GpgFrontend/Manual
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: adapt manual to v2.1.7

Browse Source
This commit is contained in:
saturneric 2025-04-09 01:55:21 +02:00
parent 99d6ac727b
commit eb6e4d1bc4
22 changed files with 3841 additions and 5898 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
astro.config.mjs
View File

@ -12,9 +12,13 @@ export default defineConfig({
src: "./src/assets/logo.svg",
},
favicon: "/images/favicon.ico",
social: {
github: "https://github.com/saturneric/GpgFrontend",
},
social: [
{
icon: "github",
label: "GitHub",
href: "https://github.com/saturneric/GpgFrontend",
},
],
editLink: {
baseUrl: "https://github.com/saturneric/GpgFrontend-Manual/edit/main/",
},
@ -51,6 +55,9 @@ export default defineConfig({
},
},
],
customCss: [
"./src/styles/custom.css",
],
}),
],
output: "server",

7799
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

6
package.json
View File

@ -10,9 +10,9 @@
"astro": "astro"
},
"dependencies": {
"@astrojs/netlify": "^5.5.1",
"@astrojs/starlight": "^0.21.3",
"astro": "^4.3.5",
"@astrojs/netlify": "^6.2.5",
"@astrojs/starlight": "^0.33.0",
"astro": "^5.6.1",
"sharp": "^0.32.5"
}
}

2
src/content/docs/advanced/key-database.md
View File

@ -63,7 +63,7 @@ The **Key Database** tab allows you to perform the following operations:
- Right-click on a database entry to view options like:
- **Move Up/Move Down**: Reorder the database list.
- **Move to Top**: Prioritize a database by moving it to the top.
- **Move to Top**: Prioritize a database by moving it to the top. If a database is at the top, it is considered as the Default Key Database.
- **Edit**: Rename or modify the path of an existing database.
- **Remove**: Delete a database from the configuration.

7
src/content/docs/advanced/key-package.md
View File

@ -114,10 +114,3 @@ the KeyPackage into the key management tool on the target device.
- Delete the KeyPackage files from all devices and any intermediaries (like
email servers or cloud storage) after the transfer is complete to prevent
unauthorized access.
## Conclusion
The KeyPackage feature streamlines the process of transferring key data between
devices while maintaining high security standards. By following the steps
outlined in this document, users can effectively manage their cryptographic keys
across multiple platforms.

187
src/content/docs/advanced/module-controller.md
View File

@ -13,8 +13,6 @@ This guide provides an overview of the **Module Controller** interface,
instructions for managing modules, and guidance for advanced users interested in
developing custom modules.
---
## Accessing the Module Controller
To access the **Module Controller**:
@ -22,73 +20,66 @@ To access the **Module Controller**:
1. Open the **Advanced** menu in the top toolbar.
2. Select **Open Module Controller**.
![Open Module Controller](https://image.cdn.bktus.com/i/2024/11/29/fa515b3c-d9b1-70f5-c355-832b6bf07a38.webp)
![](https://image.cdn.bktus.com/i/2024/11/29/fa515b3c-d9b1-70f5-c355-832b6bf07a38.webp)
The **Module Controller** interface consists of the following tabs:
- **Registered Modules**
- **Global Register Table**
---
## Registered Modules Tab
The **Registered Modules** tab displays all available modules and provides tools
for managing their activation, metadata, and storage.
![](https://image.cdn.bktus.com/i/2024/11/29/b35d35f9-4ae2-0d3b-917d-a6fb815711f9.webp)
### Key Features
1. **Module List**
**Module List**
- The left panel lists all currently available modules.
- Modules prefixed with `*` are **Integrated Modules**, meaning they are bundled
with the GpgFrontend application.
- The left panel lists all currently available modules.
- Modules prefixed with `*` are **Integrated Modules**, meaning they are
bundled with the GpgFrontend application.
**Module Information**: When a module is selected, detailed metadata is
displayed in the right panel, including:
- **ID**: The unique identifier of the module.
- **Version**: The current module version.
- **SDK Version**: The version of the SDK required by the module.
- **Path**: The physical location of the module file.
- **Activation Status**: Indicates whether the module is active or set to
auto-activate.
2. **Module Information**
```text title="Example"
- ID: com.bktus.gpgfrontend.module.email
- Version: 1.0.0
- SDK Version: 2.1.5
- Path: /path/to/module/file
- Auto Activate: True
- Active: True
```
- When a module is selected, detailed metadata is displayed in the right
panel, including:
**Module Actions**
- **ID**: The unique identifier of the module.
- **Version**: The current module version.
- **SDK Version**: The version of the SDK required by the module.
- **Path**: The physical location of the module file.
- **Activation Status**: Indicates whether the module is active or set to
auto-activate.
- **Deactivate**: Temporarily disables the selected module.
- **Disable Auto Activate**: Prevents the module from loading automatically when
GpgFrontend starts.
Example:
**Show Mods Directory**
```
- ID: com.bktus.gpgfrontend.module.email
- Version: 1.0.0
- SDK Version: 2.1.5
- Path: /path/to/module/file
- Auto Activate: True
- Active: True
```
- Opens the directory where external modules are stored. Users can manually add
or remove custom modules by placing or deleting files in this directory.
![Registered Modules](https://image.cdn.bktus.com/i/2024/11/29/b35d35f9-4ae2-0d3b-917d-a6fb815711f9.webp)
:::tip[Tip for Integrated Modules]
3. **Module Actions**
- **Windows/Mac Users**: Integrated Modules (prefixed with `*`) can be removed
by deleting the corresponding `.dll` (Windows) or `.dylib` (Mac) file from the
`modules` directory.
- **Linux Users**: Due to the nature of **AppImage** and **Flatpak** packages,
removing Integrated Modules may require recompiling and repackaging the
application.
- **Deactivate**: Temporarily disables the selected module.
- **Disable Auto Activate**: Prevents the module from loading automatically
when GpgFrontend starts.
4. **Show Mods Directory**
- Opens the directory where external modules are stored. Users can manually
add or remove custom modules by placing or deleting files in this
directory.
> **Tip for Integrated Modules**:
- **Windows/Mac Users**: Integrated Modules (prefixed with `*`) can be
removed by deleting the corresponding `.dll` (Windows) or `.dylib` (Mac)
file from the `modules` directory.
- **Linux Users**: Due to the nature of **AppImage** and **Flatpak**
packages, removing Integrated Modules may require recompiling and
repackaging the application.
:::
## Global Register Table Tab
@ -99,25 +90,22 @@ interactions with the core application.
### Key Features
1. **Key-Value Data**
**Key-Value Data**
- Displays the hierarchical structure of global variables, including:
- Module-specific settings (e.g., version checking, state tracking).
- GnuPG paths and environment configurations.
- Displays the hierarchical structure of global variables, including:
- Module-specific settings (e.g., version checking, state tracking).
- GnuPG paths and environment configurations.
- Example:
```
gpgme:
ctx:
app_path: /opt/homebrew/Cellar/gnupg/2.4.5_1/bin/gpg
gnupg_version: 2.4.5
gpgconf_path: /opt/homebrew/bin/gpgconf
```
```text title="Example"
gpgme:
ctx:
app_path: /opt/homebrew/Cellar/gnupg/2.4.5_1/bin/gpg
gnupg_version: 2.4.5
gpgconf_path: /opt/homebrew/bin/gpgconf
```
2. **Navigation**
**Navigation**: Expand nodes to explore detailed properties for modules or core components.
- Expand nodes to explore detailed properties for modules or core components.
![Global Register Table](https://image.cdn.bktus.com/i/2024/11/29/e4a74c1d-c81a-166f-abd8-4f3f4f92f4d0.webp)
![](https://image.cdn.bktus.com/i/2024/11/29/e4a74c1d-c81a-166f-abd8-4f3f4f92f4d0.webp)
## Developing Custom Modules
@ -128,53 +116,32 @@ the `libgpgfrontend_sdk` library.
### Key Points for Developers
1. **C ABI Compliance**
**C ABI Compliance**: Modules must be implemented using the C ABI to ensure
compatibility across all supported platforms (Windows, macOS, Linux).
- Modules must be implemented using the C ABI to ensure compatibility across
all supported platforms (Windows, macOS, Linux).
**Dynamic SDK Linking**: Modules interact with GpgFrontend by linking
dynamically to the **libgpgfrontend_sdk** library. This library provides the
necessary interfaces for module initialization, data exchange, and runtime
interaction.
2. **Dynamic SDK Linking**
**SDK Limitations**: The current SDK API is still under development and may not
cover all potential use cases. Developers are encouraged to contact the project
maintainer for guidance or feature requests.
- Modules interact with GpgFrontend by linking dynamically to the
**libgpgfrontend_sdk** library. This library provides the necessary
interfaces for module initialization, data exchange, and runtime
interaction.
**Getting Started**: Place the compiled module file (`.dll`, `.dylib`, or `.so`)
in the `modules` directory. Use the **Show Mods Directory** button to locate
this directory.
3. **SDK Limitations**
- The current SDK API is still under development and may not cover all
potential use cases. Developers are encouraged to contact the project
maintainer for guidance or feature requests.
4. **Getting Started**
- Place the compiled module file (`.dll`, `.dylib`, or `.so`) in the
`modules` directory. Use the **Show Mods Directory** button to locate this
directory.
---
## Tips for Managing Modules
1. **Backup Before Changes**
- Always create a backup of the `modules` directory before making changes,
especially when adding or removing modules.
2. **Regular Updates**
- Check for updates to both GpgFrontend and its modules to ensure
compatibility and access to the latest features.
3. **Safe Removal**
- Follow the guidelines for deleting Integrated Modules based on your
platform to avoid accidental issues.
4. **Use Global Register Table for Debugging**
- Advanced users can verify module configurations and GPG environment paths
through the **Global Register Table**.
---
:::tip[Tips for Managing Modules]
1. **Backup Before Changes**: Always create a backup of the `modules` directory
before making changes, especially when adding or removing modules.
2. **Regular Updates**: Check for updates to both GpgFrontend and its modules to
ensure compatibility and access to the latest features.
3. **Safe Removal**: Follow the guidelines for deleting Integrated Modules based
on your platform to avoid accidental issues.
4. **Use Global Register Table for Debugging**: Advanced users can verify module
configurations and GPG environment paths through the **Global Register Table**.
:::
## Example Module: Version Checking
@ -187,9 +154,9 @@ modules to provide additional functionality.
- Displays release notes for new updates.
- Notifies users when an upgrade is available.
### Example Metadata:
### Metadata:
```
```text title="Example"
- ID: com.bktus.gpgfrontend.module.version_checking
- Version: 1.0.0
- Auto Activate: True
@ -197,15 +164,13 @@ modules to provide additional functionality.
### Global Register Table:
```
```text title="Example"
com.bktus.gpgfrontend.module.version_checking:
current_version: v2.1.5
need_upgrade: false
latest_version: v2.1.5
```
---
By leveraging the **Module Controller**, users can customize and extend
GpgFrontend to suit their needs. Developers interested in creating new modules
are encouraged to experiment with the SDK and collaborate with the maintainer

0
src/content/docs/guides/email.md → src/content/docs/guides/email-operations.md
View File

118
src/content/docs/guides/encrypt-decrypt-file.md
View File

@ -1,118 +0,0 @@
---
title: Encrypt & Sign File
---
GpgFrontend offers a fast and convenient method for working with files. The
encryption and decryption process for files is nearly identical to that of text,
with the exception that file operations involve binary input and output.
