aboutsummaryrefslogtreecommitdiffstats
path: root/src/content/docs/guides/fundamental-concepts.md
diff options
context:
space:
mode:
Diffstat (limited to 'src/content/docs/guides/fundamental-concepts.md')
-rw-r--r--src/content/docs/guides/fundamental-concepts.md203
1 files changed, 139 insertions, 64 deletions
diff --git a/src/content/docs/guides/fundamental-concepts.md b/src/content/docs/guides/fundamental-concepts.md
index dd19888..78e95b6 100644
--- a/src/content/docs/guides/fundamental-concepts.md
+++ b/src/content/docs/guides/fundamental-concepts.md
@@ -5,89 +5,164 @@ sidebar:
order: 1
---
-If you're new to GPG (GNU Privacy Guard) or PGP (Pretty Good Privacy), it's
-essential to understand some key concepts before diving in. This knowledge can
-help you avoid common pitfalls, such as accidentally sharing your private key,
-and ensure your communications remain secure.
+If you're new to **GPG (GNU Privacy Guard)** or **PGP (Pretty Good Privacy)**,
+this guide is for you. GPG is a free, open-source system for **encrypting
+information** and **verifying identity**. It's widely used for secure
+communication, file protection, and digital signing.
-## Key Concepts of GPG/PGP
+Let’s walk through the core concepts in a beginner-friendly way.
-### Key Pair Basics
+## 🔐 What Is a Key Pair?
-In the world of GPG/PGP, everything starts with a key pair. Think of a key pair
-like a set of two uniquely related keys on a key ring:
+At the heart of GPG is the **key pair**: two mathematically linked keys.
-- **Public Key**: This is like your home address that you can share with anyone.
- Others will use it to send you encrypted messages or verify your digital
- signature.
-- **Private Key**: This is akin to the key to your house. It must be kept secret
- because it can decrypt the messages sent to you or sign messages from you.
+- **Public Key**: Share this with anyone. Others use it to:
+ - Send you encrypted messages.
+ - Verify your digital signature.
+
+- **Private Key**: Keep this secret. You use it to:
+ - Decrypt messages sent to you.
+ - Sign data so others know it’s really from you.
-#### Why Both Keys?
+> 🧠 Think of it like a mailbox:
+> - Your public key is the address — people can send you letters.
+> - Your private key is the key to open the mailbox — only you can read what’s
+> inside.
-The magic of this system lies in its use of cryptographic algorithms. Data
-encrypted with your public key can only be decrypted by your private key, and
-vice versa. This ensures that only the intended recipient can read the message,
-and it can verify the sender's identity if a signature is used.
+## 🔧 Generating a Key Pair
-### Generating Your Key Pair
+To use GPG, you first create a key pair. During creation, you’ll choose:
-Before you can start encrypting or signing anything, you need to generate your
-key pair. This process involves choosing a cryptographic algorithm (like RSA or
-DSA) and often setting a key size (with larger sizes being more secure but
-slower).
+- A **cryptographic algorithm** (e.g., RSA, ECC).
+- A **key size** (larger sizes are more secure but slower).
+- A **passphrase** to protect the private key.
-#### Safety First
+> 🔒 Your passphrase adds a layer of protection — even if someone gets your key
+> file, they can’t use it without this password.
-When creating your key pair, you'll also be asked to enter a passphrase. This
-adds an extra layer of security, as the passphrase will be needed to access your
-private key. Choose a strong, memorable passphrase to protect your key.
+## 🧩 What Are Subkeys?
-### Understanding Subkeys
+A GPG identity doesn’t stop at one key pair. You can create **subkeys** under
+your primary key. These are used for specific tasks:
-A GPG key pair doesn't have to be limited to just one public and one private
-key. