From 28faad7203b8ab37cfea6e6bbc444e67c6281c7f Mon Sep 17 00:00:00 2001 From: Saturneric Date: Sat, 25 Feb 2023 16:19:54 +0800 Subject: [PATCH] fix: improve manual --- manual/basic-concepts.md | 91 ++++---- manual/contract.md | 14 +- manual/faq.md | 73 ++++--- manual/manual/encrypt-decrypt-file.md | 58 ++++-- manual/manual/encrypt-decrypt-text.md | 124 ++++++----- manual/manual/generate-key.md | 148 +++++++------ manual/manual/import-export-key-pair.md | 98 +++++---- manual/manual/key-server-operations.md | 146 +++++++------ manual/manual/sign-verify-file.md | 46 ++-- manual/manual/sign-verify-text.md | 56 +++-- .../manual/symmetric-encrypt-decrypt-text.md | 7 +- manual/manual/understand-interface.md | 177 +++++++++------- manual/manual/view-keypair-info.md | 196 +++++++++++------- manual/overview.md | 79 ++++--- 14 files changed, 782 insertions(+), 531 deletions(-) diff --git a/manual/basic-concepts.md b/manual/basic-concepts.md index 638c19e3..3f7b68e4 100644 --- a/manual/basic-concepts.md +++ b/manual/basic-concepts.md @@ -1,58 +1,69 @@ # Basic Concepts -If you don't know GPG, or PGP, you may need to learn some basic concepts here before using Gpg Frontend. This reduces -the chance of you making mistakes, such as distributing your private key to the world. +If you don't know GPG, or PGP, you may need to learn some basic concepts here +before using Gpg Frontend. This reduces the chance of you making mistakes, such +as distributing your private key to the world. ## The most basic concepts you must know -First, you need to generate a key pair, which you can imagine as a key ring. Each key pair has at least two keys, a -public key and a corresponding private key. These two keys form a key pair. There can also be multiple public keys and -their (one-to-one correspondence) private keys in a key pair, which will be described later. The public key can be -released to the outside world. Others can use your public key to encrypt the information they want to give you. The -private key is kept by yourself. If it is leaked, your encryption will no longer be meaningful. +To begin using GPG, you must first generate a key pair, which can be thought of +as a key ring. Each key pair includes at least two keys: a public key and a +corresponding private key. Together, these keys form a key pair. It is possible +for a key pair to include multiple public keys and their corresponding private +keys, but this will be explained later. -What you need to know is that the public key is used to encrypt information, and the ciphertext encrypted by others -using the public key you released is guaranteed to be decrypted only by the corresponding private key of your key pair. -This process involves some The principle of cryptography, you can trust this process unless no one knows your private -key except you. The reverse of this process is also valid, you can encrypt a message with your private key, and someone -else decrypts the message with your public key. The significance of this inverse process is that if the person using the -public key cannot normally decrypt a message encrypted with the private key, then it is certain that the message does -not come from the person who owns the private key corresponding to the public key. . This process can also be trusted. -It can be seen that this reverse process establishes a process of signing and then verifying. Information encrypted with -the private key can be seen as a signature. Others can use the public key to verify that the signature is valid. +The public key can be shared with others, allowing them to encrypt information +they wish to send to you. The private key must be kept secure, as its disclosure +would render your encryption ineffective. -If you just want to use the tool, you don't need to understand the cryptography behind it, you just need to remember the -above. +It is important to understand that the public key is used for encryption and +that any ciphertext encrypted using your public key can only be decrypted using +the corresponding private key of your key pair. This process relies on +cryptographic principles and is trustworthy unless your private key is known to +someone else. The reverse process is also valid: you can encrypt a message using +your private key and someone else can decrypt it using your public key. This +process establishes a mechanism for signing and verifying information. +Information encrypted with the private key can be considered a signature, and +others can use the public key to verify that the signature is valid. -If you want to know more, you can read on. +For most users, it is not necessary to understand the cryptography behind GPG, +but it is helpful to remember the basic principles described above. For those +interested in learning more, further reading is recommended. ## Multiple pairs of public and private keys in a key pair -In a key pair, there is at least one pair of public key and private key, but there is no limit to the maximum number of -pairs. You can generate another pair of public and private keys (we call them subkeys), and then add them to the key -pair, but it is worth noting that the newly added public and private key pairs are the same as the first pair. Pairs -have a public key and private key (which we call the primary key) pair associated. +In a key pair, there is always at least one public-private key pair, but there +is no limit to the maximum number of pairs. It is possible to generate +additional pairs of public and private subkeys and add them to the key pair. +However, it should be noted that the newly added subkeys are identical to the +original pair, as each pair consists of one public key and one private key, +which we refer to as the primary key pair. -You can specify which process a subkey pair is used for. For example, the first key pair is used for encryption and -decryption, the second key pair is used for signing and verification, or the third key pair can be used for encryption -and decryption. Used to do the above two key pairs at the same time. Please specify these things when generating the -subkey. +Users can specify the purpose of each subkey pair. For instance, the first key +pair can be used for encryption and decryption, the second for signing and +verification, and the third for both encryption/decryption and +signing/verification. It is important to specify the intended usage when +generating subkeys. -The master key is automatically generated when the key pair is generated, and the subkey can be added by the user at -will. +The master key is automatically generated when the key pair is created, and +users can add subkeys as needed. -When generating the master key or subkey, you can choose some algorithms such as RSA, DSA, etc. You do not need to -understand the specific principles of these. You just need to know that subkeys generated by certain algorithms cannot -perform certain processes (such as encryption and decryption), but can only perform certain processes (such as signing -and verification). It is worth mentioning that for RSA, you can choose the key length when using the algorithm, you can -think that the key +When generating the master key or subkeys, users can select algorithms such as +RSA or DSA. It is not necessary to understand the underlying principles of these +algorithms. However, it is important to note that subkeys generated by certain +algorithms may only perform specific processes, such as signing and +verification, and cannot perform others, such as encryption and decryption. +Additionally, for RSA, users can choose the key length when using the algorithm. ## The first pair of public and private keys in a key pair (primary key) -The first pair of public and private keys (master key) in a key pair is very critical, because subsequent public and -private keys (sub-keys) are linked to them, you can think that if someone else gets yours Master key (including public -and private key information), he can generate sub-keys based on the information of the master key, and then he can use -the sub-keys he generated to impersonate you and communicate with others. +The initial public-private key pair (master key) in a key pair is crucial, as +all subsequent sub-keys are linked to it. If someone were to obtain the master +key (including both the public and private key information), they could generate +sub-keys based on that information and use them to impersonate the key owner and +communicate with others. -Therefore, the private key of the master key (the public key can be released to others) must not be leaked. The -disclosure of its private key means that the entire key pair is no longer safe and must be stopped immediately. +Therefore, it is essential that the private key of the master key is kept +confidential, while the public key can be shared with others. If the private key +of the master key is compromised, it renders the entire key pair vulnerable and +must be immediately discontinued. diff --git a/manual/contract.md b/manual/contract.md index 653124c9..19d444f1 100644 --- a/manual/contract.md +++ b/manual/contract.md @@ -1,7 +1,11 @@ # Contract -Contents related to business and politics are rejected. GpgFrontend is for all mankind. If you have any questions -about technology and improving this software, please feel free to contact me. +We do not accept content related to business and politics on this platform, as +this tool is meant for the benefit of all humanity. However, if you have any +inquiries or suggestions regarding the technology and improvement of this +software, please do not hesitate to contact me. + +Please use plain text to reach out to me via email, as HTML is not preferred. ## About ME @@ -23,8 +27,10 @@ You can write to me in following languages. ## GPG Public Key Info -This is the PGP public key that I use for a long time. You can use this public key to establish encrypted communication -with me. Please use plain text for encrypted communication, do not use rich text formats. +Here is the PGP public key that I have been using for a long time. You can use +this public key to establish secure and encrypted communication with me. Please +use plain text for any encrypted communication and avoid using rich text formats +such as HTML. ``` -----BEGIN PGP PUBLIC KEY BLOCK----- diff --git a/manual/faq.md b/manual/faq.md index c8e1e19a..4c1eeb6f 100644 --- a/manual/faq.md +++ b/manual/faq.md @@ -2,77 +2,90 @@ ## What is GpgFrontend? -GpgFrontend is a cross-platform encryption tool that conforms to the OpenPGP standard. It is committed to making GnuPG -easier to use, so that more people can use the tool to protect their privacy during their communications on Internet. +GpgFrontend is a cross-platform encryption tool that adheres to the OpenPGP +standard. Its goal is to simplify the use of OpenPGP, making it more accessible +for individuals to protect their privacy. ## Relationship between OpenPGP(PGP) and GnuPG(GPG)? -OpenPGP(PGP) is a data encryption and decryption standard, and GpgFrontend supports it. GnuPG(GPG) is a cryptographic -software used to encrypt, sign communication content and manage keys for asymmetric cryptography. It follows the -OpenPGP standard. GpgFrontend drives GnuPG at runtime to implement operations such as encryption and decryption. +OpenPGP is a standard for data encryption and decryption, which is supported by +GpgFrontend. GnuPG is a cryptographic software that is used for encrypting, +signing, and managing keys for asymmetric cryptography, and it follows the +OpenPGP standard. GpgFrontend operates GnuPG at runtime to perform various +operations such as encryption and decryption. ## How to obtain and use GpgFrontend? -The various versions of GpgFrontend will be released in the GitHub repository, and you can find and download the latest -version [HERE](https://www.gpgfrontend.pub/#/downloads). After downloading, you can refer to the instructions in README -and you can start using it in just a few steps. +The various versions of GpgFrontend will be released in the GitHub repository, +and you can find and download the latest version +[HERE](https://www.gpgfrontend.pub/#/downloads). After downloading, you can +refer to the instructions in ReadME and you can start using it in just a few +steps. ## How to deal with 'ENV Loading Failed'? -The reason for this problem is that GpgFrontend failed to find the GnuPG in your machine. You can follow suggestions -below. +The reason for this problem is that GpgFrontend failed to find the GnuPG in your +machine. You can follow suggestions below. ### macOS -For macOS users, please install GnuPG for OSX [Here](https://sourceforge.net/p/gpgosx/docu/Download/). Or just use Homebrew -to install GpgFrontend. By executing command: +For macOS users, please install GnuPG for OSX +[Here](https://sourceforge.net/p/gpgosx/docu/Download/). Or just use Homebrew to +install GpgFrontend. By executing command: `brew install --cask gpgfrontend`. -If you have installed GnuPG under a custom path, you can add the "bin" directory of GnuPG in to PATH. +If you have installed GnuPG under a custom path, you can add the "bin" directory +of GnuPG in to PATH. ### Linux For Linux users, please install GnuPG through apt or yum. -If you have installed GnuPG under a custom path, you can add the "bin" directory of GnuPG in to PATH. +If you have installed GnuPG under a custom path, you can add the "bin" directory +of GnuPG in to PATH. ### Windows -For Windows users, GnuPG is now integrated in the latest version of GpgFrontend, we recommend you to download the -latest GpgFrontend if you don't have any ideas. +For Windows users, GnuPG is now integrated in the latest version of GpgFrontend, +we recommend you to download the latest GpgFrontend if you don't have any ideas. -Or, you can download GnuPG installers for Windows [HERE](https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.4.0_20221216.exe). +Or, you can download GnuPG installers for Windows +[HERE](https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.4.0_20221216.exe). Try to reinstall GnuPG through installer when you have already install it. ### More Tips? -For more tips, you can see the quick start manual [HERE](quick-start.md). It provides more information on -dealing this situation. +For more tips, you can see the quick start manual [HERE](quick-start.md). It +provides more information on dealing this situation. ## I found some bugs in GpgFrontend, what should I do? -If you find a defect in GpgFrontend, you are welcome to create an issue in the GitHub repository to describe the -problem. When I see your issue, I will respond as soon as possible. If you do not have a