diff options
| -rw-r--r-- | src/content/docs/guides/generate-use-subkey.md | 6 | ||||
| -rw-r--r-- | src/content/docs/guides/import-export-key-pair.md | 12 | ||||
| -rw-r--r-- | src/content/docs/guides/key-group.md | 2 | ||||
| -rw-r--r-- | src/content/docs/guides/smart-card.md | 2 | ||||
| -rw-r--r-- | src/content/docs/guides/understand-interface.md | 2 | ||||
| -rw-r--r-- | src/content/docs/guides/view-keypair-info.md | 176 |
6 files changed, 100 insertions, 100 deletions
diff --git a/src/content/docs/guides/generate-use-subkey.md b/src/content/docs/guides/generate-use-subkey.md index d1af9be..f3f9271 100644 --- a/src/content/docs/guides/generate-use-subkey.md +++ b/src/content/docs/guides/generate-use-subkey.md @@ -29,7 +29,7 @@ There are **two entry points** to generate a subkey: 3. Switch to the **Keychain** tab. 4. Click the **“Generate A New Subkey”** button. - + ### Configuring the Subkey @@ -68,7 +68,7 @@ Once all configurations are completed: - The new subkey will be listed under the **Keychain** tab of the selected key pair. - + ## Understanding Primary Keys and Subkeys @@ -154,7 +154,7 @@ and successfully export a subkey: a location to save the exported subkey. Choose a secure directory and save the subkey as a separate file. - + ### Step-by-Step Guide to Importing Subkeys diff --git a/src/content/docs/guides/import-export-key-pair.md b/src/content/docs/guides/import-export-key-pair.md index 48a782e..0ac9274 100644 --- a/src/content/docs/guides/import-export-key-pair.md +++ b/src/content/docs/guides/import-export-key-pair.md @@ -11,13 +11,13 @@ To access the import options, navigate to the toolbar and select the desired method based on your specific requirements. Additionally, you can access additional options by selecting the action menu in the key management section. - + In fact, you can find the action menu in the key management section, which provides access to additional key management options beyond those available in the toolbar. - + ### File @@ -45,7 +45,7 @@ to import a corresponding public key. It is important to note that when using this method, only public keys can be imported. A detailed description of this part can be found -[Here](./key-server-operations.md). +[Here](/guides/key-server-operations/). ### Dropdown on Key Toolbox @@ -82,7 +82,7 @@ shown in the screenshot below. This will save the data to a file. Before proceeding, please make sure to choose a suitable directory to store the file containing the public key data. - + ### Export multiple public keys at once @@ -91,7 +91,7 @@ pairs on the key management interface and click on the "Export to Clipboard" option. This will copy the data to your system clipboard, which you can then paste into any application or file. - + ### Export Private Key @@ -100,7 +100,7 @@ contains the private key (either the primary key or subkey). From there, you can select a destination and GpgFrontend will export the corresponding private key content to that location. - + Exporting the private key also exports both the public key and private key data, as the private key data alone is meaningless without the corresponding public diff --git a/src/content/docs/guides/key-group.md b/src/content/docs/guides/key-group.md index 2f4c3cb..5b7db85 100644 --- a/src/content/docs/guides/key-group.md +++ b/src/content/docs/guides/key-group.md @@ -40,7 +40,7 @@ will be able to decrypt messages or files encrypted to that group. the key list with Type shown as group. You can now use this group for encryption and other operations—just like a single public key. - +  diff --git a/src/content/docs/guides/smart-card.md b/src/content/docs/guides/smart-card.md index 38a4765..bcf2d8f 100644 --- a/src/content/docs/guides/smart-card.md +++ b/src/content/docs/guides/smart-card.md @@ -9,7 +9,7 @@ managing your OpenPGP smart cards (such as YubiKey, Nitrokey, or other compatible devices). It allows you to view detailed card information, perform essential operations, and manage keys directly on your smart card. - + ## Core Concepts and Frequently Asked Questions diff --git a/src/content/docs/guides/understand-interface.md b/src/content/docs/guides/understand-interface.md index 495f3e6..6a94564 100644 --- a/src/content/docs/guides/understand-interface.md +++ b/src/content/docs/guides/understand-interface.md @@ -8,7 +8,7 @@ This documentation explains the layout and features of the latest GpgFrontend interface, helping users to efficiently utilize all cryptographic operations in different workspaces. - + ## Workspace Overview diff --git a/src/content/docs/guides/view-keypair-info.md b/src/content/docs/guides/view-keypair-info.md index 85bf534..00e8a62 100644 --- a/src/content/docs/guides/view-keypair-info.md +++ b/src/content/docs/guides/view-keypair-info.md @@ -16,7 +16,7 @@ is used for encryption only, but if you possess the private key, you can perform more actions (it also depends on your algorithm; DSA can only be used for signatures). - + ## General Info @@ -32,7 +32,7 @@ set it as the primary UID to change it. According to the OpenPGP protocol, this part is divided into Name, Email, and Comment. - + ### Primary Key @@ -48,7 +48,7 @@ not exist, but this doesn't mean that neither the public key nor the private key exists. Please remember: Each subkey and primary key consist of a pair of public and private keys. - + #### Key ID @@ -75,7 +75,7 @@ the key algorithm shown here is more precise. For example, it can specify particular algorithms such as ED25519 or NISTP256, providing detailed information about the specific cryptographic methods employed. - + #### Key Size @@ -125,7 +125,7 @@ other key pairs. ### Fingerprint - + The fingerprint of the key pair is used for humans to quickly compare whether the key pair is the expected key pair. This field