diff options
Diffstat (limited to 'src/content/docs')
22 files changed, 283 insertions, 287 deletions
diff --git a/src/content/docs/advanced/gnupg-controller.md b/src/content/docs/advanced/gnupg-controller.md index 99090cb..6f981a2 100644 --- a/src/content/docs/advanced/gnupg-controller.md +++ b/src/content/docs/advanced/gnupg-controller.md @@ -27,7 +27,7 @@ features. The **General** tab provides essential configuration options for GpgFrontend's interaction with GPG. - + ### Available Options @@ -89,19 +89,20 @@ detailed documentation is available elsewhere, note the following key points: - **Switch Between Databases**: Use the **Key Toolbox** dropdown in the main interface to select the active database. - + :::tip[Tipps] > For more information on key database management, refer to the dedicated > documentation. -> ::: + +::: ## Advanced Tab: Custom GnuPG Configuration The **Advanced** tab is designed for users who need to configure custom GPG installations. - + ### Configuring Custom GnuPG diff --git a/src/content/docs/advanced/key-database.md b/src/content/docs/advanced/key-database.md index 6cd71cb..ebec9d5 100644 --- a/src/content/docs/advanced/key-database.md +++ b/src/content/docs/advanced/key-database.md @@ -46,7 +46,7 @@ To manage multiple key databases, follow these steps: - In the **GnuPG Controller** window, switch to the **Key Database** tab. - Here, you will find a list of all configured key databases. - + ## Managing Key Databases @@ -74,7 +74,7 @@ Right-click on a database entry to view options like: - **Edit**: Rename or modify the path of an existing database. - **Remove**: Delete a database from the configuration. - + :::caution diff --git a/src/content/docs/appendix/code-binary-verify.md b/src/content/docs/appendix/code-binary-verify.md index 4ff95ae..005215f 100644 --- a/src/content/docs/appendix/code-binary-verify.md +++ b/src/content/docs/appendix/code-binary-verify.md @@ -10,7 +10,7 @@ secure, automated build processes. ## Automated Build Process -Our software leverages **GitHub Actions** for automated compilations, ensuring +GpgFrontend leverages **GitHub Actions** for automated compilations, ensuring that every binary file version released is directly compiled from the source code stored in the GitHub repository's main branch. This approach guarantees that the compilation process is transparent, replicable, and free from manual @@ -32,10 +32,12 @@ verification mechanisms, as outlined below: ### Windows -All executable files (.exe, .dll) and installer packages are signed using a -Certum code signing certificate. The signature is trusted by Windows and can be -verified through standard Windows mechanisms (e.g., file properties or -signtool). +All executable files (.exe, .dll) and installer packages (.msi, .msix) are +signed using a [Certum](https://www.certum.eu/en/certum-by-asseco/) code signing +certificate. The signature is trusted by Windows and can be verified through +standard Windows mechanisms (e.g., file properties or signtool). + + ### macOS @@ -44,6 +46,8 @@ certificate (codesign). Each official release also passes Apple Notarization, ensuring the package’s integrity and compliance with Apple’s security standards. Gatekeeper will automatically verify these protections on first launch. + + ### Linux AppImage packages are provided with a GPG signature file (with a .sig suffix) in @@ -52,6 +56,8 @@ integrity of the package using the provided GPG public key before installation or execution. For Flatpak and other formats, the platform’s own signature and sandboxing mechanisms offer additional security. + + ## Build Info Verification Our software includes an "About" interface accessible from the help menu, @@ -59,6 +65,8 @@ providing users with information about the software version, platform, and the specific GitHub repository branch and commit hash used for compiling the binary. This feature adds an extra layer of transparency and verification for users. + + ## Public Key for Verification Below is the public key used for signing the commits and binary files, which can diff --git a/src/content/docs/appendix/setup-dev-env.md b/src/content/docs/appendix/setup-dev-env.md index 0e2f01d..a83dd43 100644 --- a/src/content/docs/appendix/setup-dev-env.md +++ b/src/content/docs/appendix/setup-dev-env.md @@ -78,7 +78,6 @@ sudo apt-get install -y build-essential cmake ninja-build libarchive-dev libssl- ```bash brew install cmake openssl@3 ninja libarchive gpgme brew link --force openssl@3 - ``` - **For Windows (via MSYS2):** Set up MSYS2 according to its documentation and diff --git a/src/content/docs/appendix/system-requirement.md b/src/content/docs/appendix/system-requirement.md index 7afb0df..f3a6899 100644 --- a/src/content/docs/appendix/system-requirement.md +++ b/src/content/docs/appendix/system-requirement.md @@ -51,9 +51,9 @@ dependencies: This variant ensures compatibility with earlier Windows environments, extending the tool's accessibility and usability. -- **GnuPG 2.1.0 or Higher:** GpgFrontend integrates with GnuPG for its +- **GnuPG 2.2.0 or Higher:** GpgFrontend integrates with GnuPG for its cryptographic operations, including encryption, decryption, and digital - signing. While GpgFrontend supports GnuPG version 2.1.0 or newer, some + signing. While GpgFrontend supports GnuPG version 2.2.0 or newer, some features may not be fully functional with versions below 2.4.0. For the best compatibility and to ensure access to all features, it is strongly recommended to use GnuPG 2.4.0 or higher. Please note that GnuPG 1.x versions are not diff --git a/src/content/docs/appendix/translate-interface.md b/src/content/docs/appendix/translate-interface.md index 6eed5a6..c2e1f99 100644 --- a/src/content/docs/appendix/translate-interface.md +++ b/src/content/docs/appendix/translate-interface.md @@ -21,7 +21,8 @@ GpgFrontend uses the tools provided by this library. 1. Download or clone source code [HERE](https://github.com/saturneric/GpgFrontend) -2. You will find some ts files(.ts) at path `resource/lfs/locale/ts` +2. You will find some ts files(.ts) at path + [`resource/lfs/locale/ts`](https://github.com/saturneric/GpgFrontend/tree/main/resource/lfs/locale/ts) 3. Add a new language: Create a new file; see [locale codes](https://saimana.com/list-of-country-locale-code/). 