GpgFrontend/GpgFrontend
1
0
Fork 0
Code Actions

fix: improve manual

Browse Source
This commit is contained in:
Saturneric 2023-02-25 16:19:54 +08:00
parent 78c40e5b97
commit 28faad7203
14 changed files with 782 additions and 531 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
manual/basic-concepts.md
View File

@ -1,58 +1,69 @@
# Basic Concepts
If you don't know GPG, or PGP, you may need to learn some basic concepts here before using Gpg Frontend. This reduces
the chance of you making mistakes, such as distributing your private key to the world.
If you don't know GPG, or PGP, you may need to learn some basic concepts here
before using Gpg Frontend. This reduces the chance of you making mistakes, such
as distributing your private key to the world.
## The most basic concepts you must know
First, you need to generate a key pair, which you can imagine as a key ring. Each key pair has at least two keys, a
public key and a corresponding private key. These two keys form a key pair. There can also be multiple public keys and
their (one-to-one correspondence) private keys in a key pair, which will be described later. The public key can be
released to the outside world. Others can use your public key to encrypt the information they want to give you. The
private key is kept by yourself. If it is leaked, your encryption will no longer be meaningful.
To begin using GPG, you must first generate a key pair, which can be thought of
as a key ring. Each key pair includes at least two keys: a public key and a
corresponding private key. Together, these keys form a key pair. It is possible
for a key pair to include multiple public keys and their corresponding private
keys, but this will be explained later.
What you need to know is that the public key is used to encrypt information, and the ciphertext encrypted by others
using the public key you released is guaranteed to be decrypted only by the corresponding private key of your key pair.
This process involves some The principle of cryptography, you can trust this process unless no one knows your private
key except you. The reverse of this process is also valid, you can encrypt a message with your private key, and someone
else decrypts the message with your public key. The significance of this inverse process is that if the person using the
public key cannot normally decrypt a message encrypted with the private key, then it is certain that the message does
not come from the person who owns the private key corresponding to the public key. . This process can also be trusted.
It can be seen that this reverse process establishes a process of signing and then verifying. Information encrypted with
the private key can be seen as a signature. Others can use the public key to verify that the signature is valid.
The public key can be shared with others, allowing them to encrypt information
they wish to send to you. The private key must be kept secure, as its disclosure
would render your encryption ineffective.
If you just want to use the tool, you don't need to understand the cryptography behind it, you just need to remember the
above.
It is important to understand that the public key is used for encryption and
that any ciphertext encrypted using your public key can only be decrypted using
the corresponding private key of your key pair. This process relies on
cryptographic principles and is trustworthy unless your private key is known to
someone else. The reverse process is also valid: you can encrypt a message using
your private key and someone else can decrypt it using your public key. This
process establishes a mechanism for signing and verifying information.
Information encrypted with the private key can be considered a signature, and
others can use the public key to verify that the signature is valid.
If you want to know more, you can read on.
For most users, it is not necessary to understand the cryptography behind GPG,
but it is helpful to remember the basic principles described above. For those
interested in learning more, further reading is recommended.
## Multiple pairs of public and private keys in a key pair
In a key pair, there is at least one pair of public key and private key, but there is no limit to the maximum number of
pairs. You can generate another pair of public and private keys (we call them subkeys), and then add them to the key
pair, but it is worth noting that the newly added public and private key pairs are the same as the first pair. Pairs
have a public key and private key (which we call the primary key) pair associated.
In a key pair, there is always at least one public-private key pair, but there
is no limit to the maximum number of pairs. It is possible to generate
additional pairs of public and private subkeys and add them to the key pair.
However, it should be noted that the newly added subkeys are identical to the
original pair, as each pair consists of one public key and one private key,
which we refer to as the primary key pair.
You can specify which process a subkey pair is used for. For example, the first key pair is used for encryption and
decryption, the second key pair is used for signing and verification, or the third key pair can be used for encryption
and decryption. Used to do the above two key pairs at the same time. Please specify these things when generating the
subkey.
Users can specify the purpose of each subkey pair. For instance, the first key
pair can be used for encryption and decryption, the second for signing and
verification, and the third for both encryption/decryption and
signing/verification. It is important to specify the intended usage when
generating subkeys.
The master key is automatically generated when the key pair is generated, and the subkey can be added by the user at
will.
The master key is automatically generated when the key pair is created, and
users can add subkeys as needed.
When generating the master key or subkey, you can choose some algorithms such as RSA, DSA, etc. You do not need to
understand the specific principles of these. You just need to know that subkeys generated by certain algorithms cannot
perform certain processes (such as encryption and decryption), but can only perform certain processes (such as signing
and verification). It is worth mentioning that for RSA, you can choose the key length when using the algorithm, you can
think that the key
When generating the master key or subkeys, users can select algorithms such as
RSA or DSA. It is not necessary to understand the underlying principles of these
algorithms. However, it is important to note that subkeys generated by certain
algorithms may only perform specific processes, such as signing and
verification, and cannot perform others, such as encryption and decryption.
Additionally, for RSA, users can choose the key length when using the algorithm.
## The first pair of public and private keys in a key pair (primary key)
The first pair of public and private keys (master key) in a key pair is very critical, because subsequent public and
private keys (sub-keys) are linked to them, you can think that if someone else gets yours Master key (including public
and private key information), he can generate sub-keys based on the information of the master key, and then he can use
the sub-keys he generated to impersonate you and communicate with others.
The initial public-private key pair (master key) in a key pair is crucial, as
all subsequent sub-keys are linked to it. If someone were to obtain the master
key (including both the public and private key information), they could generate
sub-keys based on that information and use them to impersonate the key owner and
communicate with others.
Therefore, the private key of the master key (the public key can be released to others) must not be leaked. The
disclosure of its private key means that the entire key pair is no longer safe and must be stopped immediately.
Therefore, it is essential that the private key of the master key is kept
confidential, while the public key can be shared with others. If the private key
of the master key is compromised, it renders the entire key pair vulnerable and
must be immediately discontinued.

14
manual/contract.md
View File

@ -1,7 +1,11 @@
# Contract
Contents related to business and politics are rejected. GpgFrontend is for all mankind. If you have any questions
about technology and improving this software, please feel free to contact me.
We do not accept content related to business and politics on this platform, as
this tool is meant for the benefit of all humanity. However, if you have any
inquiries or suggestions regarding the technology and improvement of this
software, please do not hesitate to contact me.
Please use plain text to reach out to me via email, as HTML is not preferred.
## About ME
@ -23,8 +27,10 @@ You can write to me in following languages.
## GPG Public Key Info
This is the PGP public key that I use for a long time. You can use this public key to establish encrypted communication
with me. Please use plain text for encrypted communication, do not use rich text formats.
Here is the PGP public key that I have been using for a long time. You can use
this public key to establish secure and encrypted communication with me. Please
use plain text for any encrypted communication and avoid using rich text formats
such as HTML.
```
-----BEGIN PGP PUBLIC KEY BLOCK-----

73
manual/faq.md
View File

@ -2,77 +2,90 @@
## What is GpgFrontend?
GpgFrontend is a cross-platform encryption tool that conforms to the OpenPGP standard. It is committed to making GnuPG
easier to use, so that more people can use the tool to protect their privacy during their communications on Internet.
GpgFrontend is a cross-platform encryption tool that adheres to the OpenPGP
standard. Its goal is to simplify the use of OpenPGP, making it more accessible
for individuals to protect their privacy.
## Relationship between OpenPGP(PGP) and GnuPG(GPG)
OpenPGP(PGP) is a data encryption and decryption standard, and GpgFrontend supports it. GnuPG(GPG) is a cryptographic
software used to encrypt, sign communication content and manage keys for asymmetric cryptography. It follows the
OpenPGP standard. GpgFrontend drives GnuPG at runtime to implement operations such as encryption and decryption.
OpenPGP is a standard for data encryption and decryption, which is supported by
GpgFrontend. GnuPG is a cryptographic software that is used for encrypting,
signing, and managing keys for asymmetric cryptography, and it follows the
OpenPGP standard. GpgFrontend operates GnuPG at runtime to perform various
operations such as encryption and decryption.
## How to obtain and use GpgFrontend?
The various versions of GpgFrontend will be released in the GitHub repository, and you can find and download the latest
version [HERE](https://www.gpgfrontend.pub/#/downloads). After downloading, you can refer to the instructions in README
and you can start using it in just a few steps.
The various versions of GpgFrontend will be released in the GitHub repository,
and you can find and download the latest version
[HERE](https://www.gpgfrontend.pub/#/downloads). After downloading, you can
refer to the instructions in ReadME and you can start using it in just a few
steps.
## How to deal with 'ENV Loading Failed'?
The reason for this problem is that GpgFrontend failed to find the GnuPG in your machine. You can follow suggestions
below.
The reason for this problem is that GpgFrontend failed to find the GnuPG in your
machine. You can follow suggestions below.
### macOS
For macOS users, please install GnuPG for OSX [Here](https://sourceforge.net/p/gpgosx/docu/Download/). Or just use Homebrew
to install GpgFrontend. By executing command:
For macOS users, please install GnuPG for OSX
[Here](https://sourceforge.net/p/gpgosx/docu/Download/). Or just use Homebrew to
install GpgFrontend. By executing command:
`brew install --cask gpgfrontend`.
If you have installed GnuPG under a custom path, you can add the "bin" directory of GnuPG in to PATH.
If you have installed GnuPG under a custom path, you can add the "bin" directory
of GnuPG in to PATH.
### Linux
For Linux users, please install GnuPG through apt or yum.
If you have installed GnuPG under a custom path, you can add the "bin" directory of GnuPG in to PATH.
If you have installed GnuPG under a custom path, you can add the "bin" directory
of GnuPG in to PATH.
### Windows
For Windows users, GnuPG is now integrated in the latest version of GpgFrontend, we recommend you to download the
latest GpgFrontend if you don't have any ideas.
For Windows users, GnuPG is now integrated in the latest version of GpgFrontend,
we recommend you to download the latest GpgFrontend if you don't have any ideas.
Or, you can download GnuPG installers for Windows [HERE](https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.4.0_20221216.exe).
Or, you can download GnuPG installers for Windows
[HERE](https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.4.0_20221216.exe).
Try to reinstall GnuPG through installer when you have already install it.
### More Tips?
For more tips, you can see the quick start manual [HERE](quick-start.md). It provides more information on
dealing this situation.
For more tips, you can see the quick start manual [HERE](quick-start.md). It
provides more information on dealing this situation.
## I found some bugs in GpgFrontend, what should I do?
If you find a defect in GpgFrontend, you are welcome to create an issue in the GitHub repository to describe the
problem. When I see your issue, I will respond as soon as possible. If you do not have a GitHub account, please email my
If you find a defect in GpgFrontend, you are welcome to create an issue in the
GitHub repository to describe the problem. When I see your issue, I will respond
as soon as possible. If you do not have a GitHub account, please email my
personal mailbox. For contact information, please see [Contract](contract.md).
