diff options
Diffstat (limited to 'manual/basic')
| -rw-r--r-- | manual/basic/dependencies.md | 21 | ||||
| -rw-r--r-- | manual/basic/encrypt-decrypt-file.md | 66 | ||||
| -rw-r--r-- | manual/basic/encrypt-decrypt-text.md | 144 | ||||
| -rw-r--r-- | manual/basic/generate-key.md | 203 | ||||
| -rw-r--r-- | manual/basic/import-export-key-pair.md | 113 | ||||
| -rw-r--r-- | manual/basic/key-server-operations.md | 164 | ||||
| -rwxr-xr-x | manual/basic/sign-verify-file.md | 101 | ||||
| -rw-r--r-- | manual/basic/sign-verify-text.md | 102 | ||||
| -rw-r--r-- | manual/basic/symmetric-encrypt-decrypt.md | 60 | ||||
| -rw-r--r-- | manual/basic/system-requirement.md | 70 | ||||
| -rw-r--r-- | manual/basic/understand-interface.md | 176 | ||||
| -rw-r--r-- | manual/basic/view-keypair-info.md | 195 |
12 files changed, 0 insertions, 1415 deletions
diff --git a/manual/basic/dependencies.md b/manual/basic/dependencies.md deleted file mode 100644 index ac3ae52d..00000000 --- a/manual/basic/dependencies.md +++ /dev/null @@ -1,21 +0,0 @@ -# Dependencies and Acknowledgements - -GpgFrontend incorporates various libraries and binaries that come with their -unique licenses. For additional details or to obtain the source code, please -visit their respective homepages: - -- **GnuPG**: [https://gnupg.org](https://gnupg.org) -- **GPGME**: [https://gnupg.org/software/gpgme/index.html](https://gnupg.org/software/gpgme/index.html) -- **Qt (Open Source)**: [https://www.qt.io](https://www.qt.io) -- **MSYS2**: [https://www.msys2.org](https://www.msys2.org) -- **Mingw-w64**: [http://mingw-w64.org/doku.php](http://mingw-w64.org/doku.php) -- **AppImage**: [https://appimage.org](https://appimage.org) -- **macOS Application Bundles**: [Link](https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFBundles/BundleTypes/BundleTypes.html#//apple_ref/doc/uid/10000123i-CH101-SW1) -- **libarchive**: [https://www.libarchive.org](https://www.libarchive.org) -- **spdlog**: [https://github.com/gabime/spdlog](https://github.com/gabime/spdlog) -- **mimalloc**: [https://github.com/microsoft/mimalloc](https://github.com/microsoft/mimalloc) -- **Qt-AES**: [https://github.com/bricke/Qt-AES](https://github.com/bricke/Qt-AES) - -The icons utilized in this software are sourced from [Alibaba Iconfont](https://www.iconfont.cn/). -This vector icon library is free of use, isn't registered as a trademark, has no -copyright issues, and can be commercially utilized. diff --git a/manual/basic/encrypt-decrypt-file.md b/manual/basic/encrypt-decrypt-file.md deleted file mode 100644 index 77e66194..00000000 --- a/manual/basic/encrypt-decrypt-file.md +++ /dev/null @@ -1,66 +0,0 @@ -# Encrypt & Sign File - -GpgFrontend offers a fast and convenient method for working with files. The -encryption and decryption process for files is nearly identical to that of text, -with the exception that file operations involve binary input and output. - -## File Extension Introduction - -For ciphertext in ASCII format, the file extension is typically "asc" and these -files can be opened with a text editor. On the other hand, if the ciphertext is -in binary format, the file extension will be "gpg". Binary ciphertext files are -generally smaller than ASCII format. - -Before version 2.0.4, GpgFrontend generated ciphertext files exclusively in -ASCII format. However, beginning with version 2.0.4, GpgFrontend now generates -ciphertext files in binary format by default. This setting can be adjusted in -the program's settings. - - - -## File Browser - -From the top menu's "File" option, you can access the file browser by pressing -Ctrl/Command + B. After choosing target directory at system navigator, you -can then use the file browser tab to do some operations on files. By using the -file browser, you can navigate to your working directory and right-click on the -file you wish to work with. This will open a pop-up menu, where you can select -the operation you want to perform on the file. - - - -Located at the top of the file tab are two control buttons. The button on the -left allows you to navigate up one level in the directory hierarchy, while the -button on the right refreshes the input box on the left with the corresponding -path. - -On the far right of the file tab, there is a button with useful options that you -can select to show system files or hidden files. - - - -### Encrypt & Sign - -GpgFrontend recommends using the encryption and signature functions in this -method, so that the recipient can verify that the ciphertext originates from -you. You can select one or more recipients' public keys as well as your own -private key to complete this operation. - -When the operation is complete, a file with the ".gpg" extension is generated. -This file contains both encrypted content and signed content. - - - -### Decrypt & Verify - -When decrypting this ciphertext, it undergoes verification, which enhances -security. Additionally, you can perform a "Only Verify" operation which verifies -the content without decrypting it. To use this operation, you must select a file -with a ".gpg" or ".asc" extension, which contains the ciphertext and signature -content. - -To encourage users to verify whether the ciphertext is signed or not when -decrypting, Gpg Frontend does not provide a separate decryption operation for -this. - - diff --git a/manual/basic/encrypt-decrypt-text.md b/manual/basic/encrypt-decrypt-text.md deleted file mode 100644 index 14074d07..00000000 --- a/manual/basic/encrypt-decrypt-text.md +++ /dev/null @@ -1,144 +0,0 @@ -# Encrypt & Decrypt Text - -The processes of encryption and decryption are fundamental to ensuring the -privacy and security of digital communications. GpgFrontend, a graphical -interface for GnuPG, simplifies these operations, making it accessible for users -to securely encrypt and decrypt text. Before diving into the specifics of how -GpgFrontend facilitates these operations, it's essential to understand the -underlying concepts and the prerequisites for encryption and decryption. - -Encryption is the process of converting plain text into a scrambled format known -as ciphertext, which is unreadable to anyone except those who possess the -correct key to decrypt it. This transformation is done using an encryption -algorithm and a key. In the context of GpgFrontend and most modern encryption -practices, this key is the recipient's public key. A public key is part of a key -pair that includes a private key; together, they are used in asymmetric -encryption, a cornerstone of modern cryptography. - -To initiate encryption with GpgFrontend, the sender must first have access to -the recipient's public key. This key is used to encrypt the message, ensuring -that only the recipient, who holds the corresponding private key, can decrypt -and read the message. The public key can encrypt messages, but cannot decrypt -them. This is a crucial aspect of asymmetric cryptography: it allows anyone to -send encrypted messages to the key owner without being able to decrypt messages -encrypted with that same public key. - -Generating a key pair is the first step in being able to engage in these secure -communications. This process usually involves choosing a key type and size, with -larger keys offering higher security. Once generated, the key pair consists of a -private key, which must be kept secure and confidential, and a public key, which -can be shared with anyone who wishes to send you encrypted messages. - -Decrypting a message with GpgFrontend requires the private key corresponding to -the public key used for encryption. Upon receiving an encrypted message, the -recipient uses their private key with GpgFrontend to decrypt the ciphertext back -into readable plain text. This decryption process is secure because the private -key is never shared, and it is computationally infeasible for an attacker to -derive the private key from the public key or the encrypted message. - -GpgFrontend streamlines these operations, providing a user-friendly interface -that abstracts the complexities of cryptographic operations. Users can easily -import public keys, encrypt messages or files for specific recipients, and -decrypt incoming messages or files using their private keys. This makes -GpgFrontend an invaluable tool for anyone needing to secure their digital -communications, from sensitive personal correspondence to confidential business -communications. - -In summary, encryption and decryption with GpgFrontend rely on the foundational -principles of asymmetric cryptography, where a public key is used for -encryption, and a corresponding private key is used for decryption. Before -engaging in these operations, users must generate a key pair and share their -public key