4. To edit or update an existing language, navigate to the path `resource/lfs/locale/ts`. diff --git a/src/content/docs/extra/algorithms-comparison.md b/src/content/docs/extra/algorithms-comparison.md index 9a52ccb..1b3cb98 100644 --- a/src/content/docs/extra/algorithms-comparison.md +++ b/src/content/docs/extra/algorithms-comparison.md @@ -49,8 +49,6 @@ decision. ## Understanding ECDH and ECDSA -### Overview of Elliptic Curve Cryptography (ECC) - Elliptic Curve Cryptography (ECC) is a powerful cryptographic method that provides robust security with relatively small key sizes, making it ideal for environments where computational power and storage are limited. ECC is commonly @@ -117,14 +115,12 @@ ECC algorithms and their specific applications. ## EdDSA (Edwards-Curve Digital Signature Algorithm) -### **Overview** - EdDSA is a modern digital signature algorithm based on elliptic curve cryptography. It is specifically designed to be more efficient, secure, and resistant to common implementation errors compared to older algorithms like DSA or ECDSA. -### **Key Characteristics** +### Key Characteristics - **Deterministic Signature Generation**: Unlike ECDSA and DSA, which require secure random numbers for each signature, EdDSA uses deterministic methods, @@ -135,19 +131,19 @@ or ECDSA. - **Ed448**: Provides higher 224-bit security for environments requiring greater protection but at the cost of performance. -### **Use Cases** +### Use Cases - **Ed25519**: Ideal for secure messaging (e.g., Signal), blockchain, and other modern cryptographic protocols where performance and efficiency are critical. - **Ed448**: Used in environments requiring stronger security, such as highly sensitive communications or systems with long-term security needs. -### **Performance** +### Performance EdDSA is faster than RSA and ECDSA for both signing and verification. Its compact key sizes make it ideal for resource-constrained devices or systems. -### **Compatibility** +### Compatibility While Ed25519 has gained significant adoption in modern cryptographic libraries, it is not yet universally supported in older systems or clients. Ed448 has even @@ -155,16 +151,13 @@ more limited support. ## Why ECDH Cannot Be Used as a Primary Key Algorithm -### Key Difference Between ECDH and ECDSA/EdDSA - -- **ECDH (Elliptic Curve Diffie-Hellman)** is a key exchange algorithm used to - establish shared secrets between two parties. It is not designed for signing - or verification, which are essential for primary key functionalities. -- **ECDSA (Elliptic Curve Digital Signature Algorithm)** and **EdDSA** are - signature algorithms, specifically designed for identity verification and - creating/verifying digital signatures, making them suitable for primary keys. +**ECDH (Elliptic Curve Diffie-Hellman)** is a key exchange algorithm used to +establish shared secrets between two parties. It is not designed for signing +or verification, which are essential for primary key functionalities. -### Primary Key Requirements +**ECDSA (Elliptic Curve Digital Signature Algorithm)** and **EdDSA** are +signature algorithms, specifically designed for identity verification and +creating/verifying digital signatures, making them suitable for primary keys. Primary keys are used to: @@ -178,14 +171,14 @@ key exchange tasks. ## Recommended Algorithms for Compatibility and Security -### **1. RSA (2048-bit or 3072-bit)** +### RSA (2048-bit or 3072-bit) - **Why**: RSA offers the broadest compatibility across legacy systems, libraries, and cryptographic protocols. - **When to Use**: Choose RSA when you need to ensure interoperability with older clients or systems that may not support newer elliptic curve algorithms. -### **2. Curve25519** +### Curve25519 - **Why**: Curve25519 is highly efficient, secure, and compact, making it a great choice for modern cryptographic applications. diff --git a/src/content/docs/guides/email-operations.md b/src/content/docs/guides/email-operations.md index 858ba27..01d7f28 100644 --- a/src/content/docs/guides/email-operations.md +++ b/src/content/docs/guides/email-operations.md @@ -46,38 +46,37 @@ other OpenPGP-enabled clients. - **Decrypt and Verify Together or Separately**: Flexibly handle incoming messages. -### Creating and Processing Emails - -#### Creating and Signing Emails +### Creating and Signing Emails 1. Open GpgFrontend and click **"New E-Mail"** to create a blank email. - - - 2. Type your email content in the editor. 3. Select your private key from the **Key Toolbox**. 4. Click **"Sign"** to digitally sign the email. - - Signed emails include a PGP signature block, visible in the content. +5. Fill Sender, Receiver and the Subject of the email. + + - + -#### Encrypting Emails + + + + +### Encrypting Emails 1. Select the recipient's public key in the **Key Toolbox**. -2. Click **"Encrypt"** to secure the email content. - - The content will be transformed into a PGP-encrypted format. +2. Click **"Encrypt"** to secure the email content. The content will be + transformed into a PGP-encrypted format. - + -#### Saving Emails for Sending +### Saving Emails for Sending 1. Processed emails can be saved as `.eml` files using **File > Save As**. 2. Upload the `.eml` file to your email client's drafts folder or webmail interface, then send the email. -### Receiving and Processing Emails - -#### Decrypting and Verifying Emails +### Decrypting and Verifying Emails 1. Export the email source as an `.eml` file from your email client or copy the raw email source. @@ -87,9 +86,9 @@ other OpenPGP-enabled clients. - **"Verify"**: Validate the signature without decrypting. - **"Decrypt"**: Decrypt without verifying. - + -#### Offline Validation +### Offline Validation - GpgFrontend processes all email verification and decryption offline, ensuring that no sensitive data is exposed to external servers. @@ -97,21 +96,19 @@ other OpenPGP-enabled clients. ### Why Use EML Format? -#### Benefits of EML - - `.eml` is a widely supported format across email clients like Thunderbird, Outlook, and webmail platforms. - Unlike proprietary email handling protocols, `.eml` allows for seamless export, import, and offline processing. -#### Why Not Use IMAP/SMTP? +### Why Not Use IMAP/SMTP? - Avoids the complexity and potential vulnerabilities introduced by integrating full-fledged email protocols. - Keeps the application