GitHub account, please email my +If you find a defect in GpgFrontend, you are welcome to create an issue in the +GitHub repository to describe the problem. When I see your issue, I will respond +as soon as possible. If you do not have a GitHub account, please email my personal mailbox. For contact information, please see [Contract](contract.md). ## Can I modify the code of GpgFrontend? -If you have any good ideas, you are free to modify the code of GpgFrontend. You are welcome to submit a Pull Request to -add your good ideas to the next version. +If you have any good ideas, you are free to modify the code of GpgFrontend. You +are welcome to submit a Pull Request to add your good ideas to the next version. You can contribute completely anonymously, and you can email me patches. ## Why should I install GnuPG additionally? -The source code of GpgFrontend does not contain operations such as encryption and decryption, which requires Gnupg to -provide support. In addition, for users with higher security requirements, they can let GpgFrontend drive their trusted -copy of GnuPG. This design improves the security of GpgFrontend. +The source code of GpgFrontend does not contain operations such as encryption +and decryption, which requires Gnupg to provide support. In addition, for users +with higher security requirements, they can let GpgFrontend drive their trusted +copy of Gnupg. This design improves the security of GpgFrontend. ## What is the release version with BETA? -The release version with the word "beta" means that some modules of this version have not yet been thoroughly tested. In -addition, some support for the beta version may not be complete. But rest assured, I will test after the beta version is -released, and release a stable version at an appropriate time. +The release version with the word "beta" means that some modules of this version +have not yet been thoroughly tested. In addition, some support for the beta +version may not be complete. But rest assured, I will test after the beta +version is released, and release a stable version at an appropriate time. -But starting from 2.0.0, BETA versions will not be released unless there are special circumstances. +But starting from 2.0.0, BETA versions will not be released unless there are +special circumstances. diff --git a/manual/manual/encrypt-decrypt-file.md b/manual/manual/encrypt-decrypt-file.md index 230480b1..cd1bea54 100644 --- a/manual/manual/encrypt-decrypt-file.md +++ b/manual/manual/encrypt-decrypt-file.md @@ -1,52 +1,64 @@ # Encrypt & Sign File -Gpg Frontend provides a convenient and fast way to operate on files. The concept of encryption and decryption files is -almost the same as text, except that the input and output of file operations can be binary. +GpgFrontend offers a fast and convenient method for working with files. The +encryption and decryption process for files is nearly identical to that of text, +with the exception that file operations involve binary input and output. ## File Extension Introduction -For ciphertext in ASCII format, its filename suffix is usually asc, and you can directly open such files with a text -editor. However, if the ciphertext is binary, its file extension will be gpg. Usually, binary ciphertext files are -smaller than ASCII format. +For ciphertext in ASCII format, the file extension is typically "asc" and these +files can be opened with a text editor. On the other hand, if the ciphertext is +in binary format, the file extension will be "gpg". Binary ciphertext files are +generally smaller than ASCII format. -Before v2.0.4, the ciphertext files generated by GpgFrontend are all in ASCII format. But starting from v2.0.4, -GpgFrontend will generate ciphertext files in binary format by default. you can change this setting in settings. +Before version 2.0.4, GpgFrontend generated ciphertext files exclusively in +ASCII format. However, beginning with version 2.0.4, GpgFrontend now generates +ciphertext files in binary format by default. This setting can be adjusted in +the program's settings. ![image-20220112073548736](_media/encrypt-decrypt-file/image-20220112073548736.png) ## File Browser -In the top menu file option, you can open the file browser(Ctrl/Command + B). Then by using the file browser, first -enter your working directory. Then right-click the file you need to operate, and then select the operation you want in -the pop-up menu. +From the top menu's "File" option, you can access the file browser by pressing +Ctrl/Command + B. By using the file browser, you can navigate to your working +directory and right-click on the file you wish to work with. This will open a +pop-up menu, where you can select the operation you want to perform on the file. ![image-20220112072034647](_media/encrypt-decrypt-file/image-20220112072034647.png) -There are two control buttons at the top of the file tab. The one on the left is the up level, and the one on the right -is to enter or refresh the corresponding path in the input box on the left. +Located at the top of the file tab are two control buttons. The button on the +left allows you to navigate up one level in the directory hierarchy, while the +button on the right refreshes the input box on the left with the corresponding +path. -On the far right is a button with useful options that you can tick to show system files or hidden files. +On the far right of the file tab, there is a button with useful options that you +can select to show system files or hidden files. ![image-20220112072335503](_media/encrypt-decrypt-file/image-20220112072335503.png) ### Encrypt & Sign -This method provides encryption and signature functions, which GpgFrontend recommend, so that the receiver can know that -the ciphertext comes from you. You can select one or more recipients' public key and your own private key to complete -this operation. +GpgFrontend recommends using the encryption and signature functions in this +method, so that the recipient can verify that the ciphertext originates from +you. You can select one or more recipients' public keys as well as your own +private key to complete this operation. -This operation generates a file with the gpg extension. The file with this suffix contains both encrypted content and -signed content. +When the operation is complete, a file with the ".gpg" extension is generated. +This file contains both encrypted content and signed content. ![Peek 2022-01-12 07-26](_media/encrypt-decrypt-file/Peek-2022-01-12-07-26.gif) ### Decrypt & Verify -This ciphertext is verified while decrypting, which can improve security. In addition, you can also perform Only Verify -operations and this operation will verify without decryption. To use this operation, you need to select a file with a -gpg or asc extension, which contains the ciphertext and signature content. +When decrypting this ciphertext, it undergoes verification, which enhances +security. Additionally, you can perform a "Only Verify" operation which verifies +the content without decrypting it. To use this operation, you must select a file +with a ".gpg" or ".asc" extension, which contains the ciphertext and signature +content. -In order to encourage users to check whether the ciphertext is signed or not when decrypting, Gpg Frontend does not -provide a separate decryption operation here. +To encourage users to verify whether the ciphertext is signed or not when +decrypting, Gpg Frontend does not provide a separate decryption operation for +this. ![Peek 2022-01-12 07-24](_media/encrypt-decrypt-file/Peek-2022-01-12-07-24.gif) diff --git a/manual/manual/encrypt-decrypt-text.md b/manual/manual/encrypt-decrypt-text.md index ad36880a..e518b8b6 100644 --- a/manual/manual/encrypt-decrypt-text.md +++ b/manual/manual/encrypt-decrypt-text.md @@ -1,83 +1,111 @@ # Encrypt & Decrypt Text -To start encryption and decryption operations, you need to prepare your plain text. In addition, you also need a public -key that can perform encryption operations. How to generate such a key can be found in the chapter on generating a key -pair. +To begin encryption and decryption operations, you must first prepare your plain +text. Additionally, you will need a public key that is capable of performing +encryption operations. Information on how to generate such a key can be found in +the chapter on generating a key pair. ## Encrypt -The Encrypt operation itself uses a public key and does not require a private key. Remember that whoever you want to -send it to encrypts it with whose public key. For people who don't use gpg very often, they often get confused and use +The Encrypt operation itself uses a public key and does not require a private +key. Remember that whoever you want to send it to encrypts it with whose public +key. For people who don't use gpg very often, they often get confused and use their own keys to encrypt ciphertext. -Note that if you want to encrypt your text and send it to "foo", you need to know foo's public key first. Then you need -to encrypt your text with foo's public key instead of using your public key. Before encrypting, check to see if the -public key has cryptographic capabilities. This can be viewed in the usage column of the key toolbox (the letter E -stands for encryption). +Note that if you want to encrypt your text and send it to "foo", you need to +know foo's public key first. Then you need to encrypt your text with foo's +public key instead of using your public key. Before encrypting, check to see if +the public key has cryptographic capabilities. This can be viewed in the usage +column of the key toolbox (the letter E stands for encryption). -It is worth mentioning that if you only use foo's public key to encrypt the ciphertext, no one but foo's own private key -can decrypt the ciphertext. There is a situation where you want ciphertexts to be decrypted by multiple people ( -including yourself), please check their corresponding public keys before doing so. After an encryption operation, if you -misuse (some people's public keys are found to be missing), you can use the undo operation to restore your original +It is worth mentioning that if you only use foo's public key to encrypt the +ciphertext, no one but foo's own private key can decrypt the ciphertext. There +is a situation where you want ciphertexts to be decrypted by multiple people ( +including yourself), please check their corresponding public keys before doing +so. After an encryption operation, if you misuse (some people's public keys are +found to be missing), you can use the undo operation to restore your original ciphertext before closing GpgFrontend. ### Only Encrypt -In this case, you only encrypt the ciphertext, and the ciphertext will be shorter. Because in operation, the ciphertext -does not contain additional signature information to determine the identity of the encryptor. If you don't want to -receive your graphemes knowing your identity, use this method to generate your ciphertexts. +In this case, you only encrypt the ciphertext, which results in a shorter +ciphertext. This is because the ciphertext does not contain additional signature +information that identifies the encryptor. If you do not want the recipient to +know your identity, use this method to generate your ciphertexts. -After the encrypted operation, there is no additional information display in the information board except for the prompt -of whether the operation is successful. +After the encryption operation, no additional information will be displayed in +the information board except for a prompt indicating whether the operation was +successful. -![Peek 2022-01-12 07-16](_media/encrypt-decrypt-text/Peek 2022-01-12 07-16.gif) +![Peek 2022-01-12 07-16](\_media/encrypt-decrypt-text/Peek 2022-01-12 07-16.gif) ### Encrypt Sign -By encrypting and signing at the same time, not only can the text be protected, but the recipient can also know that -thecipher text is from your hand. This encryption is often used in scenarios where both parties need to ensure that the -decrypted text is credible, and in general, in that scenario, the upper reaches know each other. The ciphertext -generated by this operation is longer because of the additional signature information attached to it. +To encrypt and sign text, you need to first prepare the plaintext and have a +public key that can perform encryption operations. The public key used for +encryption should belong to the intended recipient, not yourself. It is +important to verify that the recipient's public key has cryptographic +capabilities for encryption before proceeding. -Before doing so, you only need to select the public key(s) you need to use for encryption. Halfway through the -encryption operation, you'll be asked to choose the private key you need to use for signing. That is, the signer. If you -don't find the key you want in the Signaler list, confirm that your private key can be used for encryption and is valid. -To check whether the key can be used for signing, please check the usage column in the key toolbox on the right (letter -S stands for signature). You can select the public key to use for encryption, or you can select the public key to use -for signing. +If you want the recipient to know that the ciphertext is from you, you can also +choose to sign the text while encrypting it. This ensures that the decrypted +text is credible and comes from your hand. This method is commonly used when +both parties need to ensure the authenticity of the decrypted text, and +typically in scenarios where both parties know each other. -For this type of ciphertext, you can use the validate operation to see if the ciphertext is trustworthy before -decryption. +To encrypt and sign at the same time, select the public key(s) you need to use +for encryption, and during the encryption process, select the private key you +need to use for signing. This private key should belong to you and should have +the capability for signature operations. You can verify this by checking the +usage column in the key toolbox on the right (letter S stands for signature). -When the operation is complete, information about the cryptographic operation and the signature operation is displayed -in the Infomation Board. You can view information about the signature, such as the pattern of your signature and the -algorithm used (you can indirectly see which subkey you used to sign). Please note the distinction between the dates -used in your signature messages in UTC and not your local time. +The ciphertext generated by this operation is longer than ciphertext generated +by only encryption because of the additional signature information attached to +it. After