GpgFrontend/Manual
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: adapt manual to v2.1.7

Browse Source
This commit is contained in:
saturneric 2025-04-09 01:55:21 +02:00
parent 99d6ac727b
commit eb6e4d1bc4
22 changed files with 3841 additions and 5898 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
astro.config.mjs
View File

@ -12,9 +12,13 @@ export default defineConfig({
src: "./src/assets/logo.svg", src: "./src/assets/logo.svg",
}, },
favicon: "/images/favicon.ico", favicon: "/images/favicon.ico",
social: { social: [
github: "https://github.com/saturneric/GpgFrontend", {
}, icon: "github",
label: "GitHub",
href: "https://github.com/saturneric/GpgFrontend",
},
],
editLink: { editLink: {
baseUrl: "https://github.com/saturneric/GpgFrontend-Manual/edit/main/", baseUrl: "https://github.com/saturneric/GpgFrontend-Manual/edit/main/",
}, },
@ -51,6 +55,9 @@ export default defineConfig({
}, },
}, },
], ],
customCss: [
"./src/styles/custom.css",
],
}), }),
], ],
output: "server", output: "server",

7799
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

6
package.json
View File

@ -10,9 +10,9 @@
"astro": "astro" "astro": "astro"
}, },
"dependencies": { "dependencies": {
"@astrojs/netlify": "^5.5.1", "@astrojs/netlify": "^6.2.5",
"@astrojs/starlight": "^0.21.3", "@astrojs/starlight": "^0.33.0",
"astro": "^4.3.5", "astro": "^5.6.1",
"sharp": "^0.32.5" "sharp": "^0.32.5"
} }
} }

2
src/content/docs/advanced/key-database.md
View File

@ -63,7 +63,7 @@ The **Key Database** tab allows you to perform the following operations:
- Right-click on a database entry to view options like: - Right-click on a database entry to view options like:
- **Move Up/Move Down**: Reorder the database list. - **Move Up/Move Down**: Reorder the database list.
- **Move to Top**: Prioritize a database by moving it to the top. - **Move to Top**: Prioritize a database by moving it to the top. If a database is at the top, it is considered as the Default Key Database.
- **Edit**: Rename or modify the path of an existing database. - **Edit**: Rename or modify the path of an existing database.
- **Remove**: Delete a database from the configuration. - **Remove**: Delete a database from the configuration.

7
src/content/docs/advanced/key-package.md
View File

@ -114,10 +114,3 @@ the KeyPackage into the key management tool on the target device.
- Delete the KeyPackage files from all devices and any intermediaries (like - Delete the KeyPackage files from all devices and any intermediaries (like
email servers or cloud storage) after the transfer is complete to prevent email servers or cloud storage) after the transfer is complete to prevent
unauthorized access. unauthorized access.
## Conclusion
The KeyPackage feature streamlines the process of transferring key data between
devices while maintaining high security standards. By following the steps
outlined in this document, users can effectively manage their cryptographic keys
across multiple platforms.

187
src/content/docs/advanced/module-controller.md
View File

@ -13,8 +13,6 @@ This guide provides an overview of the **Module Controller** interface,
instructions for managing modules, and guidance for advanced users interested in instructions for managing modules, and guidance for advanced users interested in
developing custom modules. developing custom modules.
---
## Accessing the Module Controller ## Accessing the Module Controller
To access the **Module Controller**: To access the **Module Controller**:
@ -22,73 +20,66 @@ To access the **Module Controller**:
1. Open the **Advanced** menu in the top toolbar. 1. Open the **Advanced** menu in the top toolbar.
2. Select **Open Module Controller**. 2. Select **Open Module Controller**.
![Open Module Controller](https://image.cdn.bktus.com/i/2024/11/29/fa515b3c-d9b1-70f5-c355-832b6bf07a38.webp) ![](https://image.cdn.bktus.com/i/2024/11/29/fa515b3c-d9b1-70f5-c355-832b6bf07a38.webp)
The **Module Controller** interface consists of the following tabs: The **Module Controller** interface consists of the following tabs:
- **Registered Modules** - **Registered Modules**
- **Global Register Table** - **Global Register Table**
---
## Registered Modules Tab ## Registered Modules Tab
The **Registered Modules** tab displays all available modules and provides tools The **Registered Modules** tab displays all available modules and provides tools
for managing their activation, metadata, and storage. for managing their activation, metadata, and storage.
![](https://image.cdn.bktus.com/i/2024/11/29/b35d35f9-4ae2-0d3b-917d-a6fb815711f9.webp)
### Key Features ### Key Features
1. **Module List** **Module List**
- The left panel lists all currently available modules.
- Modules prefixed with `*` are **Integrated Modules**, meaning they are bundled
with the GpgFrontend application.
- The left panel lists all currently available modules. **Module Information**: When a module is selected, detailed metadata is
- Modules prefixed with `*` are **Integrated Modules**, meaning they are displayed in the right panel, including:
bundled with the GpgFrontend application. - **ID**: The unique identifier of the module.
- **Version**: The current module version.
- **SDK Version**: The version of the SDK required by the module.
- **Path**: The physical location of the module file.
- **Activation Status**: Indicates whether the module is active or set to
auto-activate.
2. **Module Information** ```text title="Example"
- ID: com.bktus.gpgfrontend.module.email
- Version: 1.0.0
- SDK Version: 2.1.5
- Path: /path/to/module/file
- Auto Activate: True
- Active: True
```
- When a module is selected, detailed metadata is displayed in the right **Module Actions**
panel, including:
- **ID**: The unique identifier of the module. - **Deactivate**: Temporarily disables the selected module.
- **Version**: The current module version. - **Disable Auto Activate**: Prevents the module from loading automatically when
- **SDK Version**: The version of the SDK required by the module. GpgFrontend starts.
- **Path**: The physical location of the module file.
- **Activation Status**: Indicates whether the module is active or set to
auto-activate.
Example: **Show Mods Directory**
``` - Opens the directory where external modules are stored. Users can manually add
- ID: com.bktus.gpgfrontend.module.email or remove custom modules by placing or deleting files in this directory.
- Version: 1.0.0
- SDK Version: 2.1.5
- Path: /path/to/module/file
- Auto Activate: True
- Active: True
```
![Registered Modules](https://image.cdn.bktus.com/i/2024/11/29/b35d35f9-4ae2-0d3b-917d-a6fb815711f9.webp) :::tip[Tip for Integrated Modules]
3. **Module Actions** - **Windows/Mac Users**: Integrated Modules (prefixed with `*`) can be removed
by deleting the corresponding `.dll` (Windows) or `.dylib` (Mac) file from the
`modules` directory.
- **Linux Users**: Due to the nature of **AppImage** and **Flatpak** packages,
removing Integrated Modules may require recompiling and repackaging the
application.
- **Deactivate**: Temporarily disables the selected module. :::
- **Disable Auto Activate**: Prevents the module from loading automatically
when GpgFrontend starts.
4. **Show Mods Directory**
- Opens the directory where external modules are stored. Users can manually
add or remove custom modules by placing or deleting files in this
directory.
> **Tip for Integrated Modules**:
- **Windows/Mac Users**: Integrated Modules (prefixed with `*`) can be
removed by deleting the corresponding `.dll` (Windows) or `.dylib` (Mac)
file from the `modules` directory.
- **Linux Users**: Due to the nature of **AppImage** and **Flatpak**
packages, removing Integrated Modules may require recompiling and
repackaging the application.
## Global Register Table Tab ## Global Register Table Tab
@ -99,25 +90,22 @@ interactions with the core application.
### Key Features ### Key Features
1. **Key-Value Data** **Key-Value Data**
- Displays the hierarchical structure of global variables, including:
- Module-specific settings (e.g., version checking, state tracking).
- GnuPG paths and environment configurations.
- Displays the hierarchical structure of global variables, including: ```text title="Example"
- Module-specific settings (e.g., version checking, state tracking). gpgme:
- GnuPG paths and environment configurations. ctx:
- Example: app_path: /opt/homebrew/Cellar/gnupg/2.4.5_1/bin/gpg
``` gnupg_version: 2.4.5
gpgme: gpgconf_path: /opt/homebrew/bin/gpgconf
ctx: ```
app_path: /opt/homebrew/Cellar/gnupg/2.4.5_1/bin/gpg
gnupg_version: 2.4.5
gpgconf_path: /opt/homebrew/bin/gpgconf
```
2. **Navigation** **Navigation**: Expand nodes to explore detailed properties for modules or core components.
- Expand nodes to explore detailed properties for modules or core components. ![](https://image.cdn.bktus.com/i/2024/11/29/e4a74c1d-c81a-166f-abd8-4f3f4f92f4d0.webp)
![Global Register Table](https://image.cdn.bktus.com/i/2024/11/29/e4a74c1d-c81a-166f-abd8-4f3f4f92f4d0.webp)
## Developing Custom Modules ## Developing Custom Modules
@ -128,53 +116,32 @@ the `libgpgfrontend_sdk` library.
### Key Points for Developers ### Key Points for Developers
1. **C ABI Compliance** **C ABI Compliance**: Modules must be implemented using the C ABI to ensure
compatibility across all supported platforms (Windows, macOS, Linux).
- Modules must be implemented using the C ABI to ensure compatibility across **Dynamic SDK Linking**: Modules interact with GpgFrontend by linking
all supported platforms (Windows, macOS, Linux). dynamically to the **libgpgfrontend_sdk** library. This library provides the
necessary interfaces for module initialization, data exchange, and runtime
interaction.
2. **Dynamic SDK Linking** **SDK Limitations**: The current SDK API is still under development and may not
cover all potential use cases. Developers are encouraged to contact the project
maintainer for guidance or feature requests.
- Modules interact with GpgFrontend by linking dynamically to the **Getting Started**: Place the compiled module file (`.dll`, `.dylib`, or `.so`)
**libgpgfrontend_sdk** library. This library provides the necessary in the `modules` directory. Use the **Show Mods Directory** button to locate
interfaces for module initialization, data exchange, and runtime this directory.
interaction.
3. **SDK Limitations** :::tip[Tips for Managing Modules]
1. **Backup Before Changes**: Always create a backup of the `modules` directory
- The current SDK API is still under development and may not cover all before making changes, especially when adding or removing modules.
potential use cases. Developers are encouraged to contact the project 2. **Regular Updates**: Check for updates to both GpgFrontend and its modules to
maintainer for guidance or feature requests. ensure compatibility and access to the latest features.
3. **Safe Removal**: Follow the guidelines for deleting Integrated Modules based
4. **Getting Started** on your platform to avoid accidental issues.
- Place the compiled module file (`.dll`, `.dylib`, or `.so`) in the 4. **Use Global Register Table for Debugging**: Advanced users can verify module
`modules` directory. Use the **Show Mods Directory** button to locate this configurations and GPG environment paths through the **Global Register Table**.
directory. :::
---
## Tips for Managing Modules
1. **Backup Before Changes**
- Always create a backup of the `modules` directory before making changes,
especially when adding or removing modules.
2. **Regular Updates**
- Check for updates to both GpgFrontend and its modules to ensure
compatibility and access to the latest features.
3. **Safe Removal**
- Follow the guidelines for deleting Integrated Modules based on your
platform to avoid accidental issues.
4. **Use Global Register Table for Debugging**
- Advanced users can verify module configurations and GPG environment paths
through the **Global Register Table**.
---
## Example Module: Version Checking ## Example Module: Version Checking
@ -187,9 +154,9 @@ modules to provide additional functionality.
- Displays release notes for new updates. - Displays release notes for new updates.
- Notifies users when an upgrade is available. - Notifies users when an upgrade is available.
### Example Metadata: ### Metadata:
``` ```text title="Example"
- ID: com.bktus.gpgfrontend.module.version_checking - ID: com.bktus.gpgfrontend.module.version_checking
- Version: 1.0.0 - Version: 1.0.0
- Auto Activate: True - Auto Activate: True
@ -197,15 +164,13 @@ modules to provide additional functionality.
### Global Register Table: ### Global Register Table:
``` ```text title="Example"
com.bktus.gpgfrontend.module.version_checking: com.bktus.gpgfrontend.module.version_checking:
current_version: v2.1.5 current_version: v2.1.5
need_upgrade: false need_upgrade: false
latest_version: v2.1.5 latest_version: v2.1.5
``` ```
---
By leveraging the **Module Controller**, users can customize and extend By leveraging the **Module Controller**, users can customize and extend
GpgFrontend to suit their needs. Developers interested in creating new modules GpgFrontend to suit their needs. Developers interested in creating new modules
are encouraged to experiment with the SDK and collaborate with the maintainer are encouraged to experiment with the SDK and collaborate with the maintainer