lightweight and focused on local cryptographic operations. -#### Addressing PGP Limitations in Clients +### Addressing PGP Limitations in Clients - Many email clients lack robust PGP support or offer inconsistent implementations. @@ -157,26 +154,13 @@ other OpenPGP-enabled clients. ## Best Practices for Secure Email Handling -1. **Use Trusted Keys**: - - - Regularly validate public keys to prevent misuse. - - Import keys only from trusted sources. - -2. **Keep Private Keys Offline**: - - - Avoid uploading private keys to email providers. - - Store private keys securely, preferably on encrypted storage. - -3. **Leverage GpgFrontend's Local Processing**: - - - Ensure all encryption, signing, and verification tasks are performed - offline for maximum security. - -4. **Save Emails in EML Format**: - - - Use `.eml` files for cross-platform compatibility and simple integration - with various email clients. - -5. **Check Email Compatibility**: - - Ensure recipients can handle PGP-encrypted emails or provide instructions - for using tools like GpgFrontend or Thunderbird. +- Use Trusted Keys: Regularly validate public keys to prevent misuse and import + keys only from trusted sources. +- Keep Private Keys Offline: Avoid uploading private keys to email providers and + store private keys securely, preferably on encrypted storage. +- Leverage GpgFrontend's Local Processing: Ensure all encryption, signing, and + verification tasks are performed offline for maximum security. +- Save Emails in EML Format: Use `.eml` files for cross-platform compatibility + and simple integration with various email clients. +- Check Email Compatibility: Ensure recipients can handle PGP-encrypted emails + or provide instructions for using tools like GpgFrontend or Thunderbird. diff --git a/src/content/docs/guides/file-operations.md b/src/content/docs/guides/file-operations.md index 6b25cce..7ff5bff 100644 --- a/src/content/docs/guides/file-operations.md +++ b/src/content/docs/guides/file-operations.md @@ -28,7 +28,7 @@ the main interface, streamlining your workflow for secure file handling. Sign, or Verify—to perform the desired cryptographic operation on the selected file(s). - + ## Using File Panel Directly @@ -61,6 +61,10 @@ and using the appropriate key from the Key Toolbox: public key is available in your keyring and click the Verify button in the toolbar. + + + + ## File Extension Requirements Understanding the appropriate file extensions helps in managing encrypted and @@ -88,8 +92,9 @@ settings. To change the output mode between ASCII and binary formats: -1. Open Settings: Navigate to the GnuPG Controller settings within GpgFrontend by accessing - the settings menu. +1. Open Settings: Navigate to the [GnuPG + Controller](/advanced/gnupg-controller/) settings within GpgFrontend by + accessing the settings menu. 2. Locate Binary Mode Option: In the settings interface, under the "General" section, find the option labeled "Use Binary Mode for File Operations". 3. Toggle Binary Mode: Check or uncheck this option to switch between binary @@ -98,6 +103,8 @@ To change the output mode between ASCII and binary formats: This streamlined process allows you to manage file encryption, decryption, signing, and verification efficiently with GpgFrontend. + + ### Quick Toggle via File Panel Menu In addition to the settings menu, GpgFrontend also provides a quick toggle @@ -141,6 +148,8 @@ volumes of data.  + + ## Folder Encryption and Decryption GpgFrontend supports seamless encryption and decryption of entire folders diff --git a/src/content/docs/guides/generate-key.md b/src/content/docs/guides/generate-key.md index a43c38f..55a7699 100644 --- a/src/content/docs/guides/generate-key.md +++ b/src/content/docs/guides/generate-key.md @@ -15,10 +15,12 @@ In the **Key Management** interface, click on the **“New Keypair”** button. opens the **Generate Key** window, where you can define your identity and configure key parameters. + + ## Enter User Information -- **Name**: Required. Enter your full name (minimum 5 characters). -- **Email**: Required. Must be in a valid email format. +- **Name**: Required. Enter your full name (minimum 5 characters). +- **Email**: Required. Must be in a valid email format. - **Comment**: Optional. Helps distinguish this key from others. ## Choose Key Database @@ -36,7 +38,7 @@ Easy Mode simplifies key generation using common templates. You can configure: - **Algorithm**: RSA, DSA, ECC (Curve25519), or other supported types. - **Validity Period**: Choose from preset options (e.g., 3 months, 2 years, 10 - years, or *Non Expired*). + years, or _Non Expired_). - **Combination**: - **Primary Key Only** - **Primary Key with Subkey** — useful when separating signing and encryption diff --git a/src/content/docs/guides/generate-use-subkey.md b/src/content/docs/guides/generate-use-subkey.md index d1af9be..f3f9271 100644 --- a/src/content/docs/guides/generate-use-subkey.md +++ b/src/content/docs/guides/generate-use-subkey.md @@ -29,7 +29,7 @@ There are **two entry points** to generate a subkey: 3. Switch to the **Keychain** tab. 4. Click the **“Generate A New Subkey”** button. - + ### Configuring the Subkey @@ -68,7 +68,7 @@ Once all configurations are completed: - The new subkey will be listed under the **Keychain** tab of the selected key pair. - + ## Understanding Primary Keys and Subkeys @@ -154,7 +154,7 @@ and successfully export a subkey: a location to save the exported subkey. Choose a secure directory and save the subkey as a separate file. - + ### Step-by-Step Guide to Importing Subkeys diff --git a/src/content/docs/guides/import-export-key-pair.md b/src/content/docs/guides/import-export-key-pair.md index 48a782e..0ac9274 100644 --- a/src/content/docs/guides/import-export-key-pair.md +++ b/src/content/docs/guides/import-export-key-pair.md @@ -11,13 +11,13 @@ To access the import options, navigate to the toolbar and select the desired method based on your specific requirements. Additionally, you can access additional options by selecting the action menu in the key management section. - + In fact, you can find the action menu in the key management section, which provides access to additional key management options beyond those available in the toolbar. - + ### File @@ -45,7 +45,7 @@ to import a corresponding public key. It is important to note