feat: fit documents to v2.1.3

This commit is contained in:
saturneric 2024-06-14 22:11:13 +02:00
parent 47434d191d
commit 0d806fc1d0
14 changed files with 733 additions and 271 deletions

View File

@ -45,9 +45,9 @@ export default defineConfig({
}, },
}, },
{ {
label: "Reference", label: "Extra",
autogenerate: { autogenerate: {
directory: "reference", directory: "extra",
}, },
}, },
], ],

View File

@ -70,7 +70,42 @@ To transfer the KeyPackage:
2. Once transferred, import the KeyPackage into the key management tool on the 2. Once transferred, import the KeyPackage into the key management tool on the
target device using the passphrase set during the creation process. target device using the passphrase set during the creation process.
## After Transfer: Importing and Verifying ## After Transfer: Importing
To import the KeyPackage after transferring it to the target device, follow
these steps:
![Importing KeyPackage](https://image.cdn.bktus.com/i/2024/06/15/a086df66-bdac-74fb-9a2c-35cddd224564.webp)
1. **Initiate Import**:
- Open the key management tool on the target device and click on the "Import
Key" button.
2. **Select KeyPackage Option:**
- As shown in the image, from the dropdown menu, select the "Key Package"
option. This indicates that you will be importing a KeyPackage.
3. **Select KeyPackage File**:
- A file selection dialog will appear. First, choose the `.gpgpack` file that
you transferred. This file contains the packaged keys.
4. **Select Key File**:
- After selecting the `.gpgpack` file, another file selection dialog will
prompt you to choose the corresponding key file. This key file is used to
decrypt the KeyPackage.
5. **Import Keys**:
- Once both files are selected, the key management tool will automatically
import the keys contained within the KeyPackage. You will be prompted to
enter the passphrase that was set during the creation of the KeyPackage to
complete the import process.
By following these steps, you can securely import your cryptographic keys from
the KeyPackage into the key management tool on the target device.
## Best Practices ## Best Practices

View File

@ -28,23 +28,37 @@ authenticate signatures made with the new subkey.
GpgFrontend automates the public key synchronization process through a GpgFrontend automates the public key synchronization process through a
user-friendly interface. Heres how to use it: user-friendly interface. Heres how to use it:
1. Open the **Key Management** interface. 1. **Open the Key Management Interface**:
2. In the list of public keys, you can now select specific keys to sync by
checking the boxes next to them.
3. Locate and click the **Sync Public Key** button. This initiates the automatic
synchronization for the selected keys. If no keys are selected, all public
keys will be synchronized. In this case, a confirmation prompt will appear to
confirm full synchronization.
![Sync Public Key - Navigate to the Key Management interface by clicking on the "Manage Keys"
Button](https://image.cdn.bktus.com/i/2023/11/16/e2129464-6bd7-3fd4-e359-3a1f7a25bfd6.webp) button in the main interface.
_Note: Replace the placeholder text with the actual link to the image showing 2. **Select Keys to Sync**:
the Sync Public Key button._
The feature works by checking all the public keys in your possession against the - In the list of public keys, you can select specific keys to sync by
key server. If there's an updated version of a key you own, GpgFrontend will checking the boxes next to them. If you want to sync all public keys, you
import the new details to your local keyring. do not need to select any specific keys.
3. **Click the Sync Public Key Button**:
- Locate and click the **Sync Public Key** button. This button is represented
by a cloud icon with a refresh symbol, located in the toolbar at the top of
the Key Management interface.
- If you have selected specific keys, the synchronization process will
initiate for those keys. If no keys are selected, a confirmation prompt
will appear, asking you to confirm if you want to synchronize all public
keys.
4. **Synchronization Process**:
- The feature works by checking all the public keys in your possession
against the key server. If there is an updated version of a key you own,
GpgFrontend will import the new details to your local keyring.
![Sync Public Key](https://image.cdn.bktus.com/i/2024/06/15/8771cd76-1a46-321e-8bf9-93d8db2a9f78.webp)
By following these steps, you can ensure that your public keys are always
up-to-date, enhancing the security and reliability of your cryptographic
communications.
### Choosing the Right Key Server ### Choosing the Right Key Server
@ -53,7 +67,7 @@ To know which key server GpgFrontend interacts with, follow these steps:
1. Go to the settings section of GpgFrontend. 1. Go to the settings section of GpgFrontend.
2. The default key server configured will be listed here. 2. The default key server configured will be listed here.
![Default Key Server Setting](https://image.cdn.bktus.com/i/2023/11/16/9bcac7e1-e058-84a0-520b-039c64eb3443.webp) ![Default Key Server Setting](https://image.cdn.bktus.com/i/2024/06/15/03471d32-54f2-2be7-53a3-eeee03f74372.webp)
_Note: Replace the placeholder text with the actual link to the image showing _Note: Replace the placeholder text with the actual link to the image showing
the key server settings._ the key server settings._

View File

@ -0,0 +1,84 @@
---
title: Comparison of Cryptographic Algorithms
sidebar:
label: Comparison of Algorithms
---
When choosing cryptographic algorithms for key management and data security,
it's important to understand the differences and use cases for RSA, DSA, ECDSA,
and ECDH. Heres a detailed comparison to help you make an informed decision:
## RSA (Rivest-Shamir-Adleman)
- **Key Characteristics**: RSA is one of the most widely used public key
algorithms. It was introduced in 1977 and is based on the difficulty of
factoring large prime numbers.
- **Key Sizes**: Typically, RSA keys are 2048 bits or larger. For higher
security, keys up to 4096 bits are used.
- **Use Cases**: RSA is versatile and can be used for both encryption and
digital signatures. It is widely supported in legacy systems and remains a
standard for SSL/TLS certificates.
- **Performance**: RSA operations, particularly key generation and decryption,
can be slower compared to elliptic curve algorithms due to larger key sizes.
- **Security**: Provides strong security, but larger key sizes are required as
computational power increases.
## DSA (Digital Signature Algorithm)
- **Key Characteristics**: DSA, introduced by NIST in 1991, is primarily used
for digital signatures and is not suitable for encryption.
- **Key Sizes**: Typically uses 1024 to 3072-bit keys, with a recommended
minimum of 2048 bits for new deployments.
- **Use Cases**: Mainly used for digital signatures in various security
protocols. It is less common than RSA and ECDSA.
- **Performance**: Faster at generating keys compared to RSA but slower in
verification. Requires a secure random number for each signature, which if
compromised, can lead to vulnerabilities.
- **Security**: Suitable for digital signatures, but less versatile and not as
widely supported as RSA and ECDSA.
## ECDSA (Elliptic Curve Digital Signature Algorithm)
- **Key Characteristics**: ECDSA is based on elliptic curve cryptography (ECC)
and provides equivalent security to RSA with much shorter key lengths.
- **Key Sizes**: Commonly uses 224-bit keys for the same security level as
2048-bit RSA keys. Higher security levels can be achieved with 256, 384, or
521-bit keys.
- **Use Cases**: Used for digital signatures, particularly in constrained
environments like mobile devices and IoT due to its efficiency.
- **Performance**: More efficient and faster than RSA for the same security
level. Requires less computational power and bandwidth.
- **Security**: Offers strong security with smaller key sizes, making it
suitable for environments with limited
resources.
## ECDH (Elliptic Curve Diffie-Hellman)
- **Key Characteristics**: ECDH is used for key exchange based on elliptic curve
cryptography. It is commonly paired with ECDSA for secure communications.
- **Key Sizes**: Similar to ECDSA, ECDH uses shorter keys for equivalent
security levels (e.g., 256-bit ECDH for 128-bit security).
- **Use Cases**: Ideal for establishing shared secrets over an insecure channel,
often used in conjunction with ECDSA for encryption and authentication.
- **Performance**: Efficient in terms of computational power and key size.
Suitable for applications requiring secure key exchange.
- **Security**: Provides robust security with smaller keys, making it efficient
for both performance and security.
## Algorithm Flexibility in Primary Keys and Subkeys
Primary keys are typically limited to RSA, DSA, and ECDSA due to their critical
role in establishing trust and signing other keys. These algorithms are
well-established and extensively audited, providing robust security for identity
verification.
Subkeys, however, are often used for specific operational tasks such as
encryption and authentication. This allows them to utilize a broader range of
algorithms like ECDH, which is optimized for key exchange. The flexibility in
choosing algorithms for subkeys enhances their efficiency and allows
cryptographic operations to be tailored to specific use cases, providing both
performance and security benefits.
By understanding the strengths and appropriate use cases for each algorithm, you
can choose the best cryptographic solution for your needs, ensuring both
security and efficiency in your operations.

