + +To change the output mode between ASCII and binary formats, follow these steps: + +1. **Open Settings**: + + - Navigate to the GnuPG Controller settings within GpgFrontend. This can be + done by accessing the settings menu from the main interface. + +2. **Locate Binary Mode Option**: + + - In the settings interface, under the "General" section, locate the option + labeled "Use Binary Mode for File Operations". + +3. **Toggle Binary Mode**: + - Check or uncheck this option to switch between binary (sig/gpg) and ASCII + (asc) output formats. Checking the box will enable binary mode, while + unchecking it will revert to ASCII format. + +By following these steps, you can customize how GpgFrontend handles the format +of signature files according to your preference or needs. + +![Locate Binary Mode +Option](https://image.cdn.bktus.com/i/2024/06/15/1a82922d-4a68-d315-f388-5571a4d93e8f.webp) diff --git a/src/content/docs/guides/symmetric-encrypt-decrypt.md b/src/content/docs/guides/symmetric-encrypt-decrypt.md index c6b7ed5..965b976 100644 --- a/src/content/docs/guides/symmetric-encrypt-decrypt.md +++ b/src/content/docs/guides/symmetric-encrypt-decrypt.md @@ -55,10 +55,87 @@ encryption with GpgFrontend is a testament to the versatility of cryptographic practices, catering to a wide range of security needs with user-friendly solutions. -## How to use it? +## How to Perform Symmetric Encryption -Symmetric encryption is initiated when you click the 'Encrypt' button without -selecting any key in the Key Toolbox. For this type of encryption, a password -must be established for the encryption process. Subsequently, to decrypt the -data, you will need to provide the same password that was used during the -encryption phase. +Performing symmetric encryption with GpgFrontend is a straightforward process. +Follow these steps to encrypt your data using a password: + +1. **Prepare Your Data**: + + - Start by opening GpgFrontend and entering the text you want to encrypt in + the text editor area. You can create a new tab through the "New" option if + needed. + +2. **Initiate Encryption**: + + - Click the 'Encrypt' button in the Operations Bar at the top of the + interface. This button is represented by a padlock icon with the label + "Encrypt". + +3. **No Key Selected**: + + - If no key is selected in the Key Toolbox, a prompt will appear asking if + you want to encrypt with a symmetric cipher using a passphrase. Click "OK" + to proceed. + +4. **Set a Password**: + + - Enter a strong, unique password in the prompt that appears. This password + will be used to encrypt your data. Ensure that the password is complex and + secure, as it will be required to decrypt the data later. + +5. **Encryption Process**: + + - GpgFrontend will use the provided password to encrypt your data, + transforming the plaintext into ciphertext. The resulting encrypted message + will be displayed in the text editor area. + +6. **Save or Share Encrypted Data**: + - You can now save the encrypted message to a file or share it with others. + Remember, the recipient will need the exact password used during encryption + to decrypt the data. + +By following these steps, you can easily encrypt your data using symmetric +encryption in GpgFrontend. This method is ideal for scenarios where you need to +secure data with a password without managing public and private keys. + +![Symmetric Encryption](https://image.cdn.bktus.com/i/2024/06/15/e81042ca-40e4-0ce4-5a44-111a89acb5d1.webp) + +## How to Decrypt Symmetric Encryption? + +Decrypting symmetrically encrypted data with GpgFrontend is straightforward and +similar to decrypting data encrypted with asymmetric encryption. Follow these +steps: + +1. **Copy the Ciphertext**: + + - First, ensure that you have the ciphertext (the encrypted message) copied + to your clipboard. The ciphertext should be in the format typically + generated by GnuPG, enclosed in `-----BEGIN PGP MESSAGE-----` and `-----END +PGP MESSAGE-----` tags. + +2. **Paste the Ciphertext into the Text Editor**: + + - Open GpgFrontend and paste the ciphertext into the text editor area. You + can do this by creating a new tab through the "New" option if needed. + +3. **Click the Decrypt Button**: + + - Click the 'Decrypt' button in the Operations Bar at the top of the + interface. This button is represented by a key icon with the label + "Decrypt". + +4. **Enter the Password**: + + - A prompt will appear asking for the password that was used to encrypt the + data. Enter the correct password and confirm. + +5. **Decryption Process**: + - GpgFrontend