that when using this method, only public keys can be imported. A detailed description of this part can be found -[Here](./key-server-operations.md). +[Here](/guides/key-server-operations/). ### Dropdown on Key Toolbox @@ -82,7 +82,7 @@ shown in the screenshot below. This will save the data to a file. Before proceeding, please make sure to choose a suitable directory to store the file containing the public key data. - + ### Export multiple public keys at once @@ -91,7 +91,7 @@ pairs on the key management interface and click on the "Export to Clipboard" option. This will copy the data to your system clipboard, which you can then paste into any application or file. - + ### Export Private Key @@ -100,7 +100,7 @@ contains the private key (either the primary key or subkey). From there, you can select a destination and GpgFrontend will export the corresponding private key content to that location. - + Exporting the private key also exports both the public key and private key data, as the private key data alone is meaningless without the corresponding public diff --git a/src/content/docs/guides/key-group.md b/src/content/docs/guides/key-group.md index 2f4c3cb..5b7db85 100644 --- a/src/content/docs/guides/key-group.md +++ b/src/content/docs/guides/key-group.md @@ -40,7 +40,7 @@ will be able to decrypt messages or files encrypted to that group. the key list with Type shown as group. You can now use this group for encryption and other operations—just like a single public key. - +  diff --git a/src/content/docs/guides/key-server-operations.md b/src/content/docs/guides/key-server-operations.md index 86ed472..6a7a7c9 100644 --- a/src/content/docs/guides/key-server-operations.md +++ b/src/content/docs/guides/key-server-operations.md @@ -8,6 +8,7 @@ They allow users to **share, retrieve, and update** public keys, making secure communication possible even when direct key exchange is not feasible. Key servers are especially helpful when: + - You need to encrypt a message but don't have the recipient’s public key. - You want to make your public key available for others to use. - You need to **update or revoke** your public key in case of a compromise. @@ -18,20 +19,25 @@ straightforward for all users. ## 📥 Import Public Key From Key Server -To import a public key, go to the **Import Key** section in the main page or Key -Manager, and select the **Key Server** option. +1. Open the Import Key Menu: In the Operations Bar at the top of the main + window, click the Import Key button (with a downward arrow). +2. Select "Keyserver" Source: In the drop-down menu, choose Keyserver as the + import source. - + ### How to Import: -1. Choose a key server from the drop-down list. + +1. Choose a key server from the drop-down list. 2. Enter a **Key ID**, **Fingerprint**, or **Email Address** into the search field. 3. Click **Search**. 4. If results are found, double-click a record to import the public key. + + > 💡 By default, the key server list includes recommended options such as: +> > - `https://keys.openpgp.org` > - `https://keyserver.ubuntu.com` > @@ -42,31 +48,17 @@ UI](https://image.cdn.bktus.com/i/2023/11/16/d75cb252-9a65-5b73-01cd-a45b5ff501e ### After Importing Once a key is imported: + - GpgFrontend will display a confirmation message. - If a newer version of the key already exists locally, the import is skipped. You can then verify: + - Key creation date - UID and key ID - Whether the key is expired or revoked (using Key Manager filters) -## 📤 Export My Public Key to Key Server - -To publish your public key: - -1. Open the **Key Details** interface for your key pair. -2. Go to the **Operations** tab. -3. Click **“Upload key pair to key server”**. - - - -> ⚠️ GpgFrontend only allows uploading if a **master key** is present to prevent -> accidental publishing of incomplete keys. - -Note: -- Only **public key** data is uploaded. -- Private keys are **never** uploaded. + ## 📤 Export My Public Key to Key Server @@ -79,6 +71,7 @@ by default. This server uses the **Verifying Keyserver (VKS) Interface**, which provides extra protection against spam and key poisoning. ### Key Points: + - 🔐 **Only public keys are uploaded**, never private keys. - ✅ **Master key is required** to export. - ✉️ `keys.openpgp.org` requires email verification before your key becomes @@ -87,11 +80,12 @@ provides extra protection against spam and key poisoning. deleted. To export: + 1. Open the **Key Details** interface. 2. Go to the **Operations** tab. 3. Click **“Upload key pair to key server”**. - + ## 🔄 Synchronize Public Key Information @@ -102,6 +96,7 @@ Like exporting, after v2.1.6, this operation also uses **https://keys.openpgp.org** and its **VKS API**. GpgFrontend will: + - Query the key server using your key’s fingerprint. - Compare the server copy with your local one. - Indicate if any update is applied. @@ -115,9 +110,10 @@ You can configure your key server preferences in: > **Settings → Key Servers** - + ### Features: + - **Add a Server**: Enter the `https://` or `http://` address and click **Add**. - **Edit a Server**: Double-click an address to edit it. - **Delete a Server**: Right-click a row and select **Delete**. @@ -147,10 +143,10 @@ operations: ## Tips about Key Servers -| Key Server | Fuzzy Search | VKS Interface | Notes | -|-------------------------|--------------|---------------|-------------------------------------------| -| `keys.openpgp.org` | ❌ No | ✅ Yes | Requires exact match (email, fingerprint) | -| `keyserver.ubuntu.com` | ✅ Yes | ❌ No | Traditional HKP server, less strict | +| Key Server | Fuzzy Search | VKS Interface | Notes | +| ---------------------- | ------------ | ------------- | ----------------------------------------- | +| `keys.openpgp.org` | ❌ No | ✅ Yes | Requires exact match (email, fingerprint) | +| `keyserver.ubuntu.com` | ✅ Yes | ❌ No | Traditional HKP server, less strict | > 🔎 `keys.openpgp.org` does **not** support fuzzy search — you must use the > **exact email**, **full fingerprint**, or **full key ID**. @@ -171,31 +167,31 @@ GpgFrontend v2.1.6 introduces a feature that automatically checks whether your public key has been published on [keys.openpgp.org](https://keys.openpgp.org), helping users keep track of their key visibility on the VKS-based keyserver. -### ✅ Feature Overview +### Feature Overview - When enabled, GpgFrontend