the operation is complete, information about the cryptographic and +signature operations will be displayed in the Infomation Board, including +information about the signature pattern and algorithm used. Note that the dates +used in the signature messages are in UTC, not your local time. + +To verify the authenticity of the ciphertext before decryption, you can use the +validate operation. Once the ciphertext is verified, you can proceed with +decryption using your private key. ![GIF](https://github.com/saturneric/Blob/blob/master/gif/encrypt-sign.gif?raw=true) ## Decrypt -Paste the ciphertext you obtained directly, gpg will automatically select the appropriate key in the list for -decryption. Always remember to decrypt with the private key. +When decrypting the ciphertext, you can simply paste the obtained ciphertext +into GpgFrontend, and it will automatically select the appropriate private key +for decryption. It is important to note that decryption must be performed with +the private key associated with the public key used for encryption. ![Peek 2022-01-12 07-18](_media/encrypt-decrypt-text/Peek-2022-01-12-07-18.gif) -Whether a key pair can be used for decryption will not be displayed in the usage column. You only need to remember that -a valid private key can be used to decrypt the ciphertext encrypted with the related public key. - -Regarding whether this key is a public key or a private key, you can check the type column in the key toolbox. However, -you do not need to check the corresponding key before decryption. And when all your local keys cannot be used for -decryption, the program will prompt decryption failure. +When decrypting a ciphertext, it is not necessary to check the usage column in +the key toolbox to determine if the key is valid for decryption. Instead, you +need to use a valid private key that corresponds to the public key used for +encryption. You can identify whether a key is a public key or a private key by +checking the type column in the key toolbox. If all your local keys are not +valid for decryption of the ciphertext, the program will display a decryption +failure message. ## Decrypt Verify -While decrypting, you can learn some information about the encryptor of the key (if you signed it during encryption). +During decryption with verification, GPG will check the signature attached to +the ciphertext to ensure its authenticity. This provides an additional layer of +security and helps to prevent tampering with the encrypted message. -Whether a key pair can be used for verification will not be displayed in the usage column, you only need to remember a -valid public key can be used for verification. +To perform decryption with verification, you need to select a file with a ".gpg" +or ".asc" extension, which contains the ciphertext and signature content. If the +signature is valid, GPG will decrypt the message and display it in plain text. +Otherwise, it will display an error message indicating that the signature is not +valid. -This is a good habit regardless of whether the encryptor has signed in advance. Because you cannot infer from the format -of the ciphertext whether it has been signed or not. So, use decryption operations with verification whenever possible. +It is important to note that whether a key pair can be used for verification +will not be displayed in the usage column. Instead, you need to remember that a +valid public key can be used for verification. Therefore, it is a good habit to +always verify the signature during decryption, regardless of whether the +encryptor has signed in advance. This helps to ensure the authenticity and +integrity of the decrypted message. ![Peek 2022-01-12 07-10](_media/sign-verify-text/Peek-2022-01-12-07-10.gif) diff --git a/manual/manual/generate-key.md b/manual/manual/generate-key.md index 848e6a8c..6c52bee8 100644 --- a/manual/manual/generate-key.md +++ b/manual/manual/generate-key.md @@ -1,118 +1,150 @@ # Generate Key Pair & Subkey -For GpgFrontend, to understand the key, you must first understand two concepts: key pair and subkey. +Sure, let's go through the process of generating a key pair and subkeys. -A key pair can be compared to a key ring. When it is generated, there is a key in the ring called the primary key. This -primary key can do the intended operation (encryption, decryption, etc.). At the same time, keep this in mind, only -through the primary key can you open the keychain to add new keys to it. +To generate a key pair using GpgFrontend, follow these steps: -The sub-keys can be analogous to the keys you add to the key pair later, and each of them can independently perform -operations such as encryption and decryption. It can be considered that the primary key mentioned above is a special -subkey. +1. Open GpgFrontend and click on the "Generate Key" button. +2. Fill in the required information, such as your name and email address. +3. Choose the type of key you want to generate (RSA or ECC). +4. Set the key size and expiration date, if desired. +5. Create a passphrase to protect your private key. +6. Click "Generate" to create your key pair. -When there is no primary key in the key pair, you will not be able to open the key ring to add a new sub key, but you -can still use this sub key if it is changed to exist for your operations. This mechanism is very helpful to the security -of the key. +Once your key pair is generated, you can add subkeys to it by following these +steps: -Let's see how to generate them next. +1. Select the key pair you want to add a subkey to. +2. Click on the "Add Subkey" button. +3. Choose the type of subkey you want to add (encryption, signing, + authentication, or all). +4. Set the subkey size and expiration date, if desired. +5. Create a passphrase to protect your subkey. +6. Click "Add" to create your subkey. + +You can add multiple subkeys to a key pair, each with their own specific +purposes. This allows you to have more control over your key pair's security and +usage. ## Generate Key Pair -You can quickly grasp the operation of generating a key pair through the following animation. +You can quickly understand the process of generating a key pair by watching the +following animation. ![GIF](https://github.com/saturneric/Blob/blob/master/gif/generate-key-pair.gif?raw=true) ### Name & Email & Comment -These three fields are used to facilitate people to distinguish this key pair from the card key pair. For these three -options, except for name and email, which are required, comments are optional. +The three fields, including name, email, and comment, are used to help users +differentiate this key pair from other key pairs they may have. Among these +three options, name and email are mandatory, while comment is optional. -In addition, the length of the name is required to be greater than 5 letters, as long as the email conforms to the -format (no actual existence is required). +It is important to note that the name should be at least 5 characters long, and +the email should follow the correct format (no actual email account is +required). ![uid](https://github.com/saturneric/Blob/blob/master/screenshots/uid.png?raw=true) ### Expiration Date -You can set an expiration date for the key pair. After this date, the key may still be used normally, but the operation -it does will be logically invalid (especially for signature operations). GpgFrontend recommends and defaults this date -to two years later. If you wish, check the Never expire checkbox to make this key pair never expire. +Setting an expiration date for the key pair is a way to limit the validity of +the key over time. Once the expiration date is reached, the key can still be +used, but its operations, especially signature operations, will be considered +invalid. By default, GpgFrontend suggests setting the expiration date to two +years after generation, but you can also choose to check the "Never expire" +checkbox to make the key pair permanent. -But don't worry, you can change this option at any time after generation, even long after the expiration date (as long -as the primary key exists). +It's important to note that this option can be changed at any time after +generation, even after the expiration date has passed, as long as the primary +key still exists. ![expiration-date](https://github.com/saturneric/Blob/blob/master/screenshots/expriation-date.png?raw=true) ### Key Size & Algo -These two options are related. In general, different encryption algorithms have different optional lengths. GpgFrontend -will give you sufficient hints on the UI so that you will not go wrong. +Setting an expiration date for the key pair is a way to limit the validity of +the key over time. Once the expiration date is reached, the key can still be +used, but its operations, especially signature operations, will be considered +invalid. By default, GpgFrontend suggests setting the expiration date to two +years after generation, but you can also choose to check the "Never expire" +checkbox to make the key pair permanent. -Just remember that the larger the key length, the more secure, but it will be slower when performing operations. +It's important to note that this option can be changed at any time after +generation, even after the expiration date has passed, as long as the primary +key still exists. ![keysize-algo](https://github.com/saturneric/Blob/blob/master/screenshots/keysize-algo.png?raw=true) ### Passphrase -You can set a key to protect the primary key, which is very important when the primary key is leaked. When the Do not -set password check box is not checked, an interface for you to enter the password will pop up during the process of -generating the password. Just follow the prompts. After setting the password, when you need to use the primary key for -operation, you may enter the password to unlock it -(some systems have a password networkAccessManager to take over this process). +Setting a password to protect the primary key is crucial in case of a security +breach. If the "Do not set password" checkbox is unchecked, you will be prompted +to enter a password during the key pair generation process. Follow the prompts +to set the password. Once the password is set, whenever you need to use the +primary key for an operation, you will need to enter the password to unlock it +(some systems have a password manager to automate this process). -You can also check the checkbox to not set a protection password for the primary key, but due to security -considerations, this is not recommended. +However, you can also check the "Do not set password" checkbox to skip setting a +protection password for the primary key. But this is not recommended due to +security concerns. ### Usage -In the option of generating a key pair, you can specify the usage for the first subkey of the key pair, which is the -primary key. There are four options: +When generating a key pair, you can specify the usage for the first subkey, +which is the primary key. There are four options: ![usages](https://github.com/saturneric/Blob/blob/master/screenshots/usages.png?raw=true) -- Encryption: After generation, it can be used for encryption operations. +- Encryption: Once generated, this key can be used for encryption purposes. -- Signing: After generation, it can be used for signature operations. +- Signing: Once generated, this key can be used for signature purposes. -- Certification: Popular understanding can be used to unlock this key ring (key pair). Only the primary key can check - this function. +- Certification: This key can be used to certify or verify other keys. Only the + primary key can have this usage. -- Authentication: It can perform authentication operations like SSH keys. +- Authentication: This key can be used for authentication purposes, such as with + SSH keys. -The third of these four uses (authentication purposes) can only be owned by the primary key. In addition, some usages -are not available when using certain algorithms for encryption. For example, when the DSA algorithm is selected, the +The third of these four uses (authentication purposes) can only be owned by the +primary key. In addition, some usages are not available when using certain +algorithms for encryption. For example, when the DSA algorithm is selected, the encryption uses are disabled. ## Generate Subkey -We can add sub-keys to the generated key pair. The subkey does not need to fill in the name, email and comment options. -The rest is basically the same as generating the key pair. +It is possible to append subkeys to an existing key pair. The subkey does not +require the input of a name, email, or comment, as the remaining steps are +essentially identical to those for generating a key pair. ![GIF](https://github.com/saturneric/Blob/blob/master/gif/generate-subkey.gif?raw=true) ### Extra note -Here are some tips you might want to know. These tips will help you better understand the above concepts and use this -tool correctly. +Below are some guidelines that may prove useful in comprehending the +aforementioned concepts and utilizing this tool accurately. #### primary key & Subkey -A key pair can have multiple subkeys and one primary key. Using this design reduces the risk of key leakage. For subkey, -After the subkey is leaked, you can revoke it at any time to reduce the loss. However, when the primary key is leaked, -the entire key pair will be insecure (the popular reason is that the main force can be used to manage this key pair). +A single primary key can be accompanied by several subkeys within a key pair. +This setup mitigates the risk of key leakage. In the event that a subkey is +exposed, it can be revoked promptly, thus limiting the damage. However, if the +primary key is leaked, the entire key pair becomes vulnerable, as the primary +key enables management of the entire key pair. -Therefore, the recommended approach is to generate multiple subkeys after creating the key pair, and export the master -key separately and store it in a safe place. This operation is not yet supported by GpgFrontend, you need to use the gpg -command to perform it. But gpgfrontend can identify and prompt the user whether the primary key exists or not. This is -very important, because some special operations (adding subkeys, signing other keys, etc.) cannot be performed without -the primary key. +Hence, it is advisable to generate multiple subkeys upon creating the key pair +and store the master key separately in a secure location. This operation is not +yet supported by GpgFrontend; therefore, the gpg command must be used to carry +it out. However, GpgFrontend can detect and notify the user whether