will use GnuPG to recognize the type of encryption used and the + corresponding key. If the password is correct, the software will decrypt + the ciphertext and display the readable plaintext in the text editor area. + +By following these steps, you can efficiently decrypt any symmetrically +encrypted data using GpgFrontend. The software's ability to automatically +recognize the encryption type and key ensures a seamless decryption process, +making it easy to access your encrypted information securely. diff --git a/src/content/docs/guides/understand-interface.md b/src/content/docs/guides/understand-interface.md index 9825105..07562f7 100644 --- a/src/content/docs/guides/understand-interface.md +++ b/src/content/docs/guides/understand-interface.md @@ -9,39 +9,46 @@ of the page. The exploration that follows will gradually unveil additional functionalities. Bear in mind that interfaces may vary across different versions. -![Interface](https://image.cdn.bktus.com/i/2023/11/16/27c0bd12-8a1d-b9ae-2ecd-dbde5f96e36f.webp) +![Interface](https://image.cdn.bktus.com/i/2024/06/15/baf33505-c34f-12c7-d897-a60fc9b5b600.webp) ## Text Editor The text editing zone allows you the liberty to input any desired text or -establish a new tab through the "New" choice in the file menu at the top. Moving +establish a new tab through the "New" option in the file menu at the top. Moving or closing tabs can be done with ease as per your needs. Numerous operations can be performed on your text using options available in the -Operations Bar. Alternatively, you may utilize standard shortcuts like -Ctrl+C/V/S for copy, paste, and save operations, or even searching within the -text. +Operations Bar at the top of the interface. You can encrypt, decrypt, sign, and +verify text directly from this menu. Additionally, standard shortcuts like +Ctrl+C, Ctrl+V, and Ctrl+S for copy, paste, and save operations, or searching +within the text using Ctrl+F, are supported. -The edited text within the text box is encoded in UTF8 without any formatting. +The edited text within the text box is encoded in UTF-8 without any formatting. This plain text format ensures that no message alteration leads to confusion. -While we have plans to introduce rich text editing in the future, the specifics -are still being deliberated. +While there are plans to introduce rich text editing in the future, the +specifics are still being deliberated. ### Large Text File Support -GpgFrontend accommodates opening larger files without hindrance. However, when -dealing with relatively large files, editing of the tab won't be feasible until -the entire file is loaded. During this time, despite not being able to edit the -file, you still have the capability to view it. +GpgFrontend accommodates opening larger files without hindrance, with the +current limit set to 1MB per file. When dealing with relatively large files, +editing of the tab won't be feasible until the entire file is loaded. During +this time, despite not being able to edit the file, you still have the +capability to view it. + +It is important to note that opening files larger than 1MB is not supported, as +excessively long text files can cause significant performance issues with the +graphical user interface (GUI). This limitation helps maintain the application's +responsiveness and ensures a smooth user experience. ## Information Board GpgFrontend presents the outcome of the current tab page operation on the -Information Board, signifying the success or failure of the operation. -Additionally, the Information Board's text includes supplementary details to -assist in understanding the particulars of your encryption, decryption, -signature, and other operations. Depending on your language settings, the output -displayed on the dashboard may differ. +Information Board, signifying the success or failure of the operation. The +Information Board's text includes supplementary details to assist in +understanding the particulars of your encryption, decryption, signature, and +other operations. Depending on your language settings, the output displayed on +the dashboard may differ. The Information Board was conceived to provide a comprehensive view of more information within the same space. However, GpgFrontend plans to incorporate a @@ -68,56 +75,48 @@ font size is 10, and it can be modified to any value ranging from 9 to 18. ### Dashboard Actions Menu -The dashboard actions menu facilitates quick and easy access to common -functionalities related to the content of the information board. It empowers -users to efficiently