chore: make structure better
This commit is contained in:
parent
eb6e4d1bc4
commit
548ee447aa
@ -16,7 +16,7 @@ To access the **GpgController**:
|
||||
1. Navigate to the **Advanced** menu in the top toolbar.
|
||||
2. Select **Open GnuPG Controller** from the dropdown menu.
|
||||
|
||||
|
||||
|
||||
|
||||
The **GpgController** interface includes three tabs: **General**, **Key
|
||||
Database**, and **Advanced**. Below is a detailed explanation of each tab's
|
||||
@ -30,51 +30,52 @@ The **General** tab provides essential configuration options for GpgFrontend's i
|
||||
|
||||
### Available Options
|
||||
|
||||
1. **Use Binary Mode for File Operations**
|
||||
#### Use Binary Mode for File Operations
|
||||
|
||||
- This option determines the format used for encrypted or signed files:
|
||||
- **Binary Mode**: Produces compact and efficient files, ideal for storage
|
||||
and processing.
|
||||
- **ASCII Mode**: Generates human-readable files encoded in ASCII format.
|
||||
This is useful for sharing files over email or systems that might corrupt
|
||||
binary files.
|
||||
- **Recommendation**: Use binary mode for local file operations and ASCII
|
||||
mode for file sharing or email attachments.
|
||||
This option determines the format used for encrypted or signed files:
|
||||
- **Binary Mode**: Produces compact and efficient files, ideal for storage and
|
||||
processing.
|
||||
- **ASCII Mode**: Generates human-readable files encoded in ASCII format. This
|
||||
is useful for sharing files over email or systems that might corrupt binary
|
||||
files.
|
||||
|
||||
2. **Use Pinentry as Password Input Dialog**
|
||||
Recommendation: Use binary mode for local file operations and ASCII
|
||||
mode for file sharing or email attachments.
|
||||
|
||||
- GpgFrontend includes a built-in password input dialog designed as a
|
||||
temporary fallback when no external **Pinentry** program is available.
|
||||
However, the built-in dialog has limitations and may not work for all
|
||||
password input scenarios.
|
||||
- **Recommendation**: Users are strongly encouraged to install a
|
||||
full-featured **Pinentry** program to ensure a seamless and secure password
|
||||
input experience. **Pinentry** is optimized for GnuPG's requirements and
|
||||
provides additional features such as better passphrase caching and hardware
|
||||
token support.
|
||||
#### Use Pinentry as Password Input Dialog
|
||||
|
||||
3. **Enable GpgME Debug Log**
|
||||
GpgFrontend includes a built-in password input dialog designed as a
|
||||
temporary fallback when no external **Pinentry** program is available.
|
||||
However, the built-in dialog has limitations and may not work for all
|
||||
password input scenarios.
|
||||
|
||||
- Enables verbose logging for troubleshooting GPG operations via the
|
||||
**GpgME** library. This is useful for advanced users diagnosing issues in
|
||||
encryption or signing workflows.
|
||||
Recommendation: Users are strongly encouraged to install a
|
||||
full-featured **Pinentry** program to ensure a seamless and secure password
|
||||
input experience. **Pinentry** is optimized for GnuPG's requirements and
|
||||
provides additional features such as better passphrase caching and hardware
|
||||
token support.
|
||||
|
||||
4. **Restart Gpg Agent on Start**
|
||||
#### Enable GpgME Debug Log
|
||||
|
||||
- Ensures that the GPG agent is restarted whenever GpgFrontend launches. This
|
||||
helps avoid issues caused by stale GPG agent processes.
|
||||
Enables verbose logging for troubleshooting GPG operations via the
|
||||
**GpgME** library. This is useful for advanced users diagnosing issues in
|
||||
encryption or signing workflows.
|
||||
|
||||
5. **Kill All GPG Daemons at Close**
|
||||
#### Restart Gpg Agent on Start
|
||||
|
||||
- Terminates all GPG-related background processes when the application exits.