## Using File Browser for Encryption and Decryption
After clicking the **File Browser** button, a system directory selection dialog
will appear. Follow these steps to perform encryption, decryption, and signing
operations:
1. **Open File Browser**:
- Click the **File Browser** button in the toolbar at the top of the
interface. This will open a system dialog allowing you to choose a
directory.
2. **Select Directory**:
- In the system dialog, navigate to the desired directory and select it. Once
selected, a new tab named "File Browser" will open in GpgFrontend,
displaying the contents of the chosen directory.
3. **Select a File**:
- In the File Browser tab, you will see a list of files and folders within
the selected directory. Click on the file you want to encrypt, decrypt, or
sign.
4. **Encrypt the File**:
- To encrypt a file, first select the file in the File Browser. Then, in the
**Key Toolbox** on the right, select the public key of the recipient by
checking the box next to the desired key. Finally, click the **Encrypt**
button in the toolbar at the top.
5. **Decrypt the File**:
- To decrypt a file, select the encrypted file in the File Browser. Ensure
you have the corresponding private key in your keyring. Click the
**Decrypt** button in the toolbar. If the correct key is available, the
file will be decrypted.
![File Operations](https://image.cdn.bktus.com/i/2024/06/15/a8d7bf2f-54f6-ccc6-7bdd-8bb0d2ba44af.webp)
By following these steps, you can easily manage file encryption, decryption, and
signing using the GpgFrontend's File Browser feature. This streamlined process
allows you to handle your cryptographic needs directly from the file system
interface.
## File Extension Requirements
GpgFrontend supports different file extensions for various cryptographic
operations. Understanding these extensions helps in properly managing encrypted
and signed files. Heres a breakdown of the file extensions used:
#### ASCII Format
- **.asc**: Files with the ".asc" extension are in ASCII format. These files
contain ASCII-armored ciphertext, which is a text representation of the
encrypted data. ASCII format is typically used for easy sharing via email or
text editors, as it ensures compatibility with text-based applications.
#### Binary Format
- **.gpg**: Files with the ".gpg" extension are in binary format. Binary
ciphertext files are more compact than their ASCII counterparts and are
generally used for more efficient storage and transmission. They cannot be
viewed directly in text editors, as the content is in a binary format.
#### Combined Content
- **.gpg**: When you use the encryption and signing functions together,
GpgFrontend generates a file with the ".gpg" extension. This file contains
both the encrypted content and the signature, ensuring that the recipient can
verify that the ciphertext originates from you.
To perform decryption and verification operations, you need to use files with
either the ".gpg" or ".asc" extension. These files contain the necessary
ciphertext and signature content required for these operations.
By adhering to these file extension requirements, you can ensure that your
encrypted and signed files are correctly recognized and processed by
GpgFrontend.
### Default Output Mode
Before version 2.0.4, GpgFrontend generated ciphertext files exclusively in
ASCII format. However, beginning with version 2.0.4, GpgFrontend now generates
ciphertext files in binary format by default. This setting can be adjusted in
the program's settings.
### Changing Output Mode
To change the output mode between ASCII and binary formats, follow these steps:
1. **Open Settings**:
- Navigate to the GnuPG Controller settings within GpgFrontend. This can be
done by accessing the settings menu from the main interface.
2. **Locate Binary Mode Option**:
- In the settings interface, under the "General" section, locate the option
labeled "Use Binary Mode for File Operations".
3. **Toggle Binary Mode**:
- Check or uncheck this option to switch between binary (gpg) and ASCII (asc)
output formats. Checking the box will enable binary mode, while unchecking
it will revert to ASCII format.
By following these steps, you can customize how GpgFrontend handles the format
of ciphertext files according to your preference or needs.
![Locate Binary Mode Option](https://image.cdn.bktus.com/i/2024/06/15/1a82922d-4a68-d315-f388-5571a4d93e8f.webp)

146
src/content/docs/guides/encrypt-decrypt-text.md
View File

@ -1,146 +0,0 @@
---
title: Encrypt & Decrypt Text
---
The processes of encryption and decryption are fundamental to ensuring the
privacy and security of digital communications. GpgFrontend, a graphical
interface for GnuPG, simplifies these operations, making it accessible for users
to securely encrypt and decrypt text. Before diving into the specifics of how
GpgFrontend facilitates these operations, it's essential to understand the
underlying concepts and the prerequisites for encryption and decryption.
Encryption is the process of converting plain text into a scrambled format known
as ciphertext, which is unreadable to anyone except those who possess the
correct key to decrypt it. This transformation is done using an encryption
algorithm and a key. In the context of GpgFrontend and most modern encryption
practices, this key is the recipient's public key. A public key is part of a key
pair that includes a private key; together, they are used in asymmetric
encryption, a cornerstone of modern cryptography.
To initiate encryption with GpgFrontend, the sender must first have access to
the recipient's public key. This key is used to encrypt the message, ensuring
that only the recipient, who holds the corresponding private key, can decrypt
and read the message. The public key can encrypt messages, but cannot decrypt
them. This is a crucial aspect of asymmetric cryptography: it allows anyone to
send encrypted messages to the key owner without being able to decrypt messages
encrypted with that same public key.
Generating a key pair is the first step in being able to engage in these secure
communications. This process usually involves choosing a key type and size, with
larger keys offering higher security. Once generated, the key pair consists of a
private key, which must be kept secure and confidential, and a public key, which
can be shared with anyone who wishes to send you encrypted messages.
Decrypting a message with GpgFrontend requires the private key corresponding to
the public key used for encryption. Upon receiving an encrypted message, the
recipient uses their private key with GpgFrontend to decrypt the ciphertext back
into readable plain text. This decryption process is secure because the private
key is never shared, and it is computationally infeasible for an attacker to
derive the private key from the public key or the encrypted message.
GpgFrontend streamlines these operations, providing a user-friendly interface
that abstracts the complexities of cryptographic operations. Users can easily
import public keys, encrypt messages or files for specific recipients, and
decrypt incoming messages or files using their private keys. This makes
GpgFrontend an invaluable tool for anyone needing to secure their digital
communications, from sensitive personal correspondence to confidential business
communications.
In summary, encryption and decryption with GpgFrontend rely on the foundational
principles of asymmetric cryptography, where a public key is used for
encryption, and a corresponding private key is used for decryption. Before
engaging in these operations, users must generate a key pair and share their
public key with those from whom they wish to receive encrypted messages. This
setup ensures that only intended recipients can read the contents of encrypted
communications, providing a robust framework for privacy and security in the
digital age.
## Encrypt
The Encrypt operation itself uses a public key and does not require a private
key. Remember that whoever you want to send it to encrypts it with whose public
key. For people who don't use gpg very often, they often get confused and use
their own keys to encrypt ciphertext.
### Only Encrypt
In this case, you only encrypt the ciphertext, which results in a shorter
ciphertext. This is because the ciphertext does not contain additional signature
information that identifies the encryptor. If you do not want the recipient to
know your identity, use this method to generate your ciphertexts.
After the encryption operation, no additional information will be displayed in
the information board except for a prompt indicating whether the operation was
successful.
![Only Encrypt](https://image.cdn.bktus.com/i/2023/11/16/07c99019-318a-3b85-ea63-0d473ebcd7ec.gif)
### Encrypt Sign
To encrypt and sign text, you need to first prepare the plaintext and have a
public key that can perform encryption operations. The public key used for
encryption should belong to the intended recipient, not yourself. It is
important to verify that the recipient's public key has cryptographic
capabilities for encryption before proceeding.
If you want the recipient to know that the ciphertext is from you, you can also
choose to sign the text while encrypting it. This ensures that the decrypted
text is credible and comes from your hand. This method is commonly used when
both parties need to ensure the authenticity of the decrypted text, and
typically in scenarios where both parties know each other.
To encrypt and sign at the same time, select the public key(s) you need to use
for encryption, and during the encryption process, select the private key you
need to use for signing. This private key should belong to you and should have
the capability for signature operations. You can verify this by checking the
usage column in the key toolbox on the right (letter S stands for signature).
The ciphertext generated by this operation is longer than ciphertext generated
by only encryption because of the additional signature information attached to
it. After the operation is complete, information about the cryptographic and
signature operations will be displayed in the Infomation Board, including
information about the signature pattern and algorithm used.
To verify the authenticity of the ciphertext before decryption, you can use the
validate operation. Once the ciphertext is verified, you can proceed with
decryption using your private key.
![GIF](https://image.cdn.bktus.com/i/2023/11/16/cb4ac40a-9830-7429-8447-7ada6bc6571b.gif)
## Decrypt
When decrypting the ciphertext, you can simply paste the obtained ciphertext
into GpgFrontend, and it will automatically select the appropriate private key
for decryption. It is important to note that decryption must be performed with
the private key associated with the public key used for encryption.
![Decrypt](https://image.cdn.bktus.com/i/2023/11/16/a4ded61d-fb5b-cbf2-f0ec-e3b26e79f172.gif)
When decrypting a ciphertext, it is not necessary to check the usage column in
the key toolbox to determine if the key is valid for decryption. Instead, you
need to use a valid private key that corresponds to the public key used for
encryption. You can identify whether a key is a public key or a private key by
checking the type column in the key toolbox. If all your local keys are not
valid for decryption of the ciphertext, the program will display a decryption
failure message.
## Decrypt Verify
During decryption with verification, gpg will check the signature attached to
the ciphertext to ensure its authenticity. This provides an additional layer of
security and helps to prevent tampering with the encrypted message.
To perform decryption with verification, you need to select a file with a ".gpg"
or ".asc" extension, which contains the ciphertext and signature content. If the
signature is valid, gpg will decrypt the message and display it in plain text.
Otherwise, it will display an error message indicating that the signature is not
valid.
It is important to note that whether a key pair can be used for verification
will not be displayed in the usage column. Instead, you need to remember that a
valid public key can be used for verification. Therefore, it is a good habit to
always verify the signature during decryption, regardless of whether the
encryptor has signed in advance. This helps to ensure the authenticity and
integrity of the decrypted message.
![Decrypt Verify](https://image.cdn.bktus.com/i/2023/11/16/9e06ce22-f98d-47f1-ea76-e4e23b6dd32d.gif)

149
src/content/docs/guides/file-operations.md Normal file
View File

@ -0,0 +1,149 @@
---
title: File Operations
sidebar:
order: 6
---
GpgFrontend offers a fast and convenient method for working with files. The
processes of encryption, decryption, signing, and verifying files are similar to
text-based operations but involve binary input and output.
## Using File Panel for Encryption, Decryption, Signing, and Verifying
After clicking the **File Panel** button, a system directory selection dialog
will appear. Follow these steps to perform various cryptographic operations:
1. Open File Panel: Click the **File Panel** button in the toolbar at the top of the interface. This will open a system dialog allowing you to choose a directory.
2. Select Directory: In the system dialog, navigate to the desired directory and select it. Once
selected, a new tab named "File Panel" will open in GpgFrontend, displaying
the contents of the chosen directory.
3. Select a File: In the File Panel tab, click on the file you want to encrypt, decrypt, sign,
or verify.
### 4. File Operations (Encrypt, Decrypt, Sign, Verify)
Perform various file operations by selecting the desired file in the File Panel
and using the appropriate key from the Key Toolbox:
- Encrypt: Select the desired file in the File Panel. Choose a recipient's
public key from the Key Toolbox and click the Encrypt button in the toolbar.