the primary +key exists or not, which is critical since certain actions, such as adding +subkeys or signing other keys, necessitate the presence of the primary key. #### Some practical tips -The purpose of the primary key cannot be changed after it is generated. If the primary key of this key pair does not -have a certain purpose, but a certain sub-key has this purpose, this key pair can still be used for operations -corresponding to this purpose. - -For example, when you generated the key pair, you didn't check the encryption usage. Don't worry, you can generate a -subkey and check the encryption usage. In this way, this key pair can still perform encryption operations. +Once generated, the primary key's intended purpose cannot be altered. However, +if a subkey has been designated for a specific purpose that the primary key +lacks, the key pair can still be utilized for activities related to that +purpose. +For instance, suppose you overlooked the encryption usage while creating the key +pair. In that case, generating a subkey and configuring it for encryption usage +would enable the key pair to perform encryption operations. diff --git a/manual/manual/import-export-key-pair.md b/manual/manual/import-export-key-pair.md index 96e5ee35..0198c53e 100644 --- a/manual/manual/import-export-key-pair.md +++ b/manual/manual/import-export-key-pair.md @@ -1,93 +1,111 @@ # Import & Export Key Pair -GpgFrontend provides multiple ways for users to import or export key paris. Here we will introduce some classic -operations. Read the guide. +GpgFrontend provides various methods for importing or exporting key pairs, some +of which are outlined below. Please refer to the guide for more information. ## Import Key Pair -You can find the import options in the toolbar. You can choose several import methods according to your actual -situation. Let’s introduce these methods. +To access the import options, navigate to the toolbar and select the desired +method based on your specific requirements. Additionally, you can access +additional options by selecting the action menu in the key management section. ![image-20220110194143231](_media/import-export-key-pair/image-20220110194143231.png) -In fact, you can find this action menu in key management, and here you can do more actions. +In fact, you can find the action menu in the key management section, which +provides access to additional key management options beyond those available in +the toolbar. ![image-20220110200530182](_media/import-export-key-pair/image-20220110200530182.png) ### File -When you select this option, you need to select a public key or private key file that meets the standard. The file you -choose should be in text format, with any extension. +This option allows you to select a public or private key file in text format +with any extension to import. ### Editor -You can paste the contents of the key file on a blank text label page. Then click this option, GpgFrontend will -automatically recognize and import the corresponding key. +You can paste the contents of a key file onto a blank text label page and +GpgFrontend will automatically recognize and import the corresponding key. ### Clipboard -You can copy the contents of the key to your system clipboard somewhere else. Then, after selecting this option, the -corresponding key will be imported. +You can copy the contents of a key to your system clipboard and then select this +option to import the corresponding key. ### Keyserver -After selecting this option, you can enter the email or ID corresponding to the key in the pop-up selection, and then -select the appropriate key server. Then after clicking the search button, GpgFrontend will list the public keys that can -be imported in the key server. You can import them together, or you can choose to double-click the table row to import -the corresponding public key. Note: The keys imported in this way are all public keys. +This feature enables users to search for and import public keys from a key +server. Users must first enter the email or ID associated with the desired key +and select the appropriate key server. Upon clicking the search button, a list +of public keys that can be imported from the server will be displayed. Users can +choose to import multiple keys together or double-click on a specific table row +to import a corresponding public key. It is important to note that when using +this method, only public keys can be imported. -A detailed description of this part can be found [Here](./key-server-operations.md). +A detailed description of this part can be found +[Here](./key-server-operations.md). ### Dropdown on Key Toolbox -You can drag the key file directly to the key toolbox, and then follow the prompts of GpgFrontend to import the key. +You can drag the key file directly to the key toolbox, and then follow the +prompts of GpgFrontend to import the key. ## Export Key Pair -Deriving the public key of a key pair with the private key means deriving either the public key or the private key or -both of all the keys present in the key pair. If there are very many keys in the key pair, the exported data will be -very long. Similar to import, there are multiple export methods. +When deriving the public key of a key pair using the private key, you can derive +either the public key or the private key or both of all the keys present in the +key pair. However, if there are numerous keys in the key pair, the exported data +can be lengthy. Multiple export methods are available, which are similar to the +import process. -For Gpg Frontend, the exported data is encoded in ASCII, which ensures data compatibility between computers. +In Gpg Frontend, the exported data is encoded in ASCII to ensure compatibility +between computers. ### Export Public Key -you can find this operation in many places.The following will introduce them one by one. +You can find this operation in many places. The following will introduce them +one by one. #### Append Public Key to Editor -Right-click a row in the key toolbox, and click Append Select Key(s) to Editor in the pop-up menu item. You will find -that the public key that the key is right appears at the end of your text label page. You can freely copy the content to -any place. +To append a public key to the editor in GpgFrontend, right-click on a row in the +key toolbox and select "Append Select Key(s) to Editor" from the pop-up menu. +This will add the public key of the selected key to the end of the text label +page. You can then copy the content to any location as needed. #### Export on the Key Pair at Operations Tab -You can do this as shown in the screenshot below, which will store the data to a file. Please select a suitable -directory to store this file containing the public key data before going anywhere. +To export a public key using the Key Pair at Operations Tab, follow the steps +shown in the screenshot below. This will save the data to a file. Before +proceeding, please make sure to choose a suitable directory to store the file +containing the public key data. ![image-20220110194707813](_media/import-export-key-pair/image-20220110194707813.png) ### Export multiple public keys at once -You can export all public key data in multiple key pairs at one time, and you can select the key pairs you want to -export on the key management interface. Then, you can click Export to Clipboard. +To export public key data for multiple key pairs at once, select the desired key +pairs on the key management interface and click on the "Export to Clipboard" +option. This will copy the data to your system clipboard, which you can then +paste into any application or file. ![image-20220110195325342](_media/import-export-key-pair/image-20220110195325342.png) ### Export Private Key -You can find private key options everywhere in the detail's page that contains the private key (primary key or subkey). -Then you can select a location, and GpgFrontend will export the corresponding private key content to that location -later. +Private key options are available in various locations on the detail page that +contains the private key (either the primary key or subkey). From there, you can +select a destination and GpgFrontend will export the corresponding private key +content to that location. ![image-20220110200109284](_media/import-export-key-pair/image-20220110200109284.png) -Exporting the private key also exports the public key and private key data, because the private key data without the -public key is meaningless by itself, you cannot deduce the public key from the private key. - -Generally speaking, the private key content will be bundled with the public key content to export and export. Please -note: the private key file can never be disclosed to others. If it is leaked, it means that all ciphertexts encrypted by -the key are no longer safe. +Exporting the private key also exports both the public key and private key data, +as the private key data alone is meaningless without the corresponding public +key. Thus, the private key content is typically bundled with the public key +content during export. However, it's essential to note that the private key file +should never be disclosed to others. If leaked, it could compromise the security +of all ciphertexts encrypted by the key. You can export the private key data in your key pair in two ways. @@ -96,5 +114,5 @@ You can export the private key data in your key pair in two ways. ### Securely export and transfer as a Key Package -You can package the private key data or public key data of multiple key pairs into a Key Package to allow them to be -securely transferred between your PC devices. This part of the function will be introduced in the feature. \ No newline at end of file +To securely transfer private key or public key data of multiple key pairs +between your PC devices, you can package them into a Key Package. \ No newline at end of file diff --git a/manual/manual/key-server-operations.md b/manual/manual/key-server-operations.md index 856b01e6..f4354db4 100644 --- a/manual/manual/key-server-operations.md +++ b/manual/manual/key-server-operations.md @@ -1,113 +1,137 @@ # Key Server Operations -You want to use encrypted communication, but in some cases, you only know the email address to which your message is -sent, but you don't know what the public key of the owner of the email address is. +There are certain scenarios where you require encrypted communication but only +have the recipient's email address and do not possess the recipient's public +key. Additionally, in the event that your key has been inadvertently exposed, it +becomes necessary to notify the holders of your public key to discontinue its +use for sending encrypted information. In such cases, the key server can be +utilized to facilitate key information sharing. You can upload your public key +information to the key server, or search and retrieve the required public key +using email addresses or key IDs. -This is one situation, and another situation is that your key is accidentally leaked. How do you notify the person who -holds your public key to stop using your public key to continue sending you encrypted information? For these people, you -may not even know their names or contact information. In the above cases, you may be able to use the key server to -complete the sharing of key information. You can upload your public key information to the key server, or search or pull -the public key you need from the key server by email address and key ID. - -Once the public key information is uploaded to the key server, it will be transmitted between the key servers until -finally all the key servers store your public key for access by people all over the world. - -GpgFrontend provides the ability to interact with the key server. Through mouse operation, you can quickly use the key -server to share your public key, or search and import the public key you want. It should be noted that once the public -key information is uploaded to the key server, it means that the public key information cannot be deleted from the key -server and will always be retained. but when you add a subkey to your key pair, the public key of the old key pair can -be overwritten by updating. +Upon uploading your public key information to the key server, it is transmitted +across key servers globally, making it accessible to individuals worldwide. +GpgFrontend features key server interaction capabilities, which enable users to +rapidly share their public key, search for and import required public keys using +mouse operations. It is essential to note that once public key information is +uploaded to the key server, it cannot be deleted and will be retained +indefinitely. However, the public key of the old key pair can be overwritten by +updating when a subkey is added to the key pair. ## Import Public Key From Key Server -In the main page or in the key manager's Import key operation mode, there is a key server option. After selecting this -option you can see such an interface. +In the main page or in the key manager's Import key operation mode, there is a +key server option. After selecting this option you can see such an interface. ![import-keys-fomr-keyserver](_media/key-server-operations/import-keys-fomr-keyserver.png) -You can get a list of public keys associated with a key server by searching for Key ID, fingerprint or email address via -the search box. If there is a suitable public key in the list, you can import it by double-clicking it. +You can get a list of public keys associated with a key server by searching for +Key ID, fingerprint or email address via the search box. If there is a suitable +public key in the list, you can import it by double-clicking it. ![import-keys-fomr-keyserver-1](_media/key-server-operations/import-keys-fomr-keyserver-1.png) -When the import is complete, you can check whether the public key is actually imported through the pop-up window (no -need to import when the local public key is newer), and you can also check some brief information about the public key. +When the import is complete, you can check whether the public key is actually +imported through the pop-up window (no need to import when the local public key +is newer), and you can also check some brief information about the public key. ![image-20220109191357259](_media/key-server-operations/image-20220109191357259.png) -It is worth noting that the public key you imported may be expired or revoked. You can view the status of the key -through the category tab in the key management interface. In addition to the search box, you also noticed that you can -choose which key server to grab