|
||||
This ensures that no sensitive information is cached in memory or
|
||||
accessible after the session ends.
|
||||
- **Recommendation**: Always enable this option for improved security.
|
||||
Ensures that the GPG agent is restarted whenever GpgFrontend launches. This
|
||||
helps avoid issues caused by stale GPG agent processes.
|
||||
|
||||
> **Note**: Changes to any settings in the General tab will require
|
||||
> restarting GpgFrontend to take effect.
|
||||
#### Kill All GPG Daemons at Close
|
||||
|
||||
---
|
||||
Terminates all GPG-related background processes when the application exits.
|
||||
This ensures that no sensitive information is cached in memory or
|
||||
accessible after the session ends.
|
||||
|
||||
Recommendation: Always enable this option for improved security.
|
||||
|
||||
> **Note**: Changes to any settings in the General tab will require
|
||||
> restarting GpgFrontend to take effect.
|
||||
|
||||
## Key Database Tab: Overview
|
||||
|
||||
@ -86,55 +87,44 @@ detailed documentation is available elsewhere, note the following key points:
|
||||
- **Switch Between Databases**: Use the **Key Toolbox** dropdown in the main
|
||||
interface to select the active database.
|
||||
|
||||
|
||||
|
||||
|
||||
> For more information on key database management, refer to the dedicated
|
||||
> documentation.
|
||||
|
||||
---
|
||||
:::tip[Tipps]
|
||||
> For more information on key database management, refer to the dedicated
|
||||
> documentation.
|
||||
:::
|
||||
|
||||
## Advanced Tab: Custom GnuPG Configuration
|
||||
|
||||
The **Advanced** tab is designed for users who need to configure custom GPG installations.
|
||||
|
||||
|
||||
|
||||
|
||||
### Configuring Custom GnuPG
|
||||
|
||||
1. **Enable Custom GnuPG**
|
||||
1. **Enable Custom GnuPG**: Check the **Use Custom GnuPG** box to enable this
|
||||
feature.
|
||||
2. **Specify GPG Configuration Path**: Use the **Select GnuPG Path** button to
|
||||
locate and set the directory where `gpgconf` resides. This is critical
|
||||
because GpgFrontend relies on the paths provided by `gpgconf` to locate
|
||||
essential components like `gpg`, `gpgsm`, and `gpg-agent`.
|
||||
3. **Verifying Custom Configuration**: After setting the path, you can test the
|
||||
configuration by running `gpgconf --list-components` in a terminal. This
|
||||
command lists all available GPG components and their paths, ensuring that
|
||||
GpgFrontend can access themcorrectly.
|
||||
|
||||
- Check the **Use Custom GnuPG** box to enable this feature.
|
||||
|
||||
|
||||
2. **Specify GPG Configuration Path**
|
||||
|
||||
- Use the **Select GnuPG Path** button to locate and set the directory where
|
||||
`gpgconf` resides. This is critical because GpgFrontend relies on the paths
|
||||
provided by `gpgconf` to locate essential components like `gpg`, `gpgsm`,
|
||||
and `gpg-agent`.
|
||||
|
||||
3. **Verifying Custom Configuration**
|
||||
|
||||
- After setting the path, you can test the configuration by running `gpgconf
|
||||
--list-components` in a terminal. This command lists all available GPG
|
||||
components and their paths, ensuring that GpgFrontend can access them
|
||||
correctly.
|
||||
|
||||
|
||||
|
||||
> **Note**: If `gpgconf` is not configured correctly, GpgFrontend may fail to
|
||||
> locate and execute necessary GPG binaries.
|
||||
|
||||
---
|
||||
:::caution
|
||||
If `gpgconf` is not configured correctly, GpgFrontend may fail to
|
||||
locate and execute necessary GPG binaries.
|
||||
:::
|
||||
|
||||
## Tips for Using GpgController Effectively
|
||||
|
||||
1. **Choose File Formats Wisely**
|
||||
|
||||
- Use **Binary Mode** for efficiency in local operations and **ASCII Mode**
|
||||
for readability and compatibility in file sharing.