- Decrypt: Select the encrypted file in the File Panel. Ensure your private key
is available in your keyring and click the Decrypt button in the toolbar.
- Sign: Select the desired file in the File Panel. Choose your private key from
the Key Toolbox and click the Sign button in the toolbar.
- Verify: Select the signed file in the File Panel. Ensure the corresponding
public key is available in your keyring and click the Verify button in the
toolbar.
## File Extension Requirements
Understanding the appropriate file extensions helps in managing encrypted and
signed files properly. Heres a breakdown of the file extensions used:
### ASCII Format
- **.asc**: ASCII-armored files. Can contain encrypted data or signatures in a
text-compatible format.
### Binary Format
- **.gpg**: Binary encrypted files or combined encrypted and signed files. More
efficient for storage and transmission.
- **.sig**: Binary signature files used exclusively for signature operations.
## Output Mode
Before version 2.0.4, GpgFrontend generated ciphertext and signature files
exclusively in ASCII format. From version 2.0.4 onwards, it generates files in
binary format by default. This setting can be adjusted in the program's
settings.
### Changing Output Mode
To change the output mode between ASCII and binary formats:
1. Open Settings: Navigate to the GnuPG Controller settings within GpgFrontend by accessing
the settings menu.
2. Locate Binary Mode Option: In the settings interface, under the "General" section, find the option
labeled "Use Binary Mode for File Operations".
3. Toggle Binary Mode: Check or uncheck this option to switch between binary (gpg/sig) and ASCII
(asc) output formats.
This streamlined process allows you to manage file encryption, decryption,
signing, and verification efficiently with GpgFrontend.
### Quick Toggle via File Panel Menu
In addition to the settings menu, GpgFrontend also provides a quick toggle
option for switching between ASCII and binary output modes directly from the
File Panel:
1. Access the File Panel Toolbar: In the File Panel, locate the toolbar at the
top right.
2. Open the Drop-down Menu: Click the button with the gear icon or three-line
icon (as shown in the screenshot) to open a drop-down menu.
3. Select ASCII Mode: From the menu, choose “ASCII Mode” to enable ASCII-armored
output for operations like encryption or signing. When checked, output files
such as .asc will be generated instead of binary formats like .gpg or .sig.
This feature offers a convenient way to switch output modes without navigating
through the main settings, making file operations faster and more adaptable
based on user needs.
![](https://image.cdn.bktus.com/i/2025/04/09/ea2c8b52-2a49-ee18-5897-5cf3d72115a5.webp)
## Enabling Batch Mode for Multi-file Operations
By default, the File Panel supports only single-file selection for cryptographic
operations. However, GpgFrontend includes a Batch Mode feature that allows users
to select and process multiple files simultaneously:
1. Activate Batch Mode: Click the “Switch Batch Mode” button, represented by a
segmented icon located at the top-right corner of the File Panel toolbar. A
tooltip labeled “Switch Batch Mode” will appear when hovering over the
button.
2. Select Multiple Files: Once Batch Mode is activated, the file panel will
allow multi-selection using standard keyboard shortcuts (e.g., Ctrl or
Shift+Click).
3. Perform Bulk Operations: After selecting the desired files, perform
encryption, decryption, signing, or verification actions using the toolbar
controls. The operation will be applied to all selected files.
Batch Mode is especially useful for advanced users handling multiple files,
significantly improving operational efficiency in workflows involving large
volumes of data.
![](https://image.cdn.bktus.com/i/2025/04/09/24a8b950-ff08-2133-0ee2-5003095f1ff7.webp)
## Folder Encryption and Decryption
GpgFrontend supports seamless encryption and decryption of entire folders
through the File Panel interface. This feature enables users to securely package
directory contents while preserving their original structure.
### Encrypting Folders
When a folder is selected for encryption, GpgFrontend automatically performs the
following operations:
1. Archiving: The folder is first archived using the tar utility, combining all
files and subdirectories into a single .tar archive.
2. Encryption: The `.tar` archive is then encrypted using GnuPG, resulting in a
`.tar.gpg` (binary) or `.tar.asc` (ASCII-armored) file, depending on the
selected output mode.
This behavior mirrors the functionality of the gpg-zip tool, which combines
archiving and encryption into a single streamlined operation.
Note: The resulting encrypted file represents the entire folder in a secure,
transferable format.
### Decrypting Encrypted Archives
GpgFrontend also offers automatic extraction when decrypting `.tar.gpg` or
`.tar.asc` files:
1. Decryption: The selected encrypted archive is decrypted using GnuPG,
producing the original `.tar` archive.
2. Extraction: If the decrypted content is a `.tar` archive, GpgFrontend
automatically extracts its contents into a folder within the current
directory, restoring the full folder structure.
This automatic process eliminates the need for manual unpacking and ensures that
encrypted folders are fully restored to their original state.

203
src/content/docs/guides/fundamental-concepts.md
View File

@ -5,89 +5,164 @@ sidebar:
order: 1
---
If you're new to GPG (GNU Privacy Guard) or PGP (Pretty Good Privacy), it's
essential to understand some key concepts before diving in. This knowledge can
help you avoid common pitfalls, such as accidentally sharing your private key,
and ensure your communications remain secure.
If you're new to **GPG (GNU Privacy Guard)** or **PGP (Pretty Good Privacy)**,
this guide is for you. GPG is a free, open-source system for **encrypting
information** and **verifying identity**. It's widely used for secure
communication, file protection, and digital signing.
## Key Concepts of GPG/PGP
Lets walk through the core concepts in a beginner-friendly way.
### Key Pair Basics
## 🔐 What Is a Key Pair?
In the world of GPG/PGP, everything starts with a key pair. Think of a key pair
like a set of two uniquely related keys on a key ring:
At the heart of GPG is the **key pair**: two mathematically linked keys.
- **Public Key**: This is like your home address that you can share with anyone.
Others will use it to send you encrypted messages or verify your digital
signature.
- **Private Key**: This is akin to the key to your house. It must be kept secret
because it can decrypt the messages sent to you or sign messages from you.
- **Public Key**: Share this with anyone. Others use it to:
- Send you encrypted messages.
- Verify your digital signature.
#### Why Both Keys?
- **Private Key**: Keep this secret. You use it to:
- Decrypt messages sent to you.
- Sign data so others know its really from you.
The magic of this system lies in its use of cryptographic algorithms. Data
encrypted with your public key can only be decrypted by your private key, and
vice versa. This ensures that only the intended recipient can read the message,
and it can verify the sender's identity if a signature is used.
> 🧠 Think of it like a mailbox:
> - Your public key is the address — people can send you letters.
> - Your private key is the key to open the mailbox — only you can read whats
> inside.
### Generating Your Key Pair
## 🔧 Generating a Key Pair
Before you can start encrypting or signing anything, you need to generate your
key pair. This process involves choosing a cryptographic algorithm (like RSA or
DSA) and often setting a key size (with larger sizes being more secure but
slower).
To use GPG, you first create a key pair. During creation, youll choose:
#### Safety First
- A **cryptographic algorithm** (e.g., RSA, ECC).
- A **key size** (larger sizes are more secure but slower).
- A **passphrase** to protect the private key.
When creating your key pair, you'll also be asked to enter a passphrase. This
adds an extra layer of security, as the passphrase will be needed to access your
private key. Choose a strong, memorable passphrase to protect your key.
> 🔒 Your passphrase adds a layer of protection — even if someone gets your key
> file, they cant use it without this password.
### Understanding Subkeys
## 🧩 What Are Subkeys?
A GPG key pair doesn't have to be limited to just one public and one private
key. You can generate subkeys for specific purposes, such as:
A GPG identity doesnt stop at one key pair. You can create **subkeys** under
your primary key. These are used for specific tasks:
- **Encryption Subkey**: Used solely for encrypting and decrypting messages.
- **Signing Subkey**: Used for creating and verifying digital signatures.
- **Encryption Subkey**: Used to encrypt/decrypt data.
- **Signing Subkey**: Used to create/verifiy digital signatures.
Subkeys are tied to your primary key pair but can be revoked or replaced
independently, which is useful if a subkey is compromised but your primary key
remains secure.
Subkeys are tied to your identity, but they can be revoked or replaced
independently.
### The Role of the Primary Key
> ✅ Tip: Use subkeys for everyday tasks and keep your **primary key offline** or
> backed up securely.
Your primary key pair is the foundation of your GPG identity. All subkeys are
associated with this primary pair. The primary key is typically used for
signing, to establish trust within the network, and to certify subkeys.
## 🧱 Understanding the Primary Key
#### Protect Your Primary Key
Your **primary key** is your core identity. It:
- Links to your user ID (usually name + email).
- Signs your subkeys.
- Can certify other people's public keys (used to build trust networks).
If your primary private key is compromised, the entire security of your key ring
is at risk. Therefore, it's crucial to:
### Why Is It So Important?
- Keep your primary private key in a secure location.
- Use subkeys for day-to-day encryption and signing tasks.
- Consider using hardware security modules (HSMs) or smart cards to store keys
securely.
If someone gains access to your **primary private key**, they can impersonate
you. Thats why:
## Best Practices for Beginners
- It should be **backed up** securely.
- Its best to use **subkeys** for daily operations.
- Some people even keep their primary key **offline** for maximum safety.
1. **Backup Your Keys**: Securely backup your private keys (especially the
primary one) in case of hardware failure or loss.
2. **Use Strong Passphrases**: Your key's security is only as good as your
passphrase. Use a long, complex passphrase that is difficult to guess.
3. **Regularly Update Your Keys**: Over time, cryptographic standards evolve.
Regularly review and update your keys and algorithms to ensure they remain
secure.
4. **Learn Key Management**: Practice importing, exporting, revoking, and
verifying keys. Good key management habits are crucial for maintaining your
security over time.
5. **Engage with the Community**: The GPG/PGP community is vast and supportive.
Join forums, read blogs, and participate in discussions to learn from
experienced users.
## ✉️ How Encryption Works
By understanding these fundamental concepts and adhering to best practices,
you'll be well on your way to securely using GPG/PGP. Remember, the goal is to
protect your communications and identity in the digital world, and a solid grasp
of these basics is the first step.
Imagine you want to send a private message to someone:
1. You encrypt the message using their **public key**.
2. Only their **private key** can decrypt it.
3. You can also add your **signature** using your private key.
4. They can **verify your signature** with your public key.
This ensures:
- **Privacy**: No one but the intended recipient can read the message.
- **Authenticity**: The recipient knows the message is from you.
## 🖋️ What Is Digital Signing?
Signing is like sealing a document with your unique fingerprint. It allows
others to:
- Confirm the message hasnt been changed.
- Confirm that **you** are the sender.
Digital signatures are used to:
- Sign emails.
- Sign files or software packages.
- Sign other people's public keys (to build trust).
## 📦 Real-Life Use Cases
### Secure Email
You want to email a sensitive document:
- Encrypt it using the recipients public key.
- Sign it with your private key.
- The recipient decrypts and verifies it.
### Software Publishing
You release a file or program online:
- You sign it.
- Users can verify the signature before using it.
### Building Trust
You meet someone at a conference:
- You exchange and sign each others keys.
- Anyone who trusts your key may now also trust theirs.