manage and process large chunks of content on the -Information Board for various purposes. +The dashboard actions menu, located below the Information Board, provides quick +and easy access to essential functions related to the content displayed. It +empowers users to efficiently manage and process large chunks of information for +various purposes. #### Copy This function allows users to swiftly capture significant portions of content -from the Information Board for other applications. +from the Information Board for use in other applications. Simply select the +content you need and use this button to copy it to the clipboard. #### Save File -This operation archives the contents of the information board into the file -system, utilizing the UTF-8 format. Although the resultant output file lacks a -suffix, it is essentially in a plain text format. +This operation archives the contents of the Information Board into the file +system in UTF-8 format. Although the resultant output file does not have a +suffix, it is essentially plain text and can be opened with any text editor. #### Clear -This command promptly purges all content from the information board. The -clearance includes both the contents and statuses of the information board. A -new operation (such as encryption) will automatically trigger this clearing -process. +This command promptly purges all content from the Information Board, including +both the displayed contents and statuses. Any new operation, such as encryption +or decryption, will automatically trigger this clearing process, ensuring that +the Information Board always displays the most current and relevant information. -### Optional Actions Menu +## Key Toolbox -In addition to the Information Board, an Optional Actions Menu will be presented -below it. If any auxiliary operations can be performed post your main operation -(such as displaying more detailed information, sending encrypted text via email, -etc.), the access points for these supplementary tasks will be made available -here. - -## Key ToolBox - -This feature presents a comprehensive list of key pairs stored on your device, -intended for use with Gpg operations. The keys within the ToolBox are classified -into multiple categories, each corresponding to a unique usage context. -Additionally, the ToolBox provides access to a variety of common operations, all -of which can be found in the Key List Menu. +The Key Toolbox on the right side of the interface lists all available keys, +including public and private keys. The columns provide details such as key type, +name, and email address. You can select keys from this list to perform various +operations such as encryption, decryption, signing, and verification. ### Usage Most Gpg-related operations require specifying a key pair (for tasks like encryption, decryption, signature, etc.). You can select the checkbox in the -first column of the Key ToolBox's table to designate one or more keys for your +first column of the Key Toolbox's table to designate one or more keys for your operation. Categories that contain only public keys are frequently utilized in cryptographic scenarios. ### Classification -The ToolBox showcases categories via tabbed display. None of these categories +The Toolbox showcases categories via tabbed display. None of these categories include any expired or revoked keys. To view such keys, you should refer to the Key Manager. The default category comprises all private and public keys. During any operation, only the keys from the currently selected category will be @@ -128,7 +127,7 @@ considered for input. Understanding this list is crucial. Let's walk through its components step by step. -- **Select**: Check the box in this column to notify Gpg Frontend that you wish +- **Select**: Check the box in this column to notify GpgFrontend that you wish to use the key from this row for your subsequent operation. - **Type**: This column informs you about the key type and whether the primary @@ -165,13 +164,23 @@ step. ## Operations Bar -Here, you can execute corresponding operations by clicking on the buttons -provided. For instance, after inputting text into a text editor and specifying -the desired key in the key toolbox, you can click the encryption button to -perform the operation. +The Operations Bar at the top includes the following functions: -Some operations require key specification, while others do not, as will be -detailed in the respective sections of this document. +1. New: Create a new text file tab. +2. Open: Open an existing text file. +3. File Browser: Browse and select files from your system. +4. Encrypt: Encrypt the text or file. +5. Encrypt Sign: Encrypt and sign the text or file. +6. Decrypt: Decrypt the text or file. +7. Decrypt Verify: Decrypt and verify the text or file. +8. Sign: Sign the text or file. +9. Verify: Verify the signature of the text or file. +10. Manage Keys: Open the key management interface. +11. Import Key: Import a new key through some approaches. + +This interface provides a comprehensive suite of tools for managing and +utilizing your cryptographic keys and performing various encryption-related +operations with ease. ### Customization diff --git a/src/content/docs/guides/view-keypair-info.md b/src/content/docs/guides/view-keypair-info.md index d24c2d0..7661e56 100644 --- a/src/content/docs/guides/view-keypair-info.md +++ b/src/content/docs/guides/view-keypair-info.md @@ -10,18 +10,13 @@ key toolbox or key management interface and selecting "Show key details". This section may include a brief introduction to gpg-related concepts and could be relatively long. -Below is a screenshot of a friend's public key that I obtained from the key -server. - -![View Key Pair Details](https://image.cdn.bktus.com/i/2023/11/16/8d50f6db-909d-0840-e991-fec3f4263709.webp) - -And here is a randomly generated private key. The most significant difference +Here is a randomly generated private key. The most significant difference between this and the previous key is that the key pair with only the public key is used for encryption only, but if you possess the private key, you can perform more actions (it also depends on your algorithm; DSA can only be used for signatures). -![View Key Pair Details 1](https://image.cdn.bktus.com/i/2023/11/16/d65e11fe-920f-50b5-640d-2f24c4d4fc58.webp) +![View Key Pair Details 1](https://image.cdn.bktus.com/i/2024/06/15/9f5b0089-923f-33e1-d2cd-f7690ec2d050.webp) ## General Info @@ -37,7 +32,7 @@ set it as the primary UID to change it. According to the OpenPGP protocol, this part is divided into Name, Email, and Comment. -![View Key Pair Details Owner](https://image.cdn.bktus.com/i/2023/11/16/a6460514-4dd8-29be-5d04-31a72474b1fa.webp) +![View Key Pair Details Owner](https://image.cdn.bktus.com/i/2024/06/15/30066ecc-ec79-ee27-a3ed-5faad0e6934f.webp) ### Primary Key @@ -53,7 +48,7 @@ not exist, but this doesn't mean that neither the public key nor the private key exists. Please remember: Each subkey and primary key consist of a pair of public and private keys. -![View Key Pair Details Primary Key](https://image.cdn.bktus.com/i/2023/11/16/aacb259b-44db-79d2-1899-3da8675ac36c.webp) +![View Key Pair Details Primary Key](https://image.cdn.bktus.com/i/2024/06/15/8cd3691e-70dc-1239-5f80-9a89f1d342ba.webp) #### Key ID @@ -67,8 +62,20 @@ is shorter and more user-friendly. This refers to the algorithm used for key generation. This also pertains to the generation algorithm of the primary key. The generation algorithm determines the properties and capabilities of the key. Algorithms such as RSA can be used for -encryption and signature, but DSA can only be used for signature. However, the -DSA key length can be shorter. +both encryption and signatures, whereas DSA can only be used for signatures. +More modern algorithms like ECDH (Elliptic-curve Diffie-Hellman) are used for +secure key exchange, and ECDSA (Elliptic Curve Digital Signature Algorithm) is +employed for digital signatures. These elliptic curve algorithms offer enhanced +security with shorter key lengths compared to traditional algorithms. + +### Algorithm Detail + +Algorithm Detail displays both the key type and the key length. In some cases, +the key algorithm shown here is more precise. For example, it can specify +particular algorithms such as ED25519 or NISTP256, providing detailed +information about the specific cryptographic methods employed. + +![Algorithm Detail](https://image.cdn.bktus.com/i/2024/06/15/1e2fba1d-5d5a-738c-a51f-6a3732f6e296.webp) #### Key Size @@ -118,7 +125,7 @@ other key pairs. ### Fingerprint -![View Key Pair Details Fingerprint](https://image.cdn.bktus.com/i/2023/11/16/7f2bc76d-12e2-57c1-21fc-4e98f9b9a750.webp) +![View Key Pair Details Fingerprint](https://image.cdn.bktus.com/i/2024/06/15/e3250448-a947-a583-eea9-464847e9da32.webp) The fingerprint of the key pair is used for humans to quickly compare whether the key pair is the expected key pair. This field is unique for all keys in the @@ -135,7 +142,7 @@ pair is what they expected. However, for accurate identification, fingerprints or key IDs should be compared. A key can have multiple