diff options
Diffstat (limited to '')
| -rw-r--r-- | src/content/docs/guides/key-server-operations.md | 68 |
1 files changed, 32 insertions, 36 deletions
diff --git a/src/content/docs/guides/key-server-operations.md b/src/content/docs/guides/key-server-operations.md index 86ed472..6a7a7c9 100644 --- a/src/content/docs/guides/key-server-operations.md +++ b/src/content/docs/guides/key-server-operations.md @@ -8,6 +8,7 @@ They allow users to **share, retrieve, and update** public keys, making secure communication possible even when direct key exchange is not feasible. Key servers are especially helpful when: + - You need to encrypt a message but don't have the recipient’s public key. - You want to make your public key available for others to use. - You need to **update or revoke** your public key in case of a compromise. @@ -18,20 +19,25 @@ straightforward for all users. ## 📥 Import Public Key From Key Server -To import a public key, go to the **Import Key** section in the main page or Key -Manager, and select the **Key Server** option. +1. Open the Import Key Menu: In the Operations Bar at the top of the main + window, click the Import Key button (with a downward arrow). +2. Select "Keyserver" Source: In the drop-down menu, choose Keyserver as the + import source. - + ### How to Import: -1. Choose a key server from the drop-down list. + +1. Choose a key server from the drop-down list. 2. Enter a **Key ID**, **Fingerprint**, or **Email Address** into the search field. 3. Click **Search**. 4. If results are found, double-click a record to import the public key. + + > 💡 By default, the key server list includes recommended options such as: +> > - `https://keys.openpgp.org` > - `https://keyserver.ubuntu.com` > @@ -42,31 +48,17 @@ UI](https://image.cdn.bktus.com/i/2023/11/16/d75cb252-9a65-5b73-01cd-a45b5ff501e ### After Importing Once a key is imported: + - GpgFrontend will display a confirmation message. - If a newer version of the key already exists locally, the import is skipped. You can then verify: + - Key creation date - UID and key ID - Whether the key is expired or revoked (using Key Manager filters) -## 📤 Export My Public Key to Key Server - -To publish your public key: - -1. Open the **Key Details** interface for your key pair. -2. Go to the **Operations** tab. -3. Click **“Upload key pair to key server”**. - - - -> ⚠️ GpgFrontend only allows uploading if a **master key** is present to prevent -> accidental publishing of incomplete keys. - -Note: -- Only **public key** data is uploaded. -- Private keys are **never** uploaded. + ## 📤 Export My Public Key to Key Server @@ -79,6 +71,7 @@ by default. This server uses the **Verifying Keyserver (VKS) Interface**, which provides extra protection against spam and key poisoning. ### Key Points: + - 🔐 **Only public keys are uploaded**, never private keys. - ✅ **Master key is required** to export. - ✉️ `keys.openpgp.org` requires email verification before your key becomes @@ -87,11 +80,12 @@ provides extra protection against spam and key poisoning. deleted. To export: + 1. Open the **Key Details** interface. 2. Go to the **Operations** tab. 3. Click **“Upload key pair to key server”**. - + ## 🔄 Synchronize Public Key Information @@ -102,6 +96,7 @@ Like exporting, after v2.1.6, this operation also uses **https://keys.openpgp.org** and its **VKS API**. GpgFrontend will: + - Query the key server using your key’s fingerprint. - Compare the server copy with your local one. - Indicate if any update is applied. @@ -115,9 +110,10 @@ You can configure your key server preferences in: > **Settings → Key Servers** - + ### Features: + - **Add a Server**: Enter the `https://` or `http://` address and click **Add**. - **Edit a Server**: Double-click an address to edit it. - **Delete a Server**: Right-click a row and select **Delete**. @@ -147,10 +143,10 @@ operations: ## Tips about Key Servers -| Key Server | Fuzzy Search | VKS Interface | Notes | -|-------------------------|--------------|---------------|-------------------------------------------| -| `keys.openpgp.org` | ❌ No | ✅ Yes | Requires exact match (email, fingerprint) | -| `keyserver.ubuntu.com` | ✅ Yes | ❌ No | Traditional HKP server, less strict | +| Key Server | Fuzzy Search | VKS Interface | Notes | +| ---------------------- | ------------ | ------------- | ----------------------------------------- | +| `keys.openpgp.org` | ❌ No | ✅ Yes | Requires exact match (email, fingerprint) | +| `keyserver.ubuntu.com` | ✅ Yes | ❌ No | Traditional HKP server, less strict | > 🔎 `keys.openpgp.org` does **not** support fuzzy search — you must use the > **exact email**, **full fingerprint**, or **full key ID**. @@ -171,31 +167,31 @@ GpgFrontend v2.1.6 introduces a feature that automatically checks whether your public key has been published on [keys.openpgp.org](https://keys.openpgp.org), helping users keep track of their key visibility on the VKS-based keyserver. -### ✅ Feature Overview +### Feature Overview - When enabled, GpgFrontend will fetch the **publish status** of a key from the key server. - If the key is found to be published on `keys.openpgp.org`, a message like the following will be shown in the **Key Details** tab: - + -### ⚙️ How to Enable +### How to Enable To activate this: 1. Go to `Settings → Network` tab. -2. Under **Network Ability**, check the box: - - ✅ **Automatically fetch key publish status from key server** +2. Under **Network Ability**, check the box: `Automatically fetch key publish +status from key server` 3. Restart GpgFrontend to apply the change. - + ### ⚠️ Important Notes - This feature **only works with `keys.openpgp.org`**, which supports the **Verifying Keyserver (VKS) API**. -- If the `KeyServerSync` plugin is **disabled**, the publish status will **not +- If the `KeyServerSync` module is **disabled**, the publish status will **not be fetched**, and no notice will appear in the UI. - It is purely a **read-only status check**, and does not modify or upload anything to the server. @@ -206,4 +202,4 @@ To activate this: be deleted**. - Always verify imported keys before using them. - Maintain proper key hygiene: revoke and update keys when compromised. -- Never upload private key material to any server.
\ No newline at end of file +- Never upload private key material to any server. |