with those from whom they wish to receive encrypted messages. This -setup ensures that only intended recipients can read the contents of encrypted -communications, providing a robust framework for privacy and security in the -digital age. - -## Encrypt - -The Encrypt operation itself uses a public key and does not require a private -key. Remember that whoever you want to send it to encrypts it with whose public -key. For people who don't use gpg very often, they often get confused and use -their own keys to encrypt ciphertext. - -### Only Encrypt - -In this case, you only encrypt the ciphertext, which results in a shorter -ciphertext. This is because the ciphertext does not contain additional signature -information that identifies the encryptor. If you do not want the recipient to -know your identity, use this method to generate your ciphertexts. - -After the encryption operation, no additional information will be displayed in -the information board except for a prompt indicating whether the operation was -successful. - - - -### Encrypt Sign - -To encrypt and sign text, you need to first prepare the plaintext and have a -public key that can perform encryption operations. The public key used for -encryption should belong to the intended recipient, not yourself. It is -important to verify that the recipient's public key has cryptographic -capabilities for encryption before proceeding. - -If you want the recipient to know that the ciphertext is from you, you can also -choose to sign the text while encrypting it. This ensures that the decrypted -text is credible and comes from your hand. This method is commonly used when -both parties need to ensure the authenticity of the decrypted text, and -typically in scenarios where both parties know each other. - -To encrypt and sign at the same time, select the public key(s) you need to use -for encryption, and during the encryption process, select the private key you -need to use for signing. This private key should belong to you and should have -the capability for signature operations. You can verify this by checking the -usage column in the key toolbox on the right (letter S stands for signature). - -The ciphertext generated by this operation is longer than ciphertext generated -by only encryption because of the additional signature information attached to -it. After the operation is complete, information about the cryptographic and -signature operations will be displayed in the Infomation Board, including -information about the signature pattern and algorithm used. - -To verify the authenticity of the ciphertext before decryption, you can use the -validate operation. Once the ciphertext is verified, you can proceed with -decryption using your private key. - - - -## Decrypt - -When decrypting the ciphertext, you can simply paste the obtained ciphertext -into GpgFrontend, and it will automatically select the appropriate private key -for decryption. It is important to note that decryption must be performed with -the private key associated with the public key used for encryption. - - - -When decrypting a ciphertext, it is not necessary to check the usage column in -the key toolbox to determine if the key is valid for decryption. Instead, you -need to use a valid private key that corresponds to the public key used for -encryption. You can identify whether a key is a public key or a private key by -checking the type column in the key toolbox. If all your local keys are not -valid for decryption of the ciphertext, the program will display a decryption -failure message. - -## Decrypt Verify - -During decryption with verification, gpg will check the signature attached to -the ciphertext to ensure its authenticity. This provides an additional layer of -security and helps to prevent tampering with the encrypted message. - -To perform decryption with verification, you need to select a file with a ".gpg" -or ".asc" extension, which contains the ciphertext and signature content. If the -signature is valid, gpg will decrypt the message and display it in plain text. -Otherwise, it will display an error message indicating that the signature is not -valid. - -It is important to note that whether a key pair can be used for verification -will not be displayed in the usage column. Instead, you need to remember that a -valid public key can be used for verification. Therefore, it is a good habit to -always verify the signature during decryption, regardless of whether the -encryptor has signed in advance. This helps to ensure the authenticity and -integrity of the decrypted message. - - diff --git a/manual/basic/generate-key.md b/manual/basic/generate-key.md deleted file mode 100644 index 29d52ca5..00000000 --- a/manual/basic/generate-key.md +++ /dev/null @@ -1,203 +0,0 @@ -# Generate Key Pair & Subkey - -Sure, let's go through the process of generating a key pair and subkeys. - -To generate a key pair using GpgFrontend, follow these steps: - -1. Open GpgFrontend and click on the "Generate Key" button. -2. Fill in the required information, such as your name and email address. -3. Choose the type of key you want to generate (RSA, DSA or ECC). -4. Set the key size and expiration date, if desired. -5. Create a passphrase to protect your private key. -6. Click "Generate" to create your key pair. - -Once your key pair is generated, you can add subkeys to it by following these -steps: - -1. Select the key pair you want to add a subkey to. -2. Click on the "Add Subkey" button. -3. Choose the type of subkey you want to add (encryption, signing, - authentication, or all). -4. Set the subkey size and expiration date, if desired. -5. Create a passphrase to protect your subkey. -6. Click "Add" to create your subkey. - -You can add multiple subkeys to a key pair, each with their own specific -purposes. This allows you to have more control over your key pair's security and -usage. - -## Generate Key Pair - -You can quickly understand the process of generating a key pair by watching the -following animation. - - - -### Name & Email & Comment - -The three fields, including name, email, and comment, are used to help users -differentiate this key pair from other key pairs they may have. Among these -three options, name and email are mandatory, while comment is optional. - -It is important to note that the name should be at least 5 characters long, and -the email should follow the correct format (no actual email account is -required). - - - -### Expiration Date - -Setting an expiration date for the key pair is a way to limit the validity of -the key over time. Once the expiration date is reached, the key can still be -used, but its operations, especially signature operations, will be considered -invalid. By default, GpgFrontend suggests setting the expiration date to two -years after generation, but you can also choose to check the "Never expire" -checkbox to make the key pair permanent. - -It's important to note that this option can be changed at any time after -generation, even after the expiration date has passed, as long as the primary -key still exists. - - - -### Key Size & Algo - -Setting an expiration date for the key pair is a way to limit the validity of -the key over time. Once the expiration date is reached, the key can still be -used, but its operations, especially signature operations, will be considered -invalid. By default, GpgFrontend suggests setting the expiration date to two -years after generation, but you can also choose to check the "Never expire" -checkbox to make the key pair permanent. - -It's important to note that this option can be changed at any time after -generation, even after the expiration date has passed, as long as the primary -key still exists. - - - -### Passphrase - -Setting a password to protect the primary key is crucial in case of a security -breach. If the "Do not set password" checkbox is unchecked, you will be prompted -to enter a password during the key pair generation process. Follow the prompts -to set the password. Once the password is set, whenever you need to use the -primary key for an operation, you will need to enter the password to unlock it -(some systems have a password manager to automate this process). - -However, you can also check the "Do not set password" checkbox to skip setting a -protection password for the primary key. But this is not recommended due to -security concerns. - -### Usage - -When generating a key pair, you can specify the usage for the first subkey, -which is the primary key. There are four options: - - - -- Encryption: Once generated, this key can be used for encryption purposes. - -- Signing: Once generated, this key can be used for signature purposes. - -- Certification: This key can be used to