## ✅ Best Practices for New Users
1. **Back Up Your Keys**: Store your private key and revocation certificate in a
secure, offline location.
2. **Use Strong Passphrases**: The private key is only as safe as the password
protecting it.
3. **Separate Daily and Master Keys**: Use subkeys for regular work; keep your
primary key protected.
4. **Update When Needed**: Cryptography evolves — review and rotate keys as
needed.
5. **Revoke If Compromised**: If your private key is stolen or lost, revoke it
immediately and inform your contacts.
6. **Understand the Web of Trust**: GPG builds trust by people signing each
other's keys — this forms a decentralized trust model.
## 🧭 Summary
GPG is a powerful tool for privacy and digital identity. By learning:
- How keys work,
- When to encrypt vs. sign,
- And how to protect your credentials,
Youre taking a big step toward securing your digital life.
## 🧰 Where Does GpgFrontend Fit In?
While GPG/PGP itself is powerful, it is mostly command-line based — which can be
intimidating for beginners.
This is where **GpgFrontend** comes in.
GpgFrontend is a graphical interface built on top of GnuPG. It helps users
perform key operations such as:
- Generating and managing key pairs
- Encrypting and decrypting messages or files
- Signing and verifying content
- Uploading and fetching keys from key servers
- More...
All of this can be done through a **clear and user-friendly interface**, making
GPG accessible without needing to learn complex commands.
Whether you're just starting to explore encrypted communication or already
managing multiple keys, GpgFrontend acts as a bridge — combining the strength of
GPG with simplicity and clarity.
> 🧩 You focus on **secure communication** — let GpgFrontend handle the
> complexity behind it.

94
src/content/docs/guides/generate-key.md
View File

@ -4,66 +4,72 @@ sidebar:
order: 3
---
GpgFrontend makes it easy to generate a key pair or a subkey for encryption,
signing, and authentication. Follow the steps below to create your own keys.
GpgFrontend provides a flexible and user-friendly interface for generating
GnuPG-compatible key pairs. The updated **Generate Key** dialog introduces
multiple configuration levels—from simplified templates to advanced
cryptographic control—catering to both casual and expert users.
## Steps to Generate a Key Pair
## Launch the Generate Key Dialog
![Generate A Key Pair](https://image.cdn.bktus.com/i/2024/06/15/5df15149-1890-2645-8452-e7c4798ccd16.webp)
In the **Key Management** interface, click on the **“New Keypair”** button. This
opens the **Generate Key** window, where you can define your identity and
configure key parameters.
1. **Open Key Management**:
## Enter User Information
- Click on the "New Keypair" button in the Key Management interface. This
will open the Generate Key dialog box.
- **Name**: Required. Enter your full name (minimum 5 characters).
- **Email**: Required. Must be in a valid email format.
- **Comment**: Optional. Helps distinguish this key from others.
2. **Fill in Basic Information**:
## Choose Key Database
- **Name**: Enter your name. The name should be at least 5 characters long.
- **Email Address**: Enter your email address. It should follow the correct
email format.
- **Comment**: Optionally, add a comment to help differentiate this key pair
from others.
Select the **Key Database** where the generated key pair will be stored (e.g.,
`0: TEST`).
3. **Set Expiration Date**:
## Configure Key Settings
- Choose an expiration date for the key pair. By default, GpgFrontend
suggests setting the expiration date to two years after generation.
- Alternatively, you can check the "Never expire" checkbox to make the key
pair permanent. This option can be changed later, even after the key has
expired.
The **Generate Key** dialog offers two configuration modes:
4. **Select Key Size and Type**:
### Easy Mode
- **Key Size**: Choose the key size. The default size is 2048 bits. Note that
the size option is only applicable when the key type is RSA or DSA.
- **Key Type**: Select the type of key you want to generate. Available
options include RSA, DSA, ECDSA, ECDSA + ECDH, ECDSA + ECDH NIST P-256, and
ECDSA + ECDH BrainPool P-256. For key types with a plus sign (e.g., ECDSA +
ECDH), a primary key and a corresponding subkey will be generated.
Easy Mode simplifies key generation using common templates. You can configure:
5. **Set a Passphrase**:
- **Algorithm**: RSA, DSA, ECC (Curve25519), or other supported types.
- **Validity Period**: Choose from preset options (e.g., 3 months, 2 years, 10
years, or *Non Expired*).
- **Combination**:
- **Primary Key Only**
- **Primary Key with Subkey** — useful when separating signing and encryption
functions.
- It is crucial to set a passphrase to protect your private key. Uncheck the
"Non Pass Phrase" checkbox and enter a strong, unique passphrase.
- If you prefer not to set a passphrase (not recommended for security
reasons), you can leave the "Non Pass Phrase" checkbox checked.
> Recommended for users who prefer a faster and more guided setup process.
6. **Select Key Usage**:
### Advanced Mode (Primary Key & Subkey Tabs)
- Specify the usage for the key pair. Options include:
- **Encryption**: For encrypting data.
- **Signing**: For creating digital signatures.
- **Certification**: For certifying other keys (only for primary keys).
- **Authentication**: For authentication purposes, such as SSH keys.
- Note that some usages may not be available depending on the selected key
type. For example, the DSA algorithm does not support encryption.
Switch to the **Primary Key** and **Subkey** tabs for detailed cryptographic
control. Available options include:
7. **Generate the Key Pair**:
- After filling in all the necessary information and selecting the desired
options, click the "OK" button to generate your key pair.
- **Algorithm**: RSA, DSA, ED25519, ED448, Brainpool, NIST, CV25519, and others.
- **Key Length**: Adjustable for applicable algorithms (e.g., RSA: 2048, 3072,
4096 bits).
- **Expiration**: Set a specific expiry date or mark the key as non-expiring.
- **Usage Flags**:
- Encrypt
- Sign
- Authenticate
- Certify (for primary keys)
- **Passphrase Protection**: Enable or disable passphrase requirement.
By following these steps, you can generate a secure key pair using GpgFrontend,
tailored to your specific needs for encryption, signing, and authentication.
> Ideal for experienced users who require full control over key structure and
> behavior.
## Generate the Key Pair
Once configuration is complete:
- Review the summary in the lower panel.
- Click the **“Generate”** button.
- GpgFrontend will begin the generation process and confirm when complete.
## Primary Key Supported Algorithms

119
src/content/docs/guides/generate-use-subkey.md
View File

@ -1,53 +1,73 @@
---
title: Generate and Use Subkey
title: Generate and Use Subkey(s)
sidebar:
order: 3
order: 4
---
GpgFrontend provides comprehensive support for subkeys, allowing users to
enhance security and flexibility through proper key management.
GpgFrontend allows users to extend their primary key pairs by generating one or
more subkeys. Subkeys can be used for specific cryptographic purposes, such as
encryption, signing, or authentication, while keeping the primary key more
secure and reserved for certification.
## Steps to Generate a Subkey
## Generating a Subkey
![Generate A Subkey](https://image.cdn.bktus.com/i/2024/06/15/a56c83bc-72ad-6232-1764-6fef5aeceddd.webp)
There are **two entry points** to generate a subkey:
1. **Open Key Management**:
### Method 1: From Key Management
- In the Key Management interface, right-click on the key pair you wish to
add a subkey to. Select the "New Subkey" option from the context menu.
1. **Open Key Management**
- Navigate to the main **KeyPair Management** interface.
- Right-click on the key pair to which you want to add a subkey.
- Select **“New Subkey”** from the context menu.
2. **Fill in Basic Information**:
![](https://image.cdn.bktus.com/i/2025/04/09/194529c8-4745-a2f1-5b9a-70cb66344243.webp)
- **Key Type**: Select the type of subkey you want to generate. Available
options include RSA, DSA, ECDSA, ECDH, ECDH NIST P-256, ECDH NIST P-384,
ECDH NIST P-521, ECDH BrainPool P-256, ECDH BrainPool P-384, and ECDH
BrainPool P-512.
- **Key Size**: Choose the key size. This option is only applicable when the
key type is RSA or DSA.
- **Expiration Date**: Set an expiration date for the subkey. You can also
choose to check the "Never expire" checkbox to make the subkey permanent.
3. **Set a Passphrase**:
### Method 2: From Key Details View
- If the primary key has a passphrase, the subkey's passphrase must be equal
to it. Ensure that the "Non Pass Phrase" checkbox is unchecked if you want
to set a passphrase.
1. **Open Key Details**
- Double-click on the desired key pair in the **Key Management** list.
- Switch to the **Keychain** tab.
- Click the **“Generate A New Subkey”** button.
4. **Select Key Usage**:
![](https://image.cdn.bktus.com/i/2025/04/09/fb9eddab-3842-061c-f81c-48fe660bb651.webp)
- Specify the usage for the subkey. Options include:
- **Encryption**: For encrypting data.
- **Signing**: For creating digital signatures.
- **Authentication**: For authentication purposes, such as SSH keys.
- Note that the certification usage is not available for subkeys.
### Configuring the Subkey
5. **Generate the Subkey**:
- After filling in all the necessary information and selecting the desired
options, click the "OK" button to generate your subkey.
Once the subkey generation dialog appears, configure the following settings:
By following these steps, you can generate a subkey using GpgFrontend, which
enhances the functionality of your primary key pair for various cryptographic
operations.
- **Algorithm**: Choose the algorithm for the subkey. Options include:
- RSA, DSA
- ECC (e.g., ED25519, ED448, CV25519, SECP256K1, Brainpool, NIST curves, etc.)
- ECDH for encryption, EdDSA for signing, etc.
- **Key Size**: Select the desired key size. This setting is available for most
algorithms, including RSA, DSA, and ECC variants (such as Curve25519,
Brainpool, or NIST curves). For curve-based algorithms, the key size typically
corresponds to the selected curve (e.g., ED25519 = 256 bits), while RSA/DSA
allows configurable sizes like 2048, 3072, or 4096 bits.
- **Expiration Date**: Set how long the subkey remains valid:
- Predefined periods (e.g., 1 year, 2 years)
- Exact date/time
- Or enable **“Non Expired”** for permanent validity.
- **Key Usage**: Choose what the subkey can be used for:
- `Encrypt`
- `Sign`
- `Authenticate`
*(Certification usage is reserved for primary keys.)*
### Final Step: Generate
Once all configurations are completed:
- Review your choices in the summary area (if available).
- Click **“Generate”** to create the subkey.
- The new subkey will be listed under the **Keychain** tab of the selected key
pair.
![](https://image.cdn.bktus.com/i/2025/04/09/39cd8ec1-303e-9fa8-7104-8cf0606565ff.webp)
## Understanding Primary Keys and Subkeys
@ -133,7 +153,8 @@ and successfully export a subkey:
a location to save the exported subkey. Choose a secure directory and save
the subkey as a separate file.
![Export Subkey](https://image.cdn.bktus.com/i/2024/11/29/15c9ab0c-a05e-0117-3244-2ac01aaed9a9.webp)
![Export
Subkey](https://image.cdn.bktus.com/i/2024/11/29/15c9ab0c-a05e-0117-3244-2ac01aaed9a9.webp)
### Step-by-Step Guide to Importing Subkeys
@ -141,16 +162,19 @@ To demonstrate how to import an individual subkey that has been previously
exported, let's refer to the screenshots provided. Below is a step-by-step guide
to navigate the GpgFrontend interface and successfully import a subkey:
1. **Select the Key Database**: Choose the appropriate key database from the **Key Toolbox**.