0
src/content/docs/guides/email.md → src/content/docs/guides/email-operations.md
View File

118
src/content/docs/guides/encrypt-decrypt-file.md
View File

@ -1,118 +0,0 @@
---
title: Encrypt & Sign File
---
GpgFrontend offers a fast and convenient method for working with files. The
encryption and decryption process for files is nearly identical to that of text,
with the exception that file operations involve binary input and output.
## Using File Browser for Encryption and Decryption
After clicking the **File Browser** button, a system directory selection dialog
will appear. Follow these steps to perform encryption, decryption, and signing
operations:
1. **Open File Browser**:
- Click the **File Browser** button in the toolbar at the top of the
interface. This will open a system dialog allowing you to choose a
directory.
2. **Select Directory**:
- In the system dialog, navigate to the desired directory and select it. Once
selected, a new tab named "File Browser" will open in GpgFrontend,
displaying the contents of the chosen directory.
3. **Select a File**:
- In the File Browser tab, you will see a list of files and folders within
the selected directory. Click on the file you want to encrypt, decrypt, or
sign.
4. **Encrypt the File**:
- To encrypt a file, first select the file in the File Browser. Then, in the
**Key Toolbox** on the right, select the public key of the recipient by
checking the box next to the desired key. Finally, click the **Encrypt**
button in the toolbar at the top.
5. **Decrypt the File**:
- To decrypt a file, select the encrypted file in the File Browser. Ensure
you have the corresponding private key in your keyring. Click the
**Decrypt** button in the toolbar. If the correct key is available, the
file will be decrypted.
![File Operations](https://image.cdn.bktus.com/i/2024/06/15/a8d7bf2f-54f6-ccc6-7bdd-8bb0d2ba44af.webp)
By following these steps, you can easily manage file encryption, decryption, and
signing using the GpgFrontend's File Browser feature. This streamlined process
allows you to handle your cryptographic needs directly from the file system
interface.
## File Extension Requirements
GpgFrontend supports different file extensions for various cryptographic
operations. Understanding these extensions helps in properly managing encrypted
and signed files. Heres a breakdown of the file extensions used:
#### ASCII Format
- **.asc**: Files with the ".asc" extension are in ASCII format. These files
contain ASCII-armored ciphertext, which is a text representation of the
encrypted data. ASCII format is typically used for easy sharing via email or
text editors, as it ensures compatibility with text-based applications.
#### Binary Format
- **.gpg**: Files with the ".gpg" extension are in binary format. Binary
ciphertext files are more compact than their ASCII counterparts and are
generally used for more efficient storage and transmission. They cannot be
viewed directly in text editors, as the content is in a binary format.
#### Combined Content
- **.gpg**: When you use the encryption and signing functions together,
GpgFrontend generates a file with the ".gpg" extension. This file contains
both the encrypted content and the signature, ensuring that the recipient can
verify that the ciphertext originates from you.
To perform decryption and verification operations, you need to use files with
either the ".gpg" or ".asc" extension. These files contain the necessary
ciphertext and signature content required for these operations.
By adhering to these file extension requirements, you can ensure that your
encrypted and signed files are correctly recognized and processed by
GpgFrontend.
### Default Output Mode
Before version 2.0.4, GpgFrontend generated ciphertext files exclusively in
ASCII format. However, beginning with version 2.0.4, GpgFrontend now generates
ciphertext files in binary format by default. This setting can be adjusted in
the program's settings.
### Changing Output Mode
To change the output mode between ASCII and binary formats, follow these steps:
1. **Open Settings**:
- Navigate to the GnuPG Controller settings within GpgFrontend. This can be
done by accessing the settings menu from the main interface.
2. **Locate Binary Mode Option**:
- In the settings interface, under the "General" section, locate the option
labeled "Use Binary Mode for File Operations".
3. **Toggle Binary Mode**:
- Check or uncheck this option to switch between binary (gpg) and ASCII (asc)
output formats. Checking the box will enable binary mode, while unchecking
it will revert to ASCII format.
By following these steps, you can customize how GpgFrontend handles the format
of ciphertext files according to your preference or needs.
![Locate Binary Mode Option](https://image.cdn.bktus.com/i/2024/06/15/1a82922d-4a68-d315-f388-5571a4d93e8f.webp)

146
src/content/docs/guides/encrypt-decrypt-text.md
View File

@ -1,146 +0,0 @@
---
title: Encrypt & Decrypt Text
---
The processes of encryption and decryption are fundamental to ensuring the
privacy and security of digital communications. GpgFrontend, a graphical
interface for GnuPG, simplifies these operations, making it accessible for users
to securely encrypt and decrypt text. Before diving into the specifics of how
GpgFrontend facilitates these operations, it's essential to understand the
underlying concepts and the prerequisites for encryption and decryption.
Encryption is the process of converting plain text into a scrambled format known
as ciphertext, which is unreadable to anyone except those who possess the
correct key to decrypt it. This transformation is done using an encryption
algorithm and a key. In the context of GpgFrontend and most modern encryption
practices, this key is the recipient's public key. A public key is part of a key
pair that includes a private key; together, they are used in asymmetric
encryption, a cornerstone of modern cryptography.
To initiate encryption with GpgFrontend, the sender must first have access to
the recipient's public key. This key is used to encrypt the message, ensuring
that only the recipient, who holds the corresponding private key, can decrypt
and read the message. The public key can encrypt messages, but cannot decrypt
them. This is a crucial aspect of asymmetric cryptography: it allows anyone to
send encrypted messages to the key owner without being able to decrypt messages
encrypted with that same public key.
Generating a key pair is the first step in being able to engage in these secure
communications. This process usually involves choosing a key type and size, with
larger keys offering higher security. Once generated, the key pair consists of a
private key, which must be kept secure and confidential, and a public key, which
can be shared with anyone who wishes to send you encrypted messages.
Decrypting a message with GpgFrontend requires the private key corresponding to
the public key used for encryption. Upon receiving an encrypted message, the
recipient uses their private key with GpgFrontend to decrypt the ciphertext back
into readable plain text. This decryption process is secure because the private
key is never shared, and it is computationally infeasible for an attacker to
derive the private key from the public key or the encrypted message.
GpgFrontend streamlines these operations, providing a user-friendly interface
that abstracts the complexities of cryptographic operations. Users can easily
import public keys, encrypt messages or files for specific recipients, and
decrypt incoming messages or files using their private keys. This makes
GpgFrontend an invaluable tool for anyone needing to secure their digital
communications, from sensitive personal correspondence to confidential business
communications.
In summary, encryption and decryption with GpgFrontend rely on the foundational
principles of asymmetric cryptography, where a public key is used for
encryption, and a corresponding private key is used for decryption. Before
engaging in these operations, users must generate a key pair and share their
public key with those from whom they wish to receive encrypted messages. This
setup ensures that only intended recipients can read the contents of encrypted
communications, providing a robust framework for privacy and security in the
digital age.
## Encrypt
The Encrypt operation itself uses a public key and does not require a private
key. Remember that whoever you want to send it to encrypts it with whose public
key. For people who don't use gpg very often, they often get confused and use
their own keys to encrypt ciphertext.
### Only Encrypt
In this case, you only encrypt the ciphertext, which results in a shorter
ciphertext. This is because the ciphertext does not contain additional signature
information that identifies the encryptor. If you do not want the recipient to
know your identity, use this method to generate your ciphertexts.
After the encryption operation, no additional information will be displayed in
the information board except for a prompt indicating whether the operation was
successful.
![Only Encrypt](https://image.cdn.bktus.com/i/2023/11/16/07c99019-318a-3b85-ea63-0d473ebcd7ec.gif)
### Encrypt Sign
To encrypt and sign text, you need to first prepare the plaintext and have a
public key that can perform encryption operations. The public key used for
encryption should belong to the intended recipient, not yourself. It is
important to verify that the recipient's public key has cryptographic
capabilities for encryption before proceeding.
If you want the recipient to know that the ciphertext is from you, you can also
choose to sign the text while encrypting it. This ensures that the decrypted
text is credible and comes from your hand. This method is commonly used when
both parties need to ensure the authenticity of the decrypted text, and
typically in scenarios where both parties know each other.
To encrypt and sign at the same time, select the public key(s) you need to use
for encryption, and during the encryption process, select the private key you
need to use for signing. This private key should belong to you and should have
the capability for signature operations. You can verify this by checking the
usage column in the key toolbox on the right (letter S stands for signature).
The ciphertext generated by this operation is longer than ciphertext generated
by only encryption because of the additional signature information attached to
it. After the operation is complete, information about the cryptographic and
signature operations will be displayed in the Infomation Board, including
information about the signature pattern and algorithm used.
To verify the authenticity of the ciphertext before decryption, you can use the
validate operation. Once the ciphertext is verified, you can proceed with
decryption using your private key.
![GIF](https://image.cdn.bktus.com/i/2023/11/16/cb4ac40a-9830-7429-8447-7ada6bc6571b.gif)
## Decrypt
When decrypting the ciphertext, you can simply paste the obtained ciphertext
into GpgFrontend, and it will automatically select the appropriate private key
for decryption. It is important to note that decryption must be performed with
the private key associated with the public key used for encryption.
![Decrypt](https://image.cdn.bktus.com/i/2023/11/16/a4ded61d-fb5b-cbf2-f0ec-e3b26e79f172.gif)
When decrypting a ciphertext, it is not necessary to check the usage column in
the key toolbox to determine if the key is valid for decryption. Instead, you
need to use a valid private key that corresponds to the public key used for
encryption. You can identify whether a key is a public key or a private key by
checking the type column in the key toolbox. If all your local keys are not
valid for decryption of the ciphertext, the program will display a decryption
failure message.
## Decrypt Verify
During decryption with verification, gpg will check the signature attached to
the ciphertext to ensure its authenticity. This provides an additional layer of
security and helps to prevent tampering with the encrypted message.
To perform decryption with verification, you need to select a file with a ".gpg"
or ".asc" extension, which contains the ciphertext and signature content. If the
signature is valid, gpg will decrypt the message and display it in plain text.
Otherwise, it will display an error message indicating that the signature is not
valid.
It is important to note that whether a key pair can be used for verification
will not be displayed in the usage column. Instead, you need to remember that a
valid public key can be used for verification. Therefore, it is a good habit to
always verify the signature during decryption, regardless of whether the
encryptor has signed in advance. This helps to ensure the authenticity and
integrity of the decrypted message.
![Decrypt Verify](https://image.cdn.bktus.com/i/2023/11/16/9e06ce22-f98d-47f1-ea76-e4e23b6dd32d.gif)