certify or verify other keys. Only the - primary key can have this usage. - -- Authentication: This key can be used for authentication purposes, such as with - SSH keys. - -The third of these four uses (authentication purposes) can only be owned by the -primary key. In addition, some usages are not available when using certain -algorithms for encryption. For example, when the DSA algorithm is selected, the -encryption uses are disabled. - -## Generate Subkey - -It is possible to append subkeys to an existing key pair. The subkey does not -require the input of a name, email, or comment, as the remaining steps are -essentially identical to those for generating a key pair. - - - -### Extra note - -Below are some guidelines that may prove useful in comprehending the -aforementioned concepts and utilizing this tool accurately. - -#### Understanding Primary Keys and Subkeys - -In the realm of cryptography, key management plays a crucial role in ensuring -data security. A key pair consists of a primary key and one or more subkeys, -each serving distinct functions yet working together to secure and manage -digital identities and communications. This structure not only enhances security -but also provides flexibility in key usage and management. - -#### The Role of Primary Key and Subkeys - -- **Primary Key**: The primary key is the cornerstone of your cryptographic - identity. It is used for identity verification, which includes signing other - keys to establish trust. The primary key's signature on a subkey validates the - subkey's association with the identity of the primary key holder. - -- **Subkeys**: Subkeys are associated with the primary key and are used for - encryption and signing documents or messages. Subkeys can be thought of as - extensions of the primary key, each designated for specific tasks. This - separation of duties allows for greater security and operational flexibility. - For example, you can have separate subkeys for signing and encryption. - -#### Advantages of Using Subkeys - -1. **Enhanced Security**: By using subkeys for day-to-day operations, you - minimize the risk associated with key exposure. If a subkey is compromised, - it can be revoked without affecting the primary key or other subkeys, thereby - limiting the potential damage. - -2. **Operational Flexibility**: Subkeys allow for specific roles (e.g., signing, - encryption) to be isolated. This means you can renew or revoke subkeys as - needed without disrupting the overall cryptographic setup. - -3. **Convenient Key Rotation**: Regularly updating keys is a best practice in - cryptography. Subkeys make it easier to rotate keys for signing and - encryption without needing to re-establish the primary key's trust - relationships. - -#### Managing Primary Keys and Subkeys - -- **Secure Storage**: The primary key should be stored in a highly secure - location, preferably offline or in a hardware security module (HSM), to - prevent unauthorized access. This is because the loss or compromise of the - primary key jeopardizes the entire cryptographic framework. - -- **Key Generation and Maintenance**: While tools like GpgFrontend provide - user-friendly interfaces for managing keys, they may lack support for advanced - operations like generating multiple subkeys. Therefore, using the command-line - `gpg` tool for such tasks is advisable. Despite this limitation, GpgFrontend - can play a critical role in monitoring the presence of the primary key, which - is essential for certain operations like adding subkeys or signing other keys. - -- **Revocation and Renewal**: Prepare revocation certificates for your primary - key and subkeys in advance. In case of key compromise or expiration, these - certificates allow you to invalidate the keys, informing others in your trust - network not to use them anymore. - -#### Practical Tips for Effective Key Management - -- **Purpose-Specific Subkeys**: If your primary key was not generated with - certain capabilities (e.g., encryption), you can create a subkey with the - required functionality. This allows the key pair to be used for the intended - cryptographic operations without regenerating the primary key. - -- **Multiple Subkeys for Different Devices**: For users operating across - multiple devices, generating separate subkeys for each device can enhance - security. If one device is compromised, only the subkey on that device needs - to be revoked, leaving the others unaffected. - -- **Backup and Recovery**: Regularly back up your key pair, including the - primary key and all subkeys. Secure backups ensure that you can recover your - cryptographic capabilities even in the event of hardware failure or data loss. - -In summary, understanding and implementing a robust key management strategy, -with a clear distinction between primary keys and subkeys, is essential for -maintaining the integrity and security of cryptographic operations. By adhering -to best practices for key usage, storage, and renewal, users can safeguard their -digital identities and ensure the confidentiality and authenticity of their -communications. diff --git a/manual/basic/import-export-key-pair.md b/manual/basic/import-export-key-pair.md deleted file mode 100644 index d98dc23e..00000000 --- a/manual/basic/import-export-key-pair.md +++ /dev/null @@ -1,113 +0,0 @@ -# Import & Export Key Pair - -GpgFrontend provides various methods for importing or exporting key pairs, some -of which are outlined below. Please refer to the guide for more information. - -## Import Key Pair - -To access the import options, navigate to the toolbar and select the desired -method based on your specific requirements. Additionally, you can access -additional options by selecting the action menu in the key management section. - - - -In fact, you can find the action menu in the key management section, which -provides access to additional key management options beyond those available in -the toolbar. - - - -### File - -This option allows you to select a public or private key file in text format -with any extension to import. - -### Editor - -You can paste the contents of a key file onto a blank text label page and -GpgFrontend will automatically recognize and import the corresponding key. - -### Clipboard - -You can copy the contents of a key to your system clipboard and then select this -option to import the corresponding key. - -### Key server - -This feature enables users to search for and import public keys from a key -server. Users must first enter the email or ID associated with the desired key -and select the appropriate key server. Upon clicking the search button, a list -of public keys that can be imported from the server will be displayed. Users can -choose to import multiple keys together or double-click on a specific table row -to import a corresponding public key. It is important to note that when using -this method, only public keys can be imported. - -A detailed description of this part can be found -[Here](./key-server-operations.md). - -### Dropdown on Key Toolbox - -You can drag the key file directly to the key toolbox, and then follow the -prompts of GpgFrontend to import the key. - -## Export Key Pair - -When deriving the public key of a key pair using the private key, you can derive -either the public key or the private key or both of all the keys present in the -key pair. However, if there are numerous keys in the key pair, the exported data -can be lengthy. Multiple export methods are available, which are similar to the -import process. - -In Gpg Frontend, the exported data is encoded in ASCII to ensure compatibility -between computers. - -### Export Public Key - -You can find this operation in many places. The following will introduce them -one by one. - -#### Append Public Key to Editor - -To append a public key to the editor in GpgFrontend, right-click on a row in the -key toolbox and select "Append Select Key(s) to Editor" from the pop-up menu. -This will add the public key of the selected key to the end of the text label -page. You can then copy the content to any location as needed. - -#### Export on the Key Pair at Operations Tab - -To export a public key using the Key Pair at Operations Tab, follow the steps -shown in the screenshot below. This will save the data to a file. Before -proceeding, please make sure to choose a suitable directory to store the file -containing the public key data. - - - -### Export multiple public keys at once - -To export public key data for multiple key pairs at once, select the desired key -pairs on the key management interface and click on the "Export to Clipboard" -option. This will copy the data to your system clipboard, which you can then -paste into any application