View File

@ -6,63 +6,113 @@ GpgFrontend offers a fast and convenient method for working with files. The
encryption and decryption process for files is nearly identical to that of text, encryption and decryption process for files is nearly identical to that of text,
with the exception that file operations involve binary input and output. with the exception that file operations involve binary input and output.
## File Extension Introduction ## Using File Browser for Encryption and Decryption
For ciphertext in ASCII format, the file extension is typically "asc" and these After clicking the **File Browser** button, a system directory selection dialog
files can be opened with a text editor. On the other hand, if the ciphertext is will appear. Follow these steps to perform encryption, decryption, and signing
in binary format, the file extension will be "gpg". Binary ciphertext files are operations:
generally smaller than ASCII format.
1. **Open File Browser**:
- Click the **File Browser** button in the toolbar at the top of the
interface. This will open a system dialog allowing you to choose a
directory.
2. **Select Directory**:
- In the system dialog, navigate to the desired directory and select it. Once
selected, a new tab named "File Browser" will open in GpgFrontend,
displaying the contents of the chosen directory.
3. **Select a File**:
- In the File Browser tab, you will see a list of files and folders within
the selected directory. Click on the file you want to encrypt, decrypt, or
sign.
4. **Encrypt the File**:
- To encrypt a file, first select the file in the File Browser. Then, in the
**Key Toolbox** on the right, select the public key of the recipient by
checking the box next to the desired key. Finally, click the **Encrypt**
button in the toolbar at the top.
5. **Decrypt the File**:
- To decrypt a file, select the encrypted file in the File Browser. Ensure
you have the corresponding private key in your keyring. Click the
**Decrypt** button in the toolbar. If the correct key is available, the
file will be decrypted.
![File Operations](https://image.cdn.bktus.com/i/2024/06/15/a8d7bf2f-54f6-ccc6-7bdd-8bb0d2ba44af.webp)
By following these steps, you can easily manage file encryption, decryption, and
signing using the GpgFrontend's File Browser feature. This streamlined process
allows you to handle your cryptographic needs directly from the file system
interface.
## File Extension Requirements
GpgFrontend supports different file extensions for various cryptographic
operations. Understanding these extensions helps in properly managing encrypted
and signed files. Heres a breakdown of the file extensions used:
#### ASCII Format
- **.asc**: Files with the ".asc" extension are in ASCII format. These files
contain ASCII-armored ciphertext, which is a text representation of the
encrypted data. ASCII format is typically used for easy sharing via email or
text editors, as it ensures compatibility with text-based applications.
#### Binary Format
- **.gpg**: Files with the ".gpg" extension are in binary format. Binary
ciphertext files are more compact than their ASCII counterparts and are
generally used for more efficient storage and transmission. They cannot be
viewed directly in text editors, as the content is in a binary format.
#### Combined Content
- **.gpg**: When you use the encryption and signing functions together,
GpgFrontend generates a file with the ".gpg" extension. This file contains
both the encrypted content and the signature, ensuring that the recipient can
verify that the ciphertext originates from you.
To perform decryption and verification operations, you need to use files with
either the ".gpg" or ".asc" extension. These files contain the necessary
ciphertext and signature content required for these operations.
By adhering to these file extension requirements, you can ensure that your
encrypted and signed files are correctly recognized and processed by
GpgFrontend.
### Default Output Mode
Before version 2.0.4, GpgFrontend generated ciphertext files exclusively in Before version 2.0.4, GpgFrontend generated ciphertext files exclusively in
ASCII format. However, beginning with version 2.0.4, GpgFrontend now generates ASCII format. However, beginning with version 2.0.4, GpgFrontend now generates
ciphertext files in binary format by default. This setting can be adjusted in ciphertext files in binary format by default. This setting can be adjusted in
the program's settings. the program's settings.
![image-20220112073548736](https://image.cdn.bktus.com/i/2023/11/16/980bff72-7271-b639-e63b-ff1d274edc95.webp) ### Changing Output Mode
## File Browser To change the output mode between ASCII and binary formats, follow these steps:
From the top menu's "File" option, you can access the file browser by pressing 1. **Open Settings**:
Ctrl/Command + B. After choosing target directory at system navigator, you
can then use the file browser tab to do some operations on files. By using the
file browser, you can navigate to your working directory and right-click on the
file you wish to work with. This will open a pop-up menu, where you can select
the operation you want to perform on the file.
![image-20220112072034647](https://image.cdn.bktus.com/i/2023/11/16/6a137a63-ae76-d45c-b425-5c3e5961aa2d.webp) - Navigate to the GnuPG Controller settings within GpgFrontend. This can be
done by accessing the settings menu from the main interface.
Located at the top of the file tab are two control buttons. The button on the 2. **Locate Binary Mode Option**:
left allows you to navigate up one level in the directory hierarchy, while the
button on the right refreshes the input box on the left with the corresponding
path.
On the far right of the file tab, there is a button with useful options that you - In the settings interface, under the "General" section, locate the option
can select to show system files or hidden files. labeled "Use Binary Mode for File Operations".
![image-20220112072335503](https://image.cdn.bktus.com/i/2023/11/16/1cc208dc-75f7-6e1f-f802-149ed18095af.webp) 3. **Toggle Binary Mode**:
- Check or uncheck this option to switch between binary (gpg) and ASCII (asc)
output formats. Checking the box will enable binary mode, while unchecking
it will revert to ASCII format.
### Encrypt & Sign By following these steps, you can customize how GpgFrontend handles the format
of ciphertext files according to your preference or needs.
GpgFrontend recommends using the encryption and signature functions in this ![Locate Binary Mode Option](https://image.cdn.bktus.com/i/2024/06/15/1a82922d-4a68-d315-f388-5571a4d93e8f.webp)
method, so that the recipient can verify that the ciphertext originates from
you. You can select one or more recipients' public keys as well as your own
private key to complete this operation.
When the operation is complete, a file with the ".gpg" extension is generated.
This file contains both encrypted content and signed content.
![Peek 2022-01-12 07-26](https://image.cdn.bktus.com/i/2023/11/16/e7b1cf22-483d-91a4-e1d1-475ba10c51ad.gif)
### Decrypt & Verify
When decrypting this ciphertext, it undergoes verification, which enhances
security. Additionally, you can perform a "Only Verify" operation which verifies
the content without decrypting it. To use this operation, you must select a file
with a ".gpg" or ".asc" extension, which contains the ciphertext and signature
content.
To encourage users to verify whether the ciphertext is signed or not when
decrypting, Gpg Frontend does not provide a separate decryption operation for
this.
![Peek 2022-01-12 07-24](https://image.cdn.bktus.com/i/2023/11/16/bf3cca62-d28a-83bd-8676-7cb1bcf94f4c.gif)