|
||||
|
||||
2. **Install a Full-Featured Pinentry**
|
||||
|
||||
- Avoid relying on GpgFrontend's built-in password dialog for critical
|
||||
operations. Installing **Pinentry** ensures better compatibility and
|
||||
security.
|
||||
- Choose File Formats Wisely: Use **Binary Mode** for efficiency in local
|
||||
operations and **ASCII Mode** for readability and compatibility in file
|
||||
sharing.
|
||||
- Install a Full-Featured Pinentry: Avoid relying on GpgFrontend's built-in
|
||||
password dialog for critical operations. Installing **Pinentry** ensures better
|
||||
compatibility and security.
|
||||
|
||||
@ -31,94 +31,77 @@ projects, organizations, or levels of security.
|
||||
|
||||
## Accessing the Multi-Key Database Feature
|
||||
|
||||
### Opening the GnuPG Controller
|
||||
|
||||
To manage multiple key databases, follow these steps:
|
||||
|
||||
1. **Access the Advanced Menu**
|
||||
### Access the Advanced Menu
|
||||
|
||||
- Click on the **Advanced** menu in the top navigation bar.
|
||||
- Select **Open GnuPG Controller** from the dropdown options.
|
||||
- Click on the **Advanced** menu in the top navigation bar.
|
||||
- Select **Open GnuPG Controller** from the dropdown options.
|
||||
|
||||
|
||||
|
||||
|
||||
2. **Navigate to the Key Database Tab**
|
||||
### Navigate to the Key Database Tab
|
||||
|
||||
- In the **GnuPG Controller** window, switch to the **Key Database** tab.
|
||||
- Here, you will find a list of all configured key databases.
|
||||
- In the **GnuPG Controller** window, switch to the **Key Database** tab.
|
||||
- Here, you will find a list of all configured key databases.
|
||||
|
||||
|
||||
|
||||
|
||||
## Managing Key Databases
|
||||
|
||||
The **Key Database** tab allows you to perform the following operations:
|
||||
|
||||
### 1. Adding a New Key Database
|
||||
### Adding a New Key Database
|
||||
|
||||
- Click the **Add New Key Database** button.
|
||||
- Specify a name and path for the new database. This will create an isolated
|
||||
environment for new keys.
|
||||
|
||||
### 2. Editing and Reordering Key Databases
|
||||
### Editing and Reordering Key Databases
|
||||
|
||||
- Right-click on a database entry to view options like:
|
||||
- **Move Up/Move Down**: Reorder the database list.
|
||||
- **Move to Top**: Prioritize a database by moving it to the top. If a database is at the top, it is considered as the Default Key Database.
|
||||
- **Edit**: Rename or modify the path of an existing database.
|
||||
- **Remove**: Delete a database from the configuration.
|
||||
Right-click on a database entry to view options like:
|
||||
- **Move Up/Move Down**: Reorder the database list.
|
||||
- **Move to Top**: Prioritize a database by moving it to the top. If a database
|
||||
is at the top, it is considered as the Default Key Database.
|
||||
- **Edit**: Rename or modify the path of an existing database.
|
||||
- **Remove**: Delete a database from the configuration.
|
||||
|
||||
|
||||
|
||||
|
||||
> **Note**: Any changes to the key database settings will require an application
|
||||
> restart to take effect.
|
||||
:::caution
|
||||
|
||||
### 3. Switching Between Databases
|
||||
Any changes to the key database settings will require an application
|
||||
restart to take effect.
|
||||
|
||||
:::
|
||||
|
||||
### Switching Between Databases
|
||||
|
||||
- Use the **Key Toolbox** dropdown in the main interface to switch between
|
||||
configured databases.
|
||||
- Select the desired database, and the corresponding keys will be displayed.
|
||||
|
||||
|
||||
|
||||
|
||||
## Use Cases for Multi-Key Databases
|
||||
|
||||
1. **Project Isolation**
|
||||
|
||||
- Maintain separate databases for different projects to avoid accidental
|
||||
cross-use of keys.