or file. - - - -### Export Private Key - -Private key options are available in various locations on the detail page that -contains the private key (either the primary key or subkey). From there, you can -select a destination and GpgFrontend will export the corresponding private key -content to that location. - - - -Exporting the private key also exports both the public key and private key data, -as the private key data alone is meaningless without the corresponding public -key. Thus, the private key content is typically bundled with the public key -content during export. However, it's essential to note that the private key file -should never be disclosed to others. If leaked, it could compromise the security -of all ciphertexts encrypted by the key. - -You can export the private key data in your key pair in two ways. - -1. Full export: Include all key data and UID and UID signature in the key pair. -2. Minimal export: Only all key data in the key pair is included. diff --git a/manual/basic/key-server-operations.md b/manual/basic/key-server-operations.md deleted file mode 100644 index ed4cf409..00000000 --- a/manual/basic/key-server-operations.md +++ /dev/null @@ -1,164 +0,0 @@ -# Key Server Operations - -Key servers play a pivotal role in the ecosystem of encrypted communication, -serving as a centralized repository for public key information. These servers -enable individuals to share and retrieve public keys necessary for encrypted -messaging, even when direct exchange is not feasible. Key servers are -particularly useful in scenarios where secure communication needs to be -established without prior direct contact, or when a user's public key needs to -be widely distributed or updated due to security concerns. - -When you wish to send an encrypted message but lack the recipient's public key, -key servers offer a solution by allowing you to search for and retrieve the -public key associated with the recipient's email address or key ID. This process -facilitates the encryption of messages in a way that ensures only the intended -recipient, who possesses the corresponding private key, can decrypt and read the -message. - -Moreover, key servers are integral to maintaining the integrity and -trustworthiness of the public key infrastructure. If a user's private key is -compromised, it is crucial to inform others not to use the associated public key -for encrypting messages anymore. By uploading a new public key to a key server -and marking the old one as obsolete or compromised, users can mitigate the risks -associated with the exposure of their private key. - -The functionality of key servers is enhanced by software tools such as -GpgFrontend, which simplifies the process of managing public keys. With -GpgFrontend, users can effortlessly upload their public key to key servers, -search for other users' public keys using an email address or key ID, and import -these keys for use in encrypted communication. The software's user-friendly -interface enables these operations to be performed with just a few mouse clicks, -making encrypted communication more accessible to a broader audience. - -It is important to note that once public key information is uploaded to a key -server, it is propagated across a network of key servers worldwide, making it -available to anyone who searches for it. This wide distribution ensures that -encrypted communication can be established easily across different platforms and -geographical locations. However, users should be aware that public keys uploaded -to key servers cannot be deleted, emphasizing the importance of careful key -management. In situations where a key needs to be updated, such as when adding a -subkey to a key pair, the new key information can overwrite the old one on the -server, thus maintaining the security and relevance of the key information -available to the public. - -In summary, key servers are essential for the secure and efficient exchange of -encrypted messages, offering a reliable method for sharing and retrieving public -keys. They support the integrity of secure communications by facilitating the -widespread distribution of public keys and enabling users to update or replace -keys when necessary. - -## Import Public Key From Key Server - -In the main page or in the key manager's Import key operation mode, there is a -key server option. After selecting this option you can see such an interface. - - - -You can get a list of public keys associated with a key server by searching for -Key ID, fingerprint or email address via the search box. If there is a suitable -public key in the list, you can import it by double-clicking it. - - - -When the import is complete, you can check whether the public key is actually -imported through the pop-up window (no need to import when the local public key -is newer), and you can also check some brief information about the public key. - - - -It is important to note that the public key you import may have expired or been -revoked. You can check the status of the key by navigating to the category tab -in the key management interface. In addition to the search box, you may also -notice a drop-down box that allows you to choose which key server to retrieve -the public key information from. To modify or add to this list of candidate -servers, please refer to the last section of this document: Key server related -settings. - -## Export My Public Key To The Key Server - -If the current key pair has a master key, you have the option to publish the -public key information to a key server. It is important to note that in order to -avoid confusion, GpgFrontend requires the presence of a master key for this -action to be performed. This ensures that users are aware of what they are doing -and the function being performed. - -### How To Use - -You can find the entry of this operation through the operation tab of the key -pair detail interface, as shown in the following figure. - - - -Perform the operation by clicking Upload key pair to key server. Note that the -naming of operations here is a bit confusing, but this is where your public key -information (not your private key) will be uploaded. - -### Synchronize public key information from a key server - -Sometimes, before you perform an encryption operation, you want to know if the -public key you are using is still valid. At this point, you can get the latest -information about the key from the key server (if the public key server has -one). - -As above, you can find this action in the Actions tab of the key pair details -screen, as shown in the image below. - -GpgFrontend will upload the public key information to the default key server -you set. The private key information is not uploaded and should not be manually -uploaded anywhere by the user. - -Refer to the last section of this document on how to set the default key server. - - - -The "Synchronize key pair with key server" function allows for automatic -retrieval of public key information from the key server, which is then compared -with the local key information. After the operation is completed, a pop-up -window will appear indicating whether the key has actually been updated. It -should be noted that this operation is not possible if the private key exists -locally. This is because, in such a case, you already have the key pair and -should publish the latest information for the key pair instead of accepting -outdated information from the key server. - -### Extra Information - -GpgFrontend automatically communicates with the default key server that you have -set to obtain the necessary information. You can refer to the last section of -this document to learn how to set the default key server. - -## Sync ALL Public Key - -This is an advanced function provided by GpgFrontend, it can synchronize all -your local public key information at one time, if you want to know, please read -[this document](../features/sync-all-public-keys.md). - -## Key Server Related Settings - -If you want to set a list of key servers or a default key server, you can do so -by accessing the Settings interface and navigating to the Key Servers tab. Here, -you will find options for managing your key server candidate list and -determining which key server is set as the default. - - - -To add a candidate key server to the list, simply enter the http or https -address of the key server you wish to add into the input box and click "Add". It -is strongly recommended that users use the https protocol to prevent -man-in-the-middle attacks. If you wish to delete a candidate key server, simply -right-click on the corresponding row in the table and select "Delete" from the -pop-up menu. To edit an existing candidate key server address, double-click