## Can I modify the code of GpgFrontend?
If you have any good ideas, you are free to modify the code of GpgFrontend. You are welcome to submit a Pull Request to
add your good ideas to the next version.
If you have any good ideas, you are free to modify the code of GpgFrontend. You
are welcome to submit a Pull Request to add your good ideas to the next version.
You can contribute completely anonymously, and you can email me patches.
## Why should I install GnuPG additionally?
The source code of GpgFrontend does not contain operations such as encryption and decryption, which requires Gnupg to
provide support. In addition, for users with higher security requirements, they can let GpgFrontend drive their trusted
copy of GnuPG. This design improves the security of GpgFrontend.
The source code of GpgFrontend does not contain operations such as encryption
and decryption, which requires Gnupg to provide support. In addition, for users
with higher security requirements, they can let GpgFrontend drive their trusted
copy of Gnupg. This design improves the security of GpgFrontend.
## What is the release version with BETA?
The release version with the word "beta" means that some modules of this version have not yet been thoroughly tested. In
addition, some support for the beta version may not be complete. But rest assured, I will test after the beta version is
released, and release a stable version at an appropriate time.
The release version with the word "beta" means that some modules of this version
have not yet been thoroughly tested. In addition, some support for the beta
version may not be complete. But rest assured, I will test after the beta
version is released, and release a stable version at an appropriate time.
But starting from 2.0.0, BETA versions will not be released unless there are special circumstances.
But starting from 2.0.0, BETA versions will not be released unless there are
special circumstances.

58
manual/manual/encrypt-decrypt-file.md
View File

@ -1,52 +1,64 @@
# Encrypt & Sign File
Gpg Frontend provides a convenient and fast way to operate on files. The concept of encryption and decryption files is
almost the same as text, except that the input and output of file operations can be binary.
GpgFrontend offers a fast and convenient method for working with files. The
encryption and decryption process for files is nearly identical to that of text,
with the exception that file operations involve binary input and output.
## File Extension Introduction
For ciphertext in ASCII format, its filename suffix is usually asc, and you can directly open such files with a text
editor. However, if the ciphertext is binary, its file extension will be gpg. Usually, binary ciphertext files are
smaller than ASCII format.
For ciphertext in ASCII format, the file extension is typically "asc" and these
files can be opened with a text editor. On the other hand, if the ciphertext is
in binary format, the file extension will be "gpg". Binary ciphertext files are
generally smaller than ASCII format.
Before v2.0.4, the ciphertext files generated by GpgFrontend are all in ASCII format. But starting from v2.0.4,
GpgFrontend will generate ciphertext files in binary format by default. you can change this setting in settings.
Before version 2.0.4, GpgFrontend generated ciphertext files exclusively in
ASCII format. However, beginning with version 2.0.4, GpgFrontend now generates
ciphertext files in binary format by default. This setting can be adjusted in
the program's settings.
![image-20220112073548736](_media/encrypt-decrypt-file/image-20220112073548736.png)
## File Browser
In the top menu file option, you can open the file browser(Ctrl/Command + B). Then by using the file browser, first
enter your working directory. Then right-click the file you need to operate, and then select the operation you want in
the pop-up menu.
From the top menu's "File" option, you can access the file browser by pressing
Ctrl/Command + B. By using the file browser, you can navigate to your working
directory and right-click on the file you wish to work with. This will open a
pop-up menu, where you can select the operation you want to perform on the file.
![image-20220112072034647](_media/encrypt-decrypt-file/image-20220112072034647.png)
There are two control buttons at the top of the file tab. The one on the left is the up level, and the one on the right
is to enter or refresh the corresponding path in the input box on the left.
Located at the top of the file tab are two control buttons. The button on the
left allows you to navigate up one level in the directory hierarchy, while the
button on the right refreshes the input box on the left with the corresponding
path.
On the far right is a button with useful options that you can tick to show system files or hidden files.
On the far right of the file tab, there is a button with useful options that you
can select to show system files or hidden files.
![image-20220112072335503](_media/encrypt-decrypt-file/image-20220112072335503.png)
### Encrypt & Sign
This method provides encryption and signature functions, which GpgFrontend recommend, so that the receiver can know that
the ciphertext comes from you. You can select one or more recipients' public key and your own private key to complete
this operation.
GpgFrontend recommends using the encryption and signature functions in this
method, so that the recipient can verify that the ciphertext originates from
you. You can select one or more recipients' public keys as well as your own
private key to complete this operation.
This operation generates a file with the gpg extension. The file with this suffix contains both encrypted content and
signed content.
When the operation is complete, a file with the ".gpg" extension is generated.
This file contains both encrypted content and signed content.
![Peek 2022-01-12 07-26](_media/encrypt-decrypt-file/Peek-2022-01-12-07-26.gif)
### Decrypt & Verify
This ciphertext is verified while decrypting, which can improve security. In addition, you can also perform Only Verify
operations and this operation will verify without decryption. To use this operation, you need to select a file with a
gpg or asc extension, which contains the ciphertext and signature content.
When decrypting this ciphertext, it undergoes verification, which enhances
security. Additionally, you can perform a "Only Verify" operation which verifies
the content without decrypting it. To use this operation, you must select a file
with a ".gpg" or ".asc" extension, which contains the ciphertext and signature
content.
In order to encourage users to check whether the ciphertext is signed or not when decrypting, Gpg Frontend does not
provide a separate decryption operation here.
To encourage users to verify whether the ciphertext is signed or not when
decrypting, Gpg Frontend does not provide a separate decryption operation for
this.
![Peek 2022-01-12 07-24](_media/encrypt-decrypt-file/Peek-2022-01-12-07-24.gif)

124
manual/manual/encrypt-decrypt-text.md
View File

@ -1,83 +1,111 @@
# Encrypt & Decrypt Text
To start encryption and decryption operations, you need to prepare your plain text. In addition, you also need a public
key that can perform encryption operations. How to generate such a key can be found in the chapter on generating a key
pair.
To begin encryption and decryption operations, you must first prepare your plain
text. Additionally, you will need a public key that is capable of performing
encryption operations. Information on how to generate such a key can be found in
the chapter on generating a key pair.
## Encrypt
The Encrypt operation itself uses a public key and does not require a private key. Remember that whoever you want to
send it to encrypts it with whose public key. For people who don't use gpg very often, they often get confused and use
The Encrypt operation itself uses a public key and does not require a private
key. Remember that whoever you want to send it to encrypts it with whose public
key. For people who don't use gpg very often, they often get confused and use
their own keys to encrypt ciphertext.
Note that if you want to encrypt your text and send it to "foo", you need to know foo's public key first. Then you need
to encrypt your text with foo's public key instead of using your public key. Before encrypting, check to see if the
public key has cryptographic capabilities. This can be viewed in the usage column of the key toolbox (the letter E
stands for encryption).
Note that if you want to encrypt your text and send it to "foo", you need to
know foo's public key first. Then you need to encrypt your text with foo's
public key instead of using your public key. Before encrypting, check to see if
the public key has cryptographic capabilities. This can be viewed in the usage
column of the key toolbox (the letter E stands for encryption).
It is worth mentioning that if you only use foo's public key to encrypt the ciphertext, no one but foo's own private key
can decrypt the ciphertext. There is a situation where you want ciphertexts to be decrypted by multiple people (
including yourself), please check their corresponding public keys before doing so. After an encryption operation, if you
misuse (some people's public keys are found to be missing), you can use the undo operation to restore your original
It is worth mentioning that if you only use foo's public key to encrypt the
ciphertext, no one but foo's own private key can decrypt the ciphertext. There
is a situation where you want ciphertexts to be decrypted by multiple people (
including yourself), please check their corresponding public keys before doing
so. After an encryption operation, if you misuse (some people's public keys are
found to be missing), you can use the undo operation to restore your original
ciphertext before closing GpgFrontend.
### Only Encrypt
In this case, you only encrypt the ciphertext, and the ciphertext will be shorter. Because in operation, the ciphertext
does not contain additional signature information to determine the identity of the encryptor. If you don't want to
receive your graphemes knowing your identity, use this method to generate your ciphertexts.
In this case, you only encrypt the ciphertext, which results in a shorter
ciphertext. This is because the ciphertext does not contain additional signature
information that identifies the encryptor. If you do not want the recipient to
know your identity, use this method to generate your ciphertexts.
After the encrypted operation, there is no additional information display in the information board except for the prompt
of whether the operation is successful.
After the encryption operation, no additional information will be displayed in
the information board except for a prompt indicating whether the operation was
successful.
![Peek 2022-01-12 07-16](_media/encrypt-decrypt-text/Peek 2022-01-12 07-16.gif)
![Peek 2022-01-12 07-16](\_media/encrypt-decrypt-text/Peek 2022-01-12 07-16.gif)
### Encrypt Sign
By encrypting and signing at the same time, not only can the text be protected, but the recipient can also know that
thecipher text is from your hand. This encryption is often used in scenarios where both parties need to ensure that the
decrypted text is credible, and in general, in that scenario, the upper reaches know each other. The ciphertext
generated by this operation is longer because of the additional signature information attached to it.
To encrypt and sign text, you need to first prepare the plaintext and have a
public key that can perform encryption operations. The public key used for
encryption should belong to the intended recipient, not yourself. It is
important to verify that the recipient's public key has cryptographic
capabilities for encryption before proceeding.
Before doing so, you only need to select the public key(s) you need to use for encryption. Halfway through the
encryption operation, you'll be asked to choose the private key you need to use for signing. That is, the signer. If you
don't find the key you want in the Signaler list, confirm that your private key can be used for encryption and is valid.
To check whether the key can be used for signing, please check the usage column in the key toolbox on the right (letter
S stands for signature). You can select the public key to use for encryption, or you can select the public key to use
for signing.
If you want the recipient to know that the ciphertext is from you, you can also
choose to sign the text while encrypting it. This ensures that the decrypted
text is credible and comes from your hand. This method is commonly used when
both parties need to ensure the authenticity of the decrypted text, and
typically in scenarios where both parties know each other.
For this type of ciphertext, you can use the validate operation to see if the ciphertext is trustworthy before
decryption.
To encrypt and sign at the same time, select the public key(s) you need to use
for encryption, and during the encryption process, select the private key you
need to use for signing. This private key should belong to you and should have
the capability for signature operations. You can verify this by checking the
usage column in the key toolbox on the right (letter S stands for signature).
When the operation is complete, information about the cryptographic operation and the signature operation is displayed
in the Infomation Board. You can view information about the signature, such as the pattern of your signature and the
algorithm used (you can indirectly see which subkey you used to sign). Please note the distinction between the dates
used in your signature messages in UTC and not your local time.