|
||||
|
||||
2. **Organizational Separation**
|
||||
|
||||
- Keep departmental or team-specific keys isolated to ensure they are only
|
||||
accessible to authorized personnel.
|
||||
|
||||
3. **Enhanced Security for Sensitive Keys**
|
||||
- Store high-security keys in a dedicated database, minimizing the risk of
|
||||
exposure during routine operations.
|
||||
- Project Isolation: Maintain separate databases for different projects to
|
||||
avoid accidental cross-use of keys.
|
||||
- Organizational Separation: Keep departmental or team-specific keys isolated
|
||||
to ensure they are only accessible to authorized personnel.
|
||||
- Enhanced Security for Sensitive Keys: Store high-security keys in a dedicated
|
||||
database, minimizing the risk of exposure during routine operations.
|
||||
|
||||
## Tips for Effective Multi-Key Database Usage
|
||||
|
||||
1. **Name Databases Clearly**
|
||||
|
||||
- Use descriptive names for each database to make it easier to identify their
|
||||
purpose.
|
||||
|
||||
2. **Regular Backups**
|
||||
|
||||
- Backup each database regularly to prevent loss of critical keys. Store
|
||||
backups in secure, encrypted locations.
|
||||
|
||||
3. **Audit Database Usage**
|
||||
|
||||
- Periodically review the contents and usage of each database to ensure
|
||||
proper organization and security.
|
||||
|
||||
4. **Isolate Sensitive Operations**
|
||||
|
||||
- For highly sensitive keys, consider using a dedicated device or environment
|
||||
to manage their database.
|
||||
|
||||
5. **Avoid Overloading Databases**
|
||||
|
||||
- Distribute keys evenly across multiple databases instead of overloading a
|
||||
single one. This enhances performance and organization.
|
||||
- Name Databases Clearly: Use descriptive names for each database to make it
|
||||
easier to identify their purpose.
|
||||
- Regular Backups: Backup each database regularly to prevent loss of critical
|
||||
keys. Store backups in secure, encrypted locations.
|
||||
- Audit Database Usage: Periodically review the contents and usage of each
|
||||
database to ensure proper organization and security.
|
||||
- Isolate Sensitive Operations: For highly sensitive keys, consider using a
|
||||
dedicated device or environment to manage their database.
|
||||
- Avoid Overloading Databases: Distribute keys evenly across multiple databases
|
||||
instead of overloading a single one. This enhances performance and
|
||||
organization.
|
||||
|
||||
@ -75,34 +75,25 @@ To transfer the KeyPackage:
|
||||
To import the KeyPackage after transferring it to the target device, follow
|
||||
these steps:
|
||||
|
||||
|
||||
|
||||
|
||||
1. **Initiate Import**:
|
||||
- **Initiate Import**: Open the key management tool on the target device and
|
||||
click on the "Import Key" button.
|
||||
- **Select KeyPackage Option**: As shown in the image, from the dropdown menu,
|
||||
select the "Key Package" option. This indicates that you will be importing a
|
||||
KeyPackage.
|
||||
|
||||
- Open the key management tool on the target device and click on the "Import
|
||||
Key" button.
|
||||
- **Select KeyPackage File**: A file selection dialog will appear. First, choose
|
||||
the `.gpgpack` file that you transferred. This file contains the packaged keys.
|
||||
|
||||
2. **Select KeyPackage Option:**
|
||||
- **Select Key File**: After selecting the `.gpgpack` file, another file
|
||||
selection dialog will prompt you to choose the corresponding key file. This key
|
||||
file is used to decrypt the KeyPackage.
|
||||
|
||||
- As shown in the image, from the dropdown menu, select the "Key Package"
|
||||
option. This indicates that you will be importing a KeyPackage.
|
||||
|
||||
3. **Select KeyPackage File**:
|
||||
|
||||
- A file selection dialog will appear. First, choose the `.gpgpack` file that
|
||||
you transferred. This file contains the packaged keys.