1. **Select the Key Database**: Choose the appropriate key database from the
**Key Toolbox**.
![Switch Key Database](https://image.cdn.bktus.com/i/2024/11/29/0e8ff19e-4189-65db-5732-1a2e79d9b8a6.webp)
![Switch Key
Database](https://image.cdn.bktus.com/i/2024/11/29/0e8ff19e-4189-65db-5732-1a2e79d9b8a6.webp)
1. **Import the Subkey**: Click on the **Import Key** button in the top toolbar,
and select **File** from the dropdown menu. This action will open a dialog
where you can browse your system to locate the previously exported subkey
file.
![Import the Subkey](https://image.cdn.bktus.com/i/2024/11/29/8f3456ba-6275-4ef9-8e41-49b9b6bc0dfa.webp)
![Import the
Subkey](https://image.cdn.bktus.com/i/2024/11/29/8f3456ba-6275-4ef9-8e41-49b9b6bc0dfa.webp)
2. **Select Subkey File**: Browse to the location where the subkey file is
saved, select it, and click **Open**. This will import the subkey into the
@ -161,10 +185,11 @@ to navigate the GpgFrontend interface and successfully import a subkey:
You should see all relevant information about the subkey, including **Key
ID**, **Algorithm**, **Key Size**, and **Usage**.
4. **Handling Primary Key**:You can now move your master key to a safe place. Then delete it at
GpgFrontend.
4. **Handling Primary Key**:You can now move your master key to a safe place.
Then delete it at GpgFrontend.
![Verify Imported Subkey](https://image.cdn.bktus.com/i/2024/11/29/ac01142d-1ffa-ba32-daac-36ddf0729ff1.webp)
![Verify Imported
Subkey](https://image.cdn.bktus.com/i/2024/11/29/ac01142d-1ffa-ba32-daac-36ddf0729ff1.webp)
### Confirming Primary Key Absence
@ -174,7 +199,8 @@ for this subkey does not exist in the current key database. This is expected if
you have securely removed the primary key to minimize exposure, while retaining
the subkeys for ongoing operations.
![Meaning of'#' Symbol](https://image.cdn.bktus.com/i/2024/11/29/78d9bc07-8b96-302b-25d1-cbb88815f16a.webp)
![Meaning of'#'
Symbol](https://image.cdn.bktus.com/i/2024/11/29/78d9bc07-8b96-302b-25d1-cbb88815f16a.webp)
You can confirm the absence of the primary key by opening the **Key Details**
view of the imported subkey. In the **Primary Key Existence** section, it should
@ -189,7 +215,8 @@ Existence** section in the Key Details view, which will display **Not Exists**.
This setup is intentional in many cases to improve security by isolating the
primary key.
![Primary Key Not Exists](https://image.cdn.bktus.com/i/2024/11/29/05594a4b-cdad-7ad4-070b-58e24701cce3.webp)
![Primary Key Not
Exists](https://image.cdn.bktus.com/i/2024/11/29/05594a4b-cdad-7ad4-070b-58e24701cce3.webp)
### Actions Limited by the Absence of a Primary Key:
@ -217,7 +244,8 @@ primary key poses a security risk. By isolating the primary key and relying
solely on subkeys, you can maintain a balance between functionality and
security.
![Use Subkey to Encrypt](https://image.cdn.bktus.com/i/2024/11/29/20047766-48ab-f4a3-175c-241c7d5c0dbf.webp)
![Use Subkey to
Encrypt](https://image.cdn.bktus.com/i/2024/11/29/20047766-48ab-f4a3-175c-241c7d5c0dbf.webp)
### Tips for Secure Usage:
@ -240,7 +268,8 @@ primary keys may be restricted to certain secure algorithms for signing, subkeys
can employ diverse algorithms optimized for encryption, like ECDH, ensuring
efficient and secure operations tailored to the user's needs.
For more Details: [Comparison of Cryptographic Algorithms](/extra/algorithms-comparison)
For more Details: [Comparison of Cryptographic
Algorithms](/extra/algorithms-comparison)
**Subkey Supported Algorithms:**

10
src/content/docs/guides/import-export-key-pair.md
View File

@ -11,13 +11,13 @@ To access the import options, navigate to the toolbar and select the desired
method based on your specific requirements. Additionally, you can access
additional options by selecting the action menu in the key management section.
![Import Key Pair](https://image.cdn.bktus.com/i/2023/11/16/7c24bd6d-6e50-0eb8-943e-3447b96894b3.webp)
![](https://image.cdn.bktus.com/i/2023/11/16/7c24bd6d-6e50-0eb8-943e-3447b96894b3.webp)
In fact, you can find the action menu in the key management section, which
provides access to additional key management options beyond those available in
the toolbar.
![Import Key Pair 2](https://image.cdn.bktus.com/i/2023/11/16/15595b17-3a88-d790-c475-cf8c5c7ee4a5.webp)
![](https://image.cdn.bktus.com/i/2023/11/16/15595b17-3a88-d790-c475-cf8c5c7ee4a5.webp)
### File
@ -82,7 +82,7 @@ shown in the screenshot below. This will save the data to a file. Before
proceeding, please make sure to choose a suitable directory to store the file
containing the public key data.
![Export on the Key Pair at Operations Tab](https://image.cdn.bktus.com/i/2023/11/16/5f7a4dbc-d261-c395-31eb-a1bc55cb4d55.webp)
![](https://image.cdn.bktus.com/i/2023/11/16/5f7a4dbc-d261-c395-31eb-a1bc55cb4d55.webp)
### Export multiple public keys at once
@ -91,7 +91,7 @@ pairs on the key management interface and click on the "Export to Clipboard"
option. This will copy the data to your system clipboard, which you can then
paste into any application or file.
![Export multiple public keys at once](https://image.cdn.bktus.com/i/2023/11/16/fae0706d-8836-5ffe-804e-c21b06f1b445.webp)
![](https://image.cdn.bktus.com/i/2023/11/16/fae0706d-8836-5ffe-804e-c21b06f1b445.webp)
### Export Private Key
@ -100,7 +100,7 @@ contains the private key (either the primary key or subkey). From there, you can
select a destination and GpgFrontend will export the corresponding private key
content to that location.
![Export Private Key](https://image.cdn.bktus.com/i/2023/11/16/a453e2cd-3489-6403-8a89-13faa4dd6b32.webp)
![](https://image.cdn.bktus.com/i/2023/11/16/a453e2cd-3489-6403-8a89-13faa4dd6b32.webp)
Exporting the private key also exports both the public key and private key data,
as the private key data alone is meaningless without the corresponding public

293
src/content/docs/guides/key-server-operations.md
View File

@ -2,165 +2,208 @@
title: Key Server Operations
---
Key servers play a pivotal role in the ecosystem of encrypted communication,
serving as a centralized repository for public key information. These servers
enable individuals to share and retrieve public keys necessary for encrypted
messaging, even when direct exchange is not feasible. Key servers are
particularly useful in scenarios where secure communication needs to be
established without prior direct contact, or when a user's public key needs to
be widely distributed or updated due to security concerns.
Key servers are essential components in the ecosystem of encrypted
communication, serving as centralized repositories for public key information.
They allow users to **share, retrieve, and update** public keys, making secure
communication possible even when direct key exchange is not feasible.
When you wish to send an encrypted message but lack the recipient's public key,
key servers offer a solution by allowing you to search for and retrieve the
public key associated with the recipient's email address or key ID. This process
facilitates the encryption of messages in a way that ensures only the intended
recipient, who possesses the corresponding private key, can decrypt and read the
message.
Key servers are especially helpful when:
- You need to encrypt a message but don't have the recipients public key.
- You want to make your public key available for others to use.
- You need to **update or revoke** your public key in case of a compromise.
Moreover, key servers are integral to maintaining the integrity and
trustworthiness of the public key infrastructure. If a user's private key is
compromised, it is crucial to inform others not to use the associated public key
for encrypting messages anymore. By uploading a new public key to a key server
and marking the old one as obsolete or compromised, users can mitigate the risks
associated with the exposure of their private key.
GpgFrontend offers a convenient graphical interface for interacting with key
servers, making key search, import, export, and synchronization operations
straightforward for all users.
The functionality of key servers is enhanced by software tools such as
GpgFrontend, which simplifies the process of managing public keys. With
GpgFrontend, users can effortlessly upload their public key to key servers,
search for other users' public keys using an email address or key ID, and import
these keys for use in encrypted communication. The software's user-friendly
interface enables these operations to be performed with just a few mouse clicks,
making encrypted communication more accessible to a broader audience.
## 📥 Import Public Key From Key Server
It is important to note that once public key information is uploaded to a key
server, it is propagated across a network of key servers worldwide, making it
available to anyone who searches for it. This wide distribution ensures that
encrypted communication can be established easily across different platforms and
geographical locations. However, users should be aware that public keys uploaded
to key servers cannot be deleted, emphasizing the importance of careful key
management. In situations where a key needs to be updated, such as when adding a
subkey to a key pair, the new key information can overwrite the old one on the
server, thus maintaining the security and relevance of the key information
available to the public.
To import a public key, go to the **Import Key** section in the main page or Key
Manager, and select the **Key Server** option.
In summary, key servers are essential for the secure and efficient exchange of
encrypted messages, offering a reliable method for sharing and retrieving public
keys. They support the integrity of secure communications by facilitating the
widespread distribution of public keys and enabling users to update or replace
keys when necessary.
![Import Key Server
UI](https://image.cdn.bktus.com/i/2023/11/16/d75cb252-9a65-5b73-01cd-a45b5ff501ef.webp)
## Import Public Key From Key Server
### How to Import:
1. Choose a key server from the drop-down list.
2. Enter a **Key ID**, **Fingerprint**, or **Email Address** into the search
field.
3. Click **Search**.
4. If results are found, double-click a record to import the public key.
In the main page or in the key manager's Import key operation mode, there is a
key server option. After selecting this option you can see such an interface.
> 💡 By default, the key server list includes recommended options such as:
> - `https://keys.openpgp.org`
> - `https://keyserver.ubuntu.com`
>
> These servers are **preloaded as initial suggestions** in GpgFrontend, but you
> can fully customize this list through the **Settings → Key Servers**
> interface.
![Import Public Key From Key Server](https://image.cdn.bktus.com/i/2023/11/16/d75cb252-9a65-5b73-01cd-a45b5ff501ef.webp)
### After Importing
You can get a list of public keys associated with a key server by searching for
Key ID, fingerprint or email address via the search box. If there is a suitable
public key in the list, you can import it by double-clicking it.
Once a key is imported:
- GpgFrontend will display a confirmation message.
- If a newer version of the key already exists locally, the import is skipped.
![Import Public Key From Key Server 1](https://image.cdn.bktus.com/i/2023/11/16/ae422544-3764-0fe0-638a-d731715acf3e.webp)
You can then verify:
- Key creation date
- UID and key ID
- Whether the key is expired or revoked (using Key Manager filters)
When the import is complete, you can check whether the public key is actually
imported through the pop-up window (no need to import when the local public key
is newer), and you can also check some brief information about the public key.
## 📤 Export My Public Key to Key Server
![Import Public Key From Key Server 2](https://image.cdn.bktus.com/i/2023/11/16/cbb78f5f-3620-1534-4b4e-e7752e1c9aa4.webp)
To publish your public key:
It is important to note that the public key you import may have expired or been
revoked. You can check the status of the key by navigating to the category tab
in the key management interface. In addition to the search box, you may also
notice a drop-down box that allows you to choose which key server to retrieve
the public key information from. To modify or add to this list of candidate
servers, please refer to the last section of this document: Key server related
settings.