The ciphertext generated by this operation is longer than ciphertext generated
by only encryption because of the additional signature information attached to
it. After the operation is complete, information about the cryptographic and
signature operations will be displayed in the Infomation Board, including
information about the signature pattern and algorithm used. Note that the dates
used in the signature messages are in UTC, not your local time.
To verify the authenticity of the ciphertext before decryption, you can use the
validate operation. Once the ciphertext is verified, you can proceed with
decryption using your private key.
![GIF](https://github.com/saturneric/Blob/blob/master/gif/encrypt-sign.gif?raw=true)
## Decrypt
Paste the ciphertext you obtained directly, gpg will automatically select the appropriate key in the list for
decryption. Always remember to decrypt with the private key.
When decrypting the ciphertext, you can simply paste the obtained ciphertext
into GpgFrontend, and it will automatically select the appropriate private key
for decryption. It is important to note that decryption must be performed with
the private key associated with the public key used for encryption.
![Peek 2022-01-12 07-18](_media/encrypt-decrypt-text/Peek-2022-01-12-07-18.gif)
Whether a key pair can be used for decryption will not be displayed in the usage column. You only need to remember that
a valid private key can be used to decrypt the ciphertext encrypted with the related public key.
Regarding whether this key is a public key or a private key, you can check the type column in the key toolbox. However,
you do not need to check the corresponding key before decryption. And when all your local keys cannot be used for
decryption, the program will prompt decryption failure.
When decrypting a ciphertext, it is not necessary to check the usage column in
the key toolbox to determine if the key is valid for decryption. Instead, you
need to use a valid private key that corresponds to the public key used for
encryption. You can identify whether a key is a public key or a private key by
checking the type column in the key toolbox. If all your local keys are not
valid for decryption of the ciphertext, the program will display a decryption
failure message.
## Decrypt Verify
While decrypting, you can learn some information about the encryptor of the key (if you signed it during encryption).
During decryption with verification, GPG will check the signature attached to
the ciphertext to ensure its authenticity. This provides an additional layer of
security and helps to prevent tampering with the encrypted message.
Whether a key pair can be used for verification will not be displayed in the usage column, you only need to remember a
valid public key can be used for verification.
To perform decryption with verification, you need to select a file with a ".gpg"
or ".asc" extension, which contains the ciphertext and signature content. If the
signature is valid, GPG will decrypt the message and display it in plain text.
Otherwise, it will display an error message indicating that the signature is not
valid.
This is a good habit regardless of whether the encryptor has signed in advance. Because you cannot infer from the format
of the ciphertext whether it has been signed or not. So, use decryption operations with verification whenever possible.
It is important to note that whether a key pair can be used for verification
will not be displayed in the usage column. Instead, you need to remember that a
valid public key can be used for verification. Therefore, it is a good habit to
always verify the signature during decryption, regardless of whether the
encryptor has signed in advance. This helps to ensure the authenticity and
integrity of the decrypted message.
![Peek 2022-01-12 07-10](_media/sign-verify-text/Peek-2022-01-12-07-10.gif)

148
manual/manual/generate-key.md
View File

@ -1,118 +1,150 @@
# Generate Key Pair & Subkey
For GpgFrontend, to understand the key, you must first understand two concepts: key pair and subkey.
Sure, let's go through the process of generating a key pair and subkeys.
A key pair can be compared to a key ring. When it is generated, there is a key in the ring called the primary key. This
primary key can do the intended operation (encryption, decryption, etc.). At the same time, keep this in mind, only
through the primary key can you open the keychain to add new keys to it.
To generate a key pair using GpgFrontend, follow these steps:
The sub-keys can be analogous to the keys you add to the key pair later, and each of them can independently perform
operations such as encryption and decryption. It can be considered that the primary key mentioned above is a special
subkey.
1. Open GpgFrontend and click on the "Generate Key" button.
2. Fill in the required information, such as your name and email address.
3. Choose the type of key you want to generate (RSA or ECC).
4. Set the key size and expiration date, if desired.
5. Create a passphrase to protect your private key.
6. Click "Generate" to create your key pair.
When there is no primary key in the key pair, you will not be able to open the key ring to add a new sub key, but you
can still use this sub key if it is changed to exist for your operations. This mechanism is very helpful to the security
of the key.
Once your key pair is generated, you can add subkeys to it by following these
steps:
Let's see how to generate them next.
1. Select the key pair you want to add a subkey to.
2. Click on the "Add Subkey" button.
3. Choose the type of subkey you want to add (encryption, signing,
authentication, or all).
4. Set the subkey size and expiration date, if desired.
5. Create a passphrase to protect your subkey.
6. Click "Add" to create your subkey.
You can add multiple subkeys to a key pair, each with their own specific
purposes. This allows you to have more control over your key pair's security and
usage.
## Generate Key Pair
You can quickly grasp the operation of generating a key pair through the following animation.
You can quickly understand the process of generating a key pair by watching the
following animation.
![GIF](https://github.com/saturneric/Blob/blob/master/gif/generate-key-pair.gif?raw=true)
### Name & Email & Comment
These three fields are used to facilitate people to distinguish this key pair from the card key pair. For these three
options, except for name and email, which are required, comments are optional.
The three fields, including name, email, and comment, are used to help users
differentiate this key pair from other key pairs they may have. Among these
three options, name and email are mandatory, while comment is optional.
In addition, the length of the name is required to be greater than 5 letters, as long as the email conforms to the
format (no actual existence is required).
It is important to note that the name should be at least 5 characters long, and
the email should follow the correct format (no actual email account is
required).
![uid](https://github.com/saturneric/Blob/blob/master/screenshots/uid.png?raw=true)
### Expiration Date
You can set an expiration date for the key pair. After this date, the key may still be used normally, but the operation
it does will be logically invalid (especially for signature operations). GpgFrontend recommends and defaults this date
to two years later. If you wish, check the Never expire checkbox to make this key pair never expire.
Setting an expiration date for the key pair is a way to limit the validity of
the key over time. Once the expiration date is reached, the key can still be
used, but its operations, especially signature operations, will be considered
invalid. By default, GpgFrontend suggests setting the expiration date to two
years after generation, but you can also choose to check the "Never expire"
checkbox to make the key pair permanent.
But don't worry, you can change this option at any time after generation, even long after the expiration date (as long
as the primary key exists).
It's important to note that this option can be changed at any time after
generation, even after the expiration date has passed, as long as the primary
key still exists.
![expiration-date](https://github.com/saturneric/Blob/blob/master/screenshots/expriation-date.png?raw=true)
### Key Size & Algo
These two options are related. In general, different encryption algorithms have different optional lengths. GpgFrontend
will give you sufficient hints on the UI so that you will not go wrong.
Setting an expiration date for the key pair is a way to limit the validity of
the key over time. Once the expiration date is reached, the key can still be
used, but its operations, especially signature operations, will be considered
invalid. By default, GpgFrontend suggests setting the expiration date to two
years after generation, but you can also choose to check the "Never expire"
checkbox to make the key pair permanent.
Just remember that the larger the key length, the more secure, but it will be slower when performing operations.
It's important to note that this option can be changed at any time after
generation, even after the expiration date has passed, as long as the primary
key still exists.
![keysize-algo](https://github.com/saturneric/Blob/blob/master/screenshots/keysize-algo.png?raw=true)
### Passphrase
You can set a key to protect the primary key, which is very important when the primary key is leaked. When the Do not
set password check box is not checked, an interface for you to enter the password will pop up during the process of
generating the password. Just follow the prompts. After setting the password, when you need to use the primary key for
operation, you may enter the password to unlock it
(some systems have a password networkAccessManager to take over this process).
Setting a password to protect the primary key is crucial in case of a security
breach. If the "Do not set password" checkbox is unchecked, you will be prompted
to enter a password during the key pair generation process. Follow the prompts
to set the password. Once the password is set, whenever you need to use the
primary key for an operation, you will need to enter the password to unlock it
(some systems have a password manager to automate this process).
You can also check the checkbox to not set a protection password for the primary key, but due to security
considerations, this is not recommended.
However, you can also check the "Do not set password" checkbox to skip setting a
protection password for the primary key. But this is not recommended due to
security concerns.
### Usage
In the option of generating a key pair, you can specify the usage for the first subkey of the key pair, which is the
primary key. There are four options:
When generating a key pair, you can specify the usage for the first subkey,
which is the primary key. There are four options:
![usages](https://github.com/saturneric/Blob/blob/master/screenshots/usages.png?raw=true)
- Encryption: After generation, it can be used for encryption operations.
- Encryption: Once generated, this key can be used for encryption purposes.
- Signing: After generation, it can be used for signature operations.
- Signing: Once generated, this key can be used for signature purposes.
- Certification: Popular understanding can be used to unlock this key ring (key pair). Only the primary key can check
this function.
- Certification: This key can be used to certify or verify other keys. Only the
primary key can have this usage.
- Authentication: It can perform authentication operations like SSH keys.
- Authentication: This key can be used for authentication purposes, such as with
SSH keys.
The third of these four uses (authentication purposes) can only be owned by the primary key. In addition, some usages
are not available when using certain algorithms for encryption. For example, when the DSA algorithm is selected, the
The third of these four uses (authentication purposes) can only be owned by the
primary key. In addition, some usages are not available when using certain
algorithms for encryption. For example, when the DSA algorithm is selected, the
encryption uses are disabled.
## Generate Subkey
We can add sub-keys to the generated key pair. The subkey does not need to fill in the name, email and comment options.
The rest is basically the same as generating the key pair.
It is possible to append subkeys to an existing key pair. The subkey does not
require the input of a name, email, or comment, as the remaining steps are
essentially identical to those for generating a key pair.
![GIF](https://github.com/saturneric/Blob/blob/master/gif/generate-subkey.gif?raw=true)
### Extra note
Here are some tips you might want to know. These tips will help you better understand the above concepts and use this
tool correctly.
Below are some guidelines that may prove useful in comprehending the
aforementioned concepts and utilizing this tool accurately.
#### primary key & Subkey
A key pair can have multiple subkeys and one primary key. Using this design reduces the risk of key leakage. For subkey,
After the subkey is leaked, you can revoke it at any time to reduce the loss. However, when the primary key is leaked,
the entire key pair will be insecure (the popular reason is that the main force can be used to manage this key pair).
A single primary key can be accompanied by several subkeys within a key pair.
This setup mitigates the risk of key leakage. In the event that a subkey is
exposed, it can be revoked promptly, thus limiting the damage. However, if the
primary key is leaked, the entire key pair becomes vulnerable, as the primary
key enables management of the entire key pair.
Therefore, the recommended approach is to generate multiple subkeys after creating the key pair, and export the master
key separately and store it in a safe place. This operation is not yet supported by GpgFrontend, you need to use the gpg
command to perform it. But gpgfrontend can identify and prompt the user whether the primary key exists or not. This is
very important, because some special operations (adding subkeys, signing other keys, etc.) cannot be performed without
the primary key.