is unique for all keys in the @@ -142,7 +142,7 @@ pair is what they expected. However, for accurate identification, fingerprints or key IDs should be compared. A key can have multiple UIDs, but a key pair can only have one primary UID, which is always listed first in the interface. - + UID has three elements: Name, Email, Comment. The name should be at least five characters long, and the email should conform to the format. The rules for @@ -158,7 +158,7 @@ keyring with their signature to the keyserver. If many people do the same, the public key on the keyserver will have numerous signatures, making it trustworthy. - + You can also use the primary key of another key pair to sign a UID. Generally, a primary UID of a key pair with many valid signatures is considered more @@ -172,35 +172,47 @@ the signer's UID. ## Subkey Info -The sub-key mechanism is a crucial feature of GPG that improves both flexibility -and security. However, it also introduces some complexity, which can be -challenging for beginners. For a basic understanding, consider the following -points: +The subkey mechanism is a core feature of GnuPG, designed to enhance both security and operational flexibility. While powerful, subkeys can introduce some complexity for new users. Here are the fundamentals to help you understand and manage subkeys effectively: -- A key pair can be likened to a key ring, comprising a primary key (a pair of - public and private keys) and multiple subkeys (or none). -- Each subkey and primary key consists of a pair of public and private keys. +- Key Pair as a Keyring: Think of your GPG key pair as a keyring, with a primary + key (the “master” key) and zero or more subkeys. +- Primary Key vs Subkeys: The primary key is the root of trust. It certifies + subkeys and is typically reserved for critical actions, such as signing other + keys (certification) or adding user IDs. - The subkey can perform related operations (such as signing, encryption) in the absence or unavailability of the primary key. - The functions of subkeys can overlap, and when both subkeys can be used for signing, the earlier one is selected. - Subkeys can use more algorithms than the primary key, but usually have the same effect on daily operations. -- The disclosure of a subkey only affects that subkey, while the disclosure of - the primary key endangers the entire key pair. +- Security Isolation: If a subkey is ever compromised, only that subkey needs to + be revoked and replaced—the trust chain anchored by the primary key remains + intact. However, if the primary key is compromised, the entire key structure is + at risk, as it controls all subkeys and certifications. - +As shown in the Key Details window (see below), all subkeys and the primary key +are listed along with their properties (algorithm, size, usage, etc.), allowing +for clear management and monitoring. -The primary key and all subkeys in the key pair are displayed on the interface. -Some information about the key is also listed below. + -### Key In smart card +### Key in Smart Card -Whether a key is in the smart card refers to whether the key is moved to the -smart card. Moving the key to the smart card changes the structure of the key -and is irreversible. +Key in Smart Card indicates whether a particular (sub)key’s private component +has been moved to a hardware smart card. -### Operations +- When a key is moved to a smart card, its private part is physically + transferred and removed from your local key database. +- This change is irreversible—the private key now exists only on the smart card + and cannot be extracted back. +- This provides strong protection against malware or key theft: cryptographic + operations using that key (such as signing or decrypting) will now require the + smart card to be present and unlocked. + +> Tip: Moving your encryption or signing subkey to a smart card is highly +> recommended for > users seeking maximum security. + +## Operations In this column, what you can do differs for a key pair that only has a public key and a key pair that includes a private key. @@ -208,35 +220,29 @@ key and a key pair that includes a private key. ### Operations on a Public Key This interface provides various general operations that can be performed on the -selected public key. Below is an explanation of each button's function: +selected public key. Below is an explanation of each button's function. - + -1. **Export Public Key**: +#### Export Public Key - - **Function**: This button allows you to export the public key to a file. - Exporting a public key is useful when you need to share it with others or - upload it to a keyserver. The exported file can then be distributed or - backed up as needed. +This button allows you to export the public key to a file. Exporting a public +key is useful when you need to share it with others or upload it to a keyserver. +The exported file can then be distributed or backed up as needed. -2. **Key Server Operation (Pubkey)**: +#### Key Server Operation (Pubkey) - - **Function**: This dropdown menu provides options for interacting with - keyservers. A keyserver is a repository where public keys are stored and - can be retrieved by others. The operations might include uploading your - public key to a keyserver, refreshing your public key with updates from the - keyserver, or searching for other public keys on the keyserver. +This dropdown menu provides options for interacting with keyservers. A keyserver +is a repository where public keys are stored and can be retrieved by others. The +operations include refreshing your public key with updates from the keyserver. -3. **Set Owner Trust Level**: - - **Function**: This button allows you to set the trust level for the owner - of the public key. Trust levels are part of