the public key information from by clicking on the drop-down box. How to set or add this -candidate list, please refer to the last section of this document: Key server related settings. +It is important to note that the public key you import may have expired or been +revoked. You can check the status of the key by navigating to the category tab +in the key management interface. In addition to the search box, you may also +notice a drop-down box that allows you to choose which key server to retrieve +the public key information from. To modify or add to this list of candidate +servers, please refer to the last section of this document: Key server related +settings. ## Export My Public Key To The Keyserver -When the current key pair has a master key, you can publish the public key information to the key server. Note that in -order to be able to let users know what they are actually doing, GpgFrontend specifies that this can only be done if a -master key exists for the local key pair. This avoids confusion about the function. +If the current key pair has a master key, you have the option to publish the +public key information to a key server. It is important to note that in order to +avoid confusion, GpgFrontend requires the presence of a master key for this +action to be performed. This ensures that users are aware of what they are doing +and the function being performed. ### How To Use -You can find the entry of this operation through the operation tab of the key pair detail interface, as shown in the -following figure. +You can find the entry of this operation through the operation tab of the key +pair detail interface, as shown in the following figure. ![image-20220109192532368](_media/key-server-operations/image-20220109192532368.png) -Perform the operation by clicking Upload key pair to key server. Note that the naming of operations here is a bit -confusing, but this is where your public key information (not your private key) will be uploaded. +Perform the operation by clicking Upload key pair to key server. Note that the +naming of operations here is a bit confusing, but this is where your public key +information (not your private key) will be uploaded. ### Synchronize public key information from a key server -Sometimes, before you perform an encryption operation, you want to know if the public key you are using is still valid. -At this point, you can get the latest information about the key from the key server (if the public key server has one). +Sometimes, before you perform an encryption operation, you want to know if the +public key you are using is still valid. At this point, you can get the latest +information about the key from the key server (if the public key server has +one). -As above, you can find this action in the Actions tab of the key pair details screen, as shown in the image below. +As above, you can find this action in the Actions tab of the key pair details +screen, as shown in the image below. ### Extra Information -Gpg Frontend will upload the public key information to the default key server you set. The private key information is -not uploaded and should not be manually uploaded anywhere by the user. +Gpg Frontend will upload the public key information to the default key server +you set. The private key information is not uploaded and should not be manually +uploaded anywhere by the user. Refer to the last section of this document on how to set the default key server. ![image-20220109192532368](_media/key-server-operations/image-20220109192532368.png) -By clicking Synchronize key pair with key server, the public key information can be automatically pulled from the key -server and compared with the local key information. After the operation is complete, you can check in the pop-up window -whether the key has actually been updated. It is worth noting that you will not be able to perform this operation if the -private key exists locally, the reason is that you already have the key pair and you should publish the latest -information for the key pair instead of accepting outdated information from the key server . +The "Synchronize key pair with key server" function allows for automatic +retrieval of public key information from the key server, which is then compared +with the local key information. After the operation is completed, a pop-up +window will appear indicating whether the key has actually been updated. It +should be noted that this operation is not possible if the private key exists +locally. This is because, in such a case, you already have the key pair and +should publish the latest information for the key pair instead of accepting +outdated information from the key server. ### Extra Information -Gpg Frontend will automatically communicate with the default keyserver you set and get the information it wants. Refer -to the last section of this document on how to set the default key server. +GpgFrontend automatically communicates with the default key server that you have +set to obtain the necessary information. You can refer to the last section of +this document to learn how to set the default key server. ## Sync ALL Public Key -This is an advanced function provided by Gpg Frontend, it can synchronize all your local public key information at one -time, if you want to know, please read [this document](../features/sync-all-public-keys.md). +This is an advanced function provided by GpgFrontend, it can synchronize all +your local public key information at one time, if you want to know, please read +[this document](../features/sync-all-public-keys.md). ## Key Server Related Settings -如何What about setting a list of keyservers? Or set a default keyserver? At this point, you need to open the Settings -interface and find the Key Servers tab. Here you can see operations related to the key server candidate list, and see -which key server is the default key server. +If you want to set a list of key servers or a default key server, you can do so +by accessing the Settings interface and navigating to the Key Servers tab. Here, +you will find options for managing your key server candidate list and +determining which key server is set as the default. ![image-20220109195518834](_media/key-server-operations/image-20220109195518834.png) -You can enter the http or https address of the key server you want to add in the input box, and then click Add to add a -candidate key server. In order to prevent man-in-the-middle attacks, users are strongly recommended to use the https -protocol. If you want to delete a candidate key server, you can right-click the row of the corresponding key server in -the table and click Delete in the pop-up menu. If you want to edit an existing candidate key server address, you can -double-click its address in the table and edit it. +To add a candidate key server to the list, simply enter the http or https +address of the key server you wish to add into the input box and click "Add". It +is strongly recommended that users use the https protocol to prevent +man-in-the-middle attacks. If you wish to delete a candidate key server, simply +right-click on the corresponding row in the table and select "Delete" from the +pop-up menu. To edit an existing candidate key server address, double-click on +the address in the table and edit it. -If you want to test the network connectivity of the servers in the key server candidate list, you can click the Test -button at the bottom. Note that the test here only tells you if the keyserver is reachable, not whether the address is a -valid keyserver. +To test the network connectivity of the servers in the key server candidate +list, click the "Test" button located at the bottom of the Key Servers tab. +However, note that the test only determines if the keyserver is reachable, not +whether the address is a valid keyserver. ### Set Default Key Server -If you want to set a candidate key server as your default key server, you can right-click the row of the corresponding -key server in the table, and click Set as Default in the pop-up menu. You can see if a candidate keyserver is the -default keyserver in the first column of the table. \ No newline at end of file +To set a candidate key server as your default key server, you can follow these +steps. First, locate the candidate key server you want to set as the default in +the table. Then, right-click the row of the corresponding key server, and click +"Set as Default" in the pop-up menu. Once set, you can verify whether a +candidate key server is the default key server by checking the first column of +the table. \ No newline at end of file diff --git a/manual/manual/sign-verify-file.md b/manual/manual/sign-verify-file.md index b62d62ae..3e65af8e 100755 --- a/manual/manual/sign-verify-file.md +++ b/manual/manual/sign-verify-file.md @@ -1,48 +1,56 @@ # Sign & Verify File -Gpg Frontend provides a convenient and fast way to operate on files. The concept of signing and verifying files is -almost the same as text, except that the input and output of file operations can be binary. +Gpg Frontend provides a convenient and fast way to operate on files. The concept +of signing and verifying files is almost the same as text, except that the input +and output of file operations can be binary. ## File Extension Introduction -For ciphertext in ASCII format, its filename suffix is usually asc, and you can directly open such files with a text -editor. However, if the ciphertext is binary, its file extension will be sig or gpg. Usually, binary ciphertext files +For ciphertext in ASCII format, its filename suffix is usually asc, and you can +directly open such files with a text editor. However, if the ciphertext is +binary, its file extension will be sig or gpg. Usually, binary ciphertext files are smaller than ASCII format. -Before v2.0.4, the ciphertext files generated by GpgFrontend are all in ASCII format. But starting from v2.0.4, -GpgFrontend will generate ciphertext files in binary format by default. you can change this setting in settings. +Before v2.0.4, the ciphertext files generated by GpgFrontend are all in ASCII +format. But starting from v2.0.4, GpgFrontend will generate ciphertext files in +binary format by default. you can change this setting in settings. ![image-20220112073548736](_media/encrypt-decrypt-file/image-20220112073548736.png) ## File Browser -In the top menu file option, you can open the file browser(Ctrl/Command + B). Then by using the file browser, first -enter your working directory. Then right-click the file you need to operate, and then select the operation you want in -the pop-up menu. +In the top menu file option, you can open the file browser(Ctrl/Command + B). +Then by using the file browser, first enter your working directory. Then +right-click the file you need to operate, and then select the operation you want +in the pop-up menu. ![image-20220112072034647](_media/encrypt-decrypt-file/image-20220112072034647.png) -There are two control buttons at the top of the file tab. The one on the left is the up level, and the one on the right -is to enter or refresh the corresponding path in the input box on the left. +There are two control buttons at the top of the file tab. The one on the left is +the up level, and the one on the right is to enter or refresh the corresponding +path in the input box on the left. -On the far right is a button with useful options that you can tick to show system files or hidden files. +On the far right is a button with useful options that you can tick to show +system files or hidden files. ![image-20220112072335503](_media/encrypt-decrypt-file/image-20220112072335503.png) ### Sign -Through the right-click menu, you can quickly sign a file. This operation will generate a file with a sig or asc suffix, -which contains the signature content. In this case, you need to pass this file along with the original file so that the -other party can verify it. +Through the right-click menu, you can quickly sign a file. This operation will +generate a file with a sig or asc suffix, which contains the signature content. +In this case, you need to pass this file along with the original file so that +the other party can verify it. ![Peek 2022-01-12 07-39](_media/sign-verify-file/Peek-2022-01-12-07-39.gif) ### Verify -This operation needs to select a file with a gpg suffix (maybe invalid for the ciphertext of a binary file) or a file -with a sig suffix for verification. +This operation needs to select a file with a gpg suffix (maybe invalid for the +ciphertext of a binary file) or a file with a sig suffix for verification. -When selecting a file with the sig suffix, make sure that the source file is also in this directory. This means that the -name of the source file is just missing a sig suffix. +When selecting a file with the sig suffix, make sure that the source file is +also in this directory. This means that the name of the source file is just +missing a sig suffix. ![Peek 2022-01-12 07-40](_media/sign-verify-file/Peek-2022-01-12-07-40.gif) \ No newline at end of file diff --git a/manual/manual/sign-verify-text.md b/manual/manual/sign-verify-text.md index f3ed699f..dcd3453a 100644 --- a/manual/manual/sign-verify-text.md +++ b/manual/manual/sign-verify-text.md @@ -1,46 +1,60 @@ # Sign & Verify Text -In general, the process of signing and verifying is the reverse process of encryption and decryption. When signing, the -private key is used, and when verifying, the public key is used. And just like signing one name after another on a -document, multiple private keys can be selected when signing. But there are some differences. Digital signatures can be -used to verify whether the content of the signature has changed, while handwritten signatures are difficult to do. +The process of signing and verifying is typically the inverse of the process of +encryption and decryption. When signing, the private key is used, and when +verifying, the public key is used. Similar to signing multiple names on a +document, multiple private keys can be selected when signing. However, there are +some notable differences. Digital signatures can be used to verify whether the +signature's content has been tampered with, while it is difficult to achieve the +same level of verification with handwritten signatures. ## Only Sign -By signing the text, you can show that you are the only and unchangeable certification with this text. You can just sign -the text without encrypting the text like the following. +By signing the text, you can show that you are the only and unchangeable +certification with this text. You can just sign the text without encrypting the +text like the following. ![Peek 