Hence, it is advisable to generate multiple subkeys upon creating the key pair
and store the master key separately in a secure location. This operation is not
yet supported by GpgFrontend; therefore, the gpg command must be used to carry
it out. However, GpgFrontend can detect and notify the user whether the primary
key exists or not, which is critical since certain actions, such as adding
subkeys or signing other keys, necessitate the presence of the primary key.
#### Some practical tips
The purpose of the primary key cannot be changed after it is generated. If the primary key of this key pair does not
have a certain purpose, but a certain sub-key has this purpose, this key pair can still be used for operations
corresponding to this purpose.
For example, when you generated the key pair, you didn't check the encryption usage. Don't worry, you can generate a
subkey and check the encryption usage. In this way, this key pair can still perform encryption operations.
Once generated, the primary key's intended purpose cannot be altered. However,
if a subkey has been designated for a specific purpose that the primary key
lacks, the key pair can still be utilized for activities related to that
purpose.
For instance, suppose you overlooked the encryption usage while creating the key
pair. In that case, generating a subkey and configuring it for encryption usage
would enable the key pair to perform encryption operations.

98
manual/manual/import-export-key-pair.md
View File

@ -1,93 +1,111 @@
# Import & Export Key Pair
GpgFrontend provides multiple ways for users to import or export key paris. Here we will introduce some classic
operations. Read the guide.
GpgFrontend provides various methods for importing or exporting key pairs, some
of which are outlined below. Please refer to the guide for more information.
## Import Key Pair
You can find the import options in the toolbar. You can choose several import methods according to your actual
situation. Lets introduce these methods.
To access the import options, navigate to the toolbar and select the desired
method based on your specific requirements. Additionally, you can access
additional options by selecting the action menu in the key management section.
![image-20220110194143231](_media/import-export-key-pair/image-20220110194143231.png)
In fact, you can find this action menu in key management, and here you can do more actions.
In fact, you can find the action menu in the key management section, which
provides access to additional key management options beyond those available in
the toolbar.
![image-20220110200530182](_media/import-export-key-pair/image-20220110200530182.png)
### File
When you select this option, you need to select a public key or private key file that meets the standard. The file you
choose should be in text format, with any extension.
This option allows you to select a public or private key file in text format
with any extension to import.
### Editor
You can paste the contents of the key file on a blank text label page. Then click this option, GpgFrontend will
automatically recognize and import the corresponding key.
You can paste the contents of a key file onto a blank text label page and
GpgFrontend will automatically recognize and import the corresponding key.
### Clipboard
You can copy the contents of the key to your system clipboard somewhere else. Then, after selecting this option, the
corresponding key will be imported.
You can copy the contents of a key to your system clipboard and then select this
option to import the corresponding key.
### Keyserver
After selecting this option, you can enter the email or ID corresponding to the key in the pop-up selection, and then
select the appropriate key server. Then after clicking the search button, GpgFrontend will list the public keys that can
be imported in the key server. You can import them together, or you can choose to double-click the table row to import
the corresponding public key. Note: The keys imported in this way are all public keys.
This feature enables users to search for and import public keys from a key
server. Users must first enter the email or ID associated with the desired key
and select the appropriate key server. Upon clicking the search button, a list
of public keys that can be imported from the server will be displayed. Users can
choose to import multiple keys together or double-click on a specific table row
to import a corresponding public key. It is important to note that when using
this method, only public keys can be imported.
A detailed description of this part can be found [Here](./key-server-operations.md).
A detailed description of this part can be found
[Here](./key-server-operations.md).
### Dropdown on Key Toolbox
You can drag the key file directly to the key toolbox, and then follow the prompts of GpgFrontend to import the key.
You can drag the key file directly to the key toolbox, and then follow the
prompts of GpgFrontend to import the key.
## Export Key Pair
Deriving the public key of a key pair with the private key means deriving either the public key or the private key or
both of all the keys present in the key pair. If there are very many keys in the key pair, the exported data will be
very long. Similar to import, there are multiple export methods.
When deriving the public key of a key pair using the private key, you can derive
either the public key or the private key or both of all the keys present in the
key pair. However, if there are numerous keys in the key pair, the exported data
can be lengthy. Multiple export methods are available, which are similar to the
import process.
For Gpg Frontend, the exported data is encoded in ASCII, which ensures data compatibility between computers.
In Gpg Frontend, the exported data is encoded in ASCII to ensure compatibility
between computers.
### Export Public Key
you can find this operation in many places.The following will introduce them one by one.
You can find this operation in many places. The following will introduce them
one by one.
#### Append Public Key to Editor
Right-click a row in the key toolbox, and click Append Select Key(s) to Editor in the pop-up menu item. You will find
that the public key that the key is right appears at the end of your text label page. You can freely copy the content to
any place.
To append a public key to the editor in GpgFrontend, right-click on a row in the
key toolbox and select "Append Select Key(s) to Editor" from the pop-up menu.
This will add the public key of the selected key to the end of the text label
page. You can then copy the content to any location as needed.
#### Export on the Key Pair at Operations Tab
You can do this as shown in the screenshot below, which will store the data to a file. Please select a suitable
directory to store this file containing the public key data before going anywhere.
To export a public key using the Key Pair at Operations Tab, follow the steps
shown in the screenshot below. This will save the data to a file. Before
proceeding, please make sure to choose a suitable directory to store the file
containing the public key data.
![image-20220110194707813](_media/import-export-key-pair/image-20220110194707813.png)
### Export multiple public keys at once
You can export all public key data in multiple key pairs at one time, and you can select the key pairs you want to
export on the key management interface. Then, you can click Export to Clipboard.
To export public key data for multiple key pairs at once, select the desired key
pairs on the key management interface and click on the "Export to Clipboard"
option. This will copy the data to your system clipboard, which you can then
paste into any application or file.
![image-20220110195325342](_media/import-export-key-pair/image-20220110195325342.png)
### Export Private Key
You can find private key options everywhere in the detail's page that contains the private key (primary key or subkey).
Then you can select a location, and GpgFrontend will export the corresponding private key content to that location
later.
Private key options are available in various locations on the detail page that
contains the private key (either the primary key or subkey). From there, you can
select a destination and GpgFrontend will export the corresponding private key
content to that location.
![image-20220110200109284](_media/import-export-key-pair/image-20220110200109284.png)
Exporting the private key also exports the public key and private key data, because the private key data without the
public key is meaningless by itself, you cannot deduce the public key from the private key.
Generally speaking, the private key content will be bundled with the public key content to export and export. Please
note: the private key file can never be disclosed to others. If it is leaked, it means that all ciphertexts encrypted by
the key are no longer safe.
Exporting the private key also exports both the public key and private key data,
as the private key data alone is meaningless without the corresponding public
key. Thus, the private key content is typically bundled with the public key
content during export. However, it's essential to note that the private key file
should never be disclosed to others. If leaked, it could compromise the security
of all ciphertexts encrypted by the key.
You can export the private key data in your key pair in two ways.
@ -96,5 +114,5 @@ You can export the private key data in your key pair in two ways.
### Securely export and transfer as a Key Package
You can package the private key data or public key data of multiple key pairs into a Key Package to allow them to be
securely transferred between your PC devices. This part of the function will be introduced in the feature.
To securely transfer private key or public key data of multiple key pairs
between your PC devices, you can package them into a Key Package.

146
manual/manual/key-server-operations.md
View File

@ -1,113 +1,137 @@
# Key Server Operations
You want to use encrypted communication, but in some cases, you only know the email address to which your message is
sent, but you don't know what the public key of the owner of the email address is.
There are certain scenarios where you require encrypted communication but only
have the recipient's email address and do not possess the recipient's public
key. Additionally, in the event that your key has been inadvertently exposed, it
becomes necessary to notify the holders of your public key to discontinue its
use for sending encrypted information. In such cases, the key server can be
utilized to facilitate key information sharing. You can upload your public key
information to the key server, or search and retrieve the required public key
using email addresses or key IDs.
This is one situation, and another situation is that your key is accidentally leaked. How do you notify the person who
holds your public key to stop using your public key to continue sending you encrypted information? For these people, you
may not even know their names or contact information. In the above cases, you may be able to use the key server to
complete the sharing of key information. You can upload your public key information to the key server, or search or pull
the public key you need from the key server by email address and key ID.
Once the public key information is uploaded to the key server, it will be transmitted between the key servers until
finally all the key servers store your public key for access by people all over the world.
GpgFrontend provides the ability to interact with the key server. Through mouse operation, you can quickly use the key
server to share your public key, or search and import the public key you want. It should be noted that once the public
key information is uploaded to the key server, it means that the public key information cannot be deleted from the key
server and will always be retained. but when you add a subkey to your key pair, the public key of the old key pair can
be overwritten by updating.
Upon uploading your public key information to the key server, it is transmitted
across key servers globally, making it accessible to individuals worldwide.
GpgFrontend features key server interaction capabilities, which enable users to
rapidly share their public key, search for and import required public keys using
mouse operations. It is essential to note that once public key information is
uploaded to the key server, it cannot be deleted and will be retained
indefinitely. However, the public key of the old key pair can be overwritten by
updating when a subkey is added to the key pair.
## Import Public Key From Key Server
In the main page or in the key manager's Import key operation mode, there is a key server option. After selecting this
option you can see such an interface.
In the main page or in the key manager's Import key operation mode, there is a
key server option. After selecting this option you can see such an interface.
![import-keys-fomr-keyserver](_media/key-server-operations/import-keys-fomr-keyserver.png)
You can get a list of public keys associated with a key server by searching for Key ID, fingerprint or email address via
the search box. If there is a suitable public key in the list, you can import it by double-clicking it.
You can get a list of public keys associated with a key server by searching for
Key ID, fingerprint or email address via the search box. If there is a suitable
public key in the list, you can import it by double-clicking it.
![import-keys-fomr-keyserver-1](_media/key-server-operations/import-keys-fomr-keyserver-1.png)
When the import is complete, you can check whether the public key is actually imported through the pop-up window (no
need to import when the local public key is newer), and you can also check some brief information about the public key.
When the import is complete, you can check whether the public key is actually
imported through the pop-up window (no need to import when the local public key
is newer), and you can also check some brief information about the public key.
![image-20220109191357259](_media/key-server-operations/image-20220109191357259.png)
It is worth noting that the public key you imported may be expired or revoked. You can view the status of the key
through the category tab in the key management interface. In addition to the search box, you also noticed that you can
choose which key server to grab the public key information from by clicking on the drop-down box. How to set or add this
candidate list, please refer to the last section of this document: Key server related settings.
It is important to note that the public key you import may have expired or been
revoked. You can check the status of the key by navigating to the category tab
in the key management interface. In addition to the search box, you may also
notice a drop-down box that allows you to choose which key server to retrieve
the public key information from. To modify or add to this list of candidate
servers, please refer to the last section of this document: Key server related
settings.