on -the address in the table and edit it. - -To test the network connectivity of the servers in the key server candidate -list, click the "Test" button located at the bottom of the Key Servers tab. -However, note that the test only determines if the keyserver is reachable, not -whether the address is a valid keyserver. - -### Set Default Key Server - -To set a candidate key server as your default key server, you can follow these -steps. First, locate the candidate key server you want to set as the default in -the table. Then, right-click the row of the corresponding key server, and click -"Set as Default" in the pop-up menu. Once set, you can verify whether a -candidate key server is the default key server by checking the first column of -the table. diff --git a/manual/basic/sign-verify-file.md b/manual/basic/sign-verify-file.md deleted file mode 100755 index 91d10093..00000000 --- a/manual/basic/sign-verify-file.md +++ /dev/null @@ -1,101 +0,0 @@ -# Signing & Verifying Files - -GpgFrontend extends its utility from handling text-based operations to -facilitating file operations with ease and security. The principle behind -signing and verifying files mirrors that of text, leveraging the robust -framework of digital signatures. However, a significant distinction lies in the -nature of the input and output for file operations, which can be binary, -accommodating a wider range of file types beyond simple text documents. - -When signing a file using GpgFrontend, the software utilizes the private key of -the user to create a digital signature. This process begins by computing a hash -of the file's contents, regardless of whether the file is a document, image, -executable, or any other binary format. This hash serves as a compact -representation of the file's data. Subsequently, the hash is encrypted with the -user's private key, producing a digital signature unique to both the file and -the key used. The resulting signature can either be attached to the file or -stored separately, depending on the user's preference and the requirements of -the application. - -Verifying a signed file with GpgFrontend involves the corresponding public key -of the private key that was used for signing. The verification process decrypts -the digital signature using this public key to extract the original hash value -that was generated during the signing. Simultaneously, the software computes a -new hash from the file that is purported to be authentic. By comparing these two -hash values, GpgFrontend can determine if the file has been altered after it was -signed. If the hashes match, it confirms the file's integrity and authenticity, -assuring the recipient of its untampered state and the signer's identity. - -This binary capability of file operations in GpgFrontend not only broadens the -scope of digital signatures to encompass a variety of file types but also -ensures that the integrity and authenticity verification process is not limited -to text-based data. It provides a critical layer of security in digital -communications, where files of all kinds are shared and exchanged with the -expectation of privacy and trust. - -The application of digital signatures to files through tools like GpgFrontend is -especially relevant in scenarios where the authenticity of the file source and -the integrity of its contents are paramount. This includes software -distribution, where verifying the source and integrity of software packages is -crucial to prevent malware distribution; document sharing in legal and financial -contexts, where tampering could have serious implications; and multimedia -content distribution, where copyright and ownership are significant concerns. - -In summary, GpgFrontend's support for signing and verifying files elevates the -security of digital file exchanges by applying the principles of cryptography in -a user-friendly manner. By accommodating binary file operations, it ensures that -digital signatures are accessible and applicable across a broad spectrum of file -types, reinforcing the pillars of trust and security in digital communications. - -## Introduction to File Extensions - -For ASCII-formatted ciphertext, the filename suffix is usually "asc", and these -files can be opened directly with a text editor. However, if the ciphertext is -binary, its file extension will be "sig" or "gpg". Typically, binary ciphertext -files are smaller than ASCII-formatted ones. - -Prior to v2.0.4, the ciphertext files generated by GpgFrontend were all in ASCII -format. But starting with v2.0.4, GpgFrontend defaults to generating -binary-formatted ciphertext files. You can modify this setting in the settings. - - - -## File Browser - -You can open the file browser (Ctrl/Command + B) via the top menu file option. -After selecting a target directory at system navigator, you can get a new File -browser tab. Using the file browser, navigate to your working directory. Then, -right-click the file you wish to operate on, and select the desired operation -from the pop-up menu. - - - -Two control buttons are located at the top of the file tab. The one on the left -allows you to go up a level, and the one on the right enables you to enter or -refresh the corresponding path in the input box on the left. - -On the far right is a button offering useful options, such as displaying system -files or hidden files. - - - -### Sign - -Through the right-click menu, you can rapidly sign a file. This operation will -generate a file with a "sig" or "asc" suffix, which contains the signature -content. In this scenario, you need to pass both this file and the original file -to the other party to allow them to verify it. - - - -### Verify - -This operation requires you to select a file with a "gpg" suffix (this may be -invalid for binary file ciphertext) or a file with a "sig" suffix for -verification. - -When selecting a file with the "sig" suffix, ensure that the source file is also -present in this directory. This implies that the source file's name is simply -missing a "sig" suffix. - - diff --git a/manual/basic/sign-verify-text.md b/manual/basic/sign-verify-text.md deleted file mode 100644 index 594942d1..00000000 --- a/manual/basic/sign-verify-text.md +++ /dev/null @@ -1,102 +0,0 @@ -# Signing & Verifying Text - -Digital signatures, much like their analog counterparts, serve as a method for -asserting the authenticity and integrity of a digital document or message. -However, unlike traditional signatures, digital signatures offer a much higher -level of security, making it possible to ascertain not only the identity of the -signer but also whether the content has been tampered with since it was signed. - -The foundation of digital signing and verification lies in the field of public -key cryptography, a cornerstone of modern secure communication. This system -relies on two keys: a private key, which is kept secret by the owner, and a -public key, which can be shared with anyone. To sign a document, the signer uses -their private key to generate a digital signature on the document. This -signature is unique to both the document and the private key, ensuring that any -changes made to the document after it has been signed can be detected. - -Verification, on the other hand, requires the corresponding public key. When a -document is received along with its digital signature, the recipient can use the -signer's public key to verify the signature. This process checks that the -signature matches the document and was created with the private key -corresponding to the public key. If the document has been altered after signing, -the verification will fail, alerting the recipient to the tampering. - -One of the advantages of digital signatures is the ability to use multiple -private keys for signing a document, similar to having a document signed by -multiple parties. Each signer uses their private key to sign the document, and -each signature can be independently verified with the corresponding public key. -This method is particularly useful in scenarios requiring the approval or -authorization of multiple entities. - -Digital signatures are a critical component of secure communications, providing -assurances of authenticity, integrity, and non-repudiation. Non-repudiation -means that a signer cannot later deny the authenticity of the signature on a -document they signed. This is especially important in legal, financial, and -sensitive communications, where trust and authenticity are paramount. - -Tools like GpgFrontend facilitate the process of creating and verifying digital -signatures in a user-friendly manner. GpgFrontend is built on top of the OpenPGP -standard, which is a widely accepted protocol for encryption and