2022-01-12 06-50](_media/sign-verify-text/Peek-2022-01-12-06-50.gif) -To check whether the key can be used for signing, please check the usage column in the key toolbox on the right (letter -S stands for signature). +To check whether the key can be used for signing, please check the usage column +in the key toolbox on the right (letter S stands for signature). ## Sign With Encrypt -You can also encrypt this short text while signing, which is equivalent to signing while encrypting. A typical usage -method is to check two key pairs, one is someone else's public key, which is used for encryption; the other is your own -private key, which is used for signing. If you do not check any key that can be used for signing, this is possible ( -equivalent to encryption only). The only difference is that you will receive a warning. +You can also perform signing and encryption simultaneously by selecting both a +public key for encryption and your own private key for signing. This is a common +practice where you check two key pairs: one belonging to someone else for +encryption, and the other being your own private key for signing. If you do not +select any key for signing, encryption-only is possible, but you will receive a +warning. It is worth noting that combining signing and encryption provides an +additional layer of security, as it ensures the recipient that the message has +not been tampered with and that it came from the sender whose identity is +verified by the digital signature. -![Peek 2022-01-12 06-54](_media/sign-verify-text/Peek-2022-01-12-06-54-16419417228411.gif) +![Peek 2022-01-12 +06-54](_media/sign-verify-text/Peek-2022-01-12-06-54-16419417228411.gif) ## Verify -After obtaining a plaintext and its signature, you can verify the signature. Please keep in mind that this form of -signature is not suitable for use in emails as it will make the email less readable, if you need to sign your email, -please use the "New Message" function to generate the OpenPGP/MIME format sign for your email. +Once you have obtained a plaintext and its corresponding signature, you can +verify the signature using the public key of the signer. However, please note +that this form of signature is not suitable for use in emails as it can make the +email less readable. ![Peek 2022-01-12 06-56](_media/sign-verify-text/Peek-2022-01-12-06-56.gif) -To verify a signature with text, you need to have the corresponding public key for all included signatures. If a -suitable public key for a signature is not found locally during verification, Gpg Frontend will remind you to import it. +To verify a signature with text, you need to have the corresponding public key +for all included signatures. If a suitable public key for a signature is not +found locally during verification, GpgFrontend will remind you to import it. ![image-20220112070325556](_media/sign-verify-text/image-20220112070325556.png) ## Verify With Decrypt -After obtaining a ciphertext, you can try to verify it while decrypting it. This is a good habit regardless of whether -the encryptor has signed in advance. Because you cannot infer from the format of the ciphertext whether it has been -signed or not. So, use decryption operations with verification whenever possible. +It is recommended to verify a ciphertext while decrypting it, regardless of +whether it has been signed by the encryptor or not. It is not possible to +determine from the format of the ciphertext whether it has been signed or not. +Therefore, it is a good habit to always use decryption operations with +verification when possible. ![Peek 2022-01-12 07-10](_media/sign-verify-text/Peek-2022-01-12-07-10.gif) diff --git a/manual/manual/symmetric-encrypt-decrypt-text.md b/manual/manual/symmetric-encrypt-decrypt-text.md index fb469277..7b605a62 100644 --- a/manual/manual/symmetric-encrypt-decrypt-text.md +++ b/manual/manual/symmetric-encrypt-decrypt-text.md @@ -1,5 +1,6 @@ # Symmetric Encrypt & Decrypt Text -Symmetric encryption will be triggered when you click the Encrypt button and do not check any key in the Key Toolbox. -For symmetric encryption, you need to set a password for your encryption process. When decrypting, you need to enter -the same password as the encryption process. \ No newline at end of file +Symmetric encryption will be triggered when you click the Encrypt button and do +not check any key in the Key Toolbox. For symmetric encryption, you need to set +a password for your encryption process. When decrypting, you need to enter the +same password as the encryption process. \ No newline at end of file diff --git a/manual/manual/understand-interface.md b/manual/manual/understand-interface.md index fcbc269c..e1ce09bb 100644 --- a/manual/manual/understand-interface.md +++ b/manual/manual/understand-interface.md @@ -1,134 +1,167 @@ # Understand Interface -As a novice, you only need to quickly grasp the meaning of a few important parts of the page. You will gradually -discover other functions in the next exploration. The interface may not be the same for different versions. +As a novice, you only need to quickly grasp the meaning of a few important parts +of the page. You will gradually discover other functions in the next +exploration. The interface may not be the same for different versions. ![Interface](https://github.com/saturneric/Blob/blob/master/screenshots/interface-introduce.png?raw=true) ## Text Editor -In the text editing area, you can type text at will. Or create a new tab through the New option in the top file menu. -Tabs can be moved, closed, and so on. +In the text editing area, you are free to type any text you want, or create a +new tab using the "New" option in the file menu at the top. You can easily move +or close tabs as needed. -You can operate your text through the options in the Operations Bar. Or you can use some common shortcuts(ctrl+c/v/s) to -copy-paste save or even find operations. +You can perform various operations on your text using the options provided in +the Operations Bar, or you can use common shortcuts like Ctrl+C/V/S to copy, +paste, and save or even find operations. -The text edited in the text box is UTF8 encoded and does not have any formatting. Not providing any formatting (plain -text) ensures that the reality of redaction in a message is not confusing. I plan to join rich text editors in the -future, but the details are still under consideration. +The text you edit in the text box is encoded in UTF8 and has no formatting. This +plain text format ensures that any redacted message is not confusing. Although +we plan to add rich text editing in the future, the details are still under +consideration. ### Large text file support -Here, GpgFrontend supports opening some of the larger files without being stuck. However, when opening a relatively -large file, you cannot edit this tab until the file has been totally read. Although this will make you unable to edit -the file, you can still view it. +GpgFrontend provides support for opening larger files without getting stuck. +However, when opening a relatively large file, you will not be able to edit the +tab until the entire file has been read. Even though editing the file is not +possible during this time, you can still view it. ## Information Board -The result of your operation on the current tab page will be printed in the Information Board: success or failure. In -addition to the success and failure information, its text will also contain other information to help you understand the -details of your encryption, decryption, signature and other operations. Depending on your language settings, the output -in the dashboard will vary. +GpgFrontend displays the result of your current tab page operation in the +Information Board, indicating whether the operation was successful or not. The +text in the Information Board also includes additional information to help you +understand the specifics of your encryption, decryption, signature, and other +operations. The output displayed in the dashboard may vary based on your +language settings. -I used the information board as a solution to be able to display more information in the same space. In the future, a -graphical interface display of this information will be introduced, which can help users understand the actual role of -this information. +The Information Board was created to allow for the display of more information +in the same space. However, in the future, GpgFrontend plans to introduce a +graphical interface to enhance the user's understanding of this information. ### Font Color -- **Green**: When the operation succeeds and the results of the operation are verified and no problems are found, the - font color will be green. -- **Yellow**: When the operation succeeds and there are some problems with the result testing of the operation at that - time, the font turns yellow, which is a reminder to the user. At this time, the user needs to check the details of the - operation. -- **Red**: When the operation is unsuccessful or there is a serious conflict with the result of the operation, the font - color will turn red, and the user will need to carefully check the details of the operation to ensure security. +- **Green**: When the operation succeeds and the results of the operation are + verified and no problems are found, the font color will be green. +- **Yellow**: When the operation succeeds and there are some problems with the + result testing of the operation at that time, the font turns yellow, which is + a reminder to the user. At this time, the user needs to check the details of + the operation. +- **Red**: When the operation is unsuccessful or there is a serious conflict + with the result of the operation, the font color will turn red, and the user + will need to carefully check the details of the operation to ensure security. ### Font Size -When you feel that the font of the information board is too small, you can set the font size in the Application column -of the settings. The font size defaults to 10 and can be set to a range of between 9 and 18. +When you feel that the font of the information board is too small, you can set +the font size in the Application column of the settings. The font size defaults +to 10 and can be set to a range of between 9 and 18. ### Information Board Actions Menu -The dashboard actions menu provides some commonly used actions for information board content. This enables users to -quickly record large pieces of content in the Information Board for other uses. +The dashboard actions menu provides some commonly used actions for information +board content. This enables users to quickly record large pieces of content in +the Information Board for other uses. #### Copy -This enables users to quickly record large pieces of content in the Information Board for other uses. +This enables users to quickly record large pieces of content in the Information +Board for other uses. #### Save File -The operation stores the contents of the information board in the file system in UTF-8 format. Although the output file -does not have a suffix name, in fact this file is in plain text format. +The operation stores the contents of the information board in the file system in +UTF-8 format. Although the output file does not have a suffix name, in fact this +file is in plain text format. #### Clear -This action immediately empties the information board. The empty operation includes the contents of the information -board and all the statuses. The emptying operation occurs automatically when you make the next operation (encryption, -etc.). +This action immediately empties the information board. The empty operation +includes the contents of the information board and all the statuses. The +emptying operation occurs automatically when you make the next operation +(encryption, etc.). ### Optional Actions Menu -There will also be a column of Optional Actions Menu below the Information Board. If there are other auxiliary -operations that can be done after your operation is completed (display more detailed information, send encrypted text -through email, etc.), the entry points for these auxiliary operations will be displayed here. +There will also be a column of Optional Actions Menu below the Information +Board. If there are other auxiliary operations that can be done after your +operation is completed (display more detailed information, send encrypted text +through email, etc.), the entry points for these auxiliary operations will be +displayed here. ## Key ToolBox -Here is a list of key pairs stored on your machine that can be used for Gpg operations. The key lists in the Toolbox -have multiple categories that correspond to different usage scenarios. The toolbox also provides some commonly used -operations, all of which are in the Key List Menu. +Here is a list of key pairs stored on your machine that can be used for Gpg +operations. The key lists in the Toolbox have multiple categories that +correspond to different usage scenarios. The toolbox also provides some commonly +used operations, all of which are in the Key List Menu. ### Usage -Most operations related to Gpg need to specify a key pair (such as encryption, decryption, signature, etc.). You can -select the check box in the first column of the table in the key toolbox to specify one or more keys for your operation. -Classifications that contain only public keys are often used in cryptographic scenarios. +Most operations related to Gpg need to specify a key pair (such as encryption, +decryption, signature, etc.). You can select the check box in the first column +of the table in the key toolbox to specify one or more keys for your operation. +Classifications that contain only public keys are often used in cryptographic +scenarios. ### Classification -The Toolbox provides a categorical display through tabs. All classifications do not include all expired or revoked keys. -If you want to view expired or revoked keys, use the Key Manager. The default classification contains all private and -public keys. The operation takes only the key from the currently selected classification as input. +The Toolbox provides a categorical display through tabs. All classifications do +not include all expired or revoked keys. If you want to view expired or revoked +keys, use the Key Manager. The default classification contains all private and +public keys. The operation takes only the key from the currently selected +classification as input. ### Columns -It is important to understand this list. Now let me take you to understand it step by step. +It is important to understand this list. Now let me take you to understand it +step by