149
src/content/docs/guides/file-operations.md Normal file
View File

@ -0,0 +1,149 @@
---
title: File Operations
sidebar:
order: 6
---
GpgFrontend offers a fast and convenient method for working with files. The
processes of encryption, decryption, signing, and verifying files are similar to
text-based operations but involve binary input and output.
## Using File Panel for Encryption, Decryption, Signing, and Verifying
After clicking the **File Panel** button, a system directory selection dialog
will appear. Follow these steps to perform various cryptographic operations:
1. Open File Panel: Click the **File Panel** button in the toolbar at the top of the interface. This will open a system dialog allowing you to choose a directory.
2. Select Directory: In the system dialog, navigate to the desired directory and select it. Once
selected, a new tab named "File Panel" will open in GpgFrontend, displaying
the contents of the chosen directory.
3. Select a File: In the File Panel tab, click on the file you want to encrypt, decrypt, sign,
or verify.
### 4. File Operations (Encrypt, Decrypt, Sign, Verify)
Perform various file operations by selecting the desired file in the File Panel
and using the appropriate key from the Key Toolbox:
- Encrypt: Select the desired file in the File Panel. Choose a recipient's
public key from the Key Toolbox and click the Encrypt button in the toolbar.
- Decrypt: Select the encrypted file in the File Panel. Ensure your private key
is available in your keyring and click the Decrypt button in the toolbar.
- Sign: Select the desired file in the File Panel. Choose your private key from
the Key Toolbox and click the Sign button in the toolbar.
- Verify: Select the signed file in the File Panel. Ensure the corresponding
public key is available in your keyring and click the Verify button in the
toolbar.
## File Extension Requirements
Understanding the appropriate file extensions helps in managing encrypted and
signed files properly. Heres a breakdown of the file extensions used:
### ASCII Format
- **.asc**: ASCII-armored files. Can contain encrypted data or signatures in a
text-compatible format.
### Binary Format
- **.gpg**: Binary encrypted files or combined encrypted and signed files. More
efficient for storage and transmission.
- **.sig**: Binary signature files used exclusively for signature operations.
## Output Mode
Before version 2.0.4, GpgFrontend generated ciphertext and signature files
exclusively in ASCII format. From version 2.0.4 onwards, it generates files in
binary format by default. This setting can be adjusted in the program's
settings.
### Changing Output Mode
To change the output mode between ASCII and binary formats:
1. Open Settings: Navigate to the GnuPG Controller settings within GpgFrontend by accessing
the settings menu.
2. Locate Binary Mode Option: In the settings interface, under the "General" section, find the option
labeled "Use Binary Mode for File Operations".
3. Toggle Binary Mode: Check or uncheck this option to switch between binary (gpg/sig) and ASCII
(asc) output formats.
This streamlined process allows you to manage file encryption, decryption,
signing, and verification efficiently with GpgFrontend.
### Quick Toggle via File Panel Menu
In addition to the settings menu, GpgFrontend also provides a quick toggle
option for switching between ASCII and binary output modes directly from the
File Panel:
1. Access the File Panel Toolbar: In the File Panel, locate the toolbar at the
top right.
2. Open the Drop-down Menu: Click the button with the gear icon or three-line
icon (as shown in the screenshot) to open a drop-down menu.
3. Select ASCII Mode: From the menu, choose “ASCII Mode” to enable ASCII-armored
output for operations like encryption or signing. When checked, output files
such as .asc will be generated instead of binary formats like .gpg or .sig.
This feature offers a convenient way to switch output modes without navigating
through the main settings, making file operations faster and more adaptable
based on user needs.
![](https://image.cdn.bktus.com/i/2025/04/09/ea2c8b52-2a49-ee18-5897-5cf3d72115a5.webp)
## Enabling Batch Mode for Multi-file Operations
By default, the File Panel supports only single-file selection for cryptographic
operations. However, GpgFrontend includes a Batch Mode feature that allows users
to select and process multiple files simultaneously:
1. Activate Batch Mode: Click the “Switch Batch Mode” button, represented by a
segmented icon located at the top-right corner of the File Panel toolbar. A
tooltip labeled “Switch Batch Mode” will appear when hovering over the
button.
2. Select Multiple Files: Once Batch Mode is activated, the file panel will
allow multi-selection using standard keyboard shortcuts (e.g., Ctrl or
Shift+Click).
3. Perform Bulk Operations: After selecting the desired files, perform
encryption, decryption, signing, or verification actions using the toolbar
controls. The operation will be applied to all selected files.
Batch Mode is especially useful for advanced users handling multiple files,
significantly improving operational efficiency in workflows involving large
volumes of data.
![](https://image.cdn.bktus.com/i/2025/04/09/24a8b950-ff08-2133-0ee2-5003095f1ff7.webp)
## Folder Encryption and Decryption
GpgFrontend supports seamless encryption and decryption of entire folders
through the File Panel interface. This feature enables users to securely package
directory contents while preserving their original structure.
### Encrypting Folders
When a folder is selected for encryption, GpgFrontend automatically performs the
following operations:
1. Archiving: The folder is first archived using the tar utility, combining all
files and subdirectories into a single .tar archive.
2. Encryption: The `.tar` archive is then encrypted using GnuPG, resulting in a
`.tar.gpg` (binary) or `.tar.asc` (ASCII-armored) file, depending on the
selected output mode.
This behavior mirrors the functionality of the gpg-zip tool, which combines
archiving and encryption into a single streamlined operation.
Note: The resulting encrypted file represents the entire folder in a secure,
transferable format.
### Decrypting Encrypted Archives
GpgFrontend also offers automatic extraction when decrypting `.tar.gpg` or
`.tar.asc` files:
1. Decryption: The selected encrypted archive is decrypted using GnuPG,
producing the original `.tar` archive.
2. Extraction: If the decrypted content is a `.tar` archive, GpgFrontend
automatically extracts its contents into a folder within the current
directory, restoring the full folder structure.
This automatic process eliminates the need for manual unpacking and ensures that
encrypted folders are fully restored to their original state.

203
src/content/docs/guides/fundamental-concepts.md
View File

@ -5,89 +5,164 @@ sidebar:
order: 1 order: 1
--- ---
If you're new to GPG (GNU Privacy Guard) or PGP (Pretty Good Privacy), it's If you're new to **GPG (GNU Privacy Guard)** or **PGP (Pretty Good Privacy)**,
essential to understand some key concepts before diving in. This knowledge can this guide is for you. GPG is a free, open-source system for **encrypting
help you avoid common pitfalls, such as accidentally sharing your private key, information** and **verifying identity**. It's widely used for secure
and ensure your communications remain secure. communication, file protection, and digital signing.
## Key Concepts of GPG/PGP Lets walk through the core concepts in a beginner-friendly way.
### Key Pair Basics ## 🔐 What Is a Key Pair?
In the world of GPG/PGP, everything starts with a key pair. Think of a key pair At the heart of GPG is the **key pair**: two mathematically linked keys.
like a set of two uniquely related keys on a key ring:
- **Public Key**: This is like your home address that you can share with anyone. - **Public Key**: Share this with anyone. Others use it to:
Others will use it to send you encrypted messages or verify your digital - Send you encrypted messages.
signature. - Verify your digital signature.
- **Private Key**: This is akin to the key to your house. It must be kept secret
because it can decrypt the messages sent to you or sign messages from you.
#### Why Both Keys? - **Private Key**: Keep this secret. You use it to:
- Decrypt messages sent to you.
- Sign data so others know its really from you.
The magic of this system lies in its use of cryptographic algorithms. Data > 🧠 Think of it like a mailbox:
encrypted with your public key can only be decrypted by your private key, and > - Your public key is the address — people can send you letters.
vice versa. This ensures that only the intended recipient can read the message, > - Your private key is the key to open the mailbox — only you can read whats
and it can verify the sender's identity if a signature is used. > inside.
### Generating Your Key Pair ## 🔧 Generating a Key Pair
Before you can start encrypting or signing anything, you need to generate your To use GPG, you first create a key pair. During creation, youll choose:
key pair. This process involves choosing a cryptographic algorithm (like RSA or
DSA) and often setting a key size (with larger sizes being more secure but
slower).
#### Safety First - A **cryptographic algorithm** (e.g., RSA, ECC).
- A **key size** (larger sizes are more secure but slower).
- A **passphrase** to protect the private key.
When creating your key pair, you'll also be asked to enter a passphrase. This > 🔒 Your passphrase adds a layer of protection — even if someone gets your key
adds an extra layer of security, as the passphrase will be needed to access your > file, they cant use it without this password.
private key. Choose a strong, memorable passphrase to protect your key.
### Understanding Subkeys ## 🧩 What Are Subkeys?
A GPG key pair doesn't have to be limited to just one public and one private A GPG identity doesnt stop at one key pair. You can create **subkeys** under
key. You can generate subkeys for specific purposes, such as: your primary key. These are used for specific tasks:
- **Encryption Subkey**: Used solely for encrypting and decrypting messages. - **Encryption Subkey**: Used to encrypt/decrypt data.
- **Signing Subkey**: Used for creating and verifying digital signatures. - **Signing Subkey**: Used to create/verifiy digital signatures.
Subkeys are tied to your primary key pair but can be revoked or replaced Subkeys are tied to your identity, but they can be revoked or replaced
independently, which is useful if a subkey is compromised but your primary key independently.
remains secure.
### The Role of the Primary Key > ✅ Tip: Use subkeys for everyday tasks and keep your **primary key offline** or
> backed up securely.
Your primary key pair is the foundation of your GPG identity. All subkeys are ## 🧱 Understanding the Primary Key
associated with this primary pair. The primary key is typically used for
signing, to establish trust within the network, and to certify subkeys.
#### Protect Your Primary Key Your **primary key** is your core identity. It:
- Links to your user ID (usually name + email).
- Signs your subkeys.
- Can certify other people's public keys (used to build trust networks).
If your primary private key is compromised, the entire security of your key ring ### Why Is It So Important?
is at risk. Therefore, it's crucial to:
- Keep your primary private key in a secure location. If someone gains access to your **primary private key**, they can impersonate
- Use subkeys for day-to-day encryption and signing tasks. you. Thats why:
- Consider using hardware security modules (HSMs) or smart cards to store keys
securely.
## Best Practices for Beginners - It should be **backed up** securely.
- Its best to use **subkeys** for daily operations.
- Some people even keep their primary key **offline** for maximum safety.
1. **Backup Your Keys**: Securely backup your private keys (especially the ## ✉️ How Encryption Works
primary one) in case of hardware failure or loss.
2. **Use Strong Passphrases**: Your key's security is only as good as your
passphrase. Use a long, complex passphrase that is difficult to guess.
3. **Regularly Update Your Keys**: Over time, cryptographic standards evolve.
Regularly review and update your keys and algorithms to ensure they remain
secure.
4. **Learn Key Management**: Practice importing, exporting, revoking, and
verifying keys. Good key management habits are crucial for maintaining your
security over time.
5. **Engage with the Community**: The GPG/PGP community is vast and supportive.
Join forums, read blogs, and participate in discussions to learn from
experienced users.
By understanding these fundamental concepts and adhering to best practices, Imagine you want to send a private message to someone:
you'll be well on your way to securely using GPG/PGP. Remember, the goal is to
protect your communications and identity in the digital world, and a solid grasp 1. You encrypt the message using their **public key**.
of these basics is the first step. 2. Only their **private key** can decrypt it.
3. You can also add your **signature** using your private key.
4. They can **verify your signature** with your public key.
This ensures:
- **Privacy**: No one but the intended recipient can read the message.
- **Authenticity**: The recipient knows the message is from you.
## 🖋️ What Is Digital Signing?
Signing is like sealing a document with your unique fingerprint. It allows
others to:
- Confirm the message hasnt been changed.
- Confirm that **you** are the sender.
Digital signatures are used to:
- Sign emails.
- Sign files or software packages.
- Sign other people's public keys (to build trust).
## 📦 Real-Life Use Cases
### Secure Email
You want to email a sensitive document:
- Encrypt it using the recipients public key.
- Sign it with your private key.
- The recipient decrypts and verifies it.
### Software Publishing
You release a file or program online:
- You sign it.
- Users can verify the signature before using it.
### Building Trust
You meet someone at a conference:
- You exchange and sign each others keys.
- Anyone who trusts your key may now also trust theirs.
## ✅ Best Practices for New Users
1. **Back Up Your Keys**: Store your private key and revocation certificate in a
secure, offline location.
2. **Use Strong Passphrases**: The private key is only as safe as the password
protecting it.
3. **Separate Daily and Master Keys**: Use subkeys for regular work; keep your
primary key protected.
4. **Update When Needed**: Cryptography evolves — review and rotate keys as
needed.
5. **Revoke If Compromised**: If your private key is stolen or lost, revoke it
immediately and inform your contacts.
6. **Understand the Web of Trust**: GPG builds trust by people signing each
other's keys — this forms a decentralized trust model.
## 🧭 Summary
GPG is a powerful tool for privacy and digital identity. By learning:
- How keys work,
- When to encrypt vs. sign,
- And how to protect your credentials,
Youre taking a big step toward securing your digital life.
## 🧰 Where Does GpgFrontend Fit In?
While GPG/PGP itself is powerful, it is mostly command-line based — which can be
intimidating for beginners.
This is where **GpgFrontend** comes in.
GpgFrontend is a graphical interface built on top of GnuPG. It helps users
perform key operations such as:
- Generating and managing key pairs
- Encrypting and decrypting messages or files
- Signing and verifying content
- Uploading and fetching keys from key servers
- More...
All of this can be done through a **clear and user-friendly interface**, making
GPG accessible without needing to learn complex commands.
Whether you're just starting to explore encrypted communication or already
managing multiple keys, GpgFrontend acts as a bridge — combining the strength of
GPG with simplicity and clarity.
> 🧩 You focus on **secure communication** — let GpgFrontend handle the
> complexity behind it.

94
src/content/docs/guides/generate-key.md
View File

@ -4,66 +4,72 @@ sidebar:
order: 3 order: 3
--- ---
GpgFrontend makes it easy to generate a key pair or a subkey for encryption, GpgFrontend provides a flexible and user-friendly interface for generating
signing, and authentication. Follow the steps below to create your own keys. GnuPG-compatible key pairs. The updated **Generate Key** dialog introduces
multiple configuration levels—from simplified templates to advanced
cryptographic control—catering to both casual and expert users.
## Steps to Generate a Key Pair ## Launch the Generate Key Dialog
![Generate A Key Pair](https://image.cdn.bktus.com/i/2024/06/15/5df15149-1890-2645-8452-e7c4798ccd16.webp) In the **Key Management** interface, click on the **“New Keypair”** button. This
opens the **Generate Key** window, where you can define your identity and
configure key parameters.
1. **Open Key Management**: ## Enter User Information
- Click on the "New Keypair" button in the Key Management interface. This - **Name**: Required. Enter your full name (minimum 5 characters).
will open the Generate Key dialog box. - **Email**: Required. Must be in a valid email format.
- **Comment**: Optional. Helps distinguish this key from others.
2. **Fill in Basic Information**: ## Choose Key Database
- **Name**: Enter your name. The name should be at least 5 characters long. Select the **Key Database** where the generated key pair will be stored (e.g.,
- **Email Address**: Enter your email address. It should follow the correct `0: TEST`).
email format.
- **Comment**: Optionally, add a comment to help differentiate this key pair
from others.
3. **Set Expiration Date**: ## Configure Key Settings
- Choose an expiration date for the key pair. By default, GpgFrontend The **Generate Key** dialog offers two configuration modes:
suggests setting the expiration date to two years after generation.
- Alternatively, you can check the "Never expire" checkbox to make the key
pair permanent. This option can be changed later, even after the key has
expired.
4. **Select Key Size and Type**: ### Easy Mode
- **Key Size**: Choose the key size. The default size is 2048 bits. Note that Easy Mode simplifies key generation using common templates. You can configure:
the size option is only applicable when the key type is RSA or DSA.
- **Key Type**: Select the type of key you want to generate. Available
options include RSA, DSA, ECDSA, ECDSA + ECDH, ECDSA + ECDH NIST P-256, and
ECDSA + ECDH BrainPool P-256. For key types with a plus sign (e.g., ECDSA +
ECDH), a primary key and a corresponding subkey will be generated.
5. **Set a Passphrase**: - **Algorithm**: RSA, DSA, ECC (Curve25519), or other supported types.
- **Validity Period**: Choose from preset options (e.g., 3 months, 2 years, 10
years, or *Non Expired*).
- **Combination**:
- **Primary Key Only**
- **Primary Key with Subkey** — useful when separating signing and encryption
functions.
- It is crucial to set a passphrase to protect your private key. Uncheck the > Recommended for users who prefer a faster and more guided setup process.
"Non Pass Phrase" checkbox and enter a strong, unique passphrase.
- If you prefer not to set a passphrase (not recommended for security
reasons), you can leave the "Non Pass Phrase" checkbox checked.
6. **Select Key Usage**: ### Advanced Mode (Primary Key & Subkey Tabs)
- Specify the usage for the key pair. Options include: Switch to the **Primary Key** and **Subkey** tabs for detailed cryptographic
- **Encryption**: For encrypting data. control. Available options include:
- **Signing**: For creating digital signatures.
- **Certification**: For certifying other keys (only for primary keys).
- **Authentication**: For authentication purposes, such as SSH keys.
- Note that some usages may not be available depending on the selected key
type. For example, the DSA algorithm does not support encryption.
7. **Generate the Key Pair**: - **Algorithm**: RSA, DSA, ED25519, ED448, Brainpool, NIST, CV25519, and others.
- After filling in all the necessary information and selecting the desired - **Key Length**: Adjustable for applicable algorithms (e.g., RSA: 2048, 3072,
options, click the "OK" button to generate your key pair. 4096 bits).
- **Expiration**: Set a specific expiry date or mark the key as non-expiring.
- **Usage Flags**:
- Encrypt
- Sign
- Authenticate
- Certify (for primary keys)
- **Passphrase Protection**: Enable or disable passphrase requirement.
By following these steps, you can generate a secure key pair using GpgFrontend, > Ideal for experienced users who require full control over key structure and
tailored to your specific needs for encryption, signing, and authentication. > behavior.
## Generate the Key Pair
Once configuration is complete:
- Review the summary in the lower panel.
- Click the **“Generate”** button.
- GpgFrontend will begin the generation process and confirm when complete.
## Primary Key Supported Algorithms ## Primary Key Supported Algorithms

119
src/content/docs/guides/generate-use-subkey.md
View File

@ -1,53 +1,73 @@
--- ---
title: Generate and Use Subkey title: Generate and Use Subkey(s)
sidebar: sidebar:
order: 3 order: 4
--- ---
GpgFrontend provides comprehensive support for subkeys, allowing users to GpgFrontend allows users to extend their primary key pairs by generating one or
enhance security and flexibility through proper key management. more subkeys. Subkeys can be used for specific cryptographic purposes, such as
encryption, signing, or authentication, while keeping the primary key more
secure and reserved for certification.
## Steps to Generate a Subkey ## Generating a Subkey
![Generate A Subkey](https://image.cdn.bktus.com/i/2024/06/15/a56c83bc-72ad-6232-1764-6fef5aeceddd.webp) There are **two entry points** to generate a subkey:
1. **Open Key Management**: ### Method 1: From Key Management
- In the Key Management interface, right-click on the key pair you wish to 1. **Open Key Management**
add a subkey to. Select the "New Subkey" option from the context menu. - Navigate to the main **KeyPair Management** interface.
- Right-click on the key pair to which you want to add a subkey.
- Select **“New Subkey”** from the context menu.
2. **Fill in Basic Information**: ![](https://image.cdn.bktus.com/i/2025/04/09/194529c8-4745-a2f1-5b9a-70cb66344243.webp)
- **Key Type**: Select the type of subkey you want to generate. Available
options include RSA, DSA, ECDSA, ECDH, ECDH NIST P-256, ECDH NIST P-384,
ECDH NIST P-521, ECDH BrainPool P-256, ECDH BrainPool P-384, and ECDH
BrainPool P-512.
- **Key Size**: Choose the key size. This option is only applicable when the
key type is RSA or DSA.
- **Expiration Date**: Set an expiration date for the subkey. You can also
choose to check the "Never expire" checkbox to make the subkey permanent.
3. **Set a Passphrase**: ### Method 2: From Key Details View
- If the primary key has a passphrase, the subkey's passphrase must be equal 1. **Open Key Details**
to it. Ensure that the "Non Pass Phrase" checkbox is unchecked if you want - Double-click on the desired key pair in the **Key Management** list.
to set a passphrase. - Switch to the **Keychain** tab.
- Click the **“Generate A New Subkey”** button.
4. **Select Key Usage**: ![](https://image.cdn.bktus.com/i/2025/04/09/fb9eddab-3842-061c-f81c-48fe660bb651.webp)
- Specify the usage for the subkey. Options include: ### Configuring the Subkey
- **Encryption**: For encrypting data.
- **Signing**: For creating digital signatures.
- **Authentication**: For authentication purposes, such as SSH keys.
- Note that the certification usage is not available for subkeys.
5. **Generate the Subkey**: Once the subkey generation dialog appears, configure the following settings:
- After filling in all the necessary information and selecting the desired
options, click the "OK" button to generate your subkey.
By following these steps, you can generate a subkey using GpgFrontend, which - **Algorithm**: Choose the algorithm for the subkey. Options include:
enhances the functionality of your primary key pair for various cryptographic - RSA, DSA
operations. - ECC (e.g., ED25519, ED448, CV25519, SECP256K1, Brainpool, NIST curves, etc.)
- ECDH for encryption, EdDSA for signing, etc.
- **Key Size**: Select the desired key size. This setting is available for most
algorithms, including RSA, DSA, and ECC variants (such as Curve25519,
Brainpool, or NIST curves). For curve-based algorithms, the key size typically
corresponds to the selected curve (e.g., ED25519 = 256 bits), while RSA/DSA
allows configurable sizes like 2048, 3072, or 4096 bits.
- **Expiration Date**: Set how long the subkey remains valid:
- Predefined periods (e.g., 1 year, 2 years)
- Exact date/time
- Or enable **“Non Expired”** for permanent validity.
- **Key Usage**: Choose what the subkey can be used for:
- `Encrypt`
- `Sign`
- `Authenticate`
*(Certification usage is reserved for primary keys.)*
### Final Step: Generate
Once all configurations are completed:
- Review your choices in the summary area (if available).
- Click **“Generate”** to create the subkey.
- The new subkey will be listed under the **Keychain** tab of the selected key
pair.
![](https://image.cdn.bktus.com/i/2025/04/09/39cd8ec1-303e-9fa8-7104-8cf0606565ff.webp)
## Understanding Primary Keys and Subkeys ## Understanding Primary Keys and Subkeys
@ -133,7 +153,8 @@ and successfully export a subkey:
a location to save the exported subkey. Choose a secure directory and save a location to save the exported subkey. Choose a secure directory and save
the subkey as a separate file. the subkey as a separate file.
![Export Subkey](https://image.cdn.bktus.com/i/2024/11/29/15c9ab0c-a05e-0117-3244-2ac01aaed9a9.webp) ![Export
Subkey](https://image.cdn.bktus.com/i/2024/11/29/15c9ab0c-a05e-0117-3244-2ac01aaed9a9.webp)
### Step-by-Step Guide to Importing Subkeys ### Step-by-Step Guide to Importing Subkeys
@ -141,16 +162,19 @@ To demonstrate how to import an individual subkey that has been previously
exported, let's refer to the screenshots provided. Below is a step-by-step guide exported, let's refer to the screenshots provided. Below is a step-by-step guide
to navigate the GpgFrontend interface and successfully import a subkey: to navigate the GpgFrontend interface and successfully import a subkey:
1. **Select the Key Database**: Choose the appropriate key database from the **Key Toolbox**. 1. **Select the Key Database**: Choose the appropriate key database from the
**Key Toolbox**.
![Switch Key Database](https://image.cdn.bktus.com/i/2024/11/29/0e8ff19e-4189-65db-5732-1a2e79d9b8a6.webp) ![Switch Key
Database](https://image.cdn.bktus.com/i/2024/11/29/0e8ff19e-4189-65db-5732-1a2e79d9b8a6.webp)
1. **Import the Subkey**: Click on the **Import Key** button in the top toolbar, 1. **Import the Subkey**: Click on the **Import Key** button in the top toolbar,
and select **File** from the dropdown menu. This action will open a dialog and select **File** from the dropdown menu. This action will open a dialog
where you can browse your system to locate the previously exported subkey where you can browse your system to locate the previously exported subkey
file. file.
![Import the Subkey](https://image.cdn.bktus.com/i/2024/11/29/8f3456ba-6275-4ef9-8e41-49b9b6bc0dfa.webp) ![Import the
Subkey](https://image.cdn.bktus.com/i/2024/11/29/8f3456ba-6275-4ef9-8e41-49b9b6bc0dfa.webp)
2. **Select Subkey File**: Browse to the location where the subkey file is 2. **Select Subkey File**: Browse to the location where the subkey file is
saved, select it, and click **Open**. This will import the subkey into the saved, select it, and click **Open**. This will import the subkey into the
@ -161,10 +185,11 @@ to navigate the GpgFrontend interface and successfully import a subkey:
You should see all relevant information about the subkey, including **Key You should see all relevant information about the subkey, including **Key
ID**, **Algorithm**, **Key Size**, and **Usage**. ID**, **Algorithm**, **Key Size**, and **Usage**.
4. **Handling Primary Key**:You can now move your master key to a safe place. Then delete it at 4. **Handling Primary Key**:You can now move your master key to a safe place.
GpgFrontend. Then delete it at GpgFrontend.
![Verify Imported Subkey](https://image.cdn.bktus.com/i/2024/11/29/ac01142d-1ffa-ba32-daac-36ddf0729ff1.webp) ![Verify Imported
Subkey](https://image.cdn.bktus.com/i/2024/11/29/ac01142d-1ffa-ba32-daac-36ddf0729ff1.webp)
### Confirming Primary Key Absence ### Confirming Primary Key Absence
@ -174,7 +199,8 @@ for this subkey does not exist in the current key database. This is expected if
you have securely removed the primary key to minimize exposure, while retaining you have securely removed the primary key to minimize exposure, while retaining
the subkeys for ongoing operations. the subkeys for ongoing operations.
![Meaning of'#' Symbol](https://image.cdn.bktus.com/i/2024/11/29/78d9bc07-8b96-302b-25d1-cbb88815f16a.webp) ![Meaning of'#'
Symbol](https://image.cdn.bktus.com/i/2024/11/29/78d9bc07-8b96-302b-25d1-cbb88815f16a.webp)
You can confirm the absence of the primary key by opening the **Key Details** You can confirm the absence of the primary key by opening the **Key Details**
view of the imported subkey. In the **Primary Key Existence** section, it should view of the imported subkey. In the **Primary Key Existence** section, it should
@ -189,7 +215,8 @@ Existence** section in the Key Details view, which will display **Not Exists**.
This setup is intentional in many cases to improve security by isolating the This setup is intentional in many cases to improve security by isolating the
primary key. primary key.
![Primary Key Not Exists](https://image.cdn.bktus.com/i/2024/11/29/05594a4b-cdad-7ad4-070b-58e24701cce3.webp) ![Primary Key Not
Exists](https://image.cdn.bktus.com/i/2024/11/29/05594a4b-cdad-7ad4-070b-58e24701cce3.webp)
### Actions Limited by the Absence of a Primary Key: ### Actions Limited by the Absence of a Primary Key:
@ -217,7 +244,8 @@ primary key poses a security risk. By isolating the primary key and relying
solely on subkeys, you can maintain a balance between functionality and solely on subkeys, you can maintain a balance between functionality and
security. security.
![Use Subkey to Encrypt](https://image.cdn.bktus.com/i/2024/11/29/20047766-48ab-f4a3-175c-241c7d5c0dbf.webp) ![Use Subkey to
Encrypt](https://image.cdn.bktus.com/i/2024/11/29/20047766-48ab-f4a3-175c-241c7d5c0dbf.webp)
### Tips for Secure Usage: ### Tips for Secure Usage:
@ -240,7 +268,8 @@ primary keys may be restricted to certain secure algorithms for signing, subkeys
can employ diverse algorithms optimized for encryption, like ECDH, ensuring can employ diverse algorithms optimized for encryption, like ECDH, ensuring
efficient and secure operations tailored to the user's needs. efficient and secure operations tailored to the user's needs.
For more Details: [Comparison of Cryptographic Algorithms](/extra/algorithms-comparison) For more Details: [Comparison of Cryptographic
Algorithms](/extra/algorithms-comparison)
**Subkey Supported Algorithms:** **Subkey Supported Algorithms:**