View File

@ -4,125 +4,110 @@ sidebar:
order: 3 order: 3
--- ---
Sure, let's go through the process of generating a key pair and subkeys. GpgFrontend makes it easy to generate a key pair or a subkey for encryption,
signing, and authentication. Follow the steps below to create your own keys.
To generate a key pair using GpgFrontend, follow these steps: ## Steps to Generate a Key Pair
1. Open GpgFrontend and click on the "Generate Key" button. ![Generate A Key Pair](https://image.cdn.bktus.com/i/2024/06/15/5df15149-1890-2645-8452-e7c4798ccd16.webp)
2. Fill in the required information, such as your name and email address.
3. Choose the type of key you want to generate (RSA, DSA or ECC).
4. Set the key size and expiration date, if desired.
5. Create a passphrase to protect your private key.
6. Click "Generate" to create your key pair.
Once your key pair is generated, you can add subkeys to it by following these 1. **Open Key Management**:
steps:
1. Select the key pair you want to add a subkey to. - Click on the "New Keypair" button in the Key Management interface. This
2. Click on the "Add Subkey" button. will open the Generate Key dialog box.
3. Choose the type of subkey you want to add (encryption, signing,
authentication, or all).
4. Set the subkey size and expiration date, if desired.
5. Create a passphrase to protect your subkey.
6. Click "Add" to create your subkey.
You can add multiple subkeys to a key pair, each with their own specific 2. **Fill in Basic Information**:
purposes. This allows you to have more control over your key pair's security and
usage.
## Generate Key Pair - **Name**: Enter your name. The name should be at least 5 characters long.
- **Email Address**: Enter your email address. It should follow the correct
email format.
- **Comment**: Optionally, add a comment to help differentiate this key pair
from others.
You can quickly understand the process of generating a key pair by watching the 3. **Set Expiration Date**:
following animation.
![GIF](https://image.cdn.bktus.com/i/2023/11/16/711f0379-eea6-ee25-2072-8e77d07d2ad5.gif) - Choose an expiration date for the key pair. By default, GpgFrontend
suggests setting the expiration date to two years after generation.
- Alternatively, you can check the "Never expire" checkbox to make the key
pair permanent. This option can be changed later, even after the key has
expired.
### Name & Email & Comment 4. **Select Key Size and Type**:
The three fields, including name, email, and comment, are used to help users - **Key Size**: Choose the key size. The default size is 2048 bits. Note that
differentiate this key pair from other key pairs they may have. Among these the size option is only applicable when the key type is RSA or DSA.
three options, name and email are mandatory, while comment is optional. - **Key Type**: Select the type of key you want to generate. Available
options include RSA, DSA, ECDSA, ECDSA + ECDH, ECDSA + ECDH NIST P-256, and
ECDSA + ECDH BrainPool P-256. For key types with a plus sign (e.g., ECDSA +
ECDH), a primary key and a corresponding subkey will be generated.
It is important to note that the name should be at least 5 characters long, and 5. **Set a Passphrase**:
the email should follow the correct format (no actual email account is
required).
![uid](https://image.cdn.bktus.com/i/2023/11/16/3ad515e0-6d9e-6507-552c-55101da16836.webp) - It is crucial to set a passphrase to protect your private key. Uncheck the
"Non Pass Phrase" checkbox and enter a strong, unique passphrase.
- If you prefer not to set a passphrase (not recommended for security
reasons), you can leave the "Non Pass Phrase" checkbox checked.
### Expiration Date 6. **Select Key Usage**:
Setting an expiration date for the key pair is a way to limit the validity of - Specify the usage for the key pair. Options include:
the key over time. Once the expiration date is reached, the key can still be - **Encryption**: For encrypting data.
used, but its operations, especially signature operations, will be considered - **Signing**: For creating digital signatures.
invalid. By default, GpgFrontend suggests setting the expiration date to two - **Certification**: For certifying other keys (only for primary keys).
years after generation, but you can also choose to check the "Never expire" - **Authentication**: For authentication purposes, such as SSH keys.
checkbox to make the key pair permanent. - Note that some usages may not be available depending on the selected key
type. For example, the DSA algorithm does not support encryption.
It's important to note that this option can be changed at any time after 7. **Generate the Key Pair**:
generation, even after the expiration date has passed, as long as the primary - After filling in all the necessary information and selecting the desired
key still exists. options, click the "OK" button to generate your key pair.
![expiration-date](https://image.cdn.bktus.com/i/2023/11/16/ce9b446d-a7a0-2944-b8e4-3517c0d3a861.webp) By following these steps, you can generate a secure key pair using GpgFrontend,
tailored to your specific needs for encryption, signing, and authentication.
### Key Size & Algo ## Steps to Generate a Subkey
Setting an expiration date for the key pair is a way to limit the validity of ![Generate A Subkey](https://image.cdn.bktus.com/i/2024/06/15/a56c83bc-72ad-6232-1764-6fef5aeceddd.webp)
the key over time. Once the expiration date is reached, the key can still be
used, but its operations, especially signature operations, will be considered
invalid. By default, GpgFrontend suggests setting the expiration date to two
years after generation, but you can also choose to check the "Never expire"
checkbox to make the key pair permanent.
It's important to note that this option can be changed at any time after 1. **Open Key Management**:
generation, even after the expiration date has passed, as long as the primary
key still exists.
![keysize-algo](https://image.cdn.bktus.com/i/2023/11/16/4ce5ecfa-7ad0-7a81-cbe1-2ea93f7872ea.webp) - In the Key Management interface, right-click on the key pair you wish to
add a subkey to. Select the "New Subkey" option from the context menu.
### Passphrase 2. **Fill in Basic Information**:
Setting a password to protect the primary key is crucial in case of a security - **Key Type**: Select the type of subkey you want to generate. Available
breach. If the "Do not set password" checkbox is unchecked, you will be prompted options include RSA, DSA, ECDSA, ECDH, ECDH NIST P-256, ECDH NIST P-384,
to enter a password during the key pair generation process. Follow the prompts ECDH NIST P-521, ECDH BrainPool P-256, ECDH BrainPool P-384, and ECDH
to set the password. Once the password is set, whenever you need to use the BrainPool P-512.
primary key for an operation, you will need to enter the password to unlock it - **Key Size**: Choose the key size. This option is only applicable when the
(some systems have a password manager to automate this process). key type is RSA or DSA.
- **Expiration Date**: Set an expiration date for the subkey. You can also
choose to check the "Never expire" checkbox to make the subkey permanent.
However, you can also check the "Do not set password" checkbox to skip setting a 3. **Set a Passphrase**:
protection password for the primary key. But this is not recommended due to
security concerns.
### Usage - If the primary key has a passphrase, the subkey's passphrase must be equal
to it. Ensure that the "Non Pass Phrase" checkbox is unchecked if you want
to set a passphrase.
When generating a key pair, you can specify the usage for the first subkey, 4. **Select Key Usage**:
which is the primary key. There are four options:
![usages](https://image.cdn.bktus.com/i/2023/11/16/f9bae59d-9181-2cb8-53a6-b51c0698c613.webp) - Specify the usage for the subkey. Options include:
- **Encryption**: For encrypting data.
- **Signing**: For creating digital signatures.
- **Authentication**: For authentication purposes, such as SSH keys.
- Note that the certification usage is not available for subkeys.
- Encryption: Once generated, this key can be used for encryption purposes. 5. **Generate the Subkey**:
- After filling in all the necessary information and selecting the desired
options, click the "OK" button to generate your subkey.
- Signing: Once generated, this key can be used for signature purposes. By following these steps, you can generate a subkey using GpgFrontend, which
enhances the functionality of your primary key pair for various cryptographic
operations.
- Certification: This key can be used to certify or verify other keys. Only the ## Extra Note
primary key can have this usage.
- Authentication: This key can be used for authentication purposes, such as with
SSH keys.
The third of these four uses (authentication purposes) can only be owned by the
primary key. In addition, some usages are not available when using certain
algorithms for encryption. For example, when the DSA algorithm is selected, the
encryption uses are disabled.
## Generate Subkey
It is possible to append subkeys to an existing key pair. The subkey does not
require the input of a name, email, or comment, as the remaining steps are
essentially identical to those for generating a key pair.
![Generate Subkey](https://image.cdn.bktus.com/i/2023/11/16/4871ee77-5da5-5473-a2be-2d9c29d6b842.gif)
### Extra note
Below are some guidelines that may prove useful in comprehending the Below are some guidelines that may prove useful in comprehending the
aforementioned concepts and utilizing this tool accurately. aforementioned concepts and utilizing this tool accurately.
@ -168,8 +153,8 @@ but also provides flexibility in key usage and management.
- **Secure Storage**: The primary key should be stored in a highly secure - **Secure Storage**: The primary key should be stored in a highly secure
location, preferably offline or in a hardware security module (HSM), to location, preferably offline or in a hardware security module (HSM), to
prevent unauthorized access. This is because the loss or compromise of the prevent unauthorized access. The loss or compromise of the primary key
primary key jeopardizes the entire cryptographic framework. jeopardizes the entire cryptographic framework.
- **Key Generation and Maintenance**: While tools like GpgFrontend provide - **Key Generation and Maintenance**: While tools like GpgFrontend provide
user-friendly interfaces for managing keys, they may lack support for advanced user-friendly interfaces for managing keys, they may lack support for advanced
@ -205,3 +190,52 @@ maintaining the integrity and security of cryptographic operations. By adhering
to best practices for key usage, storage, and renewal, users can safeguard their to best practices for key usage, storage, and renewal, users can safeguard their
digital identities and ensure the confidentiality and authenticity of their digital identities and ensure the confidentiality and authenticity of their
communications. communications.
#### Additional Note on Subkey Algorithm Types
Subkeys in GpgFrontend offer more algorithm types than primary keys due to their
specialized roles. While primary keys focus on establishing identity and trust,
subkeys are often dedicated to specific tasks like encryption or authentication.
This task-specific design allows subkeys to utilize a broader range of
algorithms, enhancing their flexibility and functionality. For instance, while
primary keys may be restricted to certain secure algorithms for signing, subkeys
can employ diverse algorithms optimized for encryption, like ECDH, ensuring
efficient and secure operations tailored to the user's needs.
**Primary Key Supported Algorithms:**
- RSA
- DSA
- ECDSA
**Subkey Supported Algorithms:**
- RSA
- DSA
- ECDSA
- ECDH
- ECDH NIST P-256
- ECDH NIST P-384
- ECDH NIST P-521
- ECDH BrainPool P-256
- ECDH BrainPool P-384
- ECDH BrainPool P-512
**Explanation:**
The broader range of algorithms available for subkeys arises because subkeys are
designed for specific functions and can therefore leverage specialized
algorithms optimized for those functions. For example, ECDH (Elliptic Curve
Diffie-Hellman) is highly efficient for encryption tasks and is commonly used
for subkeys dedicated to encryption. This flexibility in algorithm choice
ensures that cryptographic operations can be optimized for both performance and
security based on the specific use case.
Primary keys, however, are central to the user's cryptographic identity and are
primarily used for signing and certifying subkeys. This critical role
necessitates the use of well-established and highly secure algorithms to ensure
the integrity and trustworthiness of the entire cryptographic system.
By differentiating the algorithms and roles of primary keys and subkeys,
GpgFrontend enhances both security and operational efficiency, allowing users to
maintain a robust and flexible cryptographic setup.

View File

@ -49,55 +49,115 @@ a user-friendly manner. By accommodating binary file operations, it ensures that
digital signatures are accessible and applicable across a broad spectrum of file digital signatures are accessible and applicable across a broad spectrum of file
types, reinforcing the pillars of trust and security in digital communications. types, reinforcing the pillars of trust and security in digital communications.
## Introduction to File Extensions ## Sign & Verify File
For ASCII-formatted ciphertext, the filename suffix is usually "asc", and these GpgFrontend extends its utility from handling text-based operations to
files can be opened directly with a text editor. However, if the ciphertext is facilitating file operations with ease and security. The principle behind
binary, its file extension will be "sig" or "gpg". Typically, binary ciphertext signing and verifying files mirrors that of text, leveraging the robust
files are smaller than ASCII-formatted ones. framework of digital signatures. However, a significant distinction lies in the
nature of the input and output for file operations, which can be binary,
accommodating a wider range of file types beyond simple text documents.
Prior to v2.0.4, the ciphertext files generated by GpgFrontend were all in ASCII ## Using File Browser for Signing and Verifying
format. But starting with v2.0.4, GpgFrontend defaults to generating
binary-formatted ciphertext files. You can modify this setting in the settings.
![image-20220112073548736](https://image.cdn.bktus.com/i/2023/11/16/980bff72-7271-b639-e63b-ff1d274edc95.webp) After clicking the **File Browser** button, a system directory selection dialog
will appear. Follow these steps to perform signing and verifying operations:
## File Browser 1. **Open File Browser**:
You can open the file browser (Ctrl/Command + B) via the top menu file option. - Click the **File Browser** button in the toolbar at the top of the
After selecting a target directory at system navigator, you can get a new File interface. This will open a system dialog allowing you to choose a
browser tab. Using the file browser, navigate to your working directory. Then, directory.
right-click the file you wish to operate on, and select the desired operation
from the pop-up menu.
![File Browser](https://image.cdn.bktus.com/i/2023/11/16/6a137a63-ae76-d45c-b425-5c3e5961aa2d.webp) 2. **Select Directory**:
Two control buttons are located at the top of the file tab. The one on the left - In the system dialog, navigate to the desired directory and select it. Once
allows you to go up a level, and the one on the right enables you to enter or selected, a new tab named "File Browser" will open in GpgFrontend,
refresh the corresponding path in the input box on the left. displaying the contents of the chosen directory.
On the far right is a button offering useful options, such as displaying system 3. **Select a File**:
files or hidden files.
![File Browser 2](https://image.cdn.bktus.com/i/2023/11/16/1cc208dc-75f7-6e1f-f802-149ed18095af.webp) - In the File Browser tab, you will see a list of files and folders within
the selected directory. Click on the file you want to sign or verify.
### Sign 4. **Sign the File**:
Through the right-click menu, you can rapidly sign a file. This operation will - To sign a file, first select the file in the File Browser. Then, in the
generate a file with a "sig" or "asc" suffix, which contains the signature **Key Toolbox** on the right, select your private key by checking the box
content. In this scenario, you need to pass both this file and the original file next to your key. Finally, click the **Sign** button in the toolbar at the
to the other party to allow them to verify it. top.
![Sign File](https://image.cdn.bktus.com/i/2023/11/16/ae18811f-12f8-4059-e46f-831929e59414.gif) 5. **Verify the File**:
### Verify - To verify a file, select the signed file in the File Browser. Ensure you
have the corresponding public key in your keyring. Click the **Verify**
button in the toolbar. If the correct key is available, the file's
signature will be verified.
This operation requires you to select a file with a "gpg" suffix (this may be ![File Operations](https://image.cdn.bktus.com/i/2024/06/15/e157e4ff-ddaa-3a24-1a6f-a3fb80a55661.webp)
invalid for binary file ciphertext) or a file with a "sig" suffix for
verification.
When selecting a file with the "sig" suffix, ensure that the source file is also By following these steps, you can easily manage file signing and verifying using
present in this directory. This implies that the source file's name is simply the GpgFrontend's File Browser feature. This streamlined process allows you to
missing a "sig" suffix. handle your cryptographic needs directly from the file system interface.
![Verify File](https://image.cdn.bktus.com/i/2023/11/16/dbb4d69c-d1a8-d5dc-6422-1cf300bea533.gif) ## File Extension Requirements
GpgFrontend supports different file extensions for various cryptographic
operations. Understanding these extensions helps in properly managing signed
files. Heres a breakdown of the file extensions used:
#### ASCII Format
- **.asc**: Files with the ".asc" extension are in ASCII format. These files
contain ASCII-armored signatures, which are a text representation of the
signed data. ASCII format is typically used for easy sharing via email or text
editors, as it ensures compatibility with text-based applications.
#### Binary Format
- **.sig**: Files with the ".sig" extension are in binary format. Binary
signature files are more compact than their ASCII counterparts and are
generally used for more efficient storage and transmission. They cannot be
viewed directly in text editors, as the content is in a binary format.
- **.gpg**: Files with the ".gpg" extension are also used for binary signatures.
These files are used when both encryption and signing are performed together,
containing both the encrypted content and the signature.
To perform verification operations, you need to use files with either the
".sig", ".gpg", or ".asc" extension. These files contain the necessary signature
content required for these operations.
By adhering to these file extension requirements, you can ensure that your
signed files are correctly recognized and processed by GpgFrontend.
### Default Output Mode
Before version 2.0.4, GpgFrontend generated signature files exclusively in ASCII
format. However, beginning with version 2.0.4, GpgFrontend now generates
signature files in binary format by default. This setting can be adjusted in the
program's settings.
### Changing Output Mode
To change the output mode between ASCII and binary formats, follow these steps:
1. **Open Settings**:
- Navigate to the GnuPG Controller settings within GpgFrontend. This can be
done by accessing the settings menu from the main interface.
2. **Locate Binary Mode Option**:
- In the settings interface, under the "General" section, locate the option
labeled "Use Binary Mode for File Operations".
3. **Toggle Binary Mode**:
- Check or uncheck this option to switch between binary (sig/gpg) and ASCII
(asc) output formats. Checking the box will enable binary mode, while
unchecking it will revert to ASCII format.
By following these steps, you can customize how GpgFrontend handles the format
of signature files according to your preference or needs.
![Locate Binary Mode
Option](https://image.cdn.bktus.com/i/2024/06/15/1a82922d-4a68-d315-f388-5571a4d93e8f.webp)

View File

@ -55,10 +55,87 @@ encryption with GpgFrontend is a testament to the versatility of cryptographic
practices, catering to a wide range of security needs with user-friendly practices, catering to a wide range of security needs with user-friendly
solutions. solutions.
## How to use it? ## How to Perform Symmetric Encryption
Symmetric encryption is initiated when you click the 'Encrypt' button without Performing symmetric encryption with GpgFrontend is a straightforward process.
selecting any key in the Key Toolbox. For this type of encryption, a password Follow these steps to encrypt your data using a password:
must be established for the encryption process. Subsequently, to decrypt the
data, you will need to provide the same password that was used during the 1. **Prepare Your Data**:
encryption phase.
- Start by opening GpgFrontend and entering the text you want to encrypt in
the text editor area. You can create a new tab through the "New" option if
needed.
2. **Initiate Encryption**:
- Click the 'Encrypt' button in the Operations Bar at the top of the
interface. This button is represented by a padlock icon with the label
"Encrypt".
3. **No Key Selected**:
- If no key is selected in the Key Toolbox, a prompt will appear asking if
you want to encrypt with a symmetric cipher using a passphrase. Click "OK"
to proceed.
4. **Set a Password**:
- Enter a strong, unique password in the prompt that appears. This password
will be used to encrypt your data. Ensure that the password is complex and
secure, as it will be required to decrypt the data later.
5. **Encryption Process**:
- GpgFrontend will use the provided password to encrypt your data,
transforming the plaintext into ciphertext. The resulting encrypted message
will be displayed in the text editor area.
6. **Save or Share Encrypted Data**:
- You can now save the encrypted message to a file or share it with others.
Remember, the recipient will need the exact password used during encryption
to decrypt the data.
By following these steps, you can easily encrypt your data using symmetric
encryption in GpgFrontend. This method is ideal for scenarios where you need to
secure data with a password without managing public and private keys.
![Symmetric Encryption](https://image.cdn.bktus.com/i/2024/06/15/e81042ca-40e4-0ce4-5a44-111a89acb5d1.webp)
## How to Decrypt Symmetric Encryption?
Decrypting symmetrically encrypted data with GpgFrontend is straightforward and
similar to decrypting data encrypted with asymmetric encryption. Follow these
steps:
1. **Copy the Ciphertext**:
- First, ensure that you have the ciphertext (the encrypted message) copied
to your clipboard. The ciphertext should be in the format typically
generated by GnuPG, enclosed in `-----BEGIN PGP MESSAGE-----` and `-----END
PGP MESSAGE-----` tags.
2. **Paste the Ciphertext into the Text Editor**:
- Open GpgFrontend and paste the ciphertext into the text editor area. You
can do this by creating a new tab through the "New" option if needed.
3. **Click the Decrypt Button**:
- Click the 'Decrypt' button in the Operations Bar at the top of the
interface. This button is represented by a key icon with the label
"Decrypt".
4. **Enter the Password**:
- A prompt will appear asking for the password that was used to encrypt the
data. Enter the correct password and confirm.
5. **Decryption Process**:
- GpgFrontend will use GnuPG to recognize the type of encryption used and the
corresponding key. If the password is correct, the software will decrypt
the ciphertext and display the readable plaintext in the text editor area.
By following these steps, you can efficiently decrypt any symmetrically
encrypted data using GpgFrontend. The software's ability to automatically
recognize the encryption type and key ensures a seamless decryption process,
making it easy to access your encrypted information securely.