## Export My Public Key To The Keyserver
When the current key pair has a master key, you can publish the public key information to the key server. Note that in
order to be able to let users know what they are actually doing, GpgFrontend specifies that this can only be done if a
master key exists for the local key pair. This avoids confusion about the function.
If the current key pair has a master key, you have the option to publish the
public key information to a key server. It is important to note that in order to
avoid confusion, GpgFrontend requires the presence of a master key for this
action to be performed. This ensures that users are aware of what they are doing
and the function being performed.
### How To Use
You can find the entry of this operation through the operation tab of the key pair detail interface, as shown in the
following figure.
You can find the entry of this operation through the operation tab of the key
pair detail interface, as shown in the following figure.
![image-20220109192532368](_media/key-server-operations/image-20220109192532368.png)
Perform the operation by clicking Upload key pair to key server. Note that the naming of operations here is a bit
confusing, but this is where your public key information (not your private key) will be uploaded.
Perform the operation by clicking Upload key pair to key server. Note that the
naming of operations here is a bit confusing, but this is where your public key
information (not your private key) will be uploaded.
### Synchronize public key information from a key server
Sometimes, before you perform an encryption operation, you want to know if the public key you are using is still valid.
At this point, you can get the latest information about the key from the key server (if the public key server has one).
Sometimes, before you perform an encryption operation, you want to know if the
public key you are using is still valid. At this point, you can get the latest
information about the key from the key server (if the public key server has
one).
As above, you can find this action in the Actions tab of the key pair details screen, as shown in the image below.
As above, you can find this action in the Actions tab of the key pair details
screen, as shown in the image below.
### Extra Information
Gpg Frontend will upload the public key information to the default key server you set. The private key information is
not uploaded and should not be manually uploaded anywhere by the user.
Gpg Frontend will upload the public key information to the default key server
you set. The private key information is not uploaded and should not be manually
uploaded anywhere by the user.
Refer to the last section of this document on how to set the default key server.
![image-20220109192532368](_media/key-server-operations/image-20220109192532368.png)
By clicking Synchronize key pair with key server, the public key information can be automatically pulled from the key
server and compared with the local key information. After the operation is complete, you can check in the pop-up window
whether the key has actually been updated. It is worth noting that you will not be able to perform this operation if the
private key exists locally, the reason is that you already have the key pair and you should publish the latest
information for the key pair instead of accepting outdated information from the key server .
The "Synchronize key pair with key server" function allows for automatic
retrieval of public key information from the key server, which is then compared
with the local key information. After the operation is completed, a pop-up
window will appear indicating whether the key has actually been updated. It
should be noted that this operation is not possible if the private key exists
locally. This is because, in such a case, you already have the key pair and
should publish the latest information for the key pair instead of accepting
outdated information from the key server.
### Extra Information
Gpg Frontend will automatically communicate with the default keyserver you set and get the information it wants. Refer
to the last section of this document on how to set the default key server.
GpgFrontend automatically communicates with the default key server that you have
set to obtain the necessary information. You can refer to the last section of
this document to learn how to set the default key server.
## Sync ALL Public Key
This is an advanced function provided by Gpg Frontend, it can synchronize all your local public key information at one
time, if you want to know, please read [this document](../features/sync-all-public-keys.md).
This is an advanced function provided by GpgFrontend, it can synchronize all
your local public key information at one time, if you want to know, please read
[this document](../features/sync-all-public-keys.md).
## Key Server Related Settings
如何What about setting a list of keyservers? Or set a default keyserver? At this point, you need to open the Settings
interface and find the Key Servers tab. Here you can see operations related to the key server candidate list, and see
which key server is the default key server.
If you want to set a list of key servers or a default key server, you can do so
by accessing the Settings interface and navigating to the Key Servers tab. Here,
you will find options for managing your key server candidate list and
determining which key server is set as the default.
![image-20220109195518834](_media/key-server-operations/image-20220109195518834.png)
You can enter the http or https address of the key server you want to add in the input box, and then click Add to add a
candidate key server. In order to prevent man-in-the-middle attacks, users are strongly recommended to use the https
protocol. If you want to delete a candidate key server, you can right-click the row of the corresponding key server in
the table and click Delete in the pop-up menu. If you want to edit an existing candidate key server address, you can
double-click its address in the table and edit it.
To add a candidate key server to the list, simply enter the http or https
address of the key server you wish to add into the input box and click "Add". It
is strongly recommended that users use the https protocol to prevent
man-in-the-middle attacks. If you wish to delete a candidate key server, simply
right-click on the corresponding row in the table and select "Delete" from the
pop-up menu. To edit an existing candidate key server address, double-click on
the address in the table and edit it.
If you want to test the network connectivity of the servers in the key server candidate list, you can click the Test
button at the bottom. Note that the test here only tells you if the keyserver is reachable, not whether the address is a
valid keyserver.
To test the network connectivity of the servers in the key server candidate
list, click the "Test" button located at the bottom of the Key Servers tab.
However, note that the test only determines if the keyserver is reachable, not
whether the address is a valid keyserver.
### Set Default Key Server
If you want to set a candidate key server as your default key server, you can right-click the row of the corresponding
key server in the table, and click Set as Default in the pop-up menu. You can see if a candidate keyserver is the
default keyserver in the first column of the table.
To set a candidate key server as your default key server, you can follow these
steps. First, locate the candidate key server you want to set as the default in
the table. Then, right-click the row of the corresponding key server, and click
"Set as Default" in the pop-up menu. Once set, you can verify whether a
candidate key server is the default key server by checking the first column of
the table.

46
manual/manual/sign-verify-file.md
View File

@ -1,48 +1,56 @@
# Sign & Verify File
Gpg Frontend provides a convenient and fast way to operate on files. The concept of signing and verifying files is
almost the same as text, except that the input and output of file operations can be binary.
Gpg Frontend provides a convenient and fast way to operate on files. The concept
of signing and verifying files is almost the same as text, except that the input
and output of file operations can be binary.
## File Extension Introduction
For ciphertext in ASCII format, its filename suffix is usually asc, and you can directly open such files with a text
editor. However, if the ciphertext is binary, its file extension will be sig or gpg. Usually, binary ciphertext files
For ciphertext in ASCII format, its filename suffix is usually asc, and you can
directly open such files with a text editor. However, if the ciphertext is
binary, its file extension will be sig or gpg. Usually, binary ciphertext files
are smaller than ASCII format.
Before v2.0.4, the ciphertext files generated by GpgFrontend are all in ASCII format. But starting from v2.0.4,
GpgFrontend will generate ciphertext files in binary format by default. you can change this setting in settings.
Before v2.0.4, the ciphertext files generated by GpgFrontend are all in ASCII
format. But starting from v2.0.4, GpgFrontend will generate ciphertext files in
binary format by default. you can change this setting in settings.
![image-20220112073548736](_media/encrypt-decrypt-file/image-20220112073548736.png)
## File Browser
In the top menu file option, you can open the file browser(Ctrl/Command + B). Then by using the file browser, first
enter your working directory. Then right-click the file you need to operate, and then select the operation you want in
the pop-up menu.
In the top menu file option, you can open the file browser(Ctrl/Command + B).
Then by using the file browser, first enter your working directory. Then
right-click the file you need to operate, and then select the operation you want
in the pop-up menu.
![image-20220112072034647](_media/encrypt-decrypt-file/image-20220112072034647.png)
There are two control buttons at the top of the file tab. The one on the left is the up level, and the one on the right
is to enter or refresh the corresponding path in the input box on the left.
There are two control buttons at the top of the file tab. The one on the left is
the up level, and the one on the right is to enter or refresh the corresponding
path in the input box on the left.
On the far right is a button with useful options that you can tick to show system files or hidden files.
On the far right is a button with useful options that you can tick to show
system files or hidden files.
![image-20220112072335503](_media/encrypt-decrypt-file/image-20220112072335503.png)
### Sign
Through the right-click menu, you can quickly sign a file. This operation will generate a file with a sig or asc suffix,
which contains the signature content. In this case, you need to pass this file along with the original file so that the
other party can verify it.
Through the right-click menu, you can quickly sign a file. This operation will
generate a file with a sig or asc suffix, which contains the signature content.
In this case, you need to pass this file along with the original file so that
the other party can verify it.
![Peek 2022-01-12 07-39](_media/sign-verify-file/Peek-2022-01-12-07-39.gif)
### Verify
This operation needs to select a file with a gpg suffix (maybe invalid for the ciphertext of a binary file) or a file
with a sig suffix for verification.
This operation needs to select a file with a gpg suffix (maybe invalid for the
ciphertext of a binary file) or a file with a sig suffix for verification.
When selecting a file with the sig suffix, make sure that the source file is also in this directory. This means that the
name of the source file is just missing a sig suffix.
When selecting a file with the sig suffix, make sure that the source file is
also in this directory. This means that the name of the source file is just
missing a sig suffix.
![Peek 2022-01-12 07-40](_media/sign-verify-file/Peek-2022-01-12-07-40.gif)

56
manual/manual/sign-verify-text.md
View File

@ -1,46 +1,60 @@
# Sign & Verify Text
In general, the process of signing and verifying is the reverse process of encryption and decryption. When signing, the
private key is used, and when verifying, the public key is used. And just like signing one name after another on a
document, multiple private keys can be selected when signing. But there are some differences. Digital signatures can be
used to verify whether the content of the signature has changed, while handwritten signatures are difficult to do.
The process of signing and verifying is typically the inverse of the process of
encryption and decryption. When signing, the private key is used, and when
verifying, the public key is used. Similar to signing multiple names on a
document, multiple private keys can be selected when signing. However, there are
some notable differences. Digital signatures can be used to verify whether the
signature's content has been tampered with, while it is difficult to achieve the
same level of verification with handwritten signatures.
## Only Sign
By signing the text, you can show that you are the only and unchangeable certification with this text. You can just sign
the text without encrypting the text like the following.
By signing the text, you can show that you are the only and unchangeable
certification with this text. You can just sign the text without encrypting the
text like the following.
![Peek 2022-01-12 06-50](_media/sign-verify-text/Peek-2022-01-12-06-50.gif)
To check whether the key can be used for signing, please check the usage column in the key toolbox on the right (letter
S stands for signature).
To check whether the key can be used for signing, please check the usage column
in the key toolbox on the right (letter S stands for signature).
## Sign With Encrypt
You can also encrypt this short text while signing, which is equivalent to signing while encrypting. A typical usage
method is to check two key pairs, one is someone else's public key, which is used for encryption; the other is your own
private key, which is used for signing. If you do not check any key that can be used for signing, this is possible (
equivalent to encryption only). The only difference is that you will receive a warning.
