1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
---
title: Key Groups
---
A Key Group is a powerful feature in GpgFrontend that allows you to manage and
utilize a collection of public keys as if they were a single public key. This
greatly simplifies encryption and access control when you want to address
multiple recipients or roles at once.
## What is a Key Group?
A Key Group is essentially a named set of public keys. Instead of encrypting
data separately for each individual recipient, you can create a group, add the
relevant public keys, and use the group for encryption. All members of the group
will be able to decrypt messages or files encrypted to that group.
## Key Group Characteristics
- Collection of Public Keys: A key group consists of one or more public keys.
- Treated as a Single Key: In GpgFrontend, you can use a key group anywhere a
single public key would be used, such as for encryption, sharing, or defining
access.
- Nested Key Groups: Key groups can contain other key groups. This allows you to
create complex, hierarchical access structures or role-based groups.
- Flexible Management: You can easily add, remove, or reorganize members (public
keys or other key groups) within a group at any time.
- Naming and Organization: Each key group can be given a unique name for easy
identification and usage.
## How to Create and Use Key Groups
1. Select Keys to Group: At the Key ToolBox panel, select the public keys you
want to add to your group by checking the boxes in the “Select” column.
2. Click the “Create Key Group” Button: Once you have selected the desired keys,
click the Key Group button (key icon) in the toolbar above the key list.
3. Fill in Group Information: A dialog titled New Key Group will appear. Fill in
the group’s name, email(optional), and an optional comment. Click
Create to make the group.
4. Key Group Appears in List: After creation, your new key group will appear in
the key list with Type shown as group. You can now use this group for
encryption and other operations—just like a single public key.
## Manage Members and Nested Groups
You can edit a key group at any time. Double-click the group entry (or use the
group management menu) to open the Key Group Management window. Here you can add
or remove keys, or even nest groups within groups.
## Typical Use Cases
- Team Encryption: Encrypt a document once for an entire project team or
department. All team members (whose keys are in the group) can decrypt it.
- Role-Based Access: Define groups such as “Developers”, “Managers”, or
“Auditors” and grant or revoke access by modifying group membership.
- Nested Structures: Organize key groups hierarchically, e.g., a “Project A”
group containing “Frontend Team” and “Backend Team” key groups.
## Special Notes & Behaviors for Key Groups
Key Groups in GpgFrontend offer flexibility and powerful management for
encryption workflows, but they also come with specific behaviors and rules that
ensure proper usage and system integrity. The following notes highlight
important details about how Key Groups work, their operational constraints, and
how they interact with the broader GpgFrontend environment. Understanding these
points will help you make the most of Key Groups while avoiding common pitfalls.
### Owner Trust Propagation
You can right-click on a Key Group entry to set the Owner Trust level for the
group. When you do this, the Owner Trust value is applied to all public keys
contained within the group (including recursively for nested groups). This is a
convenient way to manage trust settings for many users at once.
### Membership & Encryption Capability
Only keys marked with the E (Encrypt) usage flag can be added to a Key Group. If
a key does not support encryption, you will not be able to include it.
### Automatic Disabling of Invalid Groups
Auto-Disabling on Startup: If, upon startup, any key in a Key Group no longer
meets requirements (e.g., is deleted or loses encryption capability), the Key
Group will be automatically disabled.
- Disabled Key Groups are not shown in the Key ToolBox.
- You can still view and manage them in the Key Management interface, where they
are highlighted in red to indicate their invalid status.
- The disabled status will propagate: if a nested group becomes unavailable, any
parent group containing it is also disabled.
### Key Group Usage and Limitations
Key Groups as Encryption Targets Only: In GpgFrontend, a Key Group is treated as
a single encryptable entity—you can use it as a recipient for encryption just
like a public key. Key Groups cannot be used for signing, decryption, or
certification. They are only valid for encryption operations.
### Independence from GnuPG keygroups
Key Groups Are Local to GpgFrontend: GpgFrontend Key Groups are internal objects
managed only by GpgFrontend. They are not connected to GnuPG’s "keygroup"
feature or to the `gpg.conf` file. This means Key Groups are only visible and
usable within GpgFrontend, and will not appear in other OpenPGP tools.
|