10
src/content/docs/guides/import-export-key-pair.md
View File

@ -11,13 +11,13 @@ To access the import options, navigate to the toolbar and select the desired
method based on your specific requirements. Additionally, you can access method based on your specific requirements. Additionally, you can access
additional options by selecting the action menu in the key management section. additional options by selecting the action menu in the key management section.
![Import Key Pair](https://image.cdn.bktus.com/i/2023/11/16/7c24bd6d-6e50-0eb8-943e-3447b96894b3.webp) ![](https://image.cdn.bktus.com/i/2023/11/16/7c24bd6d-6e50-0eb8-943e-3447b96894b3.webp)
In fact, you can find the action menu in the key management section, which In fact, you can find the action menu in the key management section, which
provides access to additional key management options beyond those available in provides access to additional key management options beyond those available in
the toolbar. the toolbar.
![Import Key Pair 2](https://image.cdn.bktus.com/i/2023/11/16/15595b17-3a88-d790-c475-cf8c5c7ee4a5.webp) ![](https://image.cdn.bktus.com/i/2023/11/16/15595b17-3a88-d790-c475-cf8c5c7ee4a5.webp)
### File ### File
@ -82,7 +82,7 @@ shown in the screenshot below. This will save the data to a file. Before
proceeding, please make sure to choose a suitable directory to store the file proceeding, please make sure to choose a suitable directory to store the file
containing the public key data. containing the public key data.
![Export on the Key Pair at Operations Tab](https://image.cdn.bktus.com/i/2023/11/16/5f7a4dbc-d261-c395-31eb-a1bc55cb4d55.webp) ![](https://image.cdn.bktus.com/i/2023/11/16/5f7a4dbc-d261-c395-31eb-a1bc55cb4d55.webp)
### Export multiple public keys at once ### Export multiple public keys at once
@ -91,7 +91,7 @@ pairs on the key management interface and click on the "Export to Clipboard"
option. This will copy the data to your system clipboard, which you can then option. This will copy the data to your system clipboard, which you can then
paste into any application or file. paste into any application or file.
![Export multiple public keys at once](https://image.cdn.bktus.com/i/2023/11/16/fae0706d-8836-5ffe-804e-c21b06f1b445.webp) ![](https://image.cdn.bktus.com/i/2023/11/16/fae0706d-8836-5ffe-804e-c21b06f1b445.webp)
### Export Private Key ### Export Private Key
@ -100,7 +100,7 @@ contains the private key (either the primary key or subkey). From there, you can
select a destination and GpgFrontend will export the corresponding private key select a destination and GpgFrontend will export the corresponding private key
content to that location. content to that location.
![Export Private Key](https://image.cdn.bktus.com/i/2023/11/16/a453e2cd-3489-6403-8a89-13faa4dd6b32.webp) ![](https://image.cdn.bktus.com/i/2023/11/16/a453e2cd-3489-6403-8a89-13faa4dd6b32.webp)
Exporting the private key also exports both the public key and private key data, Exporting the private key also exports both the public key and private key data,
as the private key data alone is meaningless without the corresponding public as the private key data alone is meaningless without the corresponding public