You can also perform signing and encryption simultaneously by selecting both a
public key for encryption and your own private key for signing. This is a common
practice where you check two key pairs: one belonging to someone else for
encryption, and the other being your own private key for signing. If you do not
select any key for signing, encryption-only is possible, but you will receive a
warning. It is worth noting that combining signing and encryption provides an
additional layer of security, as it ensures the recipient that the message has
not been tampered with and that it came from the sender whose identity is
verified by the digital signature.
![Peek 2022-01-12 06-54](_media/sign-verify-text/Peek-2022-01-12-06-54-16419417228411.gif)
![Peek 2022-01-12
06-54](_media/sign-verify-text/Peek-2022-01-12-06-54-16419417228411.gif)
## Verify
After obtaining a plaintext and its signature, you can verify the signature. Please keep in mind that this form of
signature is not suitable for use in emails as it will make the email less readable, if you need to sign your email,
please use the "New Message" function to generate the OpenPGP/MIME format sign for your email.
Once you have obtained a plaintext and its corresponding signature, you can
verify the signature using the public key of the signer. However, please note
that this form of signature is not suitable for use in emails as it can make the
email less readable.
![Peek 2022-01-12 06-56](_media/sign-verify-text/Peek-2022-01-12-06-56.gif)
To verify a signature with text, you need to have the corresponding public key for all included signatures. If a
suitable public key for a signature is not found locally during verification, Gpg Frontend will remind you to import it.
To verify a signature with text, you need to have the corresponding public key
for all included signatures. If a suitable public key for a signature is not
found locally during verification, GpgFrontend will remind you to import it.
![image-20220112070325556](_media/sign-verify-text/image-20220112070325556.png)
## Verify With Decrypt
After obtaining a ciphertext, you can try to verify it while decrypting it. This is a good habit regardless of whether
the encryptor has signed in advance. Because you cannot infer from the format of the ciphertext whether it has been
signed or not. So, use decryption operations with verification whenever possible.
It is recommended to verify a ciphertext while decrypting it, regardless of
whether it has been signed by the encryptor or not. It is not possible to
determine from the format of the ciphertext whether it has been signed or not.
Therefore, it is a good habit to always use decryption operations with
verification when possible.
![Peek 2022-01-12 07-10](_media/sign-verify-text/Peek-2022-01-12-07-10.gif)

7
manual/manual/symmetric-encrypt-decrypt-text.md
View File

@ -1,5 +1,6 @@
# Symmetric Encrypt & Decrypt Text
Symmetric encryption will be triggered when you click the Encrypt button and do not check any key in the Key Toolbox.
For symmetric encryption, you need to set a password for your encryption process. When decrypting, you need to enter
the same password as the encryption process.
Symmetric encryption will be triggered when you click the Encrypt button and do
not check any key in the Key Toolbox. For symmetric encryption, you need to set
a password for your encryption process. When decrypting, you need to enter the
same password as the encryption process.

177
manual/manual/understand-interface.md
View File

@ -1,134 +1,167 @@
# Understand Interface
As a novice, you only need to quickly grasp the meaning of a few important parts of the page. You will gradually
discover other functions in the next exploration. The interface may not be the same for different versions.
As a novice, you only need to quickly grasp the meaning of a few important parts
of the page. You will gradually discover other functions in the next
exploration. The interface may not be the same for different versions.
![Interface](https://github.com/saturneric/Blob/blob/master/screenshots/interface-introduce.png?raw=true)
## Text Editor
In the text editing area, you can type text at will. Or create a new tab through the New option in the top file menu.
Tabs can be moved, closed, and so on.
In the text editing area, you are free to type any text you want, or create a
new tab using the "New" option in the file menu at the top. You can easily move
or close tabs as needed.
You can operate your text through the options in the Operations Bar. Or you can use some common shortcuts(ctrl+c/v/s) to
copy-paste save or even find operations.
You can perform various operations on your text using the options provided in
the Operations Bar, or you can use common shortcuts like Ctrl+C/V/S to copy,
paste, and save or even find operations.
The text edited in the text box is UTF8 encoded and does not have any formatting. Not providing any formatting (plain
text) ensures that the reality of redaction in a message is not confusing. I plan to join rich text editors in the
future, but the details are still under consideration.
The text you edit in the text box is encoded in UTF8 and has no formatting. This
plain text format ensures that any redacted message is not confusing. Although
we plan to add rich text editing in the future, the details are still under
consideration.
### Large text file support
Here, GpgFrontend supports opening some of the larger files without being stuck. However, when opening a relatively
large file, you cannot edit this tab until the file has been totally read. Although this will make you unable to edit
the file, you can still view it.
GpgFrontend provides support for opening larger files without getting stuck.
However, when opening a relatively large file, you will not be able to edit the
tab until the entire file has been read. Even though editing the file is not
possible during this time, you can still view it.
## Information Board
The result of your operation on the current tab page will be printed in the Information Board: success or failure. In
addition to the success and failure information, its text will also contain other information to help you understand the
details of your encryption, decryption, signature and other operations. Depending on your language settings, the output
in the dashboard will vary.
GpgFrontend displays the result of your current tab page operation in the
Information Board, indicating whether the operation was successful or not. The
text in the Information Board also includes additional information to help you
understand the specifics of your encryption, decryption, signature, and other
operations. The output displayed in the dashboard may vary based on your
language settings.
I used the information board as a solution to be able to display more information in the same space. In the future, a
graphical interface display of this information will be introduced, which can help users understand the actual role of
this information.
The Information Board was created to allow for the display of more information
in the same space. However, in the future, GpgFrontend plans to introduce a
graphical interface to enhance the user's understanding of this information.
### Font Color
- **Green**: When the operation succeeds and the results of the operation are verified and no problems are found, the
font color will be green.
- **Yellow**: When the operation succeeds and there are some problems with the result testing of the operation at that
time, the font turns yellow, which is a reminder to the user. At this time, the user needs to check the details of the
operation.
- **Red**: When the operation is unsuccessful or there is a serious conflict with the result of the operation, the font
color will turn red, and the user will need to carefully check the details of the operation to ensure security.
- **Green**: When the operation succeeds and the results of the operation are
verified and no problems are found, the font color will be green.
- **Yellow**: When the operation succeeds and there are some problems with the
result testing of the operation at that time, the font turns yellow, which is
a reminder to the user. At this time, the user needs to check the details of
the operation.
- **Red**: When the operation is unsuccessful or there is a serious conflict
with the result of the operation, the font color will turn red, and the user
will need to carefully check the details of the operation to ensure security.
### Font Size
When you feel that the font of the information board is too small, you can set the font size in the Application column
of the settings. The font size defaults to 10 and can be set to a range of between 9 and 18.
When you feel that the font of the information board is too small, you can set
the font size in the Application column of the settings. The font size defaults
to 10 and can be set to a range of between 9 and 18.
### Information Board Actions Menu
The dashboard actions menu provides some commonly used actions for information board content. This enables users to
quickly record large pieces of content in the Information Board for other uses.
The dashboard actions menu provides some commonly used actions for information
board content. This enables users to quickly record large pieces of content in
the Information Board for other uses.
#### Copy
This enables users to quickly record large pieces of content in the Information Board for other uses.
This enables users to quickly record large pieces of content in the Information
Board for other uses.
#### Save File
The operation stores the contents of the information board in the file system in UTF-8 format. Although the output file
does not have a suffix name, in fact this file is in plain text format.
The operation stores the contents of the information board in the file system in
UTF-8 format. Although the output file does not have a suffix name, in fact this
file is in plain text format.
#### Clear
This action immediately empties the information board. The empty operation includes the contents of the information
board and all the statuses. The emptying operation occurs automatically when you make the next operation (encryption,
etc.).
This action immediately empties the information board. The empty operation
includes the contents of the information board and all the statuses. The
emptying operation occurs automatically when you make the next operation
(encryption, etc.).
### Optional Actions Menu
There will also be a column of Optional Actions Menu below the Information Board. If there are other auxiliary
operations that can be done after your operation is completed (display more detailed information, send encrypted text
through email, etc.), the entry points for these auxiliary operations will be displayed here.
There will also be a column of Optional Actions Menu below the Information
Board. If there are other auxiliary operations that can be done after your
operation is completed (display more detailed information, send encrypted text
through email, etc.), the entry points for these auxiliary operations will be
displayed here.
## Key ToolBox
Here is a list of key pairs stored on your machine that can be used for Gpg operations. The key lists in the Toolbox
have multiple categories that correspond to different usage scenarios. The toolbox also provides some commonly used
operations, all of which are in the Key List Menu.
Here is a list of key pairs stored on your machine that can be used for Gpg
operations. The key lists in the Toolbox have multiple categories that
correspond to different usage scenarios. The toolbox also provides some commonly
used operations, all of which are in the Key List Menu.
### Usage
Most operations related to Gpg need to specify a key pair (such as encryption, decryption, signature, etc.). You can
select the check box in the first column of the table in the key toolbox to specify one or more keys for your operation.
Classifications that contain only public keys are often used in cryptographic scenarios.
Most operations related to Gpg need to specify a key pair (such as encryption,
decryption, signature, etc.). You can select the check box in the first column
of the table in the key toolbox to specify one or more keys for your operation.
Classifications that contain only public keys are often used in cryptographic
scenarios.
### Classification
The Toolbox provides a categorical display through tabs. All classifications do not include all expired or revoked keys.
If you want to view expired or revoked keys, use the Key Manager. The default classification contains all private and
public keys. The operation takes only the key from the currently selected classification as input.
The Toolbox provides a categorical display through tabs. All classifications do
not include all expired or revoked keys. If you want to view expired or revoked
keys, use the Key Manager. The default classification contains all private and
public keys. The operation takes only the key from the currently selected
classification as input.
### Columns
It is important to understand this list. Now let me take you to understand it step by step.
It is important to understand this list. Now let me take you to understand it
step by step.
- Select: Turn the checkbox in this column to let Gpg Frontend know that you specify the key of this row for your next
operation.
- Select: Turn the checkbox in this column to let Gpg Frontend know that you
specify the key of this row for your next operation.
- Type: See this column to let you know the type of key and whether the primary key exists in your key pair.
- `pub` means this is a public key, Can be used for encryption or verification operations.
- `pub/sec` The key pair contains both public and private keys. It can be used for almost all operations(Need to
combine the usage column to determine this).
- `pub/sec#` The key pair contains a public key and a private key, but the primary key is not in the key pair. This
shows that you will not be able to do some special (add subkeys, sign other key pairs, etc.)
- `pub/sec^` A key pair has one or more keys (subkeys or master keys) in the smart card.
- `pub/sec#^`The above two situations occur at the same time.
- Type: See this column to let you know the type of key and whether the primary
key exists in your key pair.
- `pub` means this is a public key, Can be used for encryption or
verification operations.
- `pub/sec` The key pair contains both public and private keys. It can be
used for almost all operations(Need to combine the usage column to
determine this).