step. -- Select: Turn the checkbox in this column to let Gpg Frontend know that you specify the key of this row for your next - operation. +- Select: Turn the checkbox in this column to let Gpg Frontend know that you + specify the key of this row for your next operation. -- Type: See this column to let you know the type of key and whether the primary key exists in your key pair. - - `pub` means this is a public key, Can be used for encryption or verification operations. - - `pub/sec` The key pair contains both public and private keys. It can be used for almost all operations(Need to - combine the usage column to determine this). - - `pub/sec#` The key pair contains a public key and a private key, but the primary key is not in the key pair. This - shows that you will not be able to do some special (add subkeys, sign other key pairs, etc.) - - `pub/sec^` A key pair has one or more keys (subkeys or master keys) in the smart card. - - `pub/sec#^`The above two situations occur at the same time. +- Type: See this column to let you know the type of key and whether the primary + key exists in your key pair. + - `pub` means this is a public key, Can be used for encryption or + verification operations. + - `pub/sec` The key pair contains both public and private keys. It can be + used for almost all operations(Need to combine the usage column to + determine this). + - `pub/sec#` The key pair contains a public key and a private key, but the + primary key is not in the key pair. This shows that you will not be able + to do some special (add subkeys, sign other key pairs, etc.) + - `pub/sec^` A key pair has one or more keys (subkeys or master keys) in + the smart card. + - `pub/sec#^`The above two situations occur at the same time. - Name: The identity information of the key pair. - Email Address: The identity information of the key pair. -- Usage: This determines which operations the key pair can use. Composed of four capital letters, each capital letter - represents a usage. - - `C` Certificate. Generally, the key pair that contains the primary key will have this usage - - `E` Encrypt. The key pair can be used for encryption operations. - - `S` Sign. The key pair can be used for sign operations. - - `A` Authenticate. The key pair can be used to perform operations like SSH authentication. +- Usage: This determines which operations the key pair can use. Composed of four + capital letters, each capital letter represents a usage. -- Validity: One of the concepts of Gpg, simply put it represents the degree of trust in this key. + - `C` Certificate. Generally, the key pair that contains the primary key + will have this usage + - `E` Encrypt. The key pair can be used for encryption operations. + - `S` Sign. The key pair can be used for sign operations. + - `A` Authenticate. The key pair can be used to perform operations like SSH + authentication. + +- Validity: One of the concepts of Gpg, simply put it represents the degree of + trust in this key. ## Operations Bar -Here, you can perform corresponding operations by clicking the buttons above. For example, after typing text in a text -editor and setting the key you want to use in the key toolbox, you can click the encryption button to perform the +Here, you can perform corresponding operations by clicking the buttons above. +For example, after typing text in a text editor and setting the key you want to +use in the key toolbox, you can click the encryption button to perform the operation. -Some operations need to specify the key, and some are not used, which will be explained in other corresponding parts of -the document. +Some operations need to specify the key, and some are not used, which will be +explained in other corresponding parts of the document. ### Customize -Some operations you may not use for a long time, at which point you can uncheck the relevant function group in the view -of the top menu. Conversely, for some of the operations you use frequently, you can also add here. \ No newline at end of file +Some operations you may not use for a long time, at which point you can uncheck +the relevant function group in the view of the top menu. Conversely, for some of +the operations you use frequently, you can also add here. diff --git a/manual/manual/view-keypair-info.md b/manual/manual/view-keypair-info.md index 008f8d37..e981d457 100644 --- a/manual/manual/view-keypair-info.md +++ b/manual/manual/view-keypair-info.md @@ -1,166 +1,203 @@ # View Key Pair Details -Right-click the key pair in the key toolbox or key management interface and click Show key details to view the -information about the key pair. +Right-click the key pair in the key toolbox or key management interface and +click Show key details to view the information about the key pair. -This part may involve a brief introduction to gpg-related concepts, and it will be relatively long. +This part may involve a brief introduction to gpg-related concepts, and it will +be relatively long. The screenshot below is my friend's public key that I got from the key server. ![image-20220110185144734](_media/view-keypair-info/image-20220110185144734.png) -Below is a private key I randomly generated. You can find that the biggest difference between him and the above is that -the key pair with only the public key is only used for encryption, and if you have the private key, you can do more -things (it also depends on your algorithm, DSA can only for signature). +Below is a private key I randomly generated. You can find that the biggest +difference between him and the above is that the key pair with only the public +key is only used for encryption, and if you have the private key, you can do +more things (it also depends on your algorithm, DSA can only for signature). ![image-20220110185215204](_media/view-keypair-info/image-20220110185215204.png) ## General Info -This interface provides some useful information to assist you in proper management of the key pair. +This interface provides some useful information to assist you in proper +management of the key pair. ### Owner -Through this section, you can understand the owner of this key pair. This information is not fixed and unchangeable. You -can create a new UID in the UID section and set it as the main UID to change it. +Through this section, you can understand the owner of this key pair. This +information is not fixed and unchangeable. You can create a new UID in the UID +section and set it as the main UID to change it. -According to the OpenPGP protocol, this part is divided into Name, Email, and Comment. +According to the OpenPGP protocol, this part is divided into Name, Email, and +Comment. ![image-20220110185740491](_media/view-keypair-info/image-20220110185740491.png) ### Primary key -This part is the information of the primary key of the key pair. The primary key is very important, because without it, -the key pair cannot perform related management operations such as adding and revoking sub-keys (similar to the key ring -cannot be opened). Let's introduce the information of the primary key separately below. If you want to learn more, see -the [Basic Concepts](../basic-concepts.md) section. +This part is the information of the primary key of the key pair. The primary key +is very important, because without it, the key pair cannot perform related +management operations such as adding and revoking sub-keys (similar to the key +ring cannot be opened). Let's introduce the information of the primary key +separately below. If you want to learn more, see the [Basic +Concepts](../basic-concepts.md) section. -The absence of the master key means that the private key of the master key does not exist, but neither the public key -nor the private key exists. Please remember: Each subkey and primary key consists of a pair of public and private keys. +The absence of the master key means that the private key of the master key does +not exist, but neither the public key nor the private key exists. Please +remember: Each subkey and primary key consists of a pair of public and private +keys. ![image-20220110185819775](_media/view-keypair-info/image-20220110185819775.png) #### Key ID -The unique identifier of the key is fixed and unchanging. Note that this key ID is the key ID of the primary key. The -key ID is uniquely determined after the key is generated. Compared with the fingerprint, the key ID will be shorter and +The unique identifier of the key is fixed and unchanging. Note that this key ID +is the key ID of the primary key. The key ID is uniquely determined after the +key is generated. Compared with the fingerprint, the key ID will be shorter and more user-friendly. #### Algorithm -Algorithm used for key generation. Note that this also refers to the generation algorithm of the primary key. The -generation algorithm determines the properties and capabilities of the key. Algorithms such as RSA can be used for -encryption and signature, but DSA can only be used for signature, but the DSA key length can be shorter. +Algorithm used for key generation. Note that this also refers to the generation +algorithm of the primary key. The generation algorithm determines the properties +and capabilities of the key. Algorithms such as RSA can be used for encryption +and signature, but DSA can only be used for signature, but the DSA key length +can be shorter. #### Key Size -The length of the primary key. It can be said that the longer the key, the harder it is to crack the ciphertext, but at -the same time, the more time it takes for a single operation. Generally speaking, a length of 2048 bits is safe enough ( -This refers to the key generated using the RSA algorithm). +The length of the primary key. It can be said that the longer the key, the +harder it is to crack the ciphertext, but at the same time, the more time it +takes for a single operation. Generally speaking, a length of 2048 bits is safe +enough ( This refers to the key generated using the RSA algorithm). #### Normal Usage -What can the key pair conceptually be used for (including the conceptual usage of the primary key and sub-key). When the -primary key or subkey generation can be used to sign, but it has already expired or does not exist, the signature usage -will still be displayed here. +What can the key pair conceptually be used for (including the conceptual usage +of the primary key and sub-key). When the primary key or subkey generation can +be used to sign, but it has already expired or does not exist, the signature +usage will still be displayed here. #### Actual Usage -The actual usage of the primary key and all subkeys. It is the union of their usage. If there is only one primary key in -the key pair that can be used for signing, but this primary key does not exist. Then the signature usage will not appear -here, only in Normal Usage. In addition, when there is only one subkey that can be used for signing, if it has expired, -the signature purpose will not be displayed here. +The actual usage of the primary key and all subkeys. It is the union of their +usage. If there is only one primary key in the key pair that can be used for +signing, but this primary key does not exist. Then the signature usage will not +appear here, only in Normal Usage. In addition, when there is only one subkey +that can be used for signing, if it has expired, the signature purpose will not +be displayed here. #### Expires on -The expiration time of the primary key. When the primary key expires, it will be invalid. You cannot use it for any -operation. In addition, the subkeys in the key pair will also be unavailable. Fortunately, you can change the expiration -time of the primary key at any time, or even set it to never expire. The prerequisite for this is that the primary key -exists in the key pair. +The expiration time of the primary key. When the primary key expires, it will be +invalid. You cannot use it for any operation. In addition, the subkeys in the +key pair will also be unavailable. Fortunately, you can change the expiration +time of the primary key at any time, or even set it to never expire. The +prerequisite for this is that the primary key exists in the key pair. #### Last Update -The time when the content of the key pair was last updated. Operations such as adding a UID or subkey will modify the -content of the key pair. +The time when the content of the key pair was last updated. Operations such as +adding a UID or subkey will modify the content of the key pair. #### Secret Key Existence -Shows whether the actual content of the primary key exists. When the primary key does not exist, if there are still -available subkeys in the key pair, the key pair can still be used for normal operations. However, in the above case, the -content of the key pair cannot be modified (that is, operations such as adding UID or subkey cannot be performed), and -the key pair cannot sign other key pairs. +Shows whether the actual content of the primary key exists. When the primary key +does not exist, if there are still available subkeys in the key pair, the key +pair can still be used for normal operations. However, in the above case, the +content of the key pair cannot be modified (that is, operations such as adding +UID or subkey cannot be performed), and the key pair cannot sign other key +pairs. ### Fingerprint ![image-20220110190639502](_media/view-keypair-info/image-20220110190639502.png) -The fingerprint of the key pair is used for humans to quickly compare whether the key pair is the expected key pair. -This field is unique for all keys in the world. You can absolutely do this with the key ID mentioned above. +The fingerprint of the key pair is used for humans to quickly compare whether +the key pair is the expected key pair. This field is unique for all keys in the +world. You can absolutely do this with the key ID mentioned above. This also refers to the fingerprint of the primary key. ## UID Info -UID is used to identify the key, and this mechanism is mainly used to facilitate human identification. You can compare -the UID to the accompanying name tag on a key ring, indicating who the key ring belongs to. Humans can roughly identify -whether a key pair is what he expected by looking at the UID, but to accurately identify it, fingerprints or key id need -to be compared. A key can have one or more UIDs. A key pair has one and only one primary UID. +UID stands for User ID, and it is a mechanism used to identify a key, primarily +for the purpose of human identification. It can be compared to a name tag that +accompanies a key ring, indicating who the key ring belongs to. By looking at +the UID, humans can get a rough idea of whether a key