View File

@ -9,39 +9,46 @@ of the page. The exploration that follows will gradually unveil additional
functionalities. Bear in mind that interfaces may vary across different functionalities. Bear in mind that interfaces may vary across different
versions. versions.
![Interface](https://image.cdn.bktus.com/i/2023/11/16/27c0bd12-8a1d-b9ae-2ecd-dbde5f96e36f.webp) ![Interface](https://image.cdn.bktus.com/i/2024/06/15/baf33505-c34f-12c7-d897-a60fc9b5b600.webp)
## Text Editor ## Text Editor
The text editing zone allows you the liberty to input any desired text or The text editing zone allows you the liberty to input any desired text or
establish a new tab through the "New" choice in the file menu at the top. Moving establish a new tab through the "New" option in the file menu at the top. Moving
or closing tabs can be done with ease as per your needs. or closing tabs can be done with ease as per your needs.
Numerous operations can be performed on your text using options available in the Numerous operations can be performed on your text using options available in the
Operations Bar. Alternatively, you may utilize standard shortcuts like Operations Bar at the top of the interface. You can encrypt, decrypt, sign, and
Ctrl+C/V/S for copy, paste, and save operations, or even searching within the verify text directly from this menu. Additionally, standard shortcuts like
text. Ctrl+C, Ctrl+V, and Ctrl+S for copy, paste, and save operations, or searching
within the text using Ctrl+F, are supported.
The edited text within the text box is encoded in UTF8 without any formatting. The edited text within the text box is encoded in UTF-8 without any formatting.
This plain text format ensures that no message alteration leads to confusion. This plain text format ensures that no message alteration leads to confusion.
While we have plans to introduce rich text editing in the future, the specifics While there are plans to introduce rich text editing in the future, the
are still being deliberated. specifics are still being deliberated.
### Large Text File Support ### Large Text File Support
GpgFrontend accommodates opening larger files without hindrance. However, when GpgFrontend accommodates opening larger files without hindrance, with the
dealing with relatively large files, editing of the tab won't be feasible until current limit set to 1MB per file. When dealing with relatively large files,
the entire file is loaded. During this time, despite not being able to edit the editing of the tab won't be feasible until the entire file is loaded. During
file, you still have the capability to view it. this time, despite not being able to edit the file, you still have the
capability to view it.
It is important to note that opening files larger than 1MB is not supported, as
excessively long text files can cause significant performance issues with the
graphical user interface (GUI). This limitation helps maintain the application's
responsiveness and ensures a smooth user experience.
## Information Board ## Information Board
GpgFrontend presents the outcome of the current tab page operation on the GpgFrontend presents the outcome of the current tab page operation on the
Information Board, signifying the success or failure of the operation. Information Board, signifying the success or failure of the operation. The
Additionally, the Information Board's text includes supplementary details to Information Board's text includes supplementary details to assist in
assist in understanding the particulars of your encryption, decryption, understanding the particulars of your encryption, decryption, signature, and
signature, and other operations. Depending on your language settings, the output other operations. Depending on your language settings, the output displayed on
displayed on the dashboard may differ. the dashboard may differ.
The Information Board was conceived to provide a comprehensive view of more The Information Board was conceived to provide a comprehensive view of more
information within the same space. However, GpgFrontend plans to incorporate a information within the same space. However, GpgFrontend plans to incorporate a
@ -68,56 +75,48 @@ font size is 10, and it can be modified to any value ranging from 9 to 18.
### Dashboard Actions Menu ### Dashboard Actions Menu
The dashboard actions menu facilitates quick and easy access to common The dashboard actions menu, located below the Information Board, provides quick
functionalities related to the content of the information board. It empowers and easy access to essential functions related to the content displayed. It
users to efficiently manage and process large chunks of content on the empowers users to efficiently manage and process large chunks of information for
Information Board for various purposes. various purposes.
#### Copy #### Copy
This function allows users to swiftly capture significant portions of content This function allows users to swiftly capture significant portions of content
from the Information Board for other applications. from the Information Board for use in other applications. Simply select the
content you need and use this button to copy it to the clipboard.
#### Save File #### Save File
This operation archives the contents of the information board into the file This operation archives the contents of the Information Board into the file
system, utilizing the UTF-8 format. Although the resultant output file lacks a system in UTF-8 format. Although the resultant output file does not have a
suffix, it is essentially in a plain text format. suffix, it is essentially plain text and can be opened with any text editor.
#### Clear #### Clear
This command promptly purges all content from the information board. The This command promptly purges all content from the Information Board, including
clearance includes both the contents and statuses of the information board. A both the displayed contents and statuses. Any new operation, such as encryption
new operation (such as encryption) will automatically trigger this clearing or decryption, will automatically trigger this clearing process, ensuring that
process. the Information Board always displays the most current and relevant information.
### Optional Actions Menu ## Key Toolbox
In addition to the Information Board, an Optional Actions Menu will be presented The Key Toolbox on the right side of the interface lists all available keys,
below it. If any auxiliary operations can be performed post your main operation including public and private keys. The columns provide details such as key type,
(such as displaying more detailed information, sending encrypted text via email, name, and email address. You can select keys from this list to perform various
etc.), the access points for these supplementary tasks will be made available operations such as encryption, decryption, signing, and verification.
here.
## Key ToolBox
This feature presents a comprehensive list of key pairs stored on your device,
intended for use with Gpg operations. The keys within the ToolBox are classified
into multiple categories, each corresponding to a unique usage context.
Additionally, the ToolBox provides access to a variety of common operations, all
of which can be found in the Key List Menu.
### Usage ### Usage
Most Gpg-related operations require specifying a key pair (for tasks like Most Gpg-related operations require specifying a key pair (for tasks like
encryption, decryption, signature, etc.). You can select the checkbox in the encryption, decryption, signature, etc.). You can select the checkbox in the
first column of the Key ToolBox's table to designate one or more keys for your first column of the Key Toolbox's table to designate one or more keys for your
operation. Categories that contain only public keys are frequently utilized in operation. Categories that contain only public keys are frequently utilized in
cryptographic scenarios. cryptographic scenarios.
### Classification ### Classification
The ToolBox showcases categories via tabbed display. None of these categories The Toolbox showcases categories via tabbed display. None of these categories
include any expired or revoked keys. To view such keys, you should refer to the include any expired or revoked keys. To view such keys, you should refer to the
Key Manager. The default category comprises all private and public keys. During Key Manager. The default category comprises all private and public keys. During
any operation, only the keys from the currently selected category will be any operation, only the keys from the currently selected category will be
@ -165,13 +164,23 @@ step.
## Operations Bar ## Operations Bar
Here, you can execute corresponding operations by clicking on the buttons The Operations Bar at the top includes the following functions:
provided. For instance, after inputting text into a text editor and specifying
the desired key in the key toolbox, you can click the encryption button to
perform the operation.
Some operations require key specification, while others do not, as will be 1. New: Create a new text file tab.
detailed in the respective sections of this document. 2. Open: Open an existing text file.
3. File Browser: Browse and select files from your system.
4. Encrypt: Encrypt the text or file.
5. Encrypt Sign: Encrypt and sign the text or file.
6. Decrypt: Decrypt the text or file.
7. Decrypt Verify: Decrypt and verify the text or file.
8. Sign: Sign the text or file.
9. Verify: Verify the signature of the text or file.
10. Manage Keys: Open the key management interface.
11. Import Key: Import a new key through some approaches.
This interface provides a comprehensive suite of tools for managing and
utilizing your cryptographic keys and performing various encryption-related
operations with ease.
### Customization ### Customization