|
||||
|
||||
4. **Select Key File**:
|
||||
|
||||
- After selecting the `.gpgpack` file, another file selection dialog will
|
||||
prompt you to choose the corresponding key file. This key file is used to
|
||||
decrypt the KeyPackage.
|
||||
|
||||
5. **Import Keys**:
|
||||
- Once both files are selected, the key management tool will automatically
|
||||
import the keys contained within the KeyPackage. You will be prompted to
|
||||
enter the passphrase that was set during the creation of the KeyPackage to
|
||||
complete the import process.
|
||||
- **Import Keys**: Once both files are selected, the key management tool will
|
||||
automatically import the keys contained within the KeyPackage. You will be
|
||||
prompted to enter the passphrase that was set during the creation of the
|
||||
KeyPackage to complete the import process.
|
||||
|
||||
By following these steps, you can securely import your cryptographic keys from
|
||||
the KeyPackage into the key management tool on the target device.
|
||||
|
||||
@ -10,9 +10,6 @@ public keys, such as revocations or the addition of subkeys, are reflected in
|
||||
your local keyring. Without this, you may be vulnerable to security risks like
|
||||
man-in-the-middle attacks or authentication errors.
|
||||
|
||||
Here's a structured guide to maintaining public key synchronization using the
|
||||
GpgFrontend's Public Key Sync feature.
|
||||
|
||||
## Importance of Public Key Synchronization
|
||||
|
||||
**Key Revocation:** If a key is revoked by its owner, it's vital to stop using
|
||||
@ -28,33 +25,22 @@ authenticate signatures made with the new subkey.
|
||||
GpgFrontend automates the public key synchronization process through a
|
||||
user-friendly interface. Here’s how to use it:
|
||||
|
||||
1. **Open the Key Management Interface**:
|
||||
1. Open the Key Management Interface: Navigate to the Key Management interface
|
||||
by clicking on the "Manage Keys" button in the main interface.
|
||||
2. Select Keys to Sync: In the list of public keys, you can select specific keys
|
||||
to sync by checking the boxes next to them. If you want to sync all public keys,
|
||||
you do not need to select any specific keys.
|
||||
3. Click the Sync Public Key Button: Locate and click the **Sync Public Key**
|
||||
button. This button is represented by a cloud icon with a refresh symbol,
|
||||
located in the toolbar at the top of the Key Management interface.If you have
|
||||
selected specific keys, the synchronization process will initiate for those
|
||||
keys. If no keys are selected, a confirmation prompt will appear, asking you to
|
||||
confirm if you want to synchronize all public keys.
|
||||
4. Synchronization Process: The feature works by checking all the public keys in
|
||||
your possession against the key server. If there is an updated version of a key
|
||||
you own, GpgFrontend will import the new details to your local keyring.
|
||||
|
||||
- Navigate to the Key Management interface by clicking on the "Manage Keys"
|
||||
button in the main interface.
|
||||
|
||||
2. **Select Keys to Sync**:
|
||||
|
||||
- In the list of public keys, you can select specific keys to sync by
|
||||
checking the boxes next to them. If you want to sync all public keys, you
|
||||
do not need to select any specific keys.
|
||||
|
||||
3. **Click the Sync Public Key Button**:
|
||||
|
||||
- Locate and click the **Sync Public Key** button. This button is represented
|
||||
by a cloud icon with a refresh symbol, located in the toolbar at the top of
|
||||
the Key Management interface.
|
||||
- If you have selected specific keys, the synchronization process will
|
||||
initiate for those keys. If no keys are selected, a confirmation prompt
|
||||
will appear, asking you to confirm if you want to synchronize all public
|
||||
keys.
|
||||
|
||||
4. **Synchronization Process**:
|
||||
- The feature works by checking all the public keys in your possession
|
||||
against the key server. If there is an updated version of a key you own,
|
||||
GpgFrontend will import the new details to your local keyring.