293
src/content/docs/guides/key-server-operations.md
View File

@ -2,165 +2,208 @@
title: Key Server Operations title: Key Server Operations
--- ---
Key servers play a pivotal role in the ecosystem of encrypted communication, Key servers are essential components in the ecosystem of encrypted
serving as a centralized repository for public key information. These servers communication, serving as centralized repositories for public key information.
enable individuals to share and retrieve public keys necessary for encrypted They allow users to **share, retrieve, and update** public keys, making secure
messaging, even when direct exchange is not feasible. Key servers are communication possible even when direct key exchange is not feasible.
particularly useful in scenarios where secure communication needs to be
established without prior direct contact, or when a user's public key needs to
be widely distributed or updated due to security concerns.
When you wish to send an encrypted message but lack the recipient's public key, Key servers are especially helpful when:
key servers offer a solution by allowing you to search for and retrieve the - You need to encrypt a message but don't have the recipients public key.
public key associated with the recipient's email address or key ID. This process - You want to make your public key available for others to use.
facilitates the encryption of messages in a way that ensures only the intended - You need to **update or revoke** your public key in case of a compromise.
recipient, who possesses the corresponding private key, can decrypt and read the
message.
Moreover, key servers are integral to maintaining the integrity and GpgFrontend offers a convenient graphical interface for interacting with key
trustworthiness of the public key infrastructure. If a user's private key is servers, making key search, import, export, and synchronization operations
compromised, it is crucial to inform others not to use the associated public key straightforward for all users.
for encrypting messages anymore. By uploading a new public key to a key server
and marking the old one as obsolete or compromised, users can mitigate the risks
associated with the exposure of their private key.
The functionality of key servers is enhanced by software tools such as ## 📥 Import Public Key From Key Server
GpgFrontend, which simplifies the process of managing public keys. With
GpgFrontend, users can effortlessly upload their public key to key servers,
search for other users' public keys using an email address or key ID, and import
these keys for use in encrypted communication. The software's user-friendly
interface enables these operations to be performed with just a few mouse clicks,
making encrypted communication more accessible to a broader audience.
It is important to note that once public key information is uploaded to a key To import a public key, go to the **Import Key** section in the main page or Key
server, it is propagated across a network of key servers worldwide, making it Manager, and select the **Key Server** option.
available to anyone who searches for it. This wide distribution ensures that
encrypted communication can be established easily across different platforms and
geographical locations. However, users should be aware that public keys uploaded
to key servers cannot be deleted, emphasizing the importance of careful key
management. In situations where a key needs to be updated, such as when adding a
subkey to a key pair, the new key information can overwrite the old one on the
server, thus maintaining the security and relevance of the key information
available to the public.
In summary, key servers are essential for the secure and efficient exchange of ![Import Key Server
encrypted messages, offering a reliable method for sharing and retrieving public UI](https://image.cdn.bktus.com/i/2023/11/16/d75cb252-9a65-5b73-01cd-a45b5ff501ef.webp)
keys. They support the integrity of secure communications by facilitating the
widespread distribution of public keys and enabling users to update or replace
keys when necessary.
## Import Public Key From Key Server ### How to Import:
1. Choose a key server from the drop-down list.
2. Enter a **Key ID**, **Fingerprint**, or **Email Address** into the search
field.
3. Click **Search**.
4. If results are found, double-click a record to import the public key.
In the main page or in the key manager's Import key operation mode, there is a > 💡 By default, the key server list includes recommended options such as:
key server option. After selecting this option you can see such an interface. > - `https://keys.openpgp.org`
> - `https://keyserver.ubuntu.com`
>
> These servers are **preloaded as initial suggestions** in GpgFrontend, but you
> can fully customize this list through the **Settings → Key Servers**
> interface.
![Import Public Key From Key Server](https://image.cdn.bktus.com/i/2023/11/16/d75cb252-9a65-5b73-01cd-a45b5ff501ef.webp) ### After Importing
You can get a list of public keys associated with a key server by searching for Once a key is imported:
Key ID, fingerprint or email address via the search box. If there is a suitable - GpgFrontend will display a confirmation message.
public key in the list, you can import it by double-clicking it. - If a newer version of the key already exists locally, the import is skipped.
![Import Public Key From Key Server 1](https://image.cdn.bktus.com/i/2023/11/16/ae422544-3764-0fe0-638a-d731715acf3e.webp) You can then verify:
- Key creation date
- UID and key ID
- Whether the key is expired or revoked (using Key Manager filters)
When the import is complete, you can check whether the public key is actually ## 📤 Export My Public Key to Key Server
imported through the pop-up window (no need to import when the local public key
is newer), and you can also check some brief information about the public key.
![Import Public Key From Key Server 2](https://image.cdn.bktus.com/i/2023/11/16/cbb78f5f-3620-1534-4b4e-e7752e1c9aa4.webp) To publish your public key:
It is important to note that the public key you import may have expired or been 1. Open the **Key Details** interface for your key pair.
revoked. You can check the status of the key by navigating to the category tab 2. Go to the **Operations** tab.
in the key management interface. In addition to the search box, you may also 3. Click **“Upload key pair to key server”**.
notice a drop-down box that allows you to choose which key server to retrieve
the public key information from. To modify or add to this list of candidate
servers, please refer to the last section of this document: Key server related
settings.
## Export My Public Key To The Key Server ![Upload
Key](https://image.cdn.bktus.com/i/2023/11/16/87b435b1-3eb2-421d-c8cb-f6d926b6a1c7.webp)
If the current key pair has a master key, you have the option to publish the > ⚠️ GpgFrontend only allows uploading if a **master key** is present to prevent
public key information to a key server. It is important to note that in order to > accidental publishing of incomplete keys.
avoid confusion, GpgFrontend requires the presence of a master key for this
action to be performed. This ensures that users are aware of what they are doing
and the function being performed.
### How To Use Note:
- Only **public key** data is uploaded.
- Private keys are **never** uploaded.
You can find the entry of this operation through the operation tab of the key ## 📤 Export My Public Key to Key Server
pair detail interface, as shown in the following figure.
![Export My Public Key To The Key Server](https://image.cdn.bktus.com/i/2023/11/16/87b435b1-3eb2-421d-c8cb-f6d926b6a1c7.webp) GpgFrontend allows you to upload your public key to a key server, making it
discoverable for others who wish to send you encrypted messages.
Perform the operation by clicking Upload key pair to key server. Note that the After v2.1.6, **GpgFrontend uses
naming of operations here is a bit confusing, but this is where your public key [https://keys.openpgp.org](https://keys.openpgp.org)** for exporting public keys
information (not your private key) will be uploaded. by default. This server uses the **Verifying Keyserver (VKS) Interface**, which
provides extra protection against spam and key poisoning.
### Synchronize public key information from a key server ### Key Points:
- 🔐 **Only public keys are uploaded**, never private keys.
- ✅ **Master key is required** to export.
- ✉️ `keys.openpgp.org` requires email verification before your key becomes
publicly searchable.
- 🧱 Uploaded keys are **propagated through the VKS protocol** and cannot be
deleted.
Sometimes, before you perform an encryption operation, you want to know if the To export:
public key you are using is still valid. At this point, you can get the latest 1. Open the **Key Details** interface.
information about the key from the key server (if the public key server has 2. Go to the **Operations** tab.
one). 3. Click **“Upload key pair to key server”**.
As above, you can find this action in the Actions tab of the key pair details ![](https://image.cdn.bktus.com/i/2023/11/16/87b435b1-3eb2-421d-c8cb-f6d926b6a1c7.webp)
screen, as shown in the image below.
GpgFrontend will upload the public key information to the default key server ## 🔄 Synchronize Public Key Information
you set. The private key information is not uploaded and should not be manually
uploaded anywhere by the user.
Refer to the last section of this document on how to set the default key server. If you want to ensure that your local key matches what is available on the key
server, use the **“Synchronize key pair with key server”** feature.
![Set Default Key Server](https://image.cdn.bktus.com/i/2023/11/16/87b435b1-3eb2-421d-c8cb-f6d926b6a1c7.webp) Like exporting, after v2.1.6, this operation also uses
**https://keys.openpgp.org** and its **VKS API**.
The "Synchronize key pair with key server" function allows for automatic GpgFrontend will:
retrieval of public key information from the key server, which is then compared - Query the key server using your keys fingerprint.
with the local key information. After the operation is completed, a pop-up - Compare the server copy with your local one.
window will appear indicating whether the key has actually been updated. It - Indicate if any update is applied.
should be noted that this operation is not possible if the private key exists
locally. This is because, in such a case, you already have the key pair and
should publish the latest information for the key pair instead of accepting
outdated information from the key server.
### Extra Information > ⚠️ Synchronization is **not available** if you have the private key locally.
> In this case, you are expected to **publish** updates, not pull them.
GpgFrontend automatically communicates with the default key server that you have ## ⚙️ Key Server Related Settings
set to obtain the necessary information. You can refer to the last section of
this document to learn how to set the default key server.
## Sync ALL Public Key You can configure your key server preferences in:
This is an advanced function provided by GpgFrontend, it can synchronize all > **Settings → Key Servers**
your local public key information at one time, if you want to know, please read
[this document](/advanced/sync-all-public-keys).
## Key Server Related Settings ![](https://image.cdn.bktus.com/i/2023/11/16/afe69b9b-0576-d275-91df-79585c245b22.webp)
If you want to set a list of key servers or a default key server, you can do so ### Features:
by accessing the Settings interface and navigating to the Key Servers tab. Here, - **Add a Server**: Enter the `https://` or `http://` address and click **Add**.
you will find options for managing your key server candidate list and - **Edit a Server**: Double-click an address to edit it.
determining which key server is set as the default. - **Delete a Server**: Right-click a row and select **Delete**.
- **Test Connection**: Click **Test** to check if the server is reachable.
![Key Server Related Settings](https://image.cdn.bktus.com/i/2023/11/16/afe69b9b-0576-d275-91df-79585c245b22.webp) > ✅ **Recommended**: Always use HTTPS to prevent man-in-the-middle attacks.
To add a candidate key server to the list, simply enter the http or https ### 🌐 Set Default Key Server
address of the key server you wish to add into the input box and click "Add". It
is strongly recommended that users use the https protocol to prevent
man-in-the-middle attacks. If you wish to delete a candidate key server, simply
right-click on the corresponding row in the table and select "Delete" from the
pop-up menu. To edit an existing candidate key server address, double-click on
the address in the table and edit it.
To test the network connectivity of the servers in the key server candidate To set a key server as your **default** for public key **search/import**
list, click the "Test" button located at the bottom of the Key Servers tab. operations:
However, note that the test only determines if the keyserver is reachable, not
whether the address is a valid keyserver.
### Set Default Key Server 1. Right-click the desired server in the list.
2. Select **“Set as Default”**.
3. The default server will be marked in the first column of the table.
To set a candidate key server as your default key server, you can follow these > ⚠️ **Important (v2.1.6 and later)**:
steps. First, locate the candidate key server you want to set as the default in >
the table. Then, right-click the row of the corresponding key server, and click > Setting a default key server **only affects key searches/imports**.
"Set as Default" in the pop-up menu. Once set, you can verify whether a >
candidate key server is the default key server by checking the first column of > - **Export** and **Sync** operations are no longer affected by this setting.
the table. > - These operations **always use `https://keys.openpgp.org`**, which implements
> the Verifying Keyserver (VKS) API.
>
> This behavior ensures improved security and global consistency in public key
> management.
## Tips about Key Servers
| Key Server | Fuzzy Search | VKS Interface | Notes |
|-------------------------|--------------|---------------|-------------------------------------------|
| `keys.openpgp.org` | ❌ No | ✅ Yes | Requires exact match (email, fingerprint) |
| `keyserver.ubuntu.com` | ✅ Yes | ❌ No | Traditional HKP server, less strict |
> 🔎 `keys.openpgp.org` does **not** support fuzzy search — you must use the
> **exact email**, **full fingerprint**, or **full key ID**.
> ⚠️ **Don't confuse search servers with export/sync servers** — even if you
> perform key searches using a custom server like `keyserver.ubuntu.com`,
> **Export** and **Sync** operations will still use `keys.openpgp.org` by
> default in **GpgFrontend v2.1.6 and later**.
> 🛠️ **Want to restore previous behavior?**
> You can disable the `KeyServerSync` module in the advanced settings.
> This will prevent GpgFrontend from forcing export/sync operations to use
> `keys.openpgp.org`, allowing custom server logic to take effect again.
## 🔍 Automatically Check Key Publish Status
GpgFrontend v2.1.6 introduces a feature that automatically checks whether your
public key has been published on [keys.openpgp.org](https://keys.openpgp.org),
helping users keep track of their key visibility on the VKS-based keyserver.
### ✅ Feature Overview
- When enabled, GpgFrontend will fetch the **publish status** of a key from the
key server.
- If the key is found to be published on `keys.openpgp.org`, a message like the
following will be shown in the **Key Details** tab:
![](https://image.cdn.bktus.com/i/2025/04/09/40653adf-bf71-4038-77d3-3860f4fef106.webp)
### ⚙️ How to Enable
To activate this:
1. Go to `Settings → Network` tab.
2. Under **Network Ability**, check the box:
- ✅ **Automatically fetch key publish status from key server**
3. Restart GpgFrontend to apply the change.
![](https://image.cdn.bktus.com/i/2025/04/09/6c6d4f27-ff0e-176a-305b-d4bbbaaa7d75.webp)
### ⚠️ Important Notes
- This feature **only works with `keys.openpgp.org`**, which supports the
**Verifying Keyserver (VKS) API**.
- If the `KeyServerSync` plugin is **disabled**, the publish status will **not
be fetched**, and no notice will appear in the UI.
- It is purely a **read-only status check**, and does not modify or upload
anything to the server.
## 🔒 Final Notes
- Public keys uploaded to key servers are **distributed globally** and **cannot
be deleted**.
- Always verify imported keys before using them.
- Maintain proper key hygiene: revoke and update keys when compromised.
- Never upload private key material to any server.