will fetch the **publish status** of a key from the key server. - If the key is found to be published on `keys.openpgp.org`, a message like the following will be shown in the **Key Details** tab: - + -### ⚙️ How to Enable +### How to Enable To activate this: 1. Go to `Settings → Network` tab. -2. Under **Network Ability**, check the box: - - ✅ **Automatically fetch key publish status from key server** +2. Under **Network Ability**, check the box: `Automatically fetch key publish +status from key server` 3. Restart GpgFrontend to apply the change. - + ### ⚠️ Important Notes - This feature **only works with `keys.openpgp.org`**, which supports the **Verifying Keyserver (VKS) API**. -- If the `KeyServerSync` plugin is **disabled**, the publish status will **not +- If the `KeyServerSync` module is **disabled**, the publish status will **not be fetched**, and no notice will appear in the UI. - It is purely a **read-only status check**, and does not modify or upload anything to the server. @@ -206,4 +202,4 @@ To activate this: be deleted**. - Always verify imported keys before using them. - Maintain proper key hygiene: revoke and update keys when compromised. -- Never upload private key material to any server.
\ No newline at end of file +- Never upload private key material to any server. diff --git a/src/content/docs/guides/openpgp-trust-manage.md b/src/content/docs/guides/openpgp-trust-manage.md index 74989ed..d7749d6 100644 --- a/src/content/docs/guides/openpgp-trust-manage.md +++ b/src/content/docs/guides/openpgp-trust-manage.md @@ -29,7 +29,10 @@ user's confidence in the key owner's ability to vouch for others. This distinction allows users to build personalized and scalable Web of Trust models without relying heavily on external signatures or centralized authorities. + + Typical trust levels include: + - **Unknown**: No trust decision has been made. - **None**: The key owner is not trusted to certify other keys. - **Marginal**: The key owner is partially trusted. @@ -41,6 +44,24 @@ By using Owner Trust, users can securely manage communication without requiring constant updates from key servers, maintaining both simplicity and control over their trust network. +### Setting Owner Trust + +GpgFrontend makes it easy to manage Owner Trust levels for any key in your +collection directly from the Key Toolbox. + +To change the Owner Trust level: + +1. Locate the Key: Find the desired public key (or key group) in the Key Toolbox + table. +2. Open the Context Menu: Right-click on the key entry to display the context + menu. +3. Set Owner Trust Level: Select the “Set Owner Trust Level” option. + +A dialog will appear allowing you to choose the appropriate trust level +(Unknown, None, Marginal, Full, Ultimate). + + + ## Signing UIDs and Current Limitations In GpgFrontend, users can sign the UID (User ID) of another user’s OpenPGP @@ -48,7 +69,10 @@ public key to confirm its authenticity. However, during the initial design phase, the potential need to synchronize these signatures with key servers was not fully considered. + + Currently: + - GpgFrontend does not automatically upload signed UIDs to OpenPGP key servers. - Whether a signature update is accepted depends entirely on the specific key server’s policy. @@ -56,22 +80,26 @@ Currently: Reasons for not enforcing automatic synchronization: Uncontrollable Behavior of Key Servers + - Different servers (e.g., keys.openpgp.org, SKS servers) have varied policies regarding third-party signatures. - Some servers accept them; others require UID validation or reject them - altogether. + altogether. Potential Key Size Inflation + - Each additional signature increases the public key’s size. - Frequent uploads of third-party signatures would cause key bloat, impacting - synchronization and performance. + synchronization and performance. + +Practical User Behavior -3. Practical User Behavior - Most users verify fingerprints manually and rely on Owner Trust. - Synchronizing all third-party signatures to public servers is often unnecessary for typical use cases. ## Special Considerations for Organizational Users + In organizational environments (e.g., large enterprises), simple Owner Trust is often inadequate. In these cases, a Certificate Authority (CA)-based trust model is used: @@ -93,4 +121,3 @@ future development may consider it based on user demand. third-party signatures. - Explore the implementation of organizational trust models such as CA-based signature management and certificate presentation. - diff --git a/src/content/docs/guides/smart-card.md b/src/content/docs/guides/smart-card.md index 38a4765..bcf2d8f 100644 --- a/src/content/docs/guides/smart-card.md +++ b/src/content/docs/guides/smart-card.md @@ -9,7 +9,7 @@ managing your OpenPGP smart cards (such as YubiKey, Nitrokey, or other compatible devices). It allows you to view detailed card information, perform essential operations, and manage keys directly on your smart card. - + ## Core Concepts and Frequently Asked Questions diff --git a/src/content/docs/guides/text-opetations.md b/src/content/docs/guides/text-opetations.md index e753fa6..9018b5b 100644 --- a/src/content/docs/guides/text-opetations.md +++ b/src/content/docs/guides/text-opetations.md @@ -10,9 +10,12 @@ core cryptographic operations: **encryption**, **decryption**, **signing**, and cryptography and provides intuitive workflows for both beginners and advanced users. + + ## Understanding the Basics Public key cryptography relies on key pairs: + - **Public Key**: Used to encrypt or verify. - **Private Key**: Used to decrypt or sign. @@ -21,8 +24,8 @@ own key pair and exchange public keys with their communication partners. ## Encrypting Text -### Only Encrypt Use the recipient's **public key** to encrypt plaintext. This method: + - Produces a shorter ciphertext. - Does **not** reveal the sender's identity. - Is ideal when anonymity is preferred. @@ -30,82 +33,46 @@ Use the recipient's **public key** to encrypt plaintext. This method: > 🔐 Tip: Don’t use your own public key to encrypt unless you're sending a > message to yourself. - - -### Encrypt & Sign -This method encrypts the message with the recipient's public key and signs it -with **your own private key**, ensuring: -- Confidentiality -- Message authenticity -- Proof of origin - -To use this method: -- Choose the