digital -signatures. The tool allows users to easily manage their encryption keys, sign -documents, and verify the signatures of received documents, thereby enhancing -the security and trustworthiness of digital communications. - -In summary, digital signing and verification through tools like GpgFrontend -leverage public key cryptography to ensure the security and integrity of digital -communications. By enabling users to sign documents with their private keys and -allowing others to verify those signatures with corresponding public keys, -digital signatures provide a robust mechanism for authenticating the origin and -integrity of digital documents, far surpassing the capabilities of traditional -handwritten signatures. - -## Signature Only - -By signing the text, you establish that you are the sole and unalterable -authority for this text. You can simply sign the text without encrypting it as -follows: - - - -To check whether a key can be used for signing, please review the 'Usage' column -in the key toolbox on the right (the letter 'S' stands for signature). - -## Signature with Encryption - -You also have the option to sign and encrypt at the same time by choosing a -public key for encryption and your private key for signing. This is a common -practice where you select two key pairs: one belonging to someone else for -encryption, and your private key for signing. If you don't select a key for -signing, only encryption is possible, but you will receive a warning. It's worth -noting that combining signing with encryption provides an additional layer of -security as it assures the recipient that the message hasn't been altered and it -came from the sender whose identity is verified by the digital signature. - - - -## Verification - -Once you have a plaintext and its corresponding signature, you can verify the -signature using the signer's public key. However, this type of signature isn't -suitable for emails as it can make the email less readable. - - - -To verify a signature with text, you need to have the corresponding public key -for all included signatures. If a suitable public key for a signature isn't -found locally during verification, GpgFrontend will prompt you to import it. - - - -## Verification with Decryption - -When decrypting a ciphertext, it's advised to verify it simultaneously, -regardless of whether the encryptor signed it or not. It's impossible to -determine from the ciphertext's format if it has been signed. Therefore, it's a -good habit to always perform decryption operations with verification whenever -possible. - - diff --git a/manual/basic/symmetric-encrypt-decrypt.md b/manual/basic/symmetric-encrypt-decrypt.md deleted file mode 100644 index 7436fd02..00000000 --- a/manual/basic/symmetric-encrypt-decrypt.md +++ /dev/null @@ -1,60 +0,0 @@ -# Symmetric Encryption & Decryption of Text & File - -## About Symmetric Encryption & Decryption - -Symmetric encryption, in contrast to asymmetric encryption, uses a single key -for both the encryption of plaintext and the decryption of ciphertext. This -method is characterized by its simplicity and speed, making it a popular choice -for encrypting large volumes of data or for scenarios where the sharing of keys -between the sender and receiver can be securely managed. GpgFrontend provides a -user-friendly interface for implementing symmetric encryption, streamlining the -process for users who may not be familiar with the intricacies of cryptographic -operations. - -The process of symmetric encryption with GpgFrontend begins when a user opts to -encrypt data without selecting a recipient's public key from the Key Toolbox. -This action signals the software to use symmetric encryption for the task at -hand. At this point, the user is prompted to create a password. This password -acts as the encryption key, transforming the plaintext into ciphertext through a -cryptographic algorithm. It's crucial that this password is strong and unique, -as the security of the encrypted data directly depends on the password's -complexity and unpredictability. - -Once the password is established, GpgFrontend proceeds to encrypt the data. The -resulting ciphertext can only be decrypted with the exact password used for its -encryption. This means that anyone who wishes to access the encrypted data must -know the password, highlighting the importance of securely sharing this password -between the sender and receiver. - -Decrypting symmetrically encrypted data with GpgFrontend requires the same -password used during the encryption phase. When the 'Decrypt' function is -initiated, the software prompts the user to enter the password. Upon successful -authentication with the correct password, the software decrypts the ciphertext -back into readable plaintext. This decryption process, like encryption, is -straightforward and efficient, but the security of the data relies entirely on -the password's confidentiality. - -Symmetric encryption is particularly useful in scenarios where encrypted data -needs to be stored securely or transmitted over a secure channel, and where the -overhead of managing public and private keys is not desirable. However, the -challenge of securely exchanging the password between the sender and receiver -cannot be understated. If this password is intercepted or guessed by an -unauthorized party, the encrypted data's security is compromised. - -In summary, GpgFrontend's support for symmetric encryption provides a powerful -tool for users needing to secure their data with a password. This method is -distinguished by its reliance on a single password for both encryption and -decryption, offering a balance between simplicity and security. Users must -exercise caution in creating a strong password and ensure its secure exchange to -maintain the confidentiality and integrity of their encrypted data. Symmetric -encryption with GpgFrontend is a testament to the versatility of cryptographic -practices, catering to a wide range of security needs with user-friendly -solutions. - -## How to use it? - -Symmetric encryption is initiated when you click the 'Encrypt' button without -selecting any key in the Key Toolbox. For this type of encryption, a password -must be established for the encryption process. Subsequently, to decrypt the -data, you will need to provide the same password that was used during the -encryption phase. diff --git a/manual/basic/system-requirement.md b/manual/basic/system-requirement.md deleted file mode 100644 index ec90e15c..00000000 --- a/manual/basic/system-requirement.md +++ /dev/null @@ -1,70 +0,0 @@ -# System Requirement - -Before proceeding with the installation and usage of GpgFrontend, it's crucial -to understand the system requirements that ensure optimal performance. This -section provides comprehensive details about the necessary software -dependencies, hardware specifications, and the compatible operating systems. -Meeting these requirements will ensure a smooth, efficient experience while -using GpgFrontend. - -Please read the following subsections carefully to confirm that your system -aligns with the recommended configurations. - -## Hardware - -While the specific hardware requirements largely depend on the size and -complexity of the data you're working with, we generally recommend: - -A computer with at least 1 GB of RAM. However, 2 GB or more is preferable for -smoother performance. The majority of these resources are allocated to your -operating system, but around 100 MB of memory is needed to ensure the smooth -running of GpgFrontend. At least 200 MB of free disk space for software -installation. Additional space will be needed for ongoing work. - -Please note, these requirements are intended to be guidelines rather than strict -rules. It's possible that GpgFrontend will work on lower-spec hardware, but for -optimal performance, the above specifications are recommended. - -## Operating System - -GpgFrontend is compatible with major operating systems including Linux, macOS, -and Windows. Specifically, it recommends Windows 7 and later, macOS 11 and -later, and Ubuntu 20.04 LTS or other equivalent Linux distributions. - -## Software - -To ensure GpgFrontend functions seamlessly, it relies on the following software -dependencies: - -- **Qt Framework:** GpgFrontend is developed using the Qt framework to offer a - rich user experience and cross-platform compatibility. The application - includes: - - - **Qt6:** The primary build utilizes Qt6, ensuring a modern interface and - robust performance. Qt6 is included in the release packages for Linux, - macOS, and Windows, offering straightforward setup without additional - installations. - - **Qt5 Support for Windows:** Recognizing the need to