163
src/content/docs/guides/sign-verify-file.md
View File

@ -1,163 +0,0 @@
---
title: Signing & Verifying Files
---
GpgFrontend extends its utility from handling text-based operations to
facilitating file operations with ease and security. The principle behind
signing and verifying files mirrors that of text, leveraging the robust
framework of digital signatures. However, a significant distinction lies in the
nature of the input and output for file operations, which can be binary,
accommodating a wider range of file types beyond simple text documents.
When signing a file using GpgFrontend, the software utilizes the private key of
the user to create a digital signature. This process begins by computing a hash
of the file's contents, regardless of whether the file is a document, image,
executable, or any other binary format. This hash serves as a compact
representation of the file's data. Subsequently, the hash is encrypted with the
user's private key, producing a digital signature unique to both the file and
the key used. The resulting signature can either be attached to the file or
stored separately, depending on the user's preference and the requirements of
the application.
Verifying a signed file with GpgFrontend involves the corresponding public key
of the private key that was used for signing. The verification process decrypts
the digital signature using this public key to extract the original hash value
that was generated during the signing. Simultaneously, the software computes a
new hash from the file that is purported to be authentic. By comparing these two
hash values, GpgFrontend can determine if the file has been altered after it was
signed. If the hashes match, it confirms the file's integrity and authenticity,
assuring the recipient of its untampered state and the signer's identity.
This binary capability of file operations in GpgFrontend not only broadens the
scope of digital signatures to encompass a variety of file types but also
ensures that the integrity and authenticity verification process is not limited
to text-based data. It provides a critical layer of security in digital
communications, where files of all kinds are shared and exchanged with the
expectation of privacy and trust.
The application of digital signatures to files through tools like GpgFrontend is
especially relevant in scenarios where the authenticity of the file source and
the integrity of its contents are paramount. This includes software
distribution, where verifying the source and integrity of software packages is
crucial to prevent malware distribution; document sharing in legal and financial
contexts, where tampering could have serious implications; and multimedia
content distribution, where copyright and ownership are significant concerns.
In summary, GpgFrontend's support for signing and verifying files elevates the
security of digital file exchanges by applying the principles of cryptography in
a user-friendly manner. By accommodating binary file operations, it ensures that
digital signatures are accessible and applicable across a broad spectrum of file
types, reinforcing the pillars of trust and security in digital communications.
## Sign & Verify File
GpgFrontend extends its utility from handling text-based operations to
facilitating file operations with ease and security. The principle behind
signing and verifying files mirrors that of text, leveraging the robust
framework of digital signatures. However, a significant distinction lies in the
nature of the input and output for file operations, which can be binary,
accommodating a wider range of file types beyond simple text documents.
## Using File Browser for Signing and Verifying
After clicking the **File Browser** button, a system directory selection dialog
will appear. Follow these steps to perform signing and verifying operations:
1. **Open File Browser**:
- Click the **File Browser** button in the toolbar at the top of the
interface. This will open a system dialog allowing you to choose a
directory.
2. **Select Directory**:
- In the system dialog, navigate to the desired directory and select it. Once
selected, a new tab named "File Browser" will open in GpgFrontend,
displaying the contents of the chosen directory.
3. **Select a File**:
- In the File Browser tab, you will see a list of files and folders within
the selected directory. Click on the file you want to sign or verify.
4. **Sign the File**:
- To sign a file, first select the file in the File Browser. Then, in the
**Key Toolbox** on the right, select your private key by checking the box
next to your key. Finally, click the **Sign** button in the toolbar at the
top.
5. **Verify the File**:
- To verify a file, select the signed file in the File Browser. Ensure you
have the corresponding public key in your keyring. Click the **Verify**
button in the toolbar. If the correct key is available, the file's
signature will be verified.
![File Operations](https://image.cdn.bktus.com/i/2024/06/15/e157e4ff-ddaa-3a24-1a6f-a3fb80a55661.webp)
By following these steps, you can easily manage file signing and verifying using
the GpgFrontend's File Browser feature. This streamlined process allows you to
handle your cryptographic needs directly from the file system interface.
## File Extension Requirements
GpgFrontend supports different file extensions for various cryptographic
operations. Understanding these extensions helps in properly managing signed
files. Heres a breakdown of the file extensions used:
#### ASCII Format
- **.asc**: Files with the ".asc" extension are in ASCII format. These files
contain ASCII-armored signatures, which are a text representation of the
signed data. ASCII format is typically used for easy sharing via email or text
editors, as it ensures compatibility with text-based applications.
#### Binary Format
- **.sig**: Files with the ".sig" extension are in binary format. Binary
signature files are more compact than their ASCII counterparts and are
generally used for more efficient storage and transmission. They cannot be
viewed directly in text editors, as the content is in a binary format.
- **.gpg**: Files with the ".gpg" extension are also used for binary signatures.
These files are used when both encryption and signing are performed together,
containing both the encrypted content and the signature.
To perform verification operations, you need to use files with either the
".sig", ".gpg", or ".asc" extension. These files contain the necessary signature
content required for these operations.
By adhering to these file extension requirements, you can ensure that your
signed files are correctly recognized and processed by GpgFrontend.
### Default Output Mode
Before version 2.0.4, GpgFrontend generated signature files exclusively in ASCII
format. However, beginning with version 2.0.4, GpgFrontend now generates
signature files in binary format by default. This setting can be adjusted in the
program's settings.
### Changing Output Mode
To change the output mode between ASCII and binary formats, follow these steps:
1. **Open Settings**:
- Navigate to the GnuPG Controller settings within GpgFrontend. This can be
done by accessing the settings menu from the main interface.
2. **Locate Binary Mode Option**:
- In the settings interface, under the "General" section, locate the option
labeled "Use Binary Mode for File Operations".
3. **Toggle Binary Mode**:
- Check or uncheck this option to switch between binary (sig/gpg) and ASCII
(asc) output formats. Checking the box will enable binary mode, while
unchecking it will revert to ASCII format.
By following these steps, you can customize how GpgFrontend handles the format
of signature files according to your preference or needs.
![Locate Binary Mode
Option](https://image.cdn.bktus.com/i/2024/06/15/1a82922d-4a68-d315-f388-5571a4d93e8f.webp)

104
src/content/docs/guides/sign-verify-text.md
View File

@ -1,104 +0,0 @@
---
title: Signing & Verifying Text
---
Digital signatures, much like their analog counterparts, serve as a method for
asserting the authenticity and integrity of a digital document or message.
However, unlike traditional signatures, digital signatures offer a much higher
level of security, making it possible to ascertain not only the identity of the
signer but also whether the content has been tampered with since it was signed.
The foundation of digital signing and verification lies in the field of public
key cryptography, a cornerstone of modern secure communication. This system
relies on two keys: a private key, which is kept secret by the owner, and a
public key, which can be shared with anyone. To sign a document, the signer uses
their private key to generate a digital signature on the document. This
signature is unique to both the document and the private key, ensuring that any
changes made to the document after it has been signed can be detected.
Verification, on the other hand, requires the corresponding public key. When a
document is received along with its digital signature, the recipient can use the
signer's public key to verify the signature. This process checks that the
signature matches the document and was created with the private key
corresponding to the public key. If the document has been altered after signing,
the verification will fail, alerting the recipient to the tampering.
One of the advantages of digital signatures is the ability to use multiple
private keys for signing a document, similar to having a document signed by
multiple parties. Each signer uses their private key to sign the document, and
each signature can be independently verified with the corresponding public key.
This method is particularly useful in scenarios requiring the approval or
authorization of multiple entities.
Digital signatures are a critical component of secure communications, providing
assurances of authenticity, integrity, and non-repudiation. Non-repudiation
means that a signer cannot later deny the authenticity of the signature on a
document they signed. This is especially important in legal, financial, and
sensitive communications, where trust and authenticity are paramount.
Tools like GpgFrontend facilitate the process of creating and verifying digital
signatures in a user-friendly manner. GpgFrontend is built on top of the OpenPGP
standard, which is a widely accepted protocol for encryption and digital
signatures. The tool allows users to easily manage their encryption keys, sign
documents, and verify the signatures of received documents, thereby enhancing
the security and trustworthiness of digital communications.
In summary, digital signing and verification through tools like GpgFrontend
leverage public key cryptography to ensure the security and integrity of digital
communications. By enabling users to sign documents with their private keys and
allowing others to verify those signatures with corresponding public keys,
digital signatures provide a robust mechanism for authenticating the origin and
integrity of digital documents, far surpassing the capabilities of traditional
handwritten signatures.
## Signature Only
By signing the text, you establish that you are the sole and unalterable
authority for this text. You can simply sign the text without encrypting it as
follows:
![Peek 2022-01-12
06-50](https://image.cdn.bktus.com/i/2023/11/16/9c95a381-52b9-4d2b-c21d-38fdc6cbc76d.gif)
To check whether a key can be used for signing, please review the 'Usage' column
in the key toolbox on the right (the letter 'S' stands for signature).
## Signature with Encryption
You also have the option to sign and encrypt at the same time by choosing a
public key for encryption and your private key for signing. This is a common
practice where you select two key pairs: one belonging to someone else for
encryption, and your private key for signing. If you don't select a key for
signing, only encryption is possible, but you will receive a warning. It's worth
noting that combining signing with encryption provides an additional layer of
security as it assures the recipient that the message hasn't been altered and it
came from the sender whose identity is verified by the digital signature.
![Peek 2022-01-12
06-54](https://image.cdn.bktus.com/i/2023/11/16/fd98e968-5e59-7bee-abea-99ab234be7a6.gif)
## Verification
Once you have a plaintext and its corresponding signature, you can verify the
signature using the signer's public key. However, this type of signature isn't
suitable for emails as it can make the email less readable.
![Peek 2022-01-12
06-56](https://image.cdn.bktus.com/i/2023/11/16/fbde7130-72c3-1fce-8366-47643fc0e804.gif)
To verify a signature with text, you need to have the corresponding public key
for all included signatures. If a suitable public key for a signature isn't
found locally during verification, GpgFrontend will prompt you to import it.
![image-20220112070325556](https://image.cdn.bktus.com/i/2023/11/16/5ab80063-dbf7-0394-5c44-4c23f7b4702b.webp)
## Verification with Decryption
When decrypting a ciphertext, it's advised to verify it simultaneously,
regardless of whether the encryptor signed it or not. It's impossible to
determine from the ciphertext's format if it has been signed. Therefore, it's a
good habit to always perform decryption operations with verification whenever
possible.
![Peek 2022-01-12
07-10](https://image.cdn.bktus.com/i/2023/11/16/9e06ce22-f98d-47f1-ea76-e4e23b6dd32d.gif)