View File

@ -10,18 +10,13 @@ key toolbox or key management interface and selecting "Show key details".
This section may include a brief introduction to gpg-related concepts and could This section may include a brief introduction to gpg-related concepts and could
be relatively long. be relatively long.
Below is a screenshot of a friend's public key that I obtained from the key Here is a randomly generated private key. The most significant difference
server.
![View Key Pair Details](https://image.cdn.bktus.com/i/2023/11/16/8d50f6db-909d-0840-e991-fec3f4263709.webp)
And here is a randomly generated private key. The most significant difference
between this and the previous key is that the key pair with only the public key between this and the previous key is that the key pair with only the public key
is used for encryption only, but if you possess the private key, you can perform is used for encryption only, but if you possess the private key, you can perform
more actions (it also depends on your algorithm; DSA can only be used for more actions (it also depends on your algorithm; DSA can only be used for
signatures). signatures).
![View Key Pair Details 1](https://image.cdn.bktus.com/i/2023/11/16/d65e11fe-920f-50b5-640d-2f24c4d4fc58.webp) ![View Key Pair Details 1](https://image.cdn.bktus.com/i/2024/06/15/9f5b0089-923f-33e1-d2cd-f7690ec2d050.webp)
## General Info ## General Info
@ -37,7 +32,7 @@ set it as the primary UID to change it.
According to the OpenPGP protocol, this part is divided into Name, Email, and According to the OpenPGP protocol, this part is divided into Name, Email, and
Comment. Comment.
![View Key Pair Details Owner](https://image.cdn.bktus.com/i/2023/11/16/a6460514-4dd8-29be-5d04-31a72474b1fa.webp) ![View Key Pair Details Owner](https://image.cdn.bktus.com/i/2024/06/15/30066ecc-ec79-ee27-a3ed-5faad0e6934f.webp)
### Primary Key ### Primary Key
@ -53,7 +48,7 @@ not exist, but this doesn't mean that neither the public key nor the private key
exists. Please remember: Each subkey and primary key consist of a pair of public exists. Please remember: Each subkey and primary key consist of a pair of public
and private keys. and private keys.
![View Key Pair Details Primary Key](https://image.cdn.bktus.com/i/2023/11/16/aacb259b-44db-79d2-1899-3da8675ac36c.webp) ![View Key Pair Details Primary Key](https://image.cdn.bktus.com/i/2024/06/15/8cd3691e-70dc-1239-5f80-9a89f1d342ba.webp)
#### Key ID #### Key ID
@ -67,8 +62,20 @@ is shorter and more user-friendly.
This refers to the algorithm used for key generation. This also pertains to the This refers to the algorithm used for key generation. This also pertains to the
generation algorithm of the primary key. The generation algorithm determines the generation algorithm of the primary key. The generation algorithm determines the
properties and capabilities of the key. Algorithms such as RSA can be used for properties and capabilities of the key. Algorithms such as RSA can be used for
encryption and signature, but DSA can only be used for signature. However, the both encryption and signatures, whereas DSA can only be used for signatures.
DSA key length can be shorter. More modern algorithms like ECDH (Elliptic-curve Diffie-Hellman) are used for
secure key exchange, and ECDSA (Elliptic Curve Digital Signature Algorithm) is
employed for digital signatures. These elliptic curve algorithms offer enhanced
security with shorter key lengths compared to traditional algorithms.
### Algorithm Detail
Algorithm Detail displays both the key type and the key length. In some cases,
the key algorithm shown here is more precise. For example, it can specify
particular algorithms such as ED25519 or NISTP256, providing detailed
information about the specific cryptographic methods employed.
![Algorithm Detail](https://image.cdn.bktus.com/i/2024/06/15/1e2fba1d-5d5a-738c-a51f-6a3732f6e296.webp)
#### Key Size #### Key Size
@ -118,7 +125,7 @@ other key pairs.
### Fingerprint ### Fingerprint
![View Key Pair Details Fingerprint](https://image.cdn.bktus.com/i/2023/11/16/7f2bc76d-12e2-57c1-21fc-4e98f9b9a750.webp) ![View Key Pair Details Fingerprint](https://image.cdn.bktus.com/i/2024/06/15/e3250448-a947-a583-eea9-464847e9da32.webp)
The fingerprint of the key pair is used for humans to quickly compare whether The fingerprint of the key pair is used for humans to quickly compare whether
the key pair is the expected key pair. This field is unique for all keys in the the key pair is the expected key pair. This field is unique for all keys in the
@ -135,7 +142,7 @@ pair is what they expected. However, for accurate identification, fingerprints
or key IDs should be compared. A key can have multiple UIDs, but a key pair can or key IDs should be compared. A key can have multiple UIDs, but a key pair can
only have one primary UID, which is always listed first in the interface. only have one primary UID, which is always listed first in the interface.
![View Key Pair Details UID](https://image.cdn.bktus.com/i/2023/11/16/de721eb6-3761-1912-8d99-dd0224a2a5e2.webp) ![View Key Pair Details UID](https://image.cdn.bktus.com/i/2024/06/15/b502d2b6-db02-7d52-f82f-8e4c2e056276.webp)
UID has three elements: Name, Email, Comment. The name should be at least five UID has three elements: Name, Email, Comment. The name should be at least five
characters long, and the email should conform to the format. The rules for characters long, and the email should conform to the format. The rules for
@ -151,10 +158,18 @@ keyring with their signature to the keyserver. If many people do the same, the
public key on the keyserver will have numerous signatures, making it public key on the keyserver will have numerous signatures, making it
trustworthy. trustworthy.
![Signatures of UID](https://image.cdn.bktus.com/i/2024/06/15/81d4f9bd-5c4e-ad22-25dc-f5a4a0c3d9af.webp)
You can also use the primary key of another key pair to sign a UID. Generally, a You can also use the primary key of another key pair to sign a UID. Generally, a
primary UID of a key pair with many valid signatures is considered more primary UID of a key pair with many valid signatures is considered more
trustworthy. trustworthy.
As shown in the image, some signatures do not have the signer's UID identified.
If you need to identify these signatures, you can try importing the
corresponding key from other sources, such as key servers. The Key ID is already
provided, which can help you locate and import the necessary keys to recognize
the signer's UID.
## Subkey Info ## Subkey Info
The sub-key mechanism is a crucial feature of GPG that improves both flexibility The sub-key mechanism is a crucial feature of GPG that improves both flexibility
@ -174,6 +189,8 @@ points:
- The disclosure of a subkey only affects that subkey, while the disclosure of - The disclosure of a subkey only affects that subkey, while the disclosure of
the primary key endangers the entire key pair. the primary key endangers the entire key pair.
![Subkeys Details](https://image.cdn.bktus.com/i/2024/06/15/49283a38-47ec-4ff3-5c84-8167a97ab68e.webp)
The primary key and all subkeys in the key pair are displayed on the interface. The primary key and all subkeys in the key pair are displayed on the interface.
Some information about the key is also listed below. Some information about the key is also listed below.
@ -188,12 +205,95 @@ and is irreversible.
In this column, what you can do differs for a key pair that only has a public In this column, what you can do differs for a key pair that only has a public
key and a key pair that includes a private key. key and a key pair that includes a private key.
Here's what you can do with a public key-only key pair: ### Operations on a Public Key
![View Key Pair Details Operations](https://image.cdn.bktus.com/i/2023/11/16/13065e1e-61ff-5626-f571-7d8eddd79053.webp) This interface provides various general operations that can be performed on the
selected public key. Below is an explanation of each button's function:
And here's what you can do with a key pair that includes a private key: ![View Key Pair Details Operations](https://image.cdn.bktus.com/i/2024/06/15/5748a38d-7804-2cca-ecff-bdbfc186290f.webp)
![View Key Pair Details Operations 1](https://image.cdn.bktus.com/i/2023/11/16/6534f339-0b6e-e3ab-0318-78c06c30ac07.webp) 1. **Export Public Key**:
These operations will be explained in detail throughout the documentation. - **Function**: This button allows you to export the public key to a file.
Exporting a public key is useful when you need to share it with others or
upload it to a keyserver. The exported file can then be distributed or
backed up as needed.
2. **Key Server Operation (Pubkey)**:
- **Function**: This dropdown menu provides options for interacting with
keyservers. A keyserver is a repository where public keys are stored and
can be retrieved by others. The operations might include uploading your
public key to a keyserver, refreshing your public key with updates from the
keyserver, or searching for other public keys on the keyserver.
3. **Set Owner Trust Level**:
- **Function**: This button allows you to set the trust level for the owner
of the public key. Trust levels are part of the web of trust model used in
public key infrastructures. By setting the trust level, you indicate how
much you trust the key owner to correctly verify and sign other keys. This
affects how your system evaluates the validity of signatures made by the
key owner.
These operations facilitate the management and sharing of public keys, helping
to establish and maintain trust within a cryptographic system.
### Operations on a Private Key
This interface provides various general operations that can be performed on the
selected key pair, including both public and private key operations. Below is an
explanation of each button's function:
![View Key Pair Details Operations 1](https://image.cdn.bktus.com/i/2024/06/15/68cb4069-5db5-6057-c122-9b9dc2a862f1.webp)
1. **Export Public Key**:
- **Function**: This button allows you to export the public key to a file.
This is useful for sharing your public key with others or for uploading it
to a keyserver. The exported file can be distributed or backed up as
needed.
2. **Export Private Key**:
- **Function**: This button provides options for exporting the private key.
There are typically two modes for exporting:
- **Export Complete Private Key**: This exports the entire private key,
including all associated information. It is used when you need a full
backup or when transferring the key to another system.
- **Export Minimal Private Key**: This exports only the essential
components of the private key, minimizing the amount of data. This can be
useful for more secure key transfers or for environments with specific
security requirements.
3. **Modify Expiration Datetime (Primary Key)**:
- **Function**: This button allows you to modify the expiration date and time
of the primary key. This is important for managing the key's lifecycle and
ensuring that it remains valid for the desired period. Adjusting the
expiration date can help maintain security by ensuring keys are
periodically reviewed and updated.
4. **Modify Password**:
- **Function**: This button enables you to change the password that protects
the private key. Changing the password can enhance security, especially if
you suspect that the current password may have been compromised or if you
want to follow best practices for regular password updates.
5. **Key Server Operation (Pubkey)**:
- **Function**: This dropdown menu provides options for interacting with
keyservers using the public key. Operations might include uploading the
public key to a keyserver, or refreshing the key from the keyserver.
Keyservers facilitate the distribution and retrieval of public keys.
6. **Revoke Certificate Operation**:
- **Function**: This dropdown menu provides options for revoking a key
certificate. Revoking a certificate is necessary if the key has been
compromised or if it is no longer needed. This action invalidates the key,
ensuring it cannot be used maliciously. The revocation information is
typically uploaded to a keyserver so that others are aware of the key's
revoked status.
These operations help manage the lifecycle of key pairs, ensuring their secure
use and proper distribution.