recipient’s public key. -- Select **your private key** with signing capability (`Usage = S`). - -> 📄 The resulting ciphertext is longer due to the signature. The Info Board -> will display signature details after encryption. - - + ## Signing Text -### Signature Only Use your **private key** to sign text without encrypting it: + - This confirms authorship. - Anyone with your public key can verify it. Check the key’s `Usage` column for `S` to confirm it's suitable for signing. - - -### Sign with Encryption -Sign and encrypt together by selecting the recipient's public key and your own -private signing key: -- Ensures both confidentiality and authenticity. -- Common in secure messaging or business communication. - - - ---- + ## Decrypting Text -### Decrypt Only Paste or load the ciphertext into GpgFrontend. The tool will: + - Automatically use the correct **private key**. - Notify you if no valid key is available. > ✅ No need to check `Usage` manually; the tool handles key matching. - - -### Decrypt & Verify -If the message was signed, GpgFrontend will: -- Verify the signature using the **sender’s public key**. -- Display whether the signature is valid. - -Use this for added assurance of sender authenticity and message integrity. - - - ---- + ## Verifying Signatures To verify a detached or embedded signature: + - Use the sender’s **public key**. - Paste or load the signed message. GpgFrontend will: + - Check the integrity. - Report any mismatch or missing public keys. > 📥 If the required public key is missing, GpgFrontend prompts you to import > it. - + ## Best Practices @@ -113,4 +80,4 @@ GpgFrontend will: - Share only your **public key**, and **never** your private key. - Use **Encrypt & Sign** for secure and authenticated communication. - Use **Sign Only** for publishing documents or messages that require integrity - but not secrecy.
\ No newline at end of file + but not secrecy. diff --git a/src/content/docs/guides/understand-interface.md b/src/content/docs/guides/understand-interface.md index 495f3e6..6a94564 100644 --- a/src/content/docs/guides/understand-interface.md +++ b/src/content/docs/guides/understand-interface.md @@ -8,7 +8,7 @@ This documentation explains the layout and features of the latest GpgFrontend interface, helping users to efficiently utilize all cryptographic operations in different workspaces. - + ## Workspace Overview diff --git a/src/content/docs/guides/view-keypair-info.md b/src/content/docs/guides/view-keypair-info.md index 85bf534..00e8a62 100644 --- a/src/content/docs/guides/view-keypair-info.md +++ b/src/content/docs/guides/view-keypair-info.md @@ -16,7 +16,7 @@ is used for encryption only, but if you possess the private key, you can perform more actions (it also depends on your algorithm; DSA can only be used for signatures). - + ## General Info @@ -32,7 +32,7 @@ set it as the primary UID to change it. According to the OpenPGP protocol, this part is divided into Name, Email, and Comment. - + ### Primary Key @@ -48,7 +48,7 @@ not exist, but this doesn't mean that neither the public key nor the private key exists. Please remember: Each subkey and primary key consist of a pair of public and private keys. - + #### Key ID @@ -75,7 +75,7 @@ the key algorithm shown here is more precise. For example, it can specify particular algorithms such as ED25519 or NISTP256, providing detailed information about the specific cryptographic methods employed. - + #### Key Size @@ -125,7 +125,7 @@ other key pairs. ### Fingerprint - + The fingerprint of the key pair is used for humans to quickly compare whether the key pair is the expected key pair. This field is unique for all keys in the @@ -142,7 +142,7 @@ pair is what they expected. However, for accurate identification, fingerprints or key IDs should be compared. A key can have multiple UIDs, but a key pair can only have one primary UID, which is always listed first in the interface. - + UID has three elements: Name, Email, Comment. The name should be at least five characters long, and the email should conform to the format. The rules for @@ -158,7 +158,7 @@ keyring with their signature to the keyserver. If many people do the same, the public key on the keyserver will have numerous signatures, making it trustworthy. - + You can also use the primary key of another key pair to sign a UID. Generally, a primary UID of a key pair with many valid signatures is considered more @@ -172,35 +172,47 @@ the signer's UID. ## Subkey Info -The sub-key mechanism is a crucial feature of GPG that improves both flexibility -and security. However, it also introduces some complexity, which can be -challenging for beginners. For a basic understanding, consider the following -points: +The subkey mechanism is a core feature of GnuPG, designed to enhance both security and operational flexibility. While powerful, subkeys can introduce some complexity for new users. Here are the fundamentals to help you understand and manage subkeys effectively: -- A key pair can be likened to a key ring, comprising a primary key (a pair of - public and private keys) and multiple subkeys (or none). -- Each subkey and primary key consists of a pair of public and private keys. +- Key Pair as a Keyring: Think of your GPG key pair as a keyring, with a primary + key (the “master” key) and zero or more subkeys. +- Primary Key vs Subkeys: The primary key is the root of trust. It certifies + subkeys and is typically reserved for critical actions, such as signing other + keys (certification) or adding user IDs. - The subkey can perform related operations (such as signing, encryption) in the absence or unavailability of the primary key. - The functions of subkeys can overlap, and when both subkeys can be used for signing, the earlier one is selected. - Subkeys can use more algorithms than the primary key, but usually have the same effect on daily operations. -- The disclosure of a subkey only affects that subkey, while the disclosure of - the primary key endangers the entire key pair. +- Security Isolation: If a subkey is ever compromised, only that subkey needs to + be revoked and replaced—the trust chain anchored by the primary key remains + intact. However, if the primary key is compromised, the entire key structure is + at risk, as it controls all subkeys and certifications. - +As shown in the Key Details window (see below), all subkeys and the primary key +are listed along with their properties (algorithm, size, usage, etc.), allowing +for clear management and monitoring. -The primary key and all subkeys in the key pair are displayed on the interface. -Some information about the key is also listed below. + -### Key In smart card +### Key in Smart Card -Whether a key is in the smart card refers to whether the key is moved to the -smart card. Moving the key to the smart card changes the structure of the key -and is irreversible. +Key in Smart Card indicates whether a particular (sub)key’s private component +has been moved to a hardware smart card. -### Operations +- When a key is moved to a smart card, its private part is physically + transferred and removed from your local key database. +- This change is irreversible—the private key now exists only on the smart card + and cannot be extracted back. +- This provides strong protection against malware or key theft: cryptographic + operations using that key (such as signing or decrypting) will now require the + smart card to be present and unlocked. + +> Tip: Moving your encryption or signing subkey to a smart card is highly +> recommended for > users seeking maximum security. + +## Operations In this column, what you can do differs for a key pair that only has a public key and a key pair that includes a private key. @@ -208,35 +220,29 @@ key and a key pair that includes a private key. ### Operations on a Public Key This interface provides various general operations that can be performed on the -selected public key. Below is an explanation of each button's function: +selected public key. Below is an explanation of each button's function. - + -1. **Export Public Key**: +#### Export Public Key - - **Function**: This button allows you to export the public key to a file. - Exporting a public key is useful when you need to share it with others or - upload it to a keyserver. The exported file can then be distributed or - backed up as needed. +This button allows you to export the public key to a file. Exporting a public +key is useful when you need to share it with others or upload it to a keyserver. +The exported file can then be distributed or backed up as needed. -2. **Key Server Operation (Pubkey)**: +#### Key Server Operation (Pubkey) - - **Function**: This dropdown menu provides options for interacting with - keyservers. A keyserver is a repository where public keys are stored and - can be retrieved by others. The operations might include uploading your - public key to a keyserver, refreshing your public key with updates from the - keyserver, or searching for other public keys on the keyserver. +This dropdown menu provides options for interacting with keyservers. A keyserver +is a repository where public keys are stored and can be retrieved by others. The +operations include refreshing your public key with updates from the keyserver. -3. **Set Owner Trust Level**: - - **Function**: This button allows you to set the trust level for the owner - of the public key. Trust levels are part of the web of trust model used in - public key infrastructures. By setting the trust level, you indicate how - much you trust the key owner to correctly verify and sign other keys. This - affects how your system evaluates the validity of signatures made by the - key owner. +#### Set Owner Trust Level -These operations facilitate the management and sharing of public keys, helping -to establish and maintain trust within a cryptographic system. +This button allows you to set the trust level for the owner of the public key. +Trust levels are part of the web of trust model used in public key +infrastructures. By setting the trust level, you indicate how much you trust the +key owner to correctly verify and sign other keys. This affects how your system +evaluates the validity of signatures made by the key owner. ### Operations on a Private Key @@ -244,58 +250,52 @@ This interface provides various general operations that can be performed on the selected key pair, including both public and private key operations. Below is an explanation of each button's function: - + -1. **Export Public Key**: +#### Export Public Key - - **Function**: This button allows you to export the public key to a file. - This is useful for sharing your public key with others or for uploading it - to a keyserver. The exported file can be distributed or backed up as - needed. +This button allows you to export the public key to a file. This is useful for +sharing your public key with others or for uploading it to a keyserver. The +exported file can be distributed or backed up as needed. -2. **Export Private Key**: +#### Export Private Key - - **Function**: This button provides options for exporting the private key. - There are typically two modes for exporting: - - **Export Complete Private Key**: This exports the entire private key, - including all associated information. It is used when you need a full - backup or when transferring the key to another system. - - **Export Minimal Private Key**: This exports only the essential - components of the private key, minimizing the amount of data. This can be - useful for more secure key transfers or for environments with specific - security requirements. +This button provides options for exporting the private key. There are typically +two modes for exporting: -3. **Modify Expiration Datetime (Primary Key)**: +- **Export Complete Private Key**: This exports the entire private key, + including all associated information. It is used when you need a full backup + or when transferring the key to another system. +- **Export Minimal Private Key**: This exports only the essential components of + the private key, minimizing the amount of data. This can be useful for more + secure key transfers or for environments with specific security requirements. - - **Function**: This button allows you to modify the expiration date and time - of the primary key. This is important for managing the key's lifecycle and - ensuring that it remains valid for the desired period. Adjusting the - expiration date can help maintain security by ensuring keys are - periodically reviewed and updated. +#### Modify Expiration Datetime (Primary Key) -4. **Modify Password**: +This button allows you to modify the expiration date and time