diff options
Diffstat (limited to '')
| -rw-r--r-- | src/content/docs/appendix/code-binary-verify.md | 12 | ||||
| -rw-r--r-- | src/content/docs/guides/file-operations.md | 15 | ||||
| -rw-r--r-- | src/content/docs/guides/generate-key.md | 8 | ||||
| -rw-r--r-- | src/content/docs/guides/key-server-operations.md | 68 | ||||
| -rw-r--r-- | src/content/docs/guides/openpgp-trust-manage.md | 35 | ||||
| -rw-r--r-- | src/content/docs/guides/text-opetations.md | 59 | ||||
| -rw-r--r-- | src/content/docs/overview/glance.md | 4 |
7 files changed, 104 insertions, 97 deletions
diff --git a/src/content/docs/appendix/code-binary-verify.md b/src/content/docs/appendix/code-binary-verify.md index 9a739c0..005215f 100644 --- a/src/content/docs/appendix/code-binary-verify.md +++ b/src/content/docs/appendix/code-binary-verify.md @@ -10,7 +10,7 @@ secure, automated build processes. ## Automated Build Process -Our software leverages **GitHub Actions** for automated compilations, ensuring +GpgFrontend leverages **GitHub Actions** for automated compilations, ensuring that every binary file version released is directly compiled from the source code stored in the GitHub repository's main branch. This approach guarantees that the compilation process is transparent, replicable, and free from manual @@ -32,10 +32,12 @@ verification mechanisms, as outlined below: ### Windows -All executable files (.exe, .dll) and installer packages are signed using a -[Certum](https://www.certum.eu/en/certum-by-asseco/) code signing certificate. -The signature is trusted by Windows and can be verified through standard Windows -mechanisms (e.g., file properties or signtool). +All executable files (.exe, .dll) and installer packages (.msi, .msix) are +signed using a [Certum](https://www.certum.eu/en/certum-by-asseco/) code signing +certificate. The signature is trusted by Windows and can be verified through +standard Windows mechanisms (e.g., file properties or signtool). + + ### macOS diff --git a/src/content/docs/guides/file-operations.md b/src/content/docs/guides/file-operations.md index 6b25cce..7ff5bff 100644 --- a/src/content/docs/guides/file-operations.md +++ b/src/content/docs/guides/file-operations.md @@ -28,7 +28,7 @@ the main interface, streamlining your workflow for secure file handling. Sign, or Verify—to perform the desired cryptographic operation on the selected file(s). - + ## Using File Panel Directly @@ -61,6 +61,10 @@ and using the appropriate key from the Key Toolbox: public key is available in your keyring and click the Verify button in the toolbar. + + + + ## File Extension Requirements Understanding the appropriate file extensions helps in managing encrypted and @@ -88,8 +92,9 @@ settings. To change the output mode between ASCII and binary formats: -1. Open Settings: Navigate to the GnuPG Controller settings within GpgFrontend by accessing - the settings menu. +1. Open Settings: Navigate to the [GnuPG + Controller](/advanced/gnupg-controller/) settings within GpgFrontend by + accessing the settings menu. 2. Locate Binary Mode Option: In the settings interface, under the "General" section, find the option labeled "Use Binary Mode for File Operations". 3. Toggle Binary Mode: Check or uncheck this option to switch between binary @@ -98,6 +103,8 @@ To change the output mode between ASCII and binary formats: This streamlined process allows you to manage file encryption, decryption, signing, and verification efficiently with GpgFrontend. + + ### Quick Toggle via File Panel Menu In addition to the settings menu, GpgFrontend also provides a quick toggle @@ -141,6 +148,8 @@ volumes of data.  + + ## Folder Encryption and Decryption GpgFrontend supports seamless encryption and decryption of entire folders diff --git a/src/content/docs/guides/generate-key.md b/src/content/docs/guides/generate-key.md index a43c38f..55a7699 100644 --- a/src/content/docs/guides/generate-key.md +++ b/src/content/docs/guides/generate-key.md @@ -15,10 +15,12 @@ In the **Key Management** interface, click on the **“New Keypair”** button. opens the **Generate Key** window, where you can define your identity and configure key parameters. + + ## Enter User Information -- **Name**: Required. Enter your full name (minimum 5 characters). -- **Email**: Required. Must be in a valid email format. +- **Name**: Required. Enter your full name (minimum 5 characters). +- **Email**: Required. Must be in a valid email format. - **Comment**: Optional. Helps distinguish this key from others. ## Choose Key Database @@ -36,7 +38,7 @@ Easy Mode simplifies key generation using common templates. You can configure: - **Algorithm**: RSA, DSA, ECC (Curve25519), or other supported types. - **Validity Period**: Choose from preset options (e.g., 3 months, 2 years, 10 - years, or *Non Expired*). + years, or _Non Expired_). - **Combination**: - **Primary Key Only** - **Primary Key with Subkey** — useful when separating signing and encryption diff --git a/src/content/docs/guides/key-server-operations.md b/src/content/docs/guides/key-server-operations.md index 86ed472..6a7a7c9 100644 --- a/src/content/docs/guides/key-server-operations.md +++ b/src/content/docs/guides/key-server-operations.md @@ -8,6 +8,7 @@ They allow users to **share, retrieve, and update** public keys, making secure communication possible even when direct key exchange is not feasible. Key servers are especially helpful when: + - You need to encrypt a message but don't have the recipient’s public key. - You want to make your public key available for others to use. - You need to **update or revoke** your public key in case of a compromise. @@ -18,20 +19,25 @@ straightforward for all users. ## 📥 Import Public Key From Key Server -To import a public key, go to the **Import Key** section in the main page or Key -Manager, and select the **Key Server** option. +1. Open the Import Key Menu: In the Operations Bar at the top of the main + window, click the Import Key button (with a downward arrow). +2. Select "Keyserver" Source: In the drop-down menu, choose Keyserver as the + import source. - + ### How to Import: -1. Choose a key server from the drop-down list. + +1. Choose a key server from the drop-down list. 2. Enter a **Key ID**, **Fingerprint**, or **Email Address** into the search field. 3. Click **Search**. 4. If results are found, double-click a record to import the public key. + + > 💡 By default, the key server list includes recommended options such as: +> > - `https://keys.openpgp.org` > - `https://keyserver.ubuntu.com` > @@ -42,31 +48,17 @@ UI](https://image.cdn.bktus.com/i/2023/11/16/d75cb252-9a65-5b73-01cd-a45b5ff501e ### After Importing Once a key is imported: + - GpgFrontend will display a confirmation message. - If a newer version of the key already exists locally, the import is skipped. You can then verify: + - Key creation date - UID and key ID - Whether the key is expired or revoked (using Key Manager filters) -## 📤 Export My Public Key to Key Server - -To publish your public key: - -1. Open the **Key Details** interface for your key pair. -2. Go to the **Operations** tab. -3. Click **“Upload key pair to key server”**. - - - -> ⚠️ GpgFrontend only allows uploading if a **master key** is present to prevent -> accidental publishing of incomplete keys. - -Note: -- Only **public key** data is uploaded. -- Private keys are **never** uploaded. + ## 📤 Export My Public Key to Key Server @@ -79,6 +71,7 @@ by default. This server uses the **Verifying Keyserver (VKS) Interface**, which provides extra protection against spam and key poisoning. ### Key Points: + - 🔐 **Only public keys are uploaded**, never private keys. - ✅ **Master key is required** to export. - ✉️ `keys.openpgp.org` requires email verification before your key becomes @@ -87,11 +80,12 @@ provides extra protection against spam and key poisoning. deleted. To export: + 1. Open the **Key Details** interface. 2. Go to the **Operations** tab. 3. Click **“Upload key pair to key server”**. - + ## 🔄 Synchronize Public Key Information @@ -102,6 +96,7 @@ Like exporting, after v2.1.6, this operation also uses **https://keys.openpgp.org** and its **VKS API**. GpgFrontend will: + - Query the key server using your key’s fingerprint. - Compare the server copy with your local one. - Indicate if any update is applied. @@ -115,9 +110,10 @@ You can configure your key server preferences in: > **Settings → Key Servers** - + ### Features: + - **Add a Server**: Enter the `https://` or `http://` address and click **Add**. - **Edit a Server**: Double-click an address to edit it. - **Delete a Server**: Right-click a row and select **Delete**. @@ -147,10 +143,10 @@ operations: ## Tips about Key Servers -| Key Server | Fuzzy Search | VKS Interface | Notes | -|-------------------------|--------------|---------------|-------------------------------------------| -| `keys.openpgp.org` | ❌ No | ✅ Yes | Requires exact match (email, fingerprint) | -| `keyserver.ubuntu.com` | ✅ Yes | ❌ No | Traditional HKP server, less strict | +| Key Server | Fuzzy Search | VKS Interface | Notes | +| ---------------------- | ------------ | ------------- | ----------------------------------------- | +| `keys.openpgp.org` | ❌ No | ✅ Yes | Requires exact match (email, fingerprint) | +| `keyserver.ubuntu.com` | ✅ Yes | ❌ No | Traditional HKP server, less strict | > 🔎 `keys.openpgp.org` does **not** support fuzzy search — you must use the > **exact email**, **full fingerprint**, or **full key ID**. @@ -171,31 +167,31 @@ GpgFrontend v2.1.6 introduces a feature that automatically checks whether your public key has been published on [keys.openpgp.org](https://keys.openpgp.org), helping users keep track of their key visibility on the VKS-based keyserver. -### ✅ Feature Overview +### Feature Overview - When enabled, GpgFrontend will fetch the **publish status** of a key from the key server. - If the key is found to be published on `keys.openpgp.org`, a message like the following will be shown in the **Key Details** tab: - + -### ⚙️ How to Enable +### How to Enable To activate this: 1. Go to `Settings → Network` tab. -2. Under **Network Ability**, check the box: - - ✅ **Automatically fetch key publish status from key server** +2. Under **Network Ability**, check the box: `Automatically fetch key publish +status from key server` 3. Restart GpgFrontend to apply the change. - + ### ⚠️ Important Notes - This feature **only works with `keys.openpgp.org`**, which supports the **Verifying Keyserver (VKS) API**. -- If the `KeyServerSync` plugin is **disabled**, the publish status will **not +- If the `KeyServerSync` module is **disabled**, the publish status will **not be fetched**, and no notice will appear in the UI. - It is purely a **read-only status check**, and does not modify or upload anything to the server. @@ -206,4 +202,4 @@ To activate this: be deleted**. - Always verify imported keys before using them. - Maintain proper key hygiene: revoke and update keys when compromised. -- Never upload private key material to any server.
\ No newline at end of file +- Never upload private key material to any server. diff --git a/src/content/docs/guides/openpgp-trust-manage.md b/src/content/docs/guides/openpgp-trust-manage.md index 74989ed..d7749d6 100644 --- a/src/content/docs/guides/openpgp-trust-manage.md +++ b/src/content/docs/guides/openpgp-trust-manage.md @@ -29,7 +29,10 @@ user's confidence in the key owner's ability to vouch for others. This distinction allows users to build personalized and scalable Web of Trust models without relying heavily on external signatures or centralized authorities. + + Typical trust levels include: + - **Unknown**: No trust decision has been made. - **None**: The key owner is not trusted to certify other keys. - **Marginal**: The key owner is partially trusted. @@ -41,6 +44,24 @@ By using Owner Trust, users can securely manage communication without requiring constant updates from key servers, maintaining both simplicity and control over their trust network. +### Setting Owner Trust + +GpgFrontend makes it easy to manage Owner Trust levels for any key in your +collection directly from the Key Toolbox. + +To change the Owner Trust level: + +1. Locate the Key: Find the desired public key (or key group) in the Key Toolbox + table. +2. Open the Context Menu: Right-click on the key entry to display the context + menu. +3. Set Owner Trust Level: Select the “Set Owner Trust Level” option. + +A dialog will appear allowing you to choose the appropriate trust level +(Unknown, None, Marginal, Full, Ultimate). + + + ## Signing UIDs and Current Limitations In GpgFrontend, users can sign the UID (User ID) of another user’s OpenPGP @@ -48,7 +69,10 @@ public key to confirm its authenticity. However, during the initial design phase, the potential need to synchronize these signatures with key servers was not fully considered. + + Currently: + - GpgFrontend does not automatically upload signed UIDs to OpenPGP key servers. - Whether a signature update is accepted depends entirely on the specific key server’s policy. @@ -56,22 +80,26 @@ Currently: Reasons for not enforcing automatic synchronization: Uncontrollable Behavior of Key Servers + - Different servers (e.g., keys.openpgp.org, SKS servers) have varied policies regarding third-party signatures. - Some servers accept them; others require UID validation or reject them - altogether. + altogether. Potential Key Size Inflation + - Each additional signature increases the public key’s size. - Frequent uploads of third-party signatures would cause key bloat, impacting - synchronization and performance. + synchronization and performance. + +Practical User Behavior -3. Practical User Behavior - Most users verify fingerprints manually and rely on Owner Trust. - Synchronizing all third-party signatures to public servers is often unnecessary for typical use cases. ## Special Considerations for Organizational Users + In organizational environments (e.g., large enterprises), simple Owner Trust is often inadequate. In these cases, a Certificate Authority (CA)-based trust model is used: @@ -93,4 +121,3 @@ future development may consider it based on user demand. third-party signatures. - Explore the implementation of organizational trust models such as CA-based signature management and certificate presentation. - diff --git a/src/content/docs/guides/text-opetations.md b/src/content/docs/guides/text-opetations.md index e753fa6..9018b5b 100644 --- a/src/content/docs/guides/text-opetations.md +++ b/src/content/docs/guides/text-opetations.md @@ -10,9 +10,12 @@ core cryptographic operations: **encryption**, **decryption**, **signing**, and cryptography and provides intuitive workflows for both beginners and advanced users. + + ## Understanding the Basics Public key cryptography relies on key pairs: + - **Public Key**: Used to encrypt or verify. - **Private Key**: Used to decrypt or sign. @@ -21,8 +24,8 @@ own key pair and exchange public keys with their communication partners. ## Encrypting Text -### Only Encrypt Use the recipient's **public key** to encrypt plaintext. This method: + - Produces a shorter ciphertext. - Does **not** reveal the sender's identity. - Is ideal when anonymity is preferred. @@ -30,82 +33,46 @@ Use the recipient's **public key** to encrypt plaintext. This method: > 🔐 Tip: Don’t use your own public key to encrypt unless you're sending a > message to yourself. - - -### Encrypt & Sign -This method encrypts the message with the recipient's public key and signs it -with **your own private key**, ensuring: -- Confidentiality -- Message authenticity -- Proof of origin - -To use this method: -- Choose the recipient’s public key. -- Select **your private key** with signing capability (`Usage = S`). - -> 📄 The resulting ciphertext is longer due to the signature. The Info Board -> will display signature details after encryption. - - + ## Signing Text -### Signature Only Use your **private key** to sign text without encrypting it: + - This confirms authorship. - Anyone with your public key can verify it. Check the key’s `Usage` column for `S` to confirm it's suitable for signing. - - -### Sign with Encryption -Sign and encrypt together by selecting the recipient's public key and your own -private signing key: -- Ensures both confidentiality and authenticity. -- Common in secure messaging or business communication. - - - ---- + ## Decrypting Text -### Decrypt Only Paste or load the ciphertext into GpgFrontend. The tool will: + - Automatically use the correct **private key**. - Notify you if no valid key is available. > ✅ No need to check `Usage` manually; the tool handles key matching. - - -### Decrypt & Verify -If the message was signed, GpgFrontend will: -- Verify the signature using the **sender’s public key**. -- Display whether the signature is valid. - -Use this for added assurance of sender authenticity and message integrity. - - - ---- + ## Verifying Signatures To verify a detached or embedded signature: + - Use the sender’s **public key**. - Paste or load the signed message. GpgFrontend will: + - Check the integrity. - Report any mismatch or missing public keys. > 📥 If the required public key is missing, GpgFrontend prompts you to import > it. - + ## Best Practices @@ -113,4 +80,4 @@ GpgFrontend will: - Share only your **public key**, and **never** your private key. - Use **Encrypt & Sign** for secure and authenticated communication. - Use **Sign Only** for publishing documents or messages that require integrity - but not secrecy.
\ No newline at end of file + but not secrecy. diff --git a/src/content/docs/overview/glance.md b/src/content/docs/overview/glance.md index 864564c..44fb0af 100644 --- a/src/content/docs/overview/glance.md +++ b/src/content/docs/overview/glance.md @@ -40,6 +40,10 @@ throughout the manual.  + + + + :::tip[Note] The core features and workflow of GpgFrontend are consistent across all |