accommodate users on - older versions of Windows, GpgFrontend also provides a Qt5-based version. - This variant ensures compatibility with earlier Windows environments, - extending the tool's accessibility and usability. - -- **GnuPG 2.2.0 or Higher:** GpgFrontend integrates with GnuPG for its - cryptographic operations, including encryption, decryption, and digital - signing. GnuPG (version 2.2.0 or newer) is a necessary component to leverage - the full capabilities of GpgFrontend. Please note, GnuPG 1.x versions are not - supported by GpgFrontend due to differences in functionality and support. - Users are encouraged to use GnuPG 2.x to ensure compatibility and secure - operations. - -By catering to a wide range of operating systems and ensuring backward -compatibility with older Windows versions through Qt5 support, GpgFrontend -strives to be as inclusive and accessible as possible. - -## Network - -Although not necessary for basic operation, an active Internet connection may be -required for software updates and accessing online help resources. - -Please note that these are the minimal requirements that we tested, and actual -requirements for your use case could be higher, especially for large datasets. diff --git a/manual/basic/understand-interface.md b/manual/basic/understand-interface.md deleted file mode 100644 index 75ca7ecb..00000000 --- a/manual/basic/understand-interface.md +++ /dev/null @@ -1,176 +0,0 @@ -# Interface Understanding - -As a beginner, you're only required to swiftly comprehend a few crucial sections -of the page. The exploration that follows will gradually unveil additional -functionalities. Bear in mind that interfaces may vary across different -versions. - - - -## Text Editor - -The text editing zone allows you the liberty to input any desired text or -establish a new tab through the "New" choice in the file menu at the top. Moving -or closing tabs can be done with ease as per your needs. - -Numerous operations can be performed on your text using options available in the -Operations Bar. Alternatively, you may utilize standard shortcuts like -Ctrl+C/V/S for copy, paste, and save operations, or even searching within the -text. - -The edited text within the text box is encoded in UTF8 without any formatting. -This plain text format ensures that no message alteration leads to confusion. -While we have plans to introduce rich text editing in the future, the specifics -are still being deliberated. - -### Large Text File Support - -GpgFrontend accommodates opening larger files without hindrance. However, when -dealing with relatively large files, editing of the tab won't be feasible until -the entire file is loaded. During this time, despite not being able to edit the -file, you still have the capability to view it. - -## Information Board - -GpgFrontend presents the outcome of the current tab page operation on the -Information Board, signifying the success or failure of the operation. -Additionally, the Information Board's text includes supplementary details to -assist in understanding the particulars of your encryption, decryption, -signature, and other operations. Depending on your language settings, the output -displayed on the dashboard may differ. - -The Information Board was conceived to provide a comprehensive view of more -information within the same space. However, GpgFrontend plans to incorporate a -graphical interface in the future to augment the user's comprehension of this -information. - -### Color Coding - -- **Green**: Indicates a successful operation that has been thoroughly verified - and found devoid of any issues. The appearance of green font color signifies - an all-clear. -- **Yellow**: Denotes a successful operation with some potential issues detected - during result testing. The yellow font color serves as a subtle alert for the - user, necessitating a detailed review of the operation. -- **Red**: Symbolizes an unsuccessful operation or a significant discrepancy in - the operation's outcome. The red font color acts as a clear warning, demanding - the user to meticulously inspect the operation's specifics to ensure security. - -### Customizable Font Size - -Should you find the font size on the information board to be diminutive, you can -easily adjust it under the 'Application' section in the settings. The default -font size is 10, and it can be modified to any value ranging from 9 to 18. - -### Dashboard Actions Menu - -The dashboard actions menu facilitates quick and easy access to common -functionalities related to the content of the information board. It empowers -users to efficiently manage and process large chunks of content on the -Information Board for various purposes. - -#### Copy - -This function allows users to swiftly capture significant portions of content -from the Information Board for other applications. - -#### Save File - -This operation archives the contents of the information board into the file -system, utilizing the UTF-8 format. Although the resultant output file lacks a -suffix, it is essentially in a plain text format. - -#### Clear - -This command promptly purges all content from the information board. The -clearance includes both the contents and statuses of the information board. A -new operation (such as encryption) will automatically trigger this clearing -process. - -### Optional Actions Menu - -In addition to the Information Board, an Optional Actions Menu will be presented -below it. If any auxiliary operations can be performed post your main operation -(such as displaying more detailed information, sending encrypted text via email, -etc.), the access points for these supplementary tasks will be made available -here. - -## Key ToolBox - -This feature presents a comprehensive list of key pairs stored on your device, -intended for use with Gpg operations. The keys within the ToolBox are classified -into multiple categories, each corresponding to a unique usage context. -Additionally, the ToolBox provides access to a variety of common operations, all -of which can be found in the Key List Menu. - -### Usage - -Most Gpg-related operations require specifying a key pair (for tasks like -encryption, decryption, signature, etc.). You can select the checkbox in the -first column of the Key ToolBox's table to designate one or more keys for your -operation. Categories that contain only public keys are frequently utilized in -cryptographic scenarios. - -### Classification - -The ToolBox showcases categories via tabbed display. None of these categories -include any expired or revoked keys. To view such keys, you should refer to the -Key Manager. The default category comprises all private and public keys. During -any operation, only the keys from the currently selected category will be -considered for input. - -### Columns - -Understanding this list is crucial. Let's walk through its components step by -step. - -- **Select**: Check the box in this column to notify Gpg Frontend that you wish - to use the key from this row for your subsequent operation. - -- **Type**: This column informs you about the key type and whether the primary - key exists in your key pair. - - - `pub` signifies that it is a public key, which can be used for encryption or - verification operations. - - `pub/sec` indicates that the key pair contains both public and private keys. - It can be employed for nearly all operations (consult the 'Usage' column to - confirm this). - - `pub/sec#` shows that the key pair has a public key and a private key, but - the primary key is absent from the key pair. This suggests you won't be able - to perform certain specific operations (like adding subkeys, signing other - key pairs, etc.) - - `pub/sec^` implies that one or more keys (subkeys or master keys) from the - key pair are in the smart card. - - `pub/sec#^` denotes a simultaneous occurrence of the previous two - situations. - -- **Name**: Represents the identity information of the key pair. -- **Email Address**: Also denotes the identity information of the key pair. -- **Usage**: Determines which operations the key pair can execute. Composed of - four uppercase letters, each letter signifies a specific use. - - - `C` stands for Certificate. Key pairs containing the primary key generally - have this usage. - - `E` stands for Encrypt. The key pair can be used for encryption operations. - - `S` stands for Sign. The key pair can be used for signing operations. - - `A` stands for Authenticate. The key pair can be used to perform operations - like SSH authentication. - -- **Validity**: A Gpg concept that roughly represents the level of trust in this - key. - -## Operations Bar - -Here, you can execute corresponding operations by clicking on the buttons -provided. For