pair is what they +expected, but for accurate identification, fingerprints or key IDs need to be +compared. A key can have one or more UIDs, while a key pair can have only one +primary UID. -The primary UID on the interface is always the first in the list. +The primary UID is always listed first in the interface. ![image-20220110190943207](_media/view-keypair-info/image-20220110190943207.png) -UID has three elements, Name, Email, Comment. The name must be greater than or equal to five characters, and the email -must conform to the format. Comment rules are relatively loose. +UID has three elements, Name, Email, Comment. The name must be greater than or +equal to five characters, and the email must conform to the format. Comment +rules are relatively loose. ### Signature of UID -The bottom half of the interface is the signature of the UID you checked in the list of UIDs (not checked in the box). +The lower section of the interface displays the signature of the User ID (UID) +that was selected from the list of UIDs, not the one that was checked in the +box. -This is a key trust system. The person who gets your public key actually gets a copy of your key ring, but only the -public key and your nameplate are on the key ring. He can sign your brand with his private key, which means he -recognizes your brand and the public key on the entire key ring. He can then upload the keyring with his signature to -the keyserver, and if a lot of people do this one after another, the public key on the keyserver will have a bunch of -signatures. If there are a lot of signatures on the nameplate, it means that many people recognize the public key and -endorse it, so that the public key can be trusted by everyone. +This is a key trust system. When someone receives your public key, they obtain a +copy of your key ring with only your public key and nameplate. They can then use +their private key to sign your nameplate, indicating that they recognize your +brand and the public key on the entire key ring. Afterward, they can upload the +keyring with their signature to the keyserver. If many people follow suit, the +public key on the keyserver will have numerous signatures. The more signatures +on the nameplate, the more people recognize and endorse the public key, making +it trustworthy. -You can use the primary key of another key pair to sign a UID. In repeating, in general. When the primary UID of a key -pair has many valid signatures attached, it will be more trustworthy than without a valid key pair. +You can also use the primary key of another key pair to sign a UID. Generally, +when the primary UID of a key pair has many valid signatures, it is considered +more trustworthy than if it had none. ## Subkey Info -The sub-key mechanism is an important content of gpg, which enhances flexibility and security, but also brings a certain -degree of complexity, making it difficult for beginners to understand.If you have absolutely no idea about this, you can -refer to the [Basic Concepts](../basic-concepts.md) section first. +The sub-key mechanism is a crucial feature of GPG that improves both flexibility +and security. However, it also introduces some complexity, which can make it +challenging for beginners to comprehend. If you are completely unfamiliar with +this concept, you may find it helpful to consult the below documentation. + +[Basic Concepts](../basic-concepts.md) ![image-20220110192348006](_media/view-keypair-info/image-20220110192348006.png) -In order to help you understand this concept and get a preliminary grasp, you only need to read the following points: +To get a basic understanding of this concept, the following points can be +considered: -- A key pair can be compared to a key ring, with a primary key(a pair of public and private keys) and multiple subkeys ( - or no subkeys). -- Each subkey and primary key consists of a pair of public and private keys. -- The sub-key can do relate operations (such as signing, encryption) when the primary key is not present or cannot. -- The functions of the sub-keys can overlap. When both sub-keys can be used for signing, the earliest generated one is - selected for this operation. -- The sub-key can use more algorithms than the primary key, but generally they have the same effect on daily operations. -- The disclosure of the subkey only affects the subkey, and the entire key pair is in danger after the disclosure of the - primary key. +- A key pair can be likened to a key ring, comprising of a primary key (a pair + of public and private keys) and multiple subkeys (or none). +- Each subkey and primary key comprises a pair of public and private keys. +- The subkey can perform related operations (such as signing, encryption) in the + absence or unavailability of the primary key. +- The functions of subkeys can overlap, and when both subkeys can be used for + signing, the one generated earlier is selected. +- Subkeys can use more algorithms than the primary key, but usually have the + same effect on daily operations. +- The disclosure of a subkey only affects that subkey, while the disclosure of + the primary key endangers the entire key pair. -The primary key and all subkeys in the key pair are listed on the interface. The first key in the list must be the main -key, regardless of whether it actually exists or not. Some information about the key is listed below. In fact, you can -know by observation that the information of the primary key here is exactly the same as the information of the first +The primary key and all subkeys in the key pair are displayed on the interface. +The first key in the list must be the main key, regardless of its existence. +Some information about the key is also listed below. In fact, it can be observed +that the information of the primary key here is the same as that of the first tab. ### Key In smart card -Whether it is in the smart card refers to whether the key is moved to the smart card. Moving the key to the smart card -will change the structure of the key and is irreversible. +Whether it is in the smart card refers to whether the key is moved to the smart +card. Moving the key to the smart card will change the structure of the key and +is irreversible. ### Operations -In this column, what you can do is different for a key pair that has only a public key or a key pair that includes a -private key. +In this column, what you can do is different for a key pair that has only a +public key or a key pair that includes a private key. Here's what you can do with a public key-only key pair. @@ -171,4 +208,3 @@ And the screenshot below lists what a key pair containing a private key can do. ![image-20220110193555076](_media/view-keypair-info/image-20220110193555076.png) These operations will be scattered in the documentation to explain in detail. - diff --git a/manual/overview.md b/manual/overview.md index 3c72d7bf..0471a829 100644 --- a/manual/overview.md +++ b/manual/overview.md @@ -1,77 +1,92 @@ # Overview of GpgFrontend + --- + ![Language](https://img.shields.io/badge/language-C%2B%2B-green) ![GitHub release (latest by date)](https://img.shields.io/github/v/release/saturneric/gpgfrontend) ![License](https://img.shields.io/badge/License-GPL--3.0-orange) ![CodeSize](https://img.shields.io/github/languages/code-size/saturneric/GpgFrontend) -[![Codacy Badge](https://app.codacy.com/project/badge/Grade/d1750e052a85430a8f1f84e58a0fceda)](https://www.codacy.com/gh/saturneric/GpgFrontend/dashboard?utm_source=github.com&utm_medium=referral&utm_content=saturneric/GpgFrontend&utm_campaign=Badge_Grade) +[![Codacy Badge](https://app.codacy.com/project/badge/Grade/d1750e052a85430a8f1f84e58a0fceda)](https://www.codacy.com/gh/saturneric/GpgFrontend/dashboard?utm_source=github.com&utm_medium=referral&utm_content=saturneric/GpgFrontend&utm_campaign=Badge_Grade) [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fsaturneric%2FGpgFrontend.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fsaturneric%2FGpgFrontend?ref=badge_shield) **GpgFrontend** is a Powerful, Easy-to-Use, Compact, Cross-Platform, and Installation-Free [OpenPGP](https://www.openpgp.org/) Crypto Tool. -By using GpgFrontend, you can quickly encrypt and decrypt text or files. Or at the same time as the above operations, -you can add your own signature to let others know that this document or this paragraph of text was issued by you. +By using GpgFrontend, you can quickly encrypt and decrypt text or files. Or at +the same time as the above operations, you can add your own signature to let +others know that this document or this paragraph of text was issued by you. -Furthermore, it visualizes most of the common operations of gpg commands. It aims to allow ordinary users to quickly use -gpg and make professional users more convenient. GpgFrontend supports new features of GnuPG 2.x. +Furthermore, it visualizes most of the common operations of gpg commands. It +aims to allow ordinary users to quickly use gpg and make professional users more +convenient. GpgFrontend supports new features of GnuPG 2.x. **The corresponding release version for this Document: [v2.0.4](https://github.com/saturneric/GpgFrontend/releases/tag/v2.0.4)** ## Interface -Note: For different operating system and system style settings, GpgFrontend may look different.Documentation can also -vary widely from release to release. Please check the corresponding program release version for the document. +Note: For different operating system and system style settings, GpgFrontend may +look different.Documentation can also vary widely from release to release. +Please check the corresponding program release version for the document. ![image-20220109192100901](_media/overview/image-20220109192100901.png) ## Origin -The GpgFrontend project inherit from a relatively mature but not maintained [gpg4usb](https://www.gpg4usb.org/) project. -It inherits the stable, easy-to-use, compact, and installation-free features of gpg4usb, and plans to support some new -features of OpenPGP based on it and continue to improve it. +The GpgFrontend project inherit from a relatively mature but not maintained +[gpg4usb](https://www.gpg4usb.org/) project. It inherits the stable, +easy-to-use, compact, and installation-free features of gpg4usb, and plans to +support some new features of OpenPGP based on it and continue to improve it. ## Purpose -Let more people all over the world (even if they don't know the command line and programming) can use GnuPG to safely -send information to the destination in a safe way. Free software belongs to the common wealth of all mankind, but there -are still many people who cannot use these wealths due to the limitation of knowledge and usage habits. We should break -this pattern. GpgFrontend is committed to improving the ease of use and intuitiveness of the free software GnuPG, so -that more and more people can use it. +The aim of GpgFrontend is to enable people worldwide, even those without command +line or programming experience, to safely transmit information to their desired +destination. Although free software is a common asset for all humankind, there +are still many individuals who are unable to benefit from it due to their +limited knowledge and usage habits. We need to break this cycle. GpgFrontend is +dedicated to enhancing the ease-of-use and intuitiveness of the free software +GnuPG, with the ultimate goal of making it accessible to a broader audience. -The GpgFrontend project is as open source, and it also insists on using open source codes and libraries. +The GpgFrontend project is as open source, and it also insists on using open +source codes and libraries. ### Free forever -GpgFrontend will be free forever, and you don't need to worry about being asked to pay a fee to use the software one -day. +GpgFrontend will be free forever, and you don't need to worry about being asked +to pay a fee to use the software one day. ## Source Code -The original code repository of Gpg Frontend is hosted on the server of Codes Dream, and each submission will be -submitted to the code repository first. You can click [Here](https://global.git.codesdream.com/GpgFrontend.git) to visit -the original code repository and track development progress. +The original code repository of Gpg Frontend is hosted on the server of Codes +Dream, and each submission will be submitted to the code repository first. You +can click +[Here](https://git.codesdream.com/?p=public/main/GpgFrontend.git;a=summary) to +visit the original code repository and track development progress. 注意:中国用户请访问[这里](https://git.codesdream.com/main/GpgFrontend.git) ### License -GpgFrontend source code is under a GPL-3.0 license, which means that GpgFrontend is free software. You may exercise the -rights set forth in the Licence under the conditions of compliance with the rules of the Licence. +The source code for GpgFrontend is licensed under the GPL-3.0 license, which +ensures that GpgFrontend is open-source software. You have the right to exercise +the rights specified in the license, subject to compliance with the terms of the +license. ### Contribution -At the same time, the addition of new functions does not affect the old basic functions. My personal strength is always -limited. GpgFrontend welcomes volunteers to join. You can use the GitHub platform to file an issue, or submit a pull -request. - -You can also submit questions and code contributions by email, please send me problem reports and patches. +Furthermore, the addition of new features does not compromise the existing core +functionality. As an individual, my capabilities are limited. Therefore, +GpgFrontend welcomes volunteers to contribute to the project. You can file +issues or submit pull requests through the GitHub platform. Additionally, you +can submit your questions and code contributions via email. Please feel free to +send problem reports and patches to me. ## Privacy Guarantee -GpgFrontend has no servers and does not require servers to run. In addition to the public key transfers allowed by the -OpenPGP protocol to the public key server unexpectedly, GpgFrontend does not collect and upload any additional -information. +GpgFrontend operates without servers, and does not require servers to be +operational. While it utilizes the OpenPGP protocol for public key transfers, it +does not collect or upload any additional information. -For users with high security requirements, a version with no Internet access capability will be available in the future. \ No newline at end of file +For users with elevated security requirements, a version of GpgFrontend will be +available in the future which will not have internet access capability.