- `pub/sec#` The key pair contains a public key and a private key, but the
primary key is not in the key pair. This shows that you will not be able
to do some special (add subkeys, sign other key pairs, etc.)
- `pub/sec^` A key pair has one or more keys (subkeys or master keys) in
the smart card.
- `pub/sec#^`The above two situations occur at the same time.
- Name: The identity information of the key pair.
- Email Address: The identity information of the key pair.
- Usage: This determines which operations the key pair can use. Composed of four capital letters, each capital letter
represents a usage.
- `C` Certificate. Generally, the key pair that contains the primary key will have this usage
- `E` Encrypt. The key pair can be used for encryption operations.
- `S` Sign. The key pair can be used for sign operations.
- `A` Authenticate. The key pair can be used to perform operations like SSH authentication.
- Usage: This determines which operations the key pair can use. Composed of four
capital letters, each capital letter represents a usage.
- Validity: One of the concepts of Gpg, simply put it represents the degree of trust in this key.
- `C` Certificate. Generally, the key pair that contains the primary key
will have this usage
- `E` Encrypt. The key pair can be used for encryption operations.
- `S` Sign. The key pair can be used for sign operations.
- `A` Authenticate. The key pair can be used to perform operations like SSH
authentication.
- Validity: One of the concepts of Gpg, simply put it represents the degree of
trust in this key.
## Operations Bar
Here, you can perform corresponding operations by clicking the buttons above. For example, after typing text in a text
editor and setting the key you want to use in the key toolbox, you can click the encryption button to perform the
Here, you can perform corresponding operations by clicking the buttons above.
For example, after typing text in a text editor and setting the key you want to
use in the key toolbox, you can click the encryption button to perform the
operation.
Some operations need to specify the key, and some are not used, which will be explained in other corresponding parts of
the document.
Some operations need to specify the key, and some are not used, which will be
explained in other corresponding parts of the document.
### Customize
Some operations you may not use for a long time, at which point you can uncheck the relevant function group in the view
of the top menu. Conversely, for some of the operations you use frequently, you can also add here.
Some operations you may not use for a long time, at which point you can uncheck
the relevant function group in the view of the top menu. Conversely, for some of
the operations you use frequently, you can also add here.

196
manual/manual/view-keypair-info.md
View File

@ -1,166 +1,203 @@
# View Key Pair Details
Right-click the key pair in the key toolbox or key management interface and click Show key details to view the
information about the key pair.
Right-click the key pair in the key toolbox or key management interface and
click Show key details to view the information about the key pair.
This part may involve a brief introduction to gpg-related concepts, and it will be relatively long.
This part may involve a brief introduction to gpg-related concepts, and it will
be relatively long.
The screenshot below is my friend's public key that I got from the key server.
![image-20220110185144734](_media/view-keypair-info/image-20220110185144734.png)
Below is a private key I randomly generated. You can find that the biggest difference between him and the above is that
the key pair with only the public key is only used for encryption, and if you have the private key, you can do more
things (it also depends on your algorithm, DSA can only for signature).
Below is a private key I randomly generated. You can find that the biggest
difference between him and the above is that the key pair with only the public
key is only used for encryption, and if you have the private key, you can do
more things (it also depends on your algorithm, DSA can only for signature).
![image-20220110185215204](_media/view-keypair-info/image-20220110185215204.png)
## General Info
This interface provides some useful information to assist you in proper management of the key pair.
This interface provides some useful information to assist you in proper
management of the key pair.
### Owner
Through this section, you can understand the owner of this key pair. This information is not fixed and unchangeable. You
can create a new UID in the UID section and set it as the main UID to change it.
Through this section, you can understand the owner of this key pair. This
information is not fixed and unchangeable. You can create a new UID in the UID
section and set it as the main UID to change it.
According to the OpenPGP protocol, this part is divided into Name, Email, and Comment.
According to the OpenPGP protocol, this part is divided into Name, Email, and
Comment.
![image-20220110185740491](_media/view-keypair-info/image-20220110185740491.png)
### Primary key
This part is the information of the primary key of the key pair. The primary key is very important, because without it,
the key pair cannot perform related management operations such as adding and revoking sub-keys (similar to the key ring
cannot be opened). Let's introduce the information of the primary key separately below. If you want to learn more, see
the [Basic Concepts](../basic-concepts.md) section.
This part is the information of the primary key of the key pair. The primary key
is very important, because without it, the key pair cannot perform related
management operations such as adding and revoking sub-keys (similar to the key
ring cannot be opened). Let's introduce the information of the primary key
separately below. If you want to learn more, see the [Basic
Concepts](../basic-concepts.md) section.
The absence of the master key means that the private key of the master key does not exist, but neither the public key
nor the private key exists. Please remember: Each subkey and primary key consists of a pair of public and private keys.
The absence of the master key means that the private key of the master key does
not exist, but neither the public key nor the private key exists. Please
remember: Each subkey and primary key consists of a pair of public and private
keys.
![image-20220110185819775](_media/view-keypair-info/image-20220110185819775.png)
#### Key ID
The unique identifier of the key is fixed and unchanging. Note that this key ID is the key ID of the primary key. The
key ID is uniquely determined after the key is generated. Compared with the fingerprint, the key ID will be shorter and
The unique identifier of the key is fixed and unchanging. Note that this key ID
is the key ID of the primary key. The key ID is uniquely determined after the
key is generated. Compared with the fingerprint, the key ID will be shorter and
more user-friendly.
#### Algorithm
Algorithm used for key generation. Note that this also refers to the generation algorithm of the primary key. The
generation algorithm determines the properties and capabilities of the key. Algorithms such as RSA can be used for
encryption and signature, but DSA can only be used for signature, but the DSA key length can be shorter.
Algorithm used for key generation. Note that this also refers to the generation
algorithm of the primary key. The generation algorithm determines the properties
and capabilities of the key. Algorithms such as RSA can be used for encryption
and signature, but DSA can only be used for signature, but the DSA key length
can be shorter.
#### Key Size
The length of the primary key. It can be said that the longer the key, the harder it is to crack the ciphertext, but at
the same time, the more time it takes for a single operation. Generally speaking, a length of 2048 bits is safe enough (
This refers to the key generated using the RSA algorithm).
The length of the primary key. It can be said that the longer the key, the
harder it is to crack the ciphertext, but at the same time, the more time it
takes for a single operation. Generally speaking, a length of 2048 bits is safe
enough ( This refers to the key generated using the RSA algorithm).
#### Normal Usage
What can the key pair conceptually be used for (including the conceptual usage of the primary key and sub-key). When the
primary key or subkey generation can be used to sign, but it has already expired or does not exist, the signature usage
will still be displayed here.
What can the key pair conceptually be used for (including the conceptual usage
of the primary key and sub-key). When the primary key or subkey generation can
be used to sign, but it has already expired or does not exist, the signature
usage will still be displayed here.
#### Actual Usage
The actual usage of the primary key and all subkeys. It is the union of their usage. If there is only one primary key in
the key pair that can be used for signing, but this primary key does not exist. Then the signature usage will not appear
here, only in Normal Usage. In addition, when there is only one subkey that can be used for signing, if it has expired,
the signature purpose will not be displayed here.
The actual usage of the primary key and all subkeys. It is the union of their
usage. If there is only one primary key in the key pair that can be used for
signing, but this primary key does not exist. Then the signature usage will not
appear here, only in Normal Usage. In addition, when there is only one subkey
that can be used for signing, if it has expired, the signature purpose will not
be displayed here.
#### Expires on
The expiration time of the primary key. When the primary key expires, it will be invalid. You cannot use it for any
operation. In addition, the subkeys in the key pair will also be unavailable. Fortunately, you can change the expiration
time of the primary key at any time, or even set it to never expire. The prerequisite for this is that the primary key
exists in the key pair.
The expiration time of the primary key. When the primary key expires, it will be
invalid. You cannot use it for any operation. In addition, the subkeys in the
key pair will also be unavailable. Fortunately, you can change the expiration
time of the primary key at any time, or even set it to never expire. The
prerequisite for this is that the primary key exists in the key pair.
#### Last Update
The time when the content of the key pair was last updated. Operations such as adding a UID or subkey will modify the
content of the key pair.
The time when the content of the key pair was last updated. Operations such as
adding a UID or subkey will modify the content of the key pair.
#### Secret Key Existence
Shows whether the actual content of the primary key exists. When the primary key does not exist, if there are still
available subkeys in the key pair, the key pair can still be used for normal operations. However, in the above case, the
content of the key pair cannot be modified (that is, operations such as adding UID or subkey cannot be performed), and
the key pair cannot sign other key pairs.
Shows whether the actual content of the primary key exists. When the primary key
does not exist, if there are still available subkeys in the key pair, the key
pair can still be used for normal operations. However, in the above case, the
content of the key pair cannot be modified (that is, operations such as adding
UID or subkey cannot be performed), and the key pair cannot sign other key
pairs.
### Fingerprint
![image-20220110190639502](_media/view-keypair-info/image-20220110190639502.png)
The fingerprint of the key pair is used for humans to quickly compare whether the key pair is the expected key pair.
This field is unique for all keys in the world. You can absolutely do this with the key ID mentioned above.
The fingerprint of the key pair is used for humans to quickly compare whether
the key pair is the expected key pair. This field is unique for all keys in the
world. You can absolutely do this with the key ID mentioned above.
This also refers to the fingerprint of the primary key.
## UID Info
UID is used to identify the key, and this mechanism is mainly used to facilitate human identification. You can compare
the UID to the accompanying name tag on a key ring, indicating who the key ring belongs to. Humans can roughly identify
whether a key pair is what he expected by looking at the UID, but to accurately identify it, fingerprints or key id need
to be compared. A key can have one or more UIDs. A key pair has one and only one primary UID.
UID stands for User ID, and it is a mechanism used to identify a key, primarily
for the purpose of human identification. It can be compared to a name tag that
accompanies a key ring, indicating who the key ring belongs to. By looking at
the UID, humans can get a rough idea of whether a key pair is what they
expected, but for accurate identification, fingerprints or key IDs need to be
compared. A key can have one or more UIDs, while a key pair can have only one
primary UID.
The primary UID on the interface is always the first in the list.
The primary UID is always listed first in the interface.
![image-20220110190943207](_media/view-keypair-info/image-20220110190943207.png)
UID has three elements, Name, Email, Comment. The name must be greater than or equal to five characters, and the email
must conform to the format. Comment rules are relatively loose.
UID has three elements, Name, Email, Comment. The name must be greater than or
equal to five characters, and the email must conform to the format. Comment
rules are relatively loose.
### Signature of UID
The bottom half of the interface is the signature of the UID you checked in the list of UIDs (not checked in the box).
The lower section of the interface displays the signature of the User ID (UID)
that was selected from the list of UIDs, not the one that was checked in the
box.
