diff options
| -rw-r--r-- | .gitea/workflows/ci.yaml | 2 | ||||
| -rw-r--r-- | astro.config.mjs | 3 | ||||
| -rw-r--r-- | nginx.conf | 8 | ||||
| -rw-r--r-- | package-lock.json | 96 | ||||
| -rw-r--r-- | package.json | 2 | ||||
| -rw-r--r-- | src/content/docs/advanced/gnupg-controller.md | 2 | ||||
| -rw-r--r-- | src/content/docs/advanced/key-revocation.mdx | 107 | ||||
| -rw-r--r-- | src/content/docs/advanced/module-controller.md | 2 | ||||
| -rw-r--r-- | src/content/docs/advanced/sync-public-keys.md | 2 | ||||
| -rw-r--r-- | src/content/docs/extra/algorithms-comparison.md | 104 | ||||
| -rw-r--r-- | src/content/docs/guides/key-server-operations.md | 48 | ||||
| -rw-r--r-- | src/content/docs/guides/openpgp-trust-manage.md | 4 | ||||
| -rw-r--r-- | src/content/docs/guides/symmetric-encrypt-decrypt.mdx (renamed from src/content/docs/guides/symmetric-encrypt-decrypt.md) | 57 | ||||
| -rw-r--r-- | src/content/docs/overview/downloads.mdx | 2 | ||||
| -rw-r--r-- | src/content/docs/overview/getting-started.mdx | 15 | ||||
| -rw-r--r-- | src/content/docs/overview/glance.mdx | 8 |
16 files changed, 292 insertions, 170 deletions
diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml index ca4e658..e4de8a1 100644 --- a/.gitea/workflows/ci.yaml +++ b/.gitea/workflows/ci.yaml @@ -7,7 +7,7 @@ on: [push] jobs: docker: - runs-on: ubuntu-latest + runs-on: ubuntu-latest-server steps: # GitHub Actions do not automatically checkout your projects. If you need the code # you need to check it out. diff --git a/astro.config.mjs b/astro.config.mjs index 3d25b76..00348b3 100644 --- a/astro.config.mjs +++ b/astro.config.mjs @@ -3,13 +3,14 @@ import starlight from "@astrojs/starlight"; import netlify from "@astrojs/netlify"; import starlightThemeNova from "starlight-theme-nova"; import sitemap from "@astrojs/sitemap"; +import starlightLinksValidator from "starlight-links-validator"; // https://astro.build/config export default defineConfig({ site: "https://gpgfrontend.bktus.com", integrations: [ starlight({ - plugins: [starlightThemeNova()], + plugins: [starlightThemeNova(), starlightLinksValidator()], title: "GpgFrontend", description: "A Free, Easy-to-Use, Cross-Platform OpenPGP Crypto Tool.", logo: { @@ -6,14 +6,8 @@ server { root /usr/share/nginx/html; index index.html index.htm; - location ~* \.(?:ico|css|js|gif|jpe?g|png|woff2?|eot|ttf|svg|otf|webp)$ { - expires 30d; - access_log off; - add_header Cache-Control "public"; - } - location / { - try_files $uri $uri/ /index.html; + try_files $uri $uri/ =404; } error_page 404 /404.html; diff --git a/package-lock.json b/package-lock.json index 3727557..047f4fa 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,7 +13,7 @@ "@astrojs/starlight": "^0.34.2", "astro": "^5.6.1", "sharp": "^0.32.5", - "starlight-theme-black": "^0.6.0", + "starlight-links-validator": "^0.17.0", "starlight-theme-nova": "^0.6.1" } }, @@ -933,24 +933,6 @@ "integrity": "sha512-MDWhGtE+eHw5JW7lq4qhc5yRLS11ERl1c7Z6Xd0a58DozHES6EnNNwUWbMiG4J9Cgj053Bhk8zvlhFYKVhULwg==", "license": "MIT" }, - "node_modules/@fontsource/geist-mono": { - "version": "5.2.5", - "resolved": "https://registry.npmjs.org/@fontsource/geist-mono/-/geist-mono-5.2.5.tgz", - "integrity": "sha512-7/r9opukyQ3jkAqfhIRnhodWlAc8yVkHogDUAFqBeBSYNpvlpouLJysYO5cIpqyB/lHrazxChiC73Oj8K3+sZg==", - "license": "OFL-1.1", - "funding": { - "url": "https://github.com/sponsors/ayuhito" - } - }, - "node_modules/@fontsource/geist-sans": { - "version": "5.2.5", - "resolved": "https://registry.npmjs.org/@fontsource/geist-sans/-/geist-sans-5.2.5.tgz", - "integrity": "sha512-anllOHyJbElRs9fV15TeDRqAeb1IKm4bSknPl6ZMoyPTx1BBy7logudcUwpNjmQLkzn4Q0JGQLRCUKJYoyST6A==", - "license": "OFL-1.1", - "funding": { - "url": "https://github.com/sponsors/ayuhito" - } - }, "node_modules/@img/sharp-darwin-arm64": { "version": "0.33.5", "resolved": "https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.33.5.tgz", @@ -2031,6 +2013,12 @@ "undici-types": "~6.21.0" } }, + "node_modules/@types/picomatch": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@types/picomatch/-/picomatch-3.0.2.tgz", + "integrity": "sha512-n0i8TD3UDB7paoMMxA3Y65vUncFJXjcUf7lQY7YyKGl6031FNjfsLs6pdLFCy2GNFxItPJG8GvvpbZc2skH7WA==", + "license": "MIT" + }, "node_modules/@types/sax": { "version": "1.2.7", "resolved": "https://registry.npmjs.org/@types/sax/-/sax-1.2.7.tgz", @@ -2635,9 +2623,9 @@ } }, "node_modules/brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz", + "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==", "license": "MIT", "dependencies": { "balanced-match": "^1.0.0" @@ -3984,6 +3972,18 @@ "url": "https://github.com/sponsors/brc-dd" } }, + "node_modules/is-absolute-url": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/is-absolute-url/-/is-absolute-url-4.0.1.tgz", + "integrity": "sha512-/51/TKE88Lmm7Gc4/8btclNXWS+g50wXhYJq8HWIBAGUBnoAdRu1aXeh364t/O7wXDAcTJDP8PNuNKWUDWie+A==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/is-alphabetical": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-2.0.1.tgz", @@ -4217,18 +4217,6 @@ "url": "https://github.com/sponsors/wooorm" } }, - "node_modules/marked": { - "version": "15.0.11", - "resolved": "https://registry.npmjs.org/marked/-/marked-15.0.11.tgz", - "integrity": "sha512-1BEXAU2euRCG3xwgLVT1y0xbJEld1XOrmRJpUwRCcy7rxhSCwMrmEu9LXoPhHSCJG41V7YcQ2mjKRr5BA3ITIA==", - "license": "MIT", - "bin": { - "marked": "bin/marked.js" - }, - "engines": { - "node": ">= 18" - } - }, "node_modules/mdast-util-definitions": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/mdast-util-definitions/-/mdast-util-definitions-6.0.0.tgz", @@ -5818,9 +5806,9 @@ } }, "node_modules/prebuild-install/node_modules/tar-fs": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.2.tgz", - "integrity": "sha512-EsaAXwxmx8UB7FRKqeozqEPop69DXcmYwTQwXvyAPF352HJsPdkVhvTaDPYqfNgruveJIJy3TA2l+2zj8LJIJA==", + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.3.tgz", + "integrity": "sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==", "license": "MIT", "dependencies": { "chownr": "^1.1.1", @@ -6608,22 +6596,28 @@ "url": "https://github.com/sponsors/wooorm" } }, - "node_modules/starlight-theme-black": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/starlight-theme-black/-/starlight-theme-black-0.6.0.tgz", - "integrity": "sha512-SoYAlyFEyRizcxQXd1ibfAGytmI5gVbSBReK25YFeASI51YwdB9bQtmp14/d70KgfD6kD7SRidhOrPBMD4S3AA==", + "node_modules/starlight-links-validator": { + "version": "0.17.0", + "resolved": "https://registry.npmjs.org/starlight-links-validator/-/starlight-links-validator-0.17.0.tgz", + "integrity": "sha512-D+j0W7Z6CVSxPlt8jskBcApqaAU16JmuxE4c483Xj2sWJteiz0wW2xvk0cG3o/cW1q9x44Ezc668OnUi3a5LAA==", "license": "MIT", "dependencies": { - "@fontsource/geist-mono": "^5.1.0", - "@fontsource/geist-sans": "^5.1.0", - "@pagefind/default-ui": "^1.3.0", - "marked": "^15.0.6" + "@types/picomatch": "^3.0.1", + "github-slugger": "^2.0.0", + "hast-util-from-html": "^2.0.3", + "hast-util-has-property": "^3.0.0", + "is-absolute-url": "^4.0.1", + "kleur": "^4.1.5", + "mdast-util-mdx-jsx": "^3.1.3", + "mdast-util-to-string": "^4.0.0", + "picomatch": "^4.0.2", + "unist-util-visit": "^5.0.0" }, - "funding": { - "url": "https://github.com/sponsors/adrian-ub" + "engines": { + "node": ">=18.17.1" }, "peerDependencies": { - "@astrojs/starlight": ">=0.30.0" + "@astrojs/starlight": ">=0.32.0" } }, "node_modules/starlight-theme-nova": { @@ -6833,9 +6827,9 @@ } }, "node_modules/tar-fs": { - "version": "3.0.8", - "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-3.0.8.tgz", - "integrity": "sha512-ZoROL70jptorGAlgAYiLoBLItEKw/fUxg9BSYK/dF/GAGYFJOJJJMvjPAKDJraCXFwadD456FCuvLWgfhMsPwg==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-3.1.0.tgz", + "integrity": "sha512-5Mty5y/sOF1YWj1J6GiBodjlDc05CUR8PKXrsnFAiSG0xA+GHeWLovaZPYUDXkH/1iKRf2+M5+OrRgzC7O9b7w==", "license": "MIT", "dependencies": { "pump": "^3.0.0", diff --git a/package.json b/package.json index e8637bc..c2abbb2 100644 --- a/package.json +++ b/package.json @@ -15,7 +15,7 @@ "@astrojs/starlight": "^0.34.2", "astro": "^5.6.1", "sharp": "^0.32.5", - "starlight-theme-black": "^0.6.0", + "starlight-links-validator": "^0.17.0", "starlight-theme-nova": "^0.6.1" } } diff --git a/src/content/docs/advanced/gnupg-controller.md b/src/content/docs/advanced/gnupg-controller.md index 6f981a2..c90e3ee 100644 --- a/src/content/docs/advanced/gnupg-controller.md +++ b/src/content/docs/advanced/gnupg-controller.md @@ -2,7 +2,7 @@ title: A Comprehensive Guide of GpgController sidebar: label: Gpg Controller - order: 5 + order: 6 --- The **GpgController** in **GpgFrontend** is a powerful tool for configuring and diff --git a/src/content/docs/advanced/key-revocation.mdx b/src/content/docs/advanced/key-revocation.mdx new file mode 100644 index 0000000..e2a2f5f --- /dev/null +++ b/src/content/docs/advanced/key-revocation.mdx @@ -0,0 +1,107 @@ +--- +title: Key Revocation +sidebar: + label: Key Revocation + order: 5 +--- + +import { Steps } from "@astrojs/starlight/components"; +import { Aside } from '@astrojs/starlight/components'; + +Public key cryptography relies on the long-term security and trustworthiness of +private keys. However, situations may arise where a key can no longer be +trusted, such as when it is lost, compromised, or no longer needed. In these +cases, it is essential to inform others that the key should no longer be used. + +A key revocation certificate serves this purpose. It allows the owner (or anyone +with the certificate) to mark a public key as revoked—meaning the key is no +longer valid for signing or encryption. Publishing a revocation certificate +ensures that anyone retrieving the key from a public server or receiving it +directly will know that the key is no longer trustworthy. + +## When to Use Key Revocation + +1. Key compromise: If you suspect your private key has been stolen or copied by + an unauthorized party. +2. Key loss: If you permanently lose access to your private key and can no + longer control its use. +3. Change of ownership or retirement: If you no longer wish to use the key for + any reason (e.g., moving to a new key). +4. Administrative/security policy: To comply with organization or security + policies requiring regular key turnover. + +By preparing a revocation certificate in advance, you can quickly react to these +situations and help prevent unauthorized or accidental use of outdated or +compromised keys. + +<Aside type="caution" title="Revocation Has No Effect If Not Published"> + +Merely generating or importing a revocation certificate is not enough. If you do +not publish the revoked key to a public key server or actively notify your +contacts, others will still see your key as valid and may continue to use it. + +Always publish your revoked key and inform peers as soon as possible to ensure +the revocation is recognized by others. + +</Aside> + + +## Generating a Key Revocation Certificate + +<Steps> + +1. Open the Key Details Window: open Key Details Dialog, then switch to the + Operations tab. + +  + +2. Select `Generate Revocation Certificate`: At the bottom dropdown labeled + `Revoke Certificate Operation`, choose Generate Revocation Certificate. + +3. Specify the Revocation Reason: Choose one reason code from the dropdown. + Optionally provide free-form text for a more detailed explanation (e.g., lost, + compromised). + +  + +4. Confirm and Save: Click OK, then in the file-save dialog, you can choose a + secure local or private location to store the .rev file. + +5. Backup and Store: Backup: Keep the .rev file in a secure offline or encrypted + location. + +</Steps> + + +## Importing a Key Revocation Certificate + +<Steps> + +1. Open the Key Details Dialog: Navigate again to `Key Details → Operations`. + +2. Select "Import Revocation Certificate": From the Revoke Certificate Operation + dropdown, choose Import Revocation Certificate. + +3. Import the `.rev` File: In the file-selection dialog, locate and open the + previously saved `.rev` file. + +4. Verify Revocation: After import, the local key interface will mark the key as + revoked. It can no longer be used for signing or decryption. + +  + +5. Publish to a Public Key Server + ```shell + gpg --keyserver hkps://keyserver.ubuntu.com --send-keys <YOUR_KEY_ID> + ``` + +</Steps> + +## Best Practices + +- Prepare in Advance: Generate and back up the revocation certificate before any + key may be lost or compromised. +- Secure Storage: Keep the revocation `.rev` file offline or in encrypted media + to prevent unauthorized revocation. +- Notify & Synchronize: After publishing revocation, inform peers or document + the change so everyone refreshes the key status promptly.
\ No newline at end of file diff --git a/src/content/docs/advanced/module-controller.md b/src/content/docs/advanced/module-controller.md index c7eea25..69defe8 100644 --- a/src/content/docs/advanced/module-controller.md +++ b/src/content/docs/advanced/module-controller.md @@ -2,7 +2,7 @@ title: "Module Controller: Extending GpgFrontend Functionality" sidebar: label: Module Controller - order: 6 + order: 7 --- The **Module Controller** in **GpgFrontend** allows users to manage modular diff --git a/src/content/docs/advanced/sync-public-keys.md b/src/content/docs/advanced/sync-public-keys.md index 07d19a4..e4e0db2 100644 --- a/src/content/docs/advanced/sync-public-keys.md +++ b/src/content/docs/advanced/sync-public-keys.md @@ -73,8 +73,6 @@ Setting a default key server **only affects key searches/imports**. This behavior ensures improved security and global consistency in public key management. -Or: [Want to restore previous behavior?](/guides/key-server-operations/#want-to-restore-previous-behavior) - ::: ## Best Practices for Key Synchronization diff --git a/src/content/docs/extra/algorithms-comparison.md b/src/content/docs/extra/algorithms-comparison.md index 1b3cb98..3381f2f 100644 --- a/src/content/docs/extra/algorithms-comparison.md +++ b/src/content/docs/extra/algorithms-comparison.md @@ -11,9 +11,9 @@ decision. ## RSA (Rivest-Shamir-Adleman) -- **Key Characteristics**: RSA is one of the most widely used public key - algorithms. It was introduced in 1977 and is based on the difficulty of - factoring large prime numbers. +- **Key Characteristics**: [RSA](https://en.wikipedia.org/wiki/RSA_cryptosystem) + is one of the most widely used public key algorithms. It was introduced in + 1977 and is based on the difficulty of factoring large prime numbers. - **Key Sizes**: Typically, RSA keys are 2048 bits or larger. For higher security, keys up to 4096 bits are used. - **Use Cases**: RSA is versatile and can be used for both encryption and @@ -26,8 +26,9 @@ decision. ## ElGamal Encryption (ELG-E) -- **Key Characteristics**: ElGamal encryption (ELG-E) is an asymmetric key - encryption algorithm used for public-key cryptography. It is based on the +- **Key Characteristics**: [ElGamal encryption + (ELG-E)](https://en.wikipedia.org/wiki/ElGamal_encryption) is an asymmetric + key encryption algorithm used for public-key cryptography. It is based on the Diffie-Hellman key exchange and provides both encryption and digital signatures. - **Key Sizes**: Like DSA, ElGamal typically uses large key sizes, often 2048 @@ -49,23 +50,26 @@ decision. ## Understanding ECDH and ECDSA -Elliptic Curve Cryptography (ECC) is a powerful cryptographic method that -provides robust security with relatively small key sizes, making it ideal for -environments where computational power and storage are limited. ECC is commonly -used in two main algorithms: ECDH and ECDSA. +[Elliptic Curve Cryptography +(ECC)](https://en.wikipedia.org/wiki/Elliptic-curve_cryptography) is a powerful +cryptographic method that provides robust security with relatively small key +sizes, making it ideal for environments where computational power and storage +are limited. ECC is commonly used in two main algorithms: ECDH and ECDSA. ### ECDH and ECDSA: Core Differences -- **ECDH (Elliptic Curve Diffie-Hellman)** is a key exchange algorithm that - enables two parties to securely establish a shared secret over an insecure - channel. This shared secret can then be used for encryption. ECDH is not - directly used for encryption or signing; instead, it is crucial for securely - setting up encryption keys. +- [ECDH (Elliptic Curve + Diffie-Hellman)](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) + is a key exchange algorithm that enables two parties to securely establish a + shared secret over an insecure channel. This shared secret can then be used + for encryption. ECDH is not directly used for encryption or signing; instead, + it is crucial for securely setting up encryption keys. -- **ECDSA (Elliptic Curve Digital Signature Algorithm)** is used for creating - digital signatures, allowing one party to sign a message and another to verify - its authenticity. ECDSA ensures that the message has not been tampered with - and that it originates from the claimed sender. +- [ECDSA (Elliptic Curve Digital Signature + Algorithm)](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) + is used for creating digital signatures, allowing one party to sign a message + and another to verify its authenticity. ECDSA ensures that the message has not + been tampered with and that it originates from the claimed sender. ### Common ECC Algorithms and Their Use Cases @@ -73,9 +77,11 @@ Elliptic Curve Cryptography (ECC) offers a range of algorithms and curves tailored to different cryptographic needs. Below is an overview of commonly used ECC algorithms and their specific applications. -- **NIST Curves (P-256, P-384, P-521)**: Standardized by the National Institute - of Standards and Technology (NIST), these curves are widely utilized in secure - communication protocols. For example: +- [NIST Curves (P-256, P-384, + P-521)](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf): + Standardized by the National Institute of Standards and Technology (NIST), + these curves are widely utilized in secure communication protocols. For + example: - **ECDH NIST P-256**: Provides approximately 128-bit security, making it suitable for most encryption scenarios. @@ -85,8 +91,9 @@ ECC algorithms and their specific applications. proportionally, with P-521 offering around 256-bit security, making it ideal for high-security environments. -- **BrainPool Curves (P-256, P-384, P-512)**: BrainPool curves serve as - alternatives to NIST standards, providing similar security levels but with +- [BrainPool Curves (P-256, P-384, + P-512)](https://www.rfc-editor.org/rfc/rfc5639): BrainPool curves serve + as alternatives to NIST standards, providing similar security levels but with independently developed parameters. - **Use Cases**: Often used in regions or industries that prefer non-NIST @@ -98,58 +105,62 @@ ECC algorithms and their specific applications. - **CV25519 and X448**: These curves are optimized for performance and are widely used in modern cryptographic applications. - - **ECDH CV25519**: A counterpart to ED25519, this curve is designed for key - exchange and offers approximately 128-bit security. It is highly efficient - in secure communications. - - **ECDH X448**: A higher-security variant providing 224-bit security, - suitable for applications requiring more robust encryption. However, it - comes with a slight trade-off in computational efficiency. - -- **SECP256K1**: Defined by the Standards for Efficient Cryptography Group - (SECG), SECP256K1 is distinct from NIST curves and has gained significant - traction due to its adoption in blockchain technologies. + - [ECDH CV25519](https://en.wikipedia.org/wiki/Curve25519): A counterpart to + [Ed25519](https://en.wikipedia.org/wiki/EdDSA#Ed25519), this curve is + designed for key exchange and offers approximately 128-bit security. It is + highly efficient in secure communications. + - [ECDH X448](https://en.wikipedia.org/wiki/Curve448): A higher-security + variant providing 224-bit security, suitable for applications requiring more + robust encryption. However, it comes with a slight trade-off in + computational efficiency. + +- [SECP256K1](https://www.secg.org/sec2-v2.pdf): Defined by the Standards for + Efficient Cryptography Group (SECG), SECP256K1 is distinct from NIST curves + and has gained significant traction due to its adoption in blockchain + technologies. - **Key Use Case**: Widely used for cryptographic operations in Bitcoin and other blockchain systems, where efficient signature verification is crucial. - **Performance**: Optimized for computational efficiency, making it an excellent choice for environments requiring rapid cryptographic operations. -## EdDSA (Edwards-Curve Digital Signature Algorithm) +### EdDSA (Edwards-Curve Digital Signature Algorithm) EdDSA is a modern digital signature algorithm based on elliptic curve cryptography. It is specifically designed to be more efficient, secure, and resistant to common implementation errors compared to older algorithms like DSA or ECDSA. -### Key Characteristics +#### Key Characteristics - **Deterministic Signature Generation**: Unlike ECDSA and DSA, which require secure random numbers for each signature, EdDSA uses deterministic methods, reducing the risk of vulnerabilities caused by poor randomness. - **Elliptic Curves Used**: EdDSA supports two primary curves: - - **Ed25519**: Provides 128-bit security and is optimized for speed and - compact key sizes. - - **Ed448**: Provides higher 224-bit security for environments requiring - greater protection but at the cost of performance. + - [Ed25519](https://en.wikipedia.org/wiki/EdDSA#Ed25519): Provides 128-bit + security and is optimized for speed and compact key sizes. + - [Ed448](https://en.wikipedia.org/wiki/Curve448): Provides higher 224-bit + security for environments requiring greater protection but at the cost of + performance. -### Use Cases +#### Use Cases - **Ed25519**: Ideal for secure messaging (e.g., Signal), blockchain, and other modern cryptographic protocols where performance and efficiency are critical. - **Ed448**: Used in environments requiring stronger security, such as highly sensitive communications or systems with long-term security needs. -### Performance +#### Performance EdDSA is faster than RSA and ECDSA for both signing and verification. Its compact key sizes make it ideal for resource-constrained devices or systems. -### Compatibility +#### Compatibility While Ed25519 has gained significant adoption in modern cryptographic libraries, it is not yet universally supported in older systems or clients. Ed448 has even more limited support. -## Why ECDH Cannot Be Used as a Primary Key Algorithm +### Why ECDH Cannot Be Used as a Primary Key Algorithm **ECDH (Elliptic Curve Diffie-Hellman)** is a key exchange algorithm used to establish shared secrets between two parties. It is not designed for signing @@ -171,6 +182,13 @@ key exchange tasks. ## Recommended Algorithms for Compatibility and Security +Cryptographic key selection is critical to ensuring both robust security and +practical interoperability across diverse systems. With a wide array of +algorithms available, it is important to balance compatibility, performance, and +future-proof security when designing a cryptographic infrastructure. The +following recommendations highlight widely accepted algorithms suitable for most +scenarios, from legacy environments to modern applications. + ### RSA (2048-bit or 3072-bit) - **Why**: RSA offers the broadest compatibility across legacy systems, diff --git a/src/content/docs/guides/key-server-operations.md b/src/content/docs/guides/key-server-operations.md index f11dd4d..ab58439 100644 --- a/src/content/docs/guides/key-server-operations.md +++ b/src/content/docs/guides/key-server-operations.md @@ -26,7 +26,7 @@ straightforward for all users.  -### How to Import: +### How to Import 1. Choose a key server from the drop-down list. 2. Enter a **Key ID**, **Fingerprint**, or **Email Address** into the search @@ -70,13 +70,13 @@ After v2.1.6, **GpgFrontend uses by default. This server uses the **Verifying Keyserver (VKS) Interface**, which provides extra protection against spam and key poisoning. -### Key Points: +### Key Points -- 🔐 **Only public keys are uploaded**, never private keys. -- ✅ **Master key is required** to export. -- ✉️ `keys.openpgp.org` requires email verification before your key becomes +- **Only public keys are uploaded**, never private keys. +- **Master key is required** to export. +- `keys.openpgp.org` requires email verification before your key becomes publicly searchable. -- 🧱 Uploaded keys are **propagated through the VKS protocol** and cannot be + Uploaded keys are **propagated through the VKS protocol** and cannot be deleted. To export: @@ -101,14 +101,16 @@ GpgFrontend will: - Compare the server copy with your local one. - Indicate if any update is applied. -> ⚠️ Synchronization is **not available** if you have the private key locally. -> In this case, you are expected to **publish** updates, not pull them. +:::caution[Sync/Publish] -## Key Server Related Settings +Synchronization is **not available** if you have the private key locally. In +this case, you are expected to **publish** updates, not pull them. + +::: -You can configure your key server preferences in: +## Key Server Related Settings -> **Settings → Key Servers** +You can configure your key server preferences in: Settings → Key Servers  @@ -141,14 +143,12 @@ Setting a default key server **only affects key searches/imports**. This behavior ensures improved security and global consistency in public key management. -::: - -### Want to restore previous behavior? - -You can disable the `KeyServerSync` module in the module controller. This will -prevent GpgFrontend from forcing export/sync operations to use +Restore: You can disable the `KeyServerSync` module in the module controller. +This will prevent GpgFrontend from forcing export/sync operations to use `keys.openpgp.org`, allowing custom server logic to take effect again. +::: + ## Tips about Key Servers | Key Server | Fuzzy Search | VKS Interface | Notes | @@ -159,10 +159,14 @@ prevent GpgFrontend from forcing export/sync operations to use > 🔎 `keys.openpgp.org` does **not** support fuzzy search — you must use the > **exact email**, **full fingerprint**, or **full key ID**. -> ⚠️ **Don't confuse search servers with export/sync servers** — even if you -> perform key searches using a custom server like `keyserver.ubuntu.com`, -> **Export** and **Sync** operations will still use `keys.openpgp.org` by -> default in **GpgFrontend v2.1.6 and later**. +:::caution[Confusing Concepts] + +**Don't confuse `search servers` with `export/sync servers`** — even if you perform +key searches using a custom server like `keyserver.ubuntu.com`, **Export** and +**Sync** operations will still use `keys.openpgp.org` by default in +**GpgFrontend v2.1.6 and later**. + +::: ## Automatically Check Key Publish Status @@ -181,8 +185,6 @@ helping users keep track of their key visibility on the VKS-based keyserver. ### How to Enable -To activate this: - 1. Go to `Settings → Network` tab. 2. Under **Network Ability**, check the box: `Automatically fetch key publish status from key server` diff --git a/src/content/docs/guides/openpgp-trust-manage.md b/src/content/docs/guides/openpgp-trust-manage.md index d7749d6..f21f48b 100644 --- a/src/content/docs/guides/openpgp-trust-manage.md +++ b/src/content/docs/guides/openpgp-trust-manage.md @@ -71,13 +71,13 @@ not fully considered.  -Currently: +### Current Behavior - GpgFrontend does not automatically upload signed UIDs to OpenPGP key servers. - Whether a signature update is accepted depends entirely on the specific key server’s policy. -Reasons for not enforcing automatic synchronization: +### Reasons for not enforcing automatic synchronization Uncontrollable Behavior of Key Servers diff --git a/src/content/docs/guides/symmetric-encrypt-decrypt.md b/src/content/docs/guides/symmetric-encrypt-decrypt.mdx index 30512fa..88606ed 100644 --- a/src/content/docs/guides/symmetric-encrypt-decrypt.md +++ b/src/content/docs/guides/symmetric-encrypt-decrypt.mdx @@ -4,7 +4,7 @@ sidebar: label: Symmetric Crypto --- -## 🔐 What Is Symmetric Encryption? +## What Is Symmetric Encryption? **Symmetric encryption** is a method of securing data where the **same password** is used to both encrypt and decrypt information. @@ -13,42 +13,48 @@ Unlike **asymmetric encryption**, which uses a public/private key pair, symmetric encryption relies on a single shared secret (the password). This approach is: -- ✅ Fast and efficient -- ✅ Ideal for large files or quick one-time sharing -- ❗ Best used when both parties can safely share the password +- Fast and efficient +- Ideal for large files or quick one-time sharing +- Best used when both parties can safely share the password -> 📌 If someone intercepts the password, the encrypted data is no longer secure -> — so always handle password exchange carefully. +> If someone intercepts the password, the encrypted data is no longer secure — +> so always handle password exchange carefully. -## 🔄 How It Works +## How It Works 1. You choose a **strong password**. 2. That password is used to **encrypt** the data. 3. Anyone with the **same password** can **decrypt** it. 4. No key pair is required — only the shared password. -> 📎 Encryption security depends entirely on the strength and secrecy of the +> Encryption security depends entirely on the strength and secrecy of the > password used. -## ✍️ Encrypting Data Symmetrically +## Encrypting Data Symmetrically To encrypt text using symmetric encryption in GpgFrontend (v2.1.9 and later): -Enable Symmetric Encryption Feature +### Enable Symmetric Encryption Feature 1. Go to the Settings. -2. Under the Appearance tab, check the `Sym. Encrypt` checkbox to enable symmetric encryption functionality. +2. Under the Appearance tab, check the `Sym. Encrypt` checkbox to enable + symmetric encryption functionality. -Access the Symmetric Encryption Button + -1. After enabling, you’ll see a dedicated `Sym. Encrypt` button on the main interface. +### Access the Symmetric Encryption Button -Enter the Text or Select a File +After enabling, you’ll see a dedicated `Sym. Encrypt` button on the main +interface. + + + +### Enter the Text or Select a File - Input the plaintext you wish to protect in the text editor. - Select a file to encrypt using the file panel. -Symmetric Encryption +### Symmetric Encryption 1. Without selecting any public key, click the `Sym. Encrypt` button. 2. When prompted, enter a strong, unique password. @@ -56,21 +62,24 @@ Symmetric Encryption 4. The text or file will be encrypted into ciphertext. 5. You can save or share the encrypted result. -> 🔐 The recipient will need the **exact same password** to decrypt the message. + + +> The recipient will need the **exact same password** to decrypt the message. -## 🔓 Decrypting Symmetric Encrypted Data +## Decrypting Symmetric Encrypted Data To decrypt content that was encrypted symmetrically: -1. Paste the Ciphertext: The message should begin with `-----BEGIN PGP MESSAGE-----` and end with `-----END PGP MESSAGE-----`. +1. Paste the Ciphertext: The message should begin with `-----BEGIN PGP + MESSAGE-----` and end with `-----END PGP MESSAGE-----`. 2. Initiate Decryption: Choose to decrypt the message. -3. Enter the Password: Input the **same password** that was used for - encryption. -4. View the Plaintext: If the password is correct, the original message will be revealed. +3. Enter the Password: Input the **same password** that was used for encryption. +4. View the Plaintext: If the password is correct, the original message will be + revealed. -> 🧠 If the password is incorrect or mistyped, decryption will fail. +> If the password is incorrect or mistyped, decryption will fail. -## 💡 When to Use Symmetric Encryption? +## When to Use Symmetric Encryption? Symmetric encryption is a great choice when: @@ -83,7 +92,7 @@ Symmetric encryption is a great choice when: However, it is **not ideal** for public communication where secure password exchange is difficult. -## 🛡️ Tips for Better Security +## Tips for Better Security - Always use a **strong, complex password** (longer is better). - Never send passwords through insecure channels (e.g., unencrypted email). diff --git a/src/content/docs/overview/downloads.mdx b/src/content/docs/overview/downloads.mdx index c3d688b..ef87bab 100644 --- a/src/content/docs/overview/downloads.mdx +++ b/src/content/docs/overview/downloads.mdx @@ -57,7 +57,7 @@ select the appropriate package for your platform or use case. ## Platform-Specific Installation -Install GpgFrontend via your preferred package manager or store: +Install GpgFrontend via your preferred package manager or store: <CardGrid> <LinkCard diff --git a/src/content/docs/overview/getting-started.mdx b/src/content/docs/overview/getting-started.mdx index ca4c77f..737cd62 100644 --- a/src/content/docs/overview/getting-started.mdx +++ b/src/content/docs/overview/getting-started.mdx @@ -9,16 +9,17 @@ import { Tabs, TabItem } from "@astrojs/starlight/components"; import { Steps } from "@astrojs/starlight/components"; import { Aside } from "@astrojs/starlight/components"; -Welcome to GpgFrontend, the cross-platform, OpenPGP encryption tool designed for -simplicity and security. This guide will walk you through the installation -process tailored to your operating system, ensuring you can start securing your -communications as quickly and efficiently as possible. +Welcome to GpgFrontend, the cross-platform, [OpenPGP](https://www.openpgp.org/) +encryption tool designed for simplicity and security. This guide will walk you +through the installation process tailored to your operating system, ensuring you +can start securing your communications as quickly and efficiently as possible. ## Before You Begin: Prerequisites -GpgFrontend leverages the robust functionalities of GnuPG for encryption, -decryption, and key management. It is crucial to have GnuPG installed on your -device to make full use of GpgFrontend. +GpgFrontend leverages the robust functionalities of +[GnuPG](https://www.gnupg.org/) for encryption, decryption, and key management. +It is crucial to have GnuPG installed on your device to make full use of +GpgFrontend. **Windows users:** GnuPG is bundled with GpgFrontend for Windows. You do not need to install it separately. diff --git a/src/content/docs/overview/glance.mdx b/src/content/docs/overview/glance.mdx index 7f18a00..df8f233 100644 --- a/src/content/docs/overview/glance.mdx +++ b/src/content/docs/overview/glance.mdx @@ -14,8 +14,9 @@ empowers you with secure communication—no clutter, no bloat, total control. ## Why GpgFrontend? -GpgFrontend is more than a simple “button-and-command” wrapper around GnuPG. -Every detail is designed for real-world usability, security, and portability: +GpgFrontend is more than a simple “button-and-command” wrapper around +[GnuPG](https://www.gnupg.org/). Every detail is designed for real-world +usability, security, and portability: - **Effortless Encryption & Signing:** Quickly encrypt, decrypt, and sign texts, files, and emails in one click. @@ -133,9 +134,6 @@ update, and user feedback converge to refine and enhance GpgFrontend. - [Source Code of Application](https://github.com/saturneric/GpgFrontend) - [Source Code of User Manual](https://github.com/saturneric/GpgFrontend-Manual) -**Current Manual Version:** -[v2.1.9](https://github.com/saturneric/GpgFrontend/releases/tag/v2.1.9) - ## License and Contributions GpgFrontend is licensed under GPL-3.0. Contributions—from issue reports to code |