|
||||
|
||||
|
||||
|
||||
|
||||
By following these steps, you can ensure that your public keys are always
|
||||
up-to-date, enhancing the security and reliability of your cryptographic
|
||||
@ -67,10 +53,14 @@ To know which key server GpgFrontend interacts with, follow these steps:
|
||||
1. Go to the settings section of GpgFrontend.
|
||||
2. The default key server configured will be listed here.
|
||||
|
||||
|
||||
|
||||
|
||||
_Note: Replace the placeholder text with the actual link to the image showing
|
||||
the key server settings._
|
||||
:::tip
|
||||
|
||||
Replace the placeholder text with the actual link to the image showing
|
||||
the key server settings.
|
||||
|
||||
:::
|
||||
|
||||
If you need to use a different key server:
|
||||
|
||||
@ -86,9 +76,3 @@ If you need to use a different key server:
|
||||
they are legitimate.
|
||||
- **Secure Network:** Always perform key synchronization over a secure network
|
||||
to prevent interception or tampering.
|
||||
|
||||
## Conclusion
|
||||
|
||||
By following this guide, you can ensure that your public keys are always
|
||||
up-to-date, reflecting the current status on the key server, thereby maintaining
|
||||
the integrity of your encrypted communications.
|
||||
|
||||
@ -24,10 +24,12 @@ At the heart of GPG is the **key pair**: two mathematically linked keys.
|
||||
- Decrypt messages sent to you.
|
||||
- Sign data so others know it’s really from you.
|
||||
|
||||
> 🧠 Think of it like a mailbox:
|
||||
> - Your public key is the address — people can send you letters.
|
||||
> - Your private key is the key to open the mailbox — only you can read what’s
|
||||
> inside.
|
||||
|
||||
:::tip[Think of it like a mailbox]
|
||||
- Your public key is the address — people can send you letters.
|
||||
- Your private key is the key to open the mailbox — only you can read what’s
|
||||
inside.
|
||||
:::
|
||||
|
||||
## 🔧 Generating a Key Pair
|
||||
|
||||
@ -37,8 +39,10 @@ To use GPG, you first create a key pair. During creation, you’ll choose:
|
||||
- A **key size** (larger sizes are more secure but slower).
|
||||
- A **passphrase** to protect the private key.
|
||||
|
||||
> 🔒 Your passphrase adds a layer of protection — even if someone gets your key
|
||||
> file, they can’t use it without this password.
|
||||
:::caution
|
||||
🔒 Your passphrase adds a layer of protection — even if someone gets your key
|
||||
file, they can’t use it without this password.
|
||||
:::
|
||||
|
||||
## 🧩 What Are Subkeys?
|
||||
|
||||
@ -61,7 +65,7 @@ Your **primary key** is your core identity. It:
|
||||
- Signs your subkeys.
|
||||
- Can certify other people's public keys (used to build trust networks).
|
||||
|
||||
### Why Is It So Important?
|
||||
:::caution
|
||||
|
||||
If someone gains access to your **primary private key**, they can impersonate
|
||||
you. That’s why:
|
||||
@ -70,6 +74,8 @@ you. That’s why:
|
||||
- It’s best to use **subkeys** for daily operations.
|
||||
- Some people even keep their primary key **offline** for maximum safety.
|
||||
|
||||
:::
|
||||
|
||||
## ✉️ How Encryption Works
|
||||
|
||||
Imagine you want to send a private message to someone:
|
||||
@ -164,5 +170,9 @@ Whether you're just starting to explore encrypted communication or already
|
||||
managing multiple keys, GpgFrontend acts as a bridge — combining the strength of
|
||||
GPG with simplicity and clarity.
|
||||
|
||||
> 🧩 You focus on **secure communication** — let GpgFrontend handle the
|
||||
> complexity behind it.
|
||||
:::tip[]
|
||||
|
||||
You focus on **secure communication** — let GpgFrontend handle the complexity
|
||||
behind it.
|
||||
|
||||
:::
|
||||
Loading…
x
Reference in New Issue
Block a user