This is a key trust system. The person who gets your public key actually gets a copy of your key ring, but only the
public key and your nameplate are on the key ring. He can sign your brand with his private key, which means he
recognizes your brand and the public key on the entire key ring. He can then upload the keyring with his signature to
the keyserver, and if a lot of people do this one after another, the public key on the keyserver will have a bunch of
signatures. If there are a lot of signatures on the nameplate, it means that many people recognize the public key and
endorse it, so that the public key can be trusted by everyone.
This is a key trust system. When someone receives your public key, they obtain a
copy of your key ring with only your public key and nameplate. They can then use
their private key to sign your nameplate, indicating that they recognize your
brand and the public key on the entire key ring. Afterward, they can upload the
keyring with their signature to the keyserver. If many people follow suit, the
public key on the keyserver will have numerous signatures. The more signatures
on the nameplate, the more people recognize and endorse the public key, making
it trustworthy.
You can use the primary key of another key pair to sign a UID. In repeating, in general. When the primary UID of a key
pair has many valid signatures attached, it will be more trustworthy than without a valid key pair.
You can also use the primary key of another key pair to sign a UID. Generally,
when the primary UID of a key pair has many valid signatures, it is considered
more trustworthy than if it had none.
## Subkey Info
The sub-key mechanism is an important content of gpg, which enhances flexibility and security, but also brings a certain
degree of complexity, making it difficult for beginners to understand.If you have absolutely no idea about this, you can
refer to the [Basic Concepts](../basic-concepts.md) section first.
The sub-key mechanism is a crucial feature of GPG that improves both flexibility
and security. However, it also introduces some complexity, which can make it
challenging for beginners to comprehend. If you are completely unfamiliar with
this concept, you may find it helpful to consult the below documentation.
[Basic Concepts](../basic-concepts.md)
![image-20220110192348006](_media/view-keypair-info/image-20220110192348006.png)
In order to help you understand this concept and get a preliminary grasp, you only need to read the following points:
To get a basic understanding of this concept, the following points can be
considered:
- A key pair can be compared to a key ring, with a primary key(a pair of public and private keys) and multiple subkeys (
or no subkeys).
- Each subkey and primary key consists of a pair of public and private keys.
- The sub-key can do relate operations (such as signing, encryption) when the primary key is not present or cannot.
- The functions of the sub-keys can overlap. When both sub-keys can be used for signing, the earliest generated one is
selected for this operation.
- The sub-key can use more algorithms than the primary key, but generally they have the same effect on daily operations.
- The disclosure of the subkey only affects the subkey, and the entire key pair is in danger after the disclosure of the
primary key.
- A key pair can be likened to a key ring, comprising of a primary key (a pair
of public and private keys) and multiple subkeys (or none).
- Each subkey and primary key comprises a pair of public and private keys.
- The subkey can perform related operations (such as signing, encryption) in the
absence or unavailability of the primary key.
- The functions of subkeys can overlap, and when both subkeys can be used for
signing, the one generated earlier is selected.
- Subkeys can use more algorithms than the primary key, but usually have the
same effect on daily operations.
- The disclosure of a subkey only affects that subkey, while the disclosure of
the primary key endangers the entire key pair.
The primary key and all subkeys in the key pair are listed on the interface. The first key in the list must be the main
key, regardless of whether it actually exists or not. Some information about the key is listed below. In fact, you can
know by observation that the information of the primary key here is exactly the same as the information of the first
The primary key and all subkeys in the key pair are displayed on the interface.
The first key in the list must be the main key, regardless of its existence.
Some information about the key is also listed below. In fact, it can be observed
that the information of the primary key here is the same as that of the first
tab.
### Key In smart card
Whether it is in the smart card refers to whether the key is moved to the smart card. Moving the key to the smart card
will change the structure of the key and is irreversible.
Whether it is in the smart card refers to whether the key is moved to the smart
card. Moving the key to the smart card will change the structure of the key and
is irreversible.
### Operations
In this column, what you can do is different for a key pair that has only a public key or a key pair that includes a
private key.
In this column, what you can do is different for a key pair that has only a
public key or a key pair that includes a private key.
Here's what you can do with a public key-only key pair.
@ -171,4 +208,3 @@ And the screenshot below lists what a key pair containing a private key can do.
![image-20220110193555076](_media/view-keypair-info/image-20220110193555076.png)
These operations will be scattered in the documentation to explain in detail.

79
manual/overview.md
View File

@ -1,77 +1,92 @@
# Overview of GpgFrontend
---
![Language](https://img.shields.io/badge/language-C%2B%2B-green)
![GitHub release (latest by date)](https://img.shields.io/github/v/release/saturneric/gpgfrontend)
![License](https://img.shields.io/badge/License-GPL--3.0-orange)
![CodeSize](https://img.shields.io/github/languages/code-size/saturneric/GpgFrontend)
[![Codacy Badge](https://app.codacy.com/project/badge/Grade/d1750e052a85430a8f1f84e58a0fceda)](https://www.codacy.com/gh/saturneric/GpgFrontend/dashboard?utm_source=github.com&utm_medium=referral&utm_content=saturneric/GpgFrontend&utm_campaign=Badge_Grade)
[![Codacy Badge](https://app.codacy.com/project/badge/Grade/d1750e052a85430a8f1f84e58a0fceda)](https://www.codacy.com/gh/saturneric/GpgFrontend/dashboard?utm_source=github.com&utm_medium=referral&utm_content=saturneric/GpgFrontend&utm_campaign=Badge_Grade)
[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fsaturneric%2FGpgFrontend.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fsaturneric%2FGpgFrontend?ref=badge_shield)
**GpgFrontend** is a Powerful, Easy-to-Use, Compact, Cross-Platform, and
Installation-Free [OpenPGP](https://www.openpgp.org/) Crypto Tool.
By using GpgFrontend, you can quickly encrypt and decrypt text or files. Or at the same time as the above operations,
you can add your own signature to let others know that this document or this paragraph of text was issued by you.
By using GpgFrontend, you can quickly encrypt and decrypt text or files. Or at
the same time as the above operations, you can add your own signature to let
others know that this document or this paragraph of text was issued by you.
Furthermore, it visualizes most of the common operations of gpg commands. It aims to allow ordinary users to quickly use
gpg and make professional users more convenient. GpgFrontend supports new features of GnuPG 2.x.
Furthermore, it visualizes most of the common operations of gpg commands. It
aims to allow ordinary users to quickly use gpg and make professional users more
convenient. GpgFrontend supports new features of GnuPG 2.x.
**The corresponding release version for this
Document: [v2.0.4](https://github.com/saturneric/GpgFrontend/releases/tag/v2.0.4)**
## Interface
Note: For different operating system and system style settings, GpgFrontend may look different.Documentation can also
vary widely from release to release. Please check the corresponding program release version for the document.
Note: For different operating system and system style settings, GpgFrontend may
look different.Documentation can also vary widely from release to release.
Please check the corresponding program release version for the document.
![image-20220109192100901](_media/overview/image-20220109192100901.png)
## Origin
The GpgFrontend project inherit from a relatively mature but not maintained [gpg4usb](https://www.gpg4usb.org/) project.
It inherits the stable, easy-to-use, compact, and installation-free features of gpg4usb, and plans to support some new
features of OpenPGP based on it and continue to improve it.
The GpgFrontend project inherit from a relatively mature but not maintained
[gpg4usb](https://www.gpg4usb.org/) project. It inherits the stable,
easy-to-use, compact, and installation-free features of gpg4usb, and plans to
support some new features of OpenPGP based on it and continue to improve it.
## Purpose
Let more people all over the world (even if they don't know the command line and programming) can use GnuPG to safely
send information to the destination in a safe way. Free software belongs to the common wealth of all mankind, but there
are still many people who cannot use these wealths due to the limitation of knowledge and usage habits. We should break
this pattern. GpgFrontend is committed to improving the ease of use and intuitiveness of the free software GnuPG, so
that more and more people can use it.
The aim of GpgFrontend is to enable people worldwide, even those without command
line or programming experience, to safely transmit information to their desired
destination. Although free software is a common asset for all humankind, there
are still many individuals who are unable to benefit from it due to their
limited knowledge and usage habits. We need to break this cycle. GpgFrontend is
dedicated to enhancing the ease-of-use and intuitiveness of the free software
GnuPG, with the ultimate goal of making it accessible to a broader audience.
The GpgFrontend project is as open source, and it also insists on using open source codes and libraries.
The GpgFrontend project is as open source, and it also insists on using open
source codes and libraries.
### Free forever
GpgFrontend will be free forever, and you don't need to worry about being asked to pay a fee to use the software one
day.
GpgFrontend will be free forever, and you don't need to worry about being asked
to pay a fee to use the software one day.
## Source Code
The original code repository of Gpg Frontend is hosted on the server of Codes Dream, and each submission will be
submitted to the code repository first. You can click [Here](https://global.git.codesdream.com/GpgFrontend.git) to visit
the original code repository and track development progress.
The original code repository of Gpg Frontend is hosted on the server of Codes
Dream, and each submission will be submitted to the code repository first. You
can click
[Here](https://git.codesdream.com/?p=public/main/GpgFrontend.git;a=summary) to
visit the original code repository and track development progress.
注意:中国用户请访问[这里](https://git.codesdream.com/main/GpgFrontend.git)
### License
GpgFrontend source code is under a GPL-3.0 license, which means that GpgFrontend is free software. You may exercise the
rights set forth in the Licence under the conditions of compliance with the rules of the Licence.
The source code for GpgFrontend is licensed under the GPL-3.0 license, which
ensures that GpgFrontend is open-source software. You have the right to exercise
the rights specified in the license, subject to compliance with the terms of the
license.
### Contribution
At the same time, the addition of new functions does not affect the old basic functions. My personal strength is always
limited. GpgFrontend welcomes volunteers to join. You can use the GitHub platform to file an issue, or submit a pull
request.
You can also submit questions and code contributions by email, please send me problem reports and patches.
Furthermore, the addition of new features does not compromise the existing core
functionality. As an individual, my capabilities are limited. Therefore,
GpgFrontend welcomes volunteers to contribute to the project. You can file
issues or submit pull requests through the GitHub platform. Additionally, you
can submit your questions and code contributions via email. Please feel free to
send problem reports and patches to me.
## Privacy Guarantee
GpgFrontend has no servers and does not require servers to run. In addition to the public key transfers allowed by the
OpenPGP protocol to the public key server unexpectedly, GpgFrontend does not collect and upload any additional
information.
GpgFrontend operates without servers, and does not require servers to be
operational. While it utilizes the OpenPGP protocol for public key transfers, it
does not collect or upload any additional information.
For users with high security requirements, a version with no Internet access capability will be available in the future.
For users with elevated security requirements, a version of GpgFrontend will be
available in the future which will not have internet access capability.