165
src/content/docs/guides/symmetric-encrypt-decrypt.md
View File

@ -4,128 +4,105 @@ sidebar:
label: Symmetric Crypto label: Symmetric Crypto
--- ---
## About Symmetric Encryption & Decryption ## 🔐 What Is Symmetric Encryption?
Symmetric encryption, in contrast to asymmetric encryption, uses a single key **Symmetric encryption** is a method of securing data where the **same
for both the encryption of plaintext and the decryption of ciphertext. This password** is used to both encrypt and decrypt information.
method is characterized by its simplicity and speed, making it a popular choice
for encrypting large volumes of data or for scenarios where the sharing of keys
between the sender and receiver can be securely managed. GpgFrontend provides a
user-friendly interface for implementing symmetric encryption, streamlining the
process for users who may not be familiar with the intricacies of cryptographic
operations.
The process of symmetric encryption with GpgFrontend begins when a user opts to Unlike **asymmetric encryption**, which uses a public/private key pair,
encrypt data without selecting a recipient's public key from the Key Toolbox. symmetric encryption relies on a single shared secret (the password). This
This action signals the software to use symmetric encryption for the task at approach is:
hand. At this point, the user is prompted to create a password. This password
acts as the encryption key, transforming the plaintext into ciphertext through a
cryptographic algorithm. It's crucial that this password is strong and unique,
as the security of the encrypted data directly depends on the password's
complexity and unpredictability.
Once the password is established, GpgFrontend proceeds to encrypt the data. The - ✅ Fast and efficient
resulting ciphertext can only be decrypted with the exact password used for its - ✅ Ideal for large files or quick one-time sharing
encryption. This means that anyone who wishes to access the encrypted data must - ❗ Best used when both parties can safely share the password
know the password, highlighting the importance of securely sharing this password
between the sender and receiver.
Decrypting symmetrically encrypted data with GpgFrontend requires the same > 📌 If someone intercepts the password, the encrypted data is no longer secure
password used during the encryption phase. When the 'Decrypt' function is > — so always handle password exchange carefully.
initiated, the software prompts the user to enter the password. Upon successful
authentication with the correct password, the software decrypts the ciphertext
back into readable plaintext. This decryption process, like encryption, is
straightforward and efficient, but the security of the data relies entirely on
the password's confidentiality.
Symmetric encryption is particularly useful in scenarios where encrypted data ## 🔄 How It Works
needs to be stored securely or transmitted over a secure channel, and where the
overhead of managing public and private keys is not desirable. However, the
challenge of securely exchanging the password between the sender and receiver
cannot be understated. If this password is intercepted or guessed by an
unauthorized party, the encrypted data's security is compromised.
## How to Perform Symmetric Encryption 1. You choose a **strong password**.
2. That password is used to **encrypt** the data.
3. Anyone with the **same password** can **decrypt** it.
4. No key pair is required — only the shared password.
Performing symmetric encryption with GpgFrontend is a straightforward process. > 📎 Encryption security depends entirely on the strength and secrecy of the
Follow these steps to encrypt your data using a password: > password used.
1. **Prepare Your Data**: ## ✍️ Encrypting Data Symmetrically
- Start by opening GpgFrontend and entering the text you want to encrypt in To encrypt text using symmetric encryption:
the text editor area. You can create a new tab through the "New" option if
needed.
2. **Initiate Encryption**: 1. **Enter the Text**
- Input the plaintext (the content you want to protect).
- Click the 'Encrypt' button in the Operations Bar at the top of the 2. **Start Encryption**
interface. This button is represented by a padlock icon with the label - Choose to encrypt **without selecting any public key**.
"Encrypt".
3. **No Key Selected**: 3. **Set a Password**
- When prompted, enter a **strong, unique password**.
- This becomes your **encryption key**.
- If no key is selected in the Key Toolbox, a prompt will appear asking if 4. **Encryption Completes**
you want to encrypt with a symmetric cipher using a passphrase. Click "OK" - The text is transformed into ciphertext.
to proceed. - You can now save it or share it with someone.
4. **Set a Password**: > 🔐 The recipient will need the **exact same password** to decrypt the message.
- Enter a strong, unique password in the prompt that appears. This password ![Symmetric
will be used to encrypt your data. Ensure that the password is complex and Encryption](https://image.cdn.bktus.com/i/2024/06/15/e81042ca-40e4-0ce4-5a44-111a89acb5d1.webp)
secure, as it will be required to decrypt the data later.
5. **Encryption Process**: ## 🔓 Decrypting Symmetric Encrypted Data
- GpgFrontend will use the provided password to encrypt your data, To decrypt content that was encrypted symmetrically:
transforming the plaintext into ciphertext. The resulting encrypted message
will be displayed in the text editor area.
6. **Save or Share Encrypted Data**: 1. **Paste the Ciphertext**
- You can now save the encrypted message to a file or share it with others. - The message should begin with `-----BEGIN PGP MESSAGE-----` and end with
Remember, the recipient will need the exact password used during encryption `-----END PGP MESSAGE-----`.
to decrypt the data.
By following these steps, you can easily encrypt your data using symmetric 2. **Initiate Decryption**
encryption in GpgFrontend. This method is ideal for scenarios where you need to - Choose to decrypt the message.
secure data with a password without managing public and private keys.
![Symmetric Encryption](https://image.cdn.bktus.com/i/2024/06/15/e81042ca-40e4-0ce4-5a44-111a89acb5d1.webp) 3. **Enter the Password**
- Input the **same password** that was used for encryption.
## How to Decrypt Symmetric Encryption? 4. **View the Plaintext**
- If the password is correct, the original message will be revealed.
Decrypting symmetrically encrypted data with GpgFrontend is straightforward and > 🧠 If the password is incorrect or mistyped, decryption will fail.
similar to decrypting data encrypted with asymmetric encryption. Follow these
steps:
1. **Copy the Ciphertext**: ## 💡 When to Use Symmetric Encryption?
- First, ensure that you have the ciphertext (the encrypted message) copied Symmetric encryption is a great choice when:
to your clipboard. The ciphertext should be in the format typically
generated by GnuPG, enclosed in `-----BEGIN PGP MESSAGE-----` and `-----END
PGP MESSAGE-----` tags.
2. **Paste the Ciphertext into the Text Editor**: - Youre encrypting something **for yourself** (e.g. storing private notes or
backup files).
- Youre sharing data over a **secure channel**, and can **safely provide the
password**.
- You dont want to manage public/private key infrastructure.
- Open GpgFrontend and paste the ciphertext into the text editor area. You However, it is **not ideal** for public communication where secure password
can do this by creating a new tab through the "New" option if needed. exchange is difficult.
3. **Click the Decrypt Button**: ## 🛡️ Tips for Better Security
- Click the 'Decrypt' button in the Operations Bar at the top of the - Always use a **strong, complex password** (longer is better).
interface. This button is represented by a key icon with the label - Never send passwords through insecure channels (e.g., unencrypted email).
"Decrypt". - Consider using symmetric encryption as a supplement to public-key encryption —
e.g., encrypt a file symmetrically, then encrypt the password with the
recipients public key.
4. **Enter the Password**: ## 🧭 Summary
- A prompt will appear asking for the password that was used to encrypt the | Feature | Symmetric Encryption |
data. Enter the correct password and confirm. |------------------------|---------------------------------------------|
| Key type | Single shared password |
| Use case | Fast, simple encryption |
| Ideal for | Self-encryption or trusted 1-to-1 sharing |
| Sensitive to | Password leaks |
| Key management needed | ❌ No |
5. **Decryption Process**: Symmetric encryption is a lightweight and powerful tool — when used correctly.
- GpgFrontend will use GnuPG to recognize the type of encryption used and the Always combine it with safe password management to ensure your data stays truly
corresponding key. If the password is correct, the software will decrypt secure.
the ciphertext and display the readable plaintext in the text editor area.
By following these steps, you can efficiently decrypt any symmetrically
encrypted data using GpgFrontend. The software's ability to automatically
recognize the encryption type and key ensures a seamless decryption process,
making it easy to access your encrypted information securely.

116
src/content/docs/guides/text-opetations.md Normal file
View File

@ -0,0 +1,116 @@
---
title: Text Operations
sidebar:
order: 5
---
GpgFrontend is a user-friendly graphical interface for GnuPG that simplifies the
core cryptographic operations: **encryption**, **decryption**, **signing**, and
**verification**. It supports secure communication through public key
cryptography and provides intuitive workflows for both beginners and advanced
users.
## Understanding the Basics
Public key cryptography relies on key pairs:
- **Public Key**: Used to encrypt or verify.
- **Private Key**: Used to decrypt or sign.
Before performing encryption or signing operations, users must generate their
own key pair and exchange public keys with their communication partners.
## Encrypting Text
### Only Encrypt
Use the recipient's **public key** to encrypt plaintext. This method:
- Produces a shorter ciphertext.
- Does **not** reveal the sender's identity.
- Is ideal when anonymity is preferred.
> 🔐 Tip: Dont use your own public key to encrypt unless you're sending a
> message to yourself.
![](https://image.cdn.bktus.com/i/2023/11/16/07c99019-318a-3b85-ea63-0d473ebcd7ec.gif)
### Encrypt & Sign
This method encrypts the message with the recipient's public key and signs it
with **your own private key**, ensuring:
- Confidentiality
- Message authenticity
- Proof of origin
To use this method:
- Choose the recipients public key.
- Select **your private key** with signing capability (`Usage = S`).
> 📄 The resulting ciphertext is longer due to the signature. The Info Board
> will display signature details after encryption.
![](https://image.cdn.bktus.com/i/2023/11/16/cb4ac40a-9830-7429-8447-7ada6bc6571b.gif)
## Signing Text
### Signature Only
Use your **private key** to sign text without encrypting it:
- This confirms authorship.
- Anyone with your public key can verify it.
Check the keys `Usage` column for `S` to confirm it's suitable for signing.
![Signature
Only](https://image.cdn.bktus.com/i/2023/11/16/9c95a381-52b9-4d2b-c21d-38fdc6cbc76d.gif)
### Sign with Encryption
Sign and encrypt together by selecting the recipient's public key and your own
private signing key:
- Ensures both confidentiality and authenticity.
- Common in secure messaging or business communication.
![](https://image.cdn.bktus.com/i/2023/11/16/fd98e968-5e59-7bee-abea-99ab234be7a6.gif)
---
## Decrypting Text
### Decrypt Only
Paste or load the ciphertext into GpgFrontend. The tool will:
- Automatically use the correct **private key**.
- Notify you if no valid key is available.
> ✅ No need to check `Usage` manually; the tool handles key matching.
![](https://image.cdn.bktus.com/i/2023/11/16/a4ded61d-fb5b-cbf2-f0ec-e3b26e79f172.gif)
### Decrypt & Verify
If the message was signed, GpgFrontend will:
- Verify the signature using the **senders public key**.
- Display whether the signature is valid.
Use this for added assurance of sender authenticity and message integrity.
![](https://image.cdn.bktus.com/i/2023/11/16/9e06ce22-f98d-47f1-ea76-e4e23b6dd32d.gif)
---
## Verifying Signatures
To verify a detached or embedded signature:
- Use the senders **public key**.
- Paste or load the signed message.
GpgFrontend will:
- Check the integrity.
- Report any mismatch or missing public keys.
> 📥 If the required public key is missing, GpgFrontend prompts you to import
> it.
![](https://image.cdn.bktus.com/i/2023/11/16/fbde7130-72c3-1fce-8366-47643fc0e804.gif)
## Best Practices
- Always verify a message **before** decrypting when possible.
- Share only your **public key**, and **never** your private key.
- Use **Encrypt & Sign** for secure and authenticated communication.
- Use **Sign Only** for publishing documents or messages that require integrity
but not secrecy.

2
src/content/docs/guides/understand-interface.md
View File

@ -87,7 +87,7 @@ all core functionalities:
1. **New E-Mail**: Create a new email or text file. 1. **New E-Mail**: Create a new email or text file.
2. **Open**: Open an existing text file. 2. **Open**: Open an existing text file.
3. **File Browser**: Browse and select files from your system. 3. **File Panel**: Browse and select files from your system.
4. **Encrypt**: Encrypt text or files using selected keys. 4. **Encrypt**: Encrypt text or files using selected keys.
5. **Encrypt Sign**: Encrypt and sign text or files simultaneously. 5. **Encrypt Sign**: Encrypt and sign text or files simultaneously.
6. **Decrypt**: Decrypt text or files. 6. **Decrypt**: Decrypt text or files.

2
src/content/docs/overview/glance.md
View File

@ -12,7 +12,7 @@ encryption, decryption, and digital signing, offering a seamless interface for
managing OpenPGP tasks. Embrace the latest features of GnuPG 2.x, enhancing your managing OpenPGP tasks. Embrace the latest features of GnuPG 2.x, enhancing your
security in the digital age. security in the digital age.
**Document Version Reference: [v2.1.6](https://github.com/saturneric/GpgFrontend/releases/tag/v2.1.6)** **Document Version Reference: [v2.1.7](https://github.com/saturneric/GpgFrontend/releases/tag/v2.1.7)**
## User Interface Glimpse ## User Interface Glimpse

39
src/styles/custom.css Normal file
View File

@ -0,0 +1,39 @@
/* Dark mode colors. */
:root {
--sl-color-accent-low: #131e4f;
--sl-color-accent: #3447ff;
--sl-color-accent-high: #b3c7ff;
--sl-color-white: #ffffff;
--sl-color-gray-1: #eceef2;
--sl-color-gray-2: #c0c2c7;
--sl-color-gray-3: #888b96;
--sl-color-gray-4: #545861;
--sl-color-gray-5: #353841;
--sl-color-gray-6: #24272f;
--sl-color-black: #17181c;
}
/* Light mode colors. */
:root[data-theme='light'] {
--sl-color-accent-low: #c7d6ff;
--sl-color-accent: #364bff;
--sl-color-accent-high: #182775;
--sl-color-white: #17181c;
--sl-color-gray-1: #24272f;
--sl-color-gray-2: #353841;
--sl-color-gray-3: #545861;
--sl-color-gray-4: #888b96;
--sl-color-gray-5: #c0c2c7;
--sl-color-gray-6: #eceef2;
--sl-color-gray-7: #f5f6f8;
--sl-color-black: #ffffff;
}
.main-pane img {
max-width: 80%;
width: auto;
height: auto;
display: block;
image-rendering: auto;
object-fit: contain;
}