UIDs, but a key pair can only have one primary UID, which is always listed first in the interface. -![View Key Pair Details UID](https://image.cdn.bktus.com/i/2023/11/16/de721eb6-3761-1912-8d99-dd0224a2a5e2.webp) +![View Key Pair Details UID](https://image.cdn.bktus.com/i/2024/06/15/b502d2b6-db02-7d52-f82f-8e4c2e056276.webp) UID has three elements: Name, Email, Comment. The name should be at least five characters long, and the email should conform to the format. The rules for @@ -151,10 +158,18 @@ keyring with their signature to the keyserver. If many people do the same, the public key on the keyserver will have numerous signatures, making it trustworthy. +![Signatures of UID](https://image.cdn.bktus.com/i/2024/06/15/81d4f9bd-5c4e-ad22-25dc-f5a4a0c3d9af.webp) + You can also use the primary key of another key pair to sign a UID. Generally, a primary UID of a key pair with many valid signatures is considered more trustworthy. +As shown in the image, some signatures do not have the signer's UID identified. +If you need to identify these signatures, you can try importing the +corresponding key from other sources, such as key servers. The Key ID is already +provided, which can help you locate and import the necessary keys to recognize +the signer's UID. + ## Subkey Info The sub-key mechanism is a crucial feature of GPG that improves both flexibility @@ -174,6 +189,8 @@ points: - The disclosure of a subkey only affects that subkey, while the disclosure of the primary key endangers the entire key pair. +![Subkeys Details](https://image.cdn.bktus.com/i/2024/06/15/49283a38-47ec-4ff3-5c84-8167a97ab68e.webp) + The primary key and all subkeys in the key pair are displayed on the interface. Some information about the key is also listed below. @@ -188,12 +205,95 @@ and is irreversible. In this column, what you can do differs for a key pair that only has a public key and a key pair that includes a private key. -Here's what you can do with a public key-only key pair: +### Operations on a Public Key -![View Key Pair Details Operations](https://image.cdn.bktus.com/i/2023/11/16/13065e1e-61ff-5626-f571-7d8eddd79053.webp) +This interface provides various general operations that can be performed on the +selected public key. Below is an explanation of each button's function: -And here's what you can do with a key pair that includes a private key: +![View Key Pair Details Operations](https://image.cdn.bktus.com/i/2024/06/15/5748a38d-7804-2cca-ecff-bdbfc186290f.webp) -![View Key Pair Details Operations 1](https://image.cdn.bktus.com/i/2023/11/16/6534f339-0b6e-e3ab-0318-78c06c30ac07.webp) +1. **Export Public Key**: -These operations will be explained in detail throughout the documentation. + - **Function**: This button allows you to export the public key to a file. + Exporting a public key is useful when you need to share it with others or + upload it to a keyserver. The exported file can then be distributed or + backed up as needed. + +2. **Key Server Operation (Pubkey)**: + + - **Function**: This dropdown menu provides options for interacting with + keyservers. A keyserver is a repository where public keys are stored and + can be retrieved by others. The operations might include uploading your + public key to a keyserver, refreshing your public key with updates from the + keyserver, or searching for other public keys on the keyserver. + +3. **Set Owner Trust Level**: + - **Function**: This button allows you to set the trust level for the owner + of the public key. Trust levels are part of the web of trust model used in + public key infrastructures. By setting the trust level, you indicate how + much you trust the key owner to correctly verify and sign other keys. This + affects how your system evaluates the validity of signatures made by the + key owner. + +These operations facilitate the management and sharing of public keys, helping +to establish and maintain trust within a cryptographic system. + +### Operations on a Private Key + +This interface provides various general operations that can be performed on the +selected key pair, including both public and private key operations. Below is an +explanation of each button's function: + +![View Key Pair Details Operations 1](https://image.cdn.bktus.com/i/2024/06/15/68cb4069-5db5-6057-c122-9b9dc2a862f1.webp) + +1. **Export Public Key**: + + - **Function**: This button allows you to export the public key to a file. + This is useful for sharing your public key with others or for uploading it + to a keyserver. The exported file can be distributed or backed up as + needed. + +2. **Export Private Key**: + + - **Function**: This button provides options for exporting the private key. + There are typically two modes for exporting: + - **Export Complete Private Key**: This exports the entire private key, + including all associated information. It is used when you need a full + backup or when transferring the key to another system. + - **Export Minimal Private Key**: This exports only the essential + components of the private key, minimizing the amount of data. This can be + useful for more secure key transfers or for environments with specific + security requirements. + +3. **Modify Expiration Datetime (Primary Key)**: + + - **Function**: This button allows you to modify the expiration date and time + of the primary key. This is important for managing the key's lifecycle and + ensuring that it remains valid for the desired period. Adjusting the + expiration date can help maintain security by ensuring keys are + periodically reviewed and updated. + +4. **Modify Password**: + + - **Function**: This button enables you to change the password that protects + the private key. Changing the password can enhance security, especially if + you suspect that the current password may have been compromised or if you + want to follow best practices for regular password updates. + +5. **Key Server Operation (Pubkey)**: + + - **Function**: This dropdown menu provides options for interacting with + keyservers using the public key. Operations might include uploading the + public key to a keyserver, or refreshing the key from the keyserver. + Keyservers facilitate the distribution and retrieval of public keys. + +6. **Revoke Certificate Operation**: + - **Function**: This dropdown menu provides options for revoking a key + certificate. Revoking a certificate is necessary if the key has been + compromised or if it is no longer needed. This action invalidates the key, + ensuring it cannot be used maliciously. The revocation information is + typically uploaded to a keyserver so that others are aware of the key's + revoked status. + +These operations help manage the lifecycle of key pairs, ensuring their secure +use and proper distribution. diff --git a/src/content/docs/overview/downloads.md b/src/content/docs/overview/downloads.md index 2f9f5a1..ff5a031 100644 --- a/src/content/docs/overview/downloads.md +++ b/src/content/docs/overview/downloads.md @@ -4,7 +4,6 @@ sidebar: order: 3 --- - GpgFrontend is available for download through multiple channels. For more detailed instructions on installation and getting started, please refer to the [Getting Started Guide](../getting-started/). diff --git a/src/content/docs/overview/faq.md b/src/content/docs/overview/faq.md index ba77c65..6bfe083 100644 --- a/src/content/docs/overview/faq.md +++ b/src/content/docs/overview/faq.md @@ -16,7 +16,7 @@ GpgFrontend supports digital signatures to verify the integrity and origin of messages. Users can manage and generate key pairs, encrypt files and emails, and sign their communications for added security. -**How can I obtain and start using GpgFrontend?** You can download the latest version of GpgFrontend from [GpgFrontend's Downloads Page](../downloads/) and choose the installtion method for your platform. +**How can I obtain and start using GpgFrontend?** You can download the latest version of GpgFrontend from [GpgFrontend's Downloads Page](../downloads/) and choose the installation method for your platform. ## OpenPGP and GnuPG Explained diff --git a/src/content/docs/overview/glance.md b/src/content/docs/overview/glance.md index 92791f3..14d9fcb 100644 --- a/src/content/docs/overview/glance.md +++ b/src/content/docs/overview/glance.md @@ -12,7 +12,7 @@ encryption, decryption, and digital signing, offering a seamless interface for managing OpenPGP tasks. Embrace the latest features of GnuPG 2.x, enhancing your security in the digital age. -**Document Version Reference: [v2.1.2](https://github.com/saturneric/GpgFrontend/releases/tag/v2.1.2)** +**Document Version Reference: [v2.1.3](https://github.com/saturneric/GpgFrontend/releases/tag/v2.1.2)** ## User Interface Glimpse @@ -20,7 +20,7 @@ _Note: GpgFrontend's appearance may vary across different operating systems and themes. Always refer to the corresponding version of the software for the most accurate documentation._ -![GpgFrontend Interface](https://image.cdn.bktus.com/i/2024/02/02/a7e9e762-a8fa-6e52-2728-1488e338e5ef.webp) +![GpgFrontend Interface](https://image.cdn.bktus.com/i/2024/06/15/0408b896-6472-4677-b0d1-96f5b9e54a3b.webp) ## Project Origins and Mission