instance, after inputting text into a text editor and specifying -the desired key in the key toolbox, you can click the encryption button to -perform the operation. - -Some operations require key specification, while others do not, as will be -detailed in the respective sections of this document. - -### Customization - -For operations that you may not use for a while, you have the option to uncheck -the associated function group in the top menu view. Conversely, for the -operations you frequently use, you have the ability to add them here. diff --git a/manual/basic/view-keypair-info.md b/manual/basic/view-keypair-info.md deleted file mode 100644 index b3374493..00000000 --- a/manual/basic/view-keypair-info.md +++ /dev/null @@ -1,195 +0,0 @@ -# View Key Pair Details - -You can view the details of a key pair by right-clicking on the key pair in the -key toolbox or key management interface and selecting "Show key details". - -This section may include a brief introduction to gpg-related concepts and could -be relatively long. - -Below is a screenshot of a friend's public key that I obtained from the key -server. - - - -And here is a randomly generated private key. The most significant difference -between this and the previous key is that the key pair with only the public key -is used for encryption only, but if you possess the private key, you can perform -more actions (it also depends on your algorithm; DSA can only be used for -signatures). - - - -## General Info - -This interface provides some useful information to help you manage your key pair -properly. - -### Owner - -This section enables you to know the owner of this key pair. This information is -not fixed and can be changed. You can create a new UID in the UID section and -set it as the primary UID to change it. - -According to the OpenPGP protocol, this part is divided into Name, Email, and -Comment. - - - -### Primary Key - -This part is the information of the primary key of the key pair. The primary key -is very crucial because without it, you cannot perform related management -operations like adding and revoking sub-keys (similar to not being able to open -the key ring). Let's introduce the information of the primary key separately -below. If you want to learn more, see the [Basic Concepts](../basic-concepts.md) -section. - -The absence of the master key means that the private key of the master key does -not exist, but this doesn't mean that neither the public key nor the private key -exists. Please remember: Each subkey and primary key consist of a pair of public -and private keys. - - - -#### Key ID - -This is the unique identifier of the key, which is fixed and unchanging. Note -that this key ID is the key ID of the primary key. The key ID is uniquely -determined after the key is generated. Compared with the fingerprint, the key ID -is shorter and more user-friendly. - -#### Algorithm - -This refers to the algorithm used for key generation. This also pertains to the -generation algorithm of the primary key. The generation algorithm determines the -properties and capabilities of the key. Algorithms such as RSA can be used for -encryption and signature, but DSA can only be used for signature. However, the -DSA key length can be shorter. - -#### Key Size - -This is the length of the primary key. Generally, the longer the key, the harder -it is to crack the ciphertext. But at the same time, it takes more time for a -single operation. Generally speaking, a length of 2048 bits is safe enough (this -refers to the key generated using the RSA algorithm). - -#### Normal Usage - -This refers to what the key pair can conceptually be used for, including the -conceptual usage of the primary key and sub-key. When the primary key or subkey -generation can be used to sign, but it has already expired or does not exist, -the signature usage will still be displayed here. - -#### Actual Usage - -This is the actual usage of the primary key and all subkeys, which is the union -of their usage. If there is only one primary key in the key pair that can be -used for signing, but this primary key does not exist, then the signature usage -will not appear here, only in Normal Usage. In addition, when there is only one -subkey that can be used for signing, if it has expired, the signature purpose -will not be displayed here. - -#### Expires on - -This is the expiration time of the primary key. When the primary key expires, it -will become invalid and you can't use it for any operation. In addition, the -subkeys in the key pair will also be unavailable. Fortunately, you can change -the expiration time of the primary key at any time, or even set it to never -expire. The prerequisite for this is that the primary key exists in the key -pair. - -#### Last Update - -This is the time when the content of the key pair was last updated. Operations -such as adding a UID or subkey will modify the content of the key pair. - -#### Secret Key Existence - -This indicates whether the actual content of the primary key exists. When the -primary key does not exist, if there are still available subkeys in the key -pair, the key pair can still be used for normal operations. However, in the -above case, the content of the key pair cannot be modified (that is, operations -such as adding UID or subkey cannot be performed), and the key pair cannot sign -other key pairs. - -### Fingerprint - - - -The fingerprint of the key pair is used for humans to quickly compare whether -the key pair is the expected key pair. This field is unique for all keys in the -world. You can certainly do this with the key ID mentioned above. - -This also refers to the fingerprint of the primary key. - -## UID Info - -User ID (UID) is used to identify a key, mainly for human identification. It's -similar to a name tag that accompanies a key ring, indicating who the key ring -belongs to. By looking at the UID, users can get a rough idea of whether a key -pair is what they expected. However, for accurate identification, fingerprints -or key IDs should be compared. A key can have multiple UIDs, but a key pair can -only have one primary UID, which is always listed first in the interface. - - - -UID has three elements: Name, Email, Comment. The name should be at least five -characters long, and the email should conform to the format. The rules for -comments are relatively loose. - -### Signature of UID - -The lower section of the interface displays the signature of the selected User -ID (UID), not the checked one. This is a key trust system. When someone receives -your public key, they can use their private key to sign your nameplate, -indicating their recognition of your public key. Afterward, they can upload the -keyring with their signature to the keyserver. If many people do the same, the -public key on the keyserver will have numerous signatures, making it -trustworthy. - -You can also use the primary key of another key pair to sign a UID. Generally, a -primary UID of a key pair with many valid signatures is considered more -trustworthy. - -## Subkey Info - -The sub-key mechanism is a crucial feature of GPG that improves both flexibility -and security. However, it also introduces some complexity, which can be -challenging for beginners. For a basic understanding, consider the following -points: - -- A key pair can be likened to a key ring, comprising a primary key (a pair of - public and private keys) and multiple subkeys (or none). -- Each subkey and primary key consists of a pair of public and private keys. -- The subkey can perform related operations (such as signing, encryption) in the - absence or unavailability of the primary key. -- The functions of subkeys can overlap, and when both subkeys can be used for - signing, the earlier one is selected. -- Subkeys can use more algorithms than the primary key, but usually have the - same effect on daily operations. -- The disclosure of a subkey only affects that subkey, while the disclosure of - the primary key endangers the entire key pair. - -The primary key and all subkeys in the key pair are displayed on the interface. -Some information about the key is also listed below. - -### Key In smart card - -Whether a key is in the smart card refers to whether the key is moved to the -smart card. Moving the key to the smart card changes the structure of the key -and is irreversible. - -### Operations - -In this column, what you can do differs for a key pair that only has a public -key and a key pair that includes a private key. - -Here's what you can do with a public key-only key pair: - - - -And here's what you can do with a key pair that includes a private key: - - - -These operations will be explained in detail throughout the documentation. |