1. Open the **Key Details** interface for your key pair.
2. Go to the **Operations** tab.
3. Click **“Upload key pair to key server”**.
## Export My Public Key To The Key Server
![Upload
Key](https://image.cdn.bktus.com/i/2023/11/16/87b435b1-3eb2-421d-c8cb-f6d926b6a1c7.webp)
If the current key pair has a master key, you have the option to publish the
public key information to a key server. It is important to note that in order to
avoid confusion, GpgFrontend requires the presence of a master key for this
action to be performed. This ensures that users are aware of what they are doing
and the function being performed.
> ⚠️ GpgFrontend only allows uploading if a **master key** is present to prevent
> accidental publishing of incomplete keys.
### How To Use
Note:
- Only **public key** data is uploaded.
- Private keys are **never** uploaded.
You can find the entry of this operation through the operation tab of the key
pair detail interface, as shown in the following figure.
## 📤 Export My Public Key to Key Server
![Export My Public Key To The Key Server](https://image.cdn.bktus.com/i/2023/11/16/87b435b1-3eb2-421d-c8cb-f6d926b6a1c7.webp)
GpgFrontend allows you to upload your public key to a key server, making it
discoverable for others who wish to send you encrypted messages.
Perform the operation by clicking Upload key pair to key server. Note that the
naming of operations here is a bit confusing, but this is where your public key
information (not your private key) will be uploaded.
After v2.1.6, **GpgFrontend uses
[https://keys.openpgp.org](https://keys.openpgp.org)** for exporting public keys
by default. This server uses the **Verifying Keyserver (VKS) Interface**, which
provides extra protection against spam and key poisoning.
### Synchronize public key information from a key server
### Key Points:
- 🔐 **Only public keys are uploaded**, never private keys.
- ✅ **Master key is required** to export.
- ✉️ `keys.openpgp.org` requires email verification before your key becomes
publicly searchable.
- 🧱 Uploaded keys are **propagated through the VKS protocol** and cannot be
deleted.
Sometimes, before you perform an encryption operation, you want to know if the
public key you are using is still valid. At this point, you can get the latest
information about the key from the key server (if the public key server has
one).
To export:
1. Open the **Key Details** interface.
2. Go to the **Operations** tab.
3. Click **“Upload key pair to key server”**.
As above, you can find this action in the Actions tab of the key pair details
screen, as shown in the image below.
![](https://image.cdn.bktus.com/i/2023/11/16/87b435b1-3eb2-421d-c8cb-f6d926b6a1c7.webp)
GpgFrontend will upload the public key information to the default key server
you set. The private key information is not uploaded and should not be manually
uploaded anywhere by the user.
## 🔄 Synchronize Public Key Information
Refer to the last section of this document on how to set the default key server.
If you want to ensure that your local key matches what is available on the key
server, use the **“Synchronize key pair with key server”** feature.
![Set Default Key Server](https://image.cdn.bktus.com/i/2023/11/16/87b435b1-3eb2-421d-c8cb-f6d926b6a1c7.webp)
Like exporting, after v2.1.6, this operation also uses
**https://keys.openpgp.org** and its **VKS API**.
The "Synchronize key pair with key server" function allows for automatic
retrieval of public key information from the key server, which is then compared
with the local key information. After the operation is completed, a pop-up
window will appear indicating whether the key has actually been updated. It
should be noted that this operation is not possible if the private key exists
locally. This is because, in such a case, you already have the key pair and
should publish the latest information for the key pair instead of accepting
outdated information from the key server.
GpgFrontend will:
- Query the key server using your keys fingerprint.
- Compare the server copy with your local one.
- Indicate if any update is applied.
### Extra Information
> ⚠️ Synchronization is **not available** if you have the private key locally.
> In this case, you are expected to **publish** updates, not pull them.
GpgFrontend automatically communicates with the default key server that you have
set to obtain the necessary information. You can refer to the last section of
this document to learn how to set the default key server.
## ⚙️ Key Server Related Settings
## Sync ALL Public Key
You can configure your key server preferences in:
This is an advanced function provided by GpgFrontend, it can synchronize all
your local public key information at one time, if you want to know, please read
[this document](/advanced/sync-all-public-keys).
> **Settings → Key Servers**
## Key Server Related Settings
![](https://image.cdn.bktus.com/i/2023/11/16/afe69b9b-0576-d275-91df-79585c245b22.webp)
If you want to set a list of key servers or a default key server, you can do so
by accessing the Settings interface and navigating to the Key Servers tab. Here,
you will find options for managing your key server candidate list and
determining which key server is set as the default.
### Features:
- **Add a Server**: Enter the `https://` or `http://` address and click **Add**.
- **Edit a Server**: Double-click an address to edit it.
- **Delete a Server**: Right-click a row and select **Delete**.
- **Test Connection**: Click **Test** to check if the server is reachable.
![Key Server Related Settings](https://image.cdn.bktus.com/i/2023/11/16/afe69b9b-0576-d275-91df-79585c245b22.webp)
> ✅ **Recommended**: Always use HTTPS to prevent man-in-the-middle attacks.
To add a candidate key server to the list, simply enter the http or https
address of the key server you wish to add into the input box and click "Add". It
is strongly recommended that users use the https protocol to prevent
man-in-the-middle attacks. If you wish to delete a candidate key server, simply
right-click on the corresponding row in the table and select "Delete" from the
pop-up menu. To edit an existing candidate key server address, double-click on
the address in the table and edit it.
### 🌐 Set Default Key Server
To test the network connectivity of the servers in the key server candidate
list, click the "Test" button located at the bottom of the Key Servers tab.
However, note that the test only determines if the keyserver is reachable, not
whether the address is a valid keyserver.
To set a key server as your **default** for public key **search/import**
operations:
### Set Default Key Server
1. Right-click the desired server in the list.
2. Select **“Set as Default”**.
3. The default server will be marked in the first column of the table.
To set a candidate key server as your default key server, you can follow these
steps. First, locate the candidate key server you want to set as the default in
the table. Then, right-click the row of the corresponding key server, and click
"Set as Default" in the pop-up menu. Once set, you can verify whether a
candidate key server is the default key server by checking the first column of
the table.
> ⚠️ **Important (v2.1.6 and later)**:
>
> Setting a default key server **only affects key searches/imports**.
>
> - **Export** and **Sync** operations are no longer affected by this setting.
> - These operations **always use `https://keys.openpgp.org`**, which implements
> the Verifying Keyserver (VKS) API.
>
> This behavior ensures improved security and global consistency in public key
> management.
## Tips about Key Servers
| Key Server | Fuzzy Search | VKS Interface | Notes |
|-------------------------|--------------|---------------|-------------------------------------------|
| `keys.openpgp.org` | ❌ No | ✅ Yes | Requires exact match (email, fingerprint) |
| `keyserver.ubuntu.com` | ✅ Yes | ❌ No | Traditional HKP server, less strict |
> 🔎 `keys.openpgp.org` does **not** support fuzzy search — you must use the
> **exact email**, **full fingerprint**, or **full key ID**.
> ⚠️ **Don't confuse search servers with export/sync servers** — even if you
> perform key searches using a custom server like `keyserver.ubuntu.com`,
> **Export** and **Sync** operations will still use `keys.openpgp.org` by
> default in **GpgFrontend v2.1.6 and later**.
> 🛠️ **Want to restore previous behavior?**
> You can disable the `KeyServerSync` module in the advanced settings.
> This will prevent GpgFrontend from forcing export/sync operations to use
> `keys.openpgp.org`, allowing custom server logic to take effect again.
## 🔍 Automatically Check Key Publish Status
GpgFrontend v2.1.6 introduces a feature that automatically checks whether your
public key has been published on [keys.openpgp.org](https://keys.openpgp.org),
helping users keep track of their key visibility on the VKS-based keyserver.
### ✅ Feature Overview
- When enabled, GpgFrontend will fetch the **publish status** of a key from the
key server.
- If the key is found to be published on `keys.openpgp.org`, a message like the
following will be shown in the **Key Details** tab:
![](https://image.cdn.bktus.com/i/2025/04/09/40653adf-bf71-4038-77d3-3860f4fef106.webp)
### ⚙️ How to Enable
To activate this:
1. Go to `Settings → Network` tab.
2. Under **Network Ability**, check the box:
- ✅ **Automatically fetch key publish status from key server**
3. Restart GpgFrontend to apply the change.
![](https://image.cdn.bktus.com/i/2025/04/09/6c6d4f27-ff0e-176a-305b-d4bbbaaa7d75.webp)
### ⚠️ Important Notes
- This feature **only works with `keys.openpgp.org`**, which supports the
**Verifying Keyserver (VKS) API**.
- If the `KeyServerSync` plugin is **disabled**, the publish status will **not
be fetched**, and no notice will appear in the UI.
- It is purely a **read-only status check**, and does not modify or upload
anything to the server.
## 🔒 Final Notes
- Public keys uploaded to key servers are **distributed globally** and **cannot
be deleted**.
- Always verify imported keys before using them.
- Maintain proper key hygiene: revoke and update keys when compromised.
- Never upload private key material to any server.

163
src/content/docs/guides/sign-verify-file.md
View File

@ -1,163 +0,0 @@
---
title: Signing & Verifying Files
---
GpgFrontend extends its utility from handling text-based operations to
facilitating file operations with ease and security. The principle behind
signing and verifying files mirrors that of text, leveraging the robust
framework of digital signatures. However, a significant distinction lies in the
nature of the input and output for file operations, which can be binary,
accommodating a wider range of file types beyond simple text documents.
When signing a file using GpgFrontend, the software utilizes the private key of
the user to create a digital signature. This process begins by computing a hash
of the file's contents, regardless of whether the file is a document, image,
executable, or any other binary format. This hash serves as a compact
representation of the file's data. Subsequently, the hash is encrypted with the
user's private key, producing a digital signature unique to both the file and
the key used. The resulting signature can either be attached to the file or
stored separately, depending on the user's preference and the requirements of
the application.
Verifying a signed file with GpgFrontend involves the corresponding public key
of the private key that was used for signing. The verification process decrypts
the digital signature using this public key to extract the original hash value
that was generated during the signing. Simultaneously, the software computes a
new hash from the file that is purported to be authentic. By comparing these two
hash values, GpgFrontend can determine if the file has been altered after it was
signed. If the hashes match, it confirms the file's integrity and authenticity,
assuring the recipient of its untampered state and the signer's identity.
This binary capability of file operations in GpgFrontend not only broadens the
scope of digital signatures to encompass a variety of file types but also
ensures that the integrity and authenticity verification process is not limited
to text-based data. It provides a critical layer of security in digital
communications, where files of all kinds are shared and exchanged with the
expectation of privacy and trust.
The application of digital signatures to files through tools like GpgFrontend is
especially relevant in scenarios where the authenticity of the file source and
the integrity of its contents are paramount. This includes software
distribution, where verifying the source and integrity of software packages is
crucial to prevent malware distribution; document sharing in legal and financial
contexts, where tampering could have serious implications; and multimedia
content distribution, where copyright and ownership are significant concerns.