of the primary +key. This is important for managing the key's lifecycle and ensuring that it +remains valid for the desired period. Adjusting the expiration date can help +maintain security by ensuring keys are periodically reviewed and updated. - - **Function**: This button enables you to change the password that protects - the private key. Changing the password can enhance security, especially if - you suspect that the current password may have been compromised or if you - want to follow best practices for regular password updates. +#### Modify Password -5. **Key Server Operation (Pubkey)**: +This button enables you to change the password that protects the private key. +Changing the password can enhance security, especially if you suspect that the +current password may have been compromised or if you want to follow best +practices for regular password updates. - - **Function**: This dropdown menu provides options for interacting with - keyservers using the public key. Operations might include uploading the - public key to a keyserver, or refreshing the key from the keyserver. - Keyservers facilitate the distribution and retrieval of public keys. +#### Key Server Operation (Pubkey) -6. **Revoke Certificate Operation**: +This dropdown menu provides options for interacting with keyservers using the +public key. Operations might include uploading the public key to a keyserver, or +refreshing the key from the keyserver. Keyservers facilitate the distribution +and retrieval of public keys. - - **Function**: This dropdown menu provides options for generating a - revocation certificate for the key or importing an existing revocation - certificate. Revoking a certificate is necessary if the key has been - compromised or is no longer needed. This action invalidates the key, - ensuring it cannot be maliciously used. Revocation information is typically - uploaded to a keyserver to inform others about the revoked status of the - key. +#### Revoke Certificate Operation -These operations help manage the lifecycle of key pairs, ensuring their secure -use and proper distribution. +This dropdown menu provides options for generating a revocation certificate for +the key or importing an existing revocation certificate. Revoking a certificate +is necessary if the key has been compromised or is no longer needed. This action +invalidates the key, ensuring it cannot be maliciously used. Revocation +information is typically uploaded to a keyserver to inform others about the +revoked status of the key. diff --git a/src/content/docs/overview/contact.md b/src/content/docs/overview/contact.md index 4ae3b76..3fe60b7 100644 --- a/src/content/docs/overview/contact.md +++ b/src/content/docs/overview/contact.md @@ -25,14 +25,15 @@ For email correspondence, I strongly prefer plain text over HTML format. > legal or formal situations. It’s provided here mainly for code signing > certificate verification. In formal settings, please use Mr. Hu. -### About My Domain +## About My Domain -The domain [`bktus.com`](https://bktus.com/) (“Bakantu union us”) is just a personal domain I -registered as a teenager. “Bakantu” is simply a made-up word—no hidden meaning! -I just wanted a name that blended technology and community, reflecting values -like innovation, connectivity, and collaboration. :) +The domain [`bktus.com`](https://bktus.com/) (“Bakantu union us”) is just a +personal domain I registered as a teenager. “Bakantu” is simply a made-up +word—no hidden meaning! I just wanted a name that blended technology and +community, reflecting values like innovation, connectivity, and collaboration. +:) -### Language Proficiency +## Language Proficiency I can use the following languages and welcome communication in any of them: @@ -40,7 +41,7 @@ I can use the following languages and welcome communication in any of them: - Chinese - German -### Secure Communication (GPG Public Key) +## Secure Communication (GPG Public Key) For secure and encrypted communication, below is my long-term PGP public key. Please ensure any encrypted messages are sent in plain text format and avoid diff --git a/src/content/docs/overview/getting-started.md b/src/content/docs/overview/getting-started.md index 167b4d9..5359b1f 100644 --- a/src/content/docs/overview/getting-started.md +++ b/src/content/docs/overview/getting-started.md @@ -70,7 +70,8 @@ opening without additional permissions. #### Using Homebrew Cask -For an effortless install or removal process, use Homebrew Cask: +For an effortless install or removal process, use [Homebrew +Cask](https://formulae.brew.sh/cask/gpgfrontend): 1. Ensure **Homebrew** is installed. 2. **Install** GpgFrontend with the command `brew install --cask gpgfrontend`. @@ -85,6 +86,8 @@ For an effortless install or removal process, use Homebrew Cask: 3. **Mount** the DMG file and **run** GpgFrontend. 4. **Optional:** Drag GpgFrontend into your Applications folder for easy access. + + ### For Linux Users (AppImage) AppImage simplifies software distribution by bundling applications and all diff --git a/src/content/docs/overview/glance.md b/src/content/docs/overview/glance.md index 96c0d06..44fb0af 100644 --- a/src/content/docs/overview/glance.md +++ b/src/content/docs/overview/glance.md @@ -33,18 +33,23 @@ privacy easily and effectively. ## User Interface Glimpse -The example screenshot below shows GpgFrontend running on macOS, illustrating -its clean and modern interface design. Interface layout, fonts, and colors may -look different on Windows or Linux, but the core features and workflow remain -consistent across all platforms. +Most of the screenshots in this manual are from the macOS version of +GpgFrontend, as primary development and testing are conducted on macOS. This +approach ensures consistent screenshot quality and a unified visual style +throughout the manual. - + + + + + :::tip[Note] -GpgFrontend's appearance may vary across different operating systems and -themes. Always refer to the corresponding version of the software for the most -accurate documentation. +The core features and workflow of GpgFrontend are consistent across all +supported platforms (Windows, Linux, etc.). While visual details such as fonts +and window styles may differ slightly depending on your operating system, the +documentation remains applicable and relevant for all users. ::: |