View File

@ -4,7 +4,6 @@ sidebar:
order: 3 order: 3
--- ---
GpgFrontend is available for download through multiple channels. For more GpgFrontend is available for download through multiple channels. For more
detailed instructions on installation and getting started, please refer to the detailed instructions on installation and getting started, please refer to the
[Getting Started Guide](../getting-started/). [Getting Started Guide](../getting-started/).

View File

@ -16,7 +16,7 @@ GpgFrontend supports digital signatures to verify the integrity and origin of
messages. Users can manage and generate key pairs, encrypt files and emails, and messages. Users can manage and generate key pairs, encrypt files and emails, and
sign their communications for added security. sign their communications for added security.
**How can I obtain and start using GpgFrontend?** You can download the latest version of GpgFrontend from [GpgFrontend's Downloads Page](../downloads/) and choose the installtion method for your platform. **How can I obtain and start using GpgFrontend?** You can download the latest version of GpgFrontend from [GpgFrontend's Downloads Page](../downloads/) and choose the installation method for your platform.
## OpenPGP and GnuPG Explained ## OpenPGP and GnuPG Explained

View File

@ -12,7 +12,7 @@ encryption, decryption, and digital signing, offering a seamless interface for
managing OpenPGP tasks. Embrace the latest features of GnuPG 2.x, enhancing your managing OpenPGP tasks. Embrace the latest features of GnuPG 2.x, enhancing your
security in the digital age. security in the digital age.
**Document Version Reference: [v2.1.2](https://github.com/saturneric/GpgFrontend/releases/tag/v2.1.2)** **Document Version Reference: [v2.1.3](https://github.com/saturneric/GpgFrontend/releases/tag/v2.1.2)**
## User Interface Glimpse ## User Interface Glimpse
@ -20,7 +20,7 @@ _Note: GpgFrontend's appearance may vary across different operating systems and
themes. Always refer to the corresponding version of the software for the most themes. Always refer to the corresponding version of the software for the most
accurate documentation._ accurate documentation._
![GpgFrontend Interface](https://image.cdn.bktus.com/i/2024/02/02/a7e9e762-a8fa-6e52-2728-1488e338e5ef.webp) ![GpgFrontend Interface](https://image.cdn.bktus.com/i/2024/06/15/0408b896-6472-4677-b0d1-96f5b9e54a3b.webp)
## Project Origins and Mission ## Project Origins and Mission