In summary, GpgFrontend's support for signing and verifying files elevates the
security of digital file exchanges by applying the principles of cryptography in
a user-friendly manner. By accommodating binary file operations, it ensures that
digital signatures are accessible and applicable across a broad spectrum of file
types, reinforcing the pillars of trust and security in digital communications.
## Sign & Verify File
GpgFrontend extends its utility from handling text-based operations to
facilitating file operations with ease and security. The principle behind
signing and verifying files mirrors that of text, leveraging the robust
framework of digital signatures. However, a significant distinction lies in the
nature of the input and output for file operations, which can be binary,
accommodating a wider range of file types beyond simple text documents.
## Using File Browser for Signing and Verifying
After clicking the **File Browser** button, a system directory selection dialog
will appear. Follow these steps to perform signing and verifying operations:
1. **Open File Browser**:
- Click the **File Browser** button in the toolbar at the top of the
interface. This will open a system dialog allowing you to choose a
directory.
2. **Select Directory**:
- In the system dialog, navigate to the desired directory and select it. Once
selected, a new tab named "File Browser" will open in GpgFrontend,
displaying the contents of the chosen directory.
3. **Select a File**:
- In the File Browser tab, you will see a list of files and folders within
the selected directory. Click on the file you want to sign or verify.
4. **Sign the File**:
- To sign a file, first select the file in the File Browser. Then, in the
**Key Toolbox** on the right, select your private key by checking the box
next to your key. Finally, click the **Sign** button in the toolbar at the
top.
5. **Verify the File**:
- To verify a file, select the signed file in the File Browser. Ensure you
have the corresponding public key in your keyring. Click the **Verify**
button in the toolbar. If the correct key is available, the file's
signature will be verified.
![File Operations](https://image.cdn.bktus.com/i/2024/06/15/e157e4ff-ddaa-3a24-1a6f-a3fb80a55661.webp)
By following these steps, you can easily manage file signing and verifying using
the GpgFrontend's File Browser feature. This streamlined process allows you to
handle your cryptographic needs directly from the file system interface.
## File Extension Requirements
GpgFrontend supports different file extensions for various cryptographic
operations. Understanding these extensions helps in properly managing signed
files. Heres a breakdown of the file extensions used:
#### ASCII Format
- **.asc**: Files with the ".asc" extension are in ASCII format. These files
contain ASCII-armored signatures, which are a text representation of the
signed data. ASCII format is typically used for easy sharing via email or text
editors, as it ensures compatibility with text-based applications.
#### Binary Format
- **.sig**: Files with the ".sig" extension are in binary format. Binary
signature files are more compact than their ASCII counterparts and are
generally used for more efficient storage and transmission. They cannot be
viewed directly in text editors, as the content is in a binary format.
- **.gpg**: Files with the ".gpg" extension are also used for binary signatures.
These files are used when both encryption and signing are performed together,
containing both the encrypted content and the signature.
To perform verification operations, you need to use files with either the
".sig", ".gpg", or ".asc" extension. These files contain the necessary signature
content required for these operations.
By adhering to these file extension requirements, you can ensure that your
signed files are correctly recognized and processed by GpgFrontend.
### Default Output Mode
Before version 2.0.4, GpgFrontend generated signature files exclusively in ASCII
format. However, beginning with version 2.0.4, GpgFrontend now generates
signature files in binary format by default. This setting can be adjusted in the
program's settings.
### Changing Output Mode
To change the output mode between ASCII and binary formats, follow these steps:
1. **Open Settings**:
- Navigate to the GnuPG Controller settings within GpgFrontend. This can be
done by accessing the settings menu from the main interface.
2. **Locate Binary Mode Option**:
- In the settings interface, under the "General" section, locate the option
labeled "Use Binary Mode for File Operations".
3. **Toggle Binary Mode**:
- Check or uncheck this option to switch between binary (sig/gpg) and ASCII
(asc) output formats. Checking the box will enable binary mode, while
unchecking it will revert to ASCII format.
By following these steps, you can customize how GpgFrontend handles the format
of signature files according to your preference or needs.
![Locate Binary Mode
Option](https://image.cdn.bktus.com/i/2024/06/15/1a82922d-4a68-d315-f388-5571a4d93e8f.webp)

104
src/content/docs/guides/sign-verify-text.md
View File

@ -1,104 +0,0 @@
---
title: Signing & Verifying Text
---
Digital signatures, much like their analog counterparts, serve as a method for
asserting the authenticity and integrity of a digital document or message.
However, unlike traditional signatures, digital signatures offer a much higher
level of security, making it possible to ascertain not only the identity of the
signer but also whether the content has been tampered with since it was signed.
The foundation of digital signing and verification lies in the field of public
key cryptography, a cornerstone of modern secure communication. This system
relies on two keys: a private key, which is kept secret by the owner, and a
public key, which can be shared with anyone. To sign a document, the signer uses
their private key to generate a digital signature on the document. This
signature is unique to both the document and the private key, ensuring that any
changes made to the document after it has been signed can be detected.
Verification, on the other hand, requires the corresponding public key. When a
document is received along with its digital signature, the recipient can use the
signer's public key to verify the signature. This process checks that the
signature matches the document and was created with the private key
corresponding to the public key. If the document has been altered after signing,
the verification will fail, alerting the recipient to the tampering.
One of the advantages of digital signatures is the ability to use multiple
private keys for signing a document, similar to having a document signed by
multiple parties. Each signer uses their private key to sign the document, and
each signature can be independently verified with the corresponding public key.
This method is particularly useful in scenarios requiring the approval or
authorization of multiple entities.
Digital signatures are a critical component of secure communications, providing
assurances of authenticity, integrity, and non-repudiation. Non-repudiation
means that a signer cannot later deny the authenticity of the signature on a
document they signed. This is especially important in legal, financial, and
sensitive communications, where trust and authenticity are paramount.
Tools like GpgFrontend facilitate the process of creating and verifying digital
signatures in a user-friendly manner. GpgFrontend is built on top of the OpenPGP
standard, which is a widely accepted protocol for encryption and digital
signatures. The tool allows users to easily manage their encryption keys, sign
documents, and verify the signatures of received documents, thereby enhancing
the security and trustworthiness of digital communications.
In summary, digital signing and verification through tools like GpgFrontend
leverage public key cryptography to ensure the security and integrity of digital
communications. By enabling users to sign documents with their private keys and
allowing others to verify those signatures with corresponding public keys,
digital signatures provide a robust mechanism for authenticating the origin and
integrity of digital documents, far surpassing the capabilities of traditional
handwritten signatures.
## Signature Only
By signing the text, you establish that you are the sole and unalterable
authority for this text. You can simply sign the text without encrypting it as
follows:
![Peek 2022-01-12
06-50](https://image.cdn.bktus.com/i/2023/11/16/9c95a381-52b9-4d2b-c21d-38fdc6cbc76d.gif)
To check whether a key can be used for signing, please review the 'Usage' column
in the key toolbox on the right (the letter 'S' stands for signature).
## Signature with Encryption
You also have the option to sign and encrypt at the same time by choosing a
public key for encryption and your private key for signing. This is a common
practice where you select two key pairs: one belonging to someone else for
encryption, and your private key for signing. If you don't select a key for
signing, only encryption is possible, but you will receive a warning. It's worth
noting that combining signing with encryption provides an additional layer of
security as it assures the recipient that the message hasn't been altered and it
came from the sender whose identity is verified by the digital signature.
![Peek 2022-01-12
06-54](https://image.cdn.bktus.com/i/2023/11/16/fd98e968-5e59-7bee-abea-99ab234be7a6.gif)
## Verification
Once you have a plaintext and its corresponding signature, you can verify the
signature using the signer's public key. However, this type of signature isn't
suitable for emails as it can make the email less readable.
![Peek 2022-01-12
06-56](https://image.cdn.bktus.com/i/2023/11/16/fbde7130-72c3-1fce-8366-47643fc0e804.gif)
To verify a signature with text, you need to have the corresponding public key
for all included signatures. If a suitable public key for a signature isn't
found locally during verification, GpgFrontend will prompt you to import it.
![image-20220112070325556](https://image.cdn.bktus.com/i/2023/11/16/5ab80063-dbf7-0394-5c44-4c23f7b4702b.webp)
## Verification with Decryption
When decrypting a ciphertext, it's advised to verify it simultaneously,
regardless of whether the encryptor signed it or not. It's impossible to
determine from the ciphertext's format if it has been signed. Therefore, it's a
good habit to always perform decryption operations with verification whenever
possible.
![Peek 2022-01-12
07-10](https://image.cdn.bktus.com/i/2023/11/16/9e06ce22-f98d-47f1-ea76-e4e23b6dd32d.gif)

165
src/content/docs/guides/symmetric-encrypt-decrypt.md
View File

@ -4,128 +4,105 @@ sidebar:
label: Symmetric Crypto
---
## About Symmetric Encryption & Decryption
## 🔐 What Is Symmetric Encryption?
Symmetric encryption, in contrast to asymmetric encryption, uses a single key
for both the encryption of plaintext and the decryption of ciphertext. This
method is characterized by its simplicity and speed, making it a popular choice
for encrypting large volumes of data or for scenarios where the sharing of keys
between the sender and receiver can be securely managed. GpgFrontend provides a
user-friendly interface for implementing symmetric encryption, streamlining the
process for users who may not be familiar with the intricacies of cryptographic
operations.
**Symmetric encryption** is a method of securing data where the **same
password** is used to both encrypt and decrypt information.
The process of symmetric encryption with GpgFrontend begins when a user opts to
encrypt data without selecting a recipient's public key from the Key Toolbox.
This action signals the software to use symmetric encryption for the task at
hand. At this point, the user is prompted to create a password. This password
acts as the encryption key, transforming the plaintext into ciphertext through a
cryptographic algorithm. It's crucial that this password is strong and unique,
as the security of the encrypted data directly depends on the password's
complexity and unpredictability.
Unlike **asymmetric encryption**, which uses a public/private key pair,
symmetric encryption relies on a single shared secret (the password). This
approach is:
Once the password is established, GpgFrontend proceeds to encrypt the data. The
resulting ciphertext can only be decrypted with the exact password used for its
encryption. This means that anyone who wishes to access the encrypted data must
know the password, highlighting the importance of securely sharing this password
between the sender and receiver.
- ✅ Fast and efficient
- ✅ Ideal for large files or quick one-time sharing
- ❗ Best used when both parties can safely share the password
Decrypting symmetrically encrypted data with GpgFrontend requires the same
password used during the encryption phase. When the 'Decrypt' function is
initiated, the software prompts the user to enter the password. Upon successful
authentication with the correct password, the software decrypts the ciphertext
back into readable plaintext. This decryption process, like encryption, is
straightforward and efficient, but the security of the data relies entirely on
the password's confidentiality.
> 📌 If someone intercepts the password, the encrypted data is no longer secure
> — so always handle password exchange carefully.
Symmetric encryption is particularly useful in scenarios where encrypted data
needs to be stored securely or transmitted over a secure channel, and where the
overhead of managing public and private keys is not desirable. However, the
challenge of securely exchanging the password between the sender and receiver
cannot be understated. If this password is intercepted or guessed by an
unauthorized party, the encrypted data's security is compromised.
## 🔄 How It Works
## How to Perform Symmetric Encryption
1. You choose a **strong password**.
2. That password is used to **encrypt** the data.
3. Anyone with the **same password** can **decrypt** it.
4. No key pair is required — only the shared password.
Performing symmetric encryption with GpgFrontend is a straightforward process.
Follow these steps to encrypt your data using a password:
> 📎 Encryption security depends entirely on the strength and secrecy of the
> password used.
1. **Prepare Your Data**:
## ✍️ Encrypting Data Symmetrically
- Start by opening GpgFrontend and entering the text you want to encrypt in
the text editor area. You can create a new tab through the "New" option if
needed.
To encrypt text using symmetric encryption:
2. **Initiate Encryption**:
1. **Enter the Text**
- Input the plaintext (the content you want to protect).
- Click the 'Encrypt' button in the Operations Bar at the top of the
interface. This button is represented by a padlock icon with the label
"Encrypt".
2. **Start Encryption**
- Choose to encrypt **without selecting any public key**.
3. **No Key Selected**:
3. **Set a Password**
- When prompted, enter a **strong, unique password**.
- This becomes your **encryption key**.
- If no key is selected in the Key Toolbox, a prompt will appear asking if
you want to encrypt with a symmetric cipher using a passphrase. Click "OK"
to proceed.
4. **Encryption Completes**
- The text is transformed into ciphertext.
- You can now save it or share it with someone.
4. **Set a Password**:
> 🔐 The recipient will need the **exact same password** to decrypt the message.
- Enter a strong, unique password in the prompt that appears. This password
will be used to encrypt your data. Ensure that the password is complex and
secure, as it will be required to decrypt the data later.
![Symmetric
Encryption](https://image.cdn.bktus.com/i/2024/06/15/e81042ca-40e4-0ce4-5a44-111a89acb5d1.webp)
5. **Encryption Process**:
## 🔓 Decrypting Symmetric Encrypted Data
- GpgFrontend will use the provided password to encrypt your data,
transforming the plaintext into ciphertext. The resulting encrypted message
will be displayed in the text editor area.
To decrypt content that was encrypted symmetrically:
6. **Save or Share Encrypted Data**:
- You can now save the encrypted message to a file or share it with others.
Remember, the recipient will need the exact password used during encryption
to decrypt the data.
1. **Paste the Ciphertext**
- The message should begin with `-----BEGIN PGP MESSAGE-----` and end with
`-----END PGP MESSAGE-----`.
By following these steps, you can easily encrypt your data using symmetric
encryption in GpgFrontend. This method is ideal for scenarios where you need to
secure data with a password without managing public and private keys.
2. **Initiate Decryption**
- Choose to decrypt the message.
![Symmetric Encryption](https://image.cdn.bktus.com/i/2024/06/15/e81042ca-40e4-0ce4-5a44-111a89acb5d1.webp)
3. **Enter the Password**
- Input the **same password** that was used for encryption.
## How to Decrypt Symmetric Encryption?
4. **View the Plaintext**
- If the password is correct, the original message will be revealed.
Decrypting symmetrically encrypted data with GpgFrontend is straightforward and
similar to decrypting data encrypted with asymmetric encryption. Follow these
steps:
> 🧠 If the password is incorrect or mistyped, decryption will fail.
1. **Copy the Ciphertext**:
## 💡 When to Use Symmetric Encryption?
- First, ensure that you have the ciphertext (the encrypted message) copied
to your clipboard. The ciphertext should be in the format typically
generated by GnuPG, enclosed in `-----BEGIN PGP MESSAGE-----` and `-----END
PGP MESSAGE-----` tags.
Symmetric encryption is a great choice when:
2. **Paste the Ciphertext into the Text Editor**:
- Youre encrypting something **for yourself** (e.g. storing private notes or
backup files).
- Youre sharing data over a **secure channel**, and can **safely provide the
password**.
- You dont want to manage public/private key infrastructure.
- Open GpgFrontend and paste the ciphertext into the text editor area. You
can do this by creating a new tab through the "New" option if needed.
However, it is **not ideal** for public communication where secure password
exchange is difficult.
3. **Click the Decrypt Button**:
## 🛡️ Tips for Better Security
- Click the 'Decrypt' button in the Operations Bar at the top of the
interface. This button is represented by a key icon with the label
"Decrypt".
- Always use a **strong, complex password** (longer is better).
- Never send passwords through insecure channels (e.g., unencrypted email).
- Consider using symmetric encryption as a supplement to public-key encryption —
e.g., encrypt a file symmetrically, then encrypt the password with the
recipients public key.
4. **Enter the Password**:
## 🧭 Summary
- A prompt will appear asking for the password that was used to encrypt the
data. Enter the correct password and confirm.
| Feature | Symmetric Encryption |
|------------------------|---------------------------------------------|
| Key type | Single shared password |
| Use case | Fast, simple encryption |
| Ideal for | Self-encryption or trusted 1-to-1 sharing |
| Sensitive to | Password leaks |
| Key management needed | ❌ No |
5. **Decryption Process**:
- GpgFrontend will use GnuPG to recognize the type of encryption used and the
corresponding key. If the password is correct, the software will decrypt
the ciphertext and display the readable plaintext in the text editor area.
By following these steps, you can efficiently decrypt any symmetrically
encrypted data using GpgFrontend. The software's ability to automatically
recognize the encryption type and key ensures a seamless decryption process,
making it easy to access your encrypted information securely.
Symmetric encryption is a lightweight and powerful tool — when used correctly.
Always combine it with safe password management to ensure your data stays truly
secure.

116
src/content/docs/guides/text-opetations.md Normal file
View File

@ -0,0 +1,116 @@
---
title: Text Operations
sidebar:
order: 5
---
GpgFrontend is a user-friendly graphical interface for GnuPG that simplifies the
core cryptographic operations: **encryption**, **decryption**, **signing**, and
**verification**. It supports secure communication through public key
cryptography and provides intuitive workflows for both beginners and advanced
users.
## Understanding the Basics
Public key cryptography relies on key pairs:
- **Public Key**: Used to encrypt or verify.
- **Private Key**: Used to decrypt or sign.
Before performing encryption or signing operations, users must generate their
own key pair and exchange public keys with their communication partners.
## Encrypting Text
### Only Encrypt
Use the recipient's **public key** to encrypt plaintext. This method:
- Produces a shorter ciphertext.
- Does **not** reveal the sender's identity.
- Is ideal when anonymity is preferred.
> 🔐 Tip: Dont use your own public key to encrypt unless you're sending a
> message to yourself.
![](https://image.cdn.bktus.com/i/2023/11/16/07c99019-318a-3b85-ea63-0d473ebcd7ec.gif)
### Encrypt & Sign
This method encrypts the message with the recipient's public key and signs it
with **your own private key**, ensuring:
- Confidentiality
- Message authenticity
- Proof of origin
To use this method:
- Choose the recipients public key.
- Select **your private key** with signing capability (`Usage = S`).
> 📄 The resulting ciphertext is longer due to the signature. The Info Board
> will display signature details after encryption.
![](https://image.cdn.bktus.com/i/2023/11/16/cb4ac40a-9830-7429-8447-7ada6bc6571b.gif)
## Signing Text
### Signature Only
Use your **private key** to sign text without encrypting it:
- This confirms authorship.
- Anyone with your public key can verify it.
Check the keys `Usage` column for `S` to confirm it's suitable for signing.
![Signature
Only](https://image.cdn.bktus.com/i/2023/11/16/9c95a381-52b9-4d2b-c21d-38fdc6cbc76d.gif)
### Sign with Encryption
Sign and encrypt together by selecting the recipient's public key and your own
private signing key:
- Ensures both confidentiality and authenticity.
- Common in secure messaging or business communication.
![](https://image.cdn.bktus.com/i/2023/11/16/fd98e968-5e59-7bee-abea-99ab234be7a6.gif)
---
## Decrypting Text
### Decrypt Only
Paste or load the ciphertext into GpgFrontend. The tool will:
- Automatically use the correct **private key**.
- Notify you if no valid key is available.
> ✅ No need to check `Usage` manually; the tool handles key matching.
![](https://image.cdn.bktus.com/i/2023/11/16/a4ded61d-fb5b-cbf2-f0ec-e3b26e79f172.gif)
### Decrypt & Verify
If the message was signed, GpgFrontend will:
- Verify the signature using the **senders public key**.
- Display whether the signature is valid.
Use this for added assurance of sender authenticity and message integrity.
![](https://image.cdn.bktus.com/i/2023/11/16/9e06ce22-f98d-47f1-ea76-e4e23b6dd32d.gif)
---
## Verifying Signatures
To verify a detached or embedded signature:
- Use the senders **public key**.
- Paste or load the signed message.
GpgFrontend will:
- Check the integrity.
- Report any mismatch or missing public keys.
> 📥 If the required public key is missing, GpgFrontend prompts you to import
> it.
![](https://image.cdn.bktus.com/i/2023/11/16/fbde7130-72c3-1fce-8366-47643fc0e804.gif)
## Best Practices
- Always verify a message **before** decrypting when possible.
- Share only your **public key**, and **never** your private key.
- Use **Encrypt & Sign** for secure and authenticated communication.
- Use **Sign Only** for publishing documents or messages that require integrity
but not secrecy.

2
src/content/docs/guides/understand-interface.md
View File

@ -87,7 +87,7 @@ all core functionalities:
1. **New E-Mail**: Create a new email or text file.
2. **Open**: Open an existing text file.
3. **File Browser**: Browse and select files from your system.
3. **File Panel**: Browse and select files from your system.
4. **Encrypt**: Encrypt text or files using selected keys.
5. **Encrypt Sign**: Encrypt and sign text or files simultaneously.
6. **Decrypt**: Decrypt text or files.

2
src/content/docs/overview/glance.md
View File

@ -12,7 +12,7 @@ encryption, decryption, and digital signing, offering a seamless interface for
managing OpenPGP tasks. Embrace the latest features of GnuPG 2.x, enhancing your
security in the digital age.
**Document Version Reference: [v2.1.6](https://github.com/saturneric/GpgFrontend/releases/tag/v2.1.6)**
**Document Version Reference: [v2.1.7](https://github.com/saturneric/GpgFrontend/releases/tag/v2.1.7)**
## User Interface Glimpse

39
src/styles/custom.css Normal file
View File

@ -0,0 +1,39 @@
/* Dark mode colors. */
:root {
--sl-color-accent-low: #131e4f;
--sl-color-accent: #3447ff;
--sl-color-accent-high: #b3c7ff;
--sl-color-white: #ffffff;
--sl-color-gray-1: #eceef2;
--sl-color-gray-2: #c0c2c7;
--sl-color-gray-3: #888b96;
--sl-color-gray-4: #545861;
--sl-color-gray-5: #353841;
--sl-color-gray-6: #24272f;
--sl-color-black: #17181c;
}
/* Light mode colors. */
:root[data-theme='light'] {
--sl-color-accent-low: #c7d6ff;
--sl-color-accent: #364bff;
--sl-color-accent-high: #182775;
--sl-color-white: #17181c;
--sl-color-gray-1: #24272f;
--sl-color-gray-2: #353841;
--sl-color-gray-3: #545861;
--sl-color-gray-4: #888b96;
--sl-color-gray-5: #c0c2c7;
--sl-color-gray-6: #eceef2;
--sl-color-gray-7: #f5f6f8;
--sl-color-black: #ffffff;
}
.main-pane img {
max-width: 80%;
width: auto;
height: auto;
display: block;
image-rendering: auto;
object-fit: contain;
}