the web of trust model used in - public key infrastructures. By setting the trust level, you indicate how - much you trust the key owner to correctly verify and sign other keys. This - affects how your system evaluates the validity of signatures made by the - key owner. +#### Set Owner Trust Level -These operations facilitate the management and sharing of public keys, helping -to establish and maintain trust within a cryptographic system. +This button allows you to set the trust level for the owner of the public key. +Trust levels are part of the web of trust model used in public key +infrastructures. By setting the trust level, you indicate how much you trust the +key owner to correctly verify and sign other keys. This affects how your system +evaluates the validity of signatures made by the key owner. ### Operations on a Private Key @@ -244,58 +250,52 @@ This interface provides various general operations that can be performed on the selected key pair, including both public and private key operations. Below is an explanation of each button's function: - + -1. **Export Public Key**: +#### Export Public Key - - **Function**: This button allows you to export the public key to a file. - This is useful for sharing your public key with others or for uploading it - to a keyserver. The exported file can be distributed or backed up as - needed. +This button allows you to export the public key to a file. This is useful for +sharing your public key with others or for uploading it to a keyserver. The +exported file can be distributed or backed up as needed. -2. **Export Private Key**: +#### Export Private Key - - **Function**: This button provides options for exporting the private key. - There are typically two modes for exporting: - - **Export Complete Private Key**: This exports the entire private key, - including all associated information. It is used when you need a full - backup or when transferring the key to another system. - - **Export Minimal Private Key**: This exports only the essential - components of the private key, minimizing the amount of data. This can be - useful for more secure key transfers or for environments with specific - security requirements. +This button provides options for exporting the private key. There are typically +two modes for exporting: -3. **Modify Expiration Datetime (Primary Key)**: +- **Export Complete Private Key**: This exports the entire private key, + including all associated information. It is used when you need a full backup + or when transferring the key to another system. +- **Export Minimal Private Key**: This exports only the essential components of + the private key, minimizing the amount of data. This can be useful for more + secure key transfers or for environments with specific security requirements. - - **Function**: This button allows you to modify the expiration date and time - of the primary key. This is important for managing the key's lifecycle and - ensuring that it remains valid for the desired period. Adjusting the - expiration date can help maintain security by ensuring keys are - periodically reviewed and updated. +#### Modify Expiration Datetime (Primary Key) -4. **Modify Password**: +This button allows you to modify the expiration date and time of the primary +key. This is important for managing the key's lifecycle and ensuring that it +remains valid for the desired period. Adjusting the expiration date can help +maintain security by ensuring keys are periodically reviewed and updated. - - **Function**: This button enables you to change the password that protects - the private key. Changing the password can enhance security, especially if - you suspect that the current password may have been compromised or if you - want to follow best practices for regular password updates. +#### Modify Password -5. **Key Server Operation (Pubkey)**: +This button enables you to change the password that protects the private key. +Changing the password can enhance security, especially if you suspect that the +current password may have been compromised or if you want to follow best +practices for regular password updates. - - **Function**: This dropdown menu provides options for interacting with - keyservers using the public key. Operations might include uploading the - public key to a keyserver, or refreshing the key from the keyserver. - Keyservers facilitate the distribution and retrieval of public keys. +#### Key Server Operation (Pubkey) -6. **Revoke Certificate Operation**: +This dropdown menu provides options for interacting with keyservers using the +public key. Operations might include uploading the public key to a keyserver, or +refreshing the key from the keyserver. Keyservers facilitate the distribution +and retrieval of public keys. - - **Function**: This dropdown menu provides options for generating a - revocation certificate for the key or importing an existing revocation - certificate. Revoking a certificate is necessary if the key has been - compromised or is no longer needed. This action invalidates the key, - ensuring it cannot be maliciously used. Revocation information is typically - uploaded to a keyserver to inform others about the revoked status of the - key. +#### Revoke Certificate Operation -These operations help manage the lifecycle of key pairs, ensuring their secure -use and proper distribution. +This dropdown menu provides options for generating a revocation certificate for +the key or importing an existing revocation certificate. Revoking a certificate +is necessary if the key has been compromised or is no longer needed. This action +invalidates the key, ensuring it cannot be maliciously used. Revocation +information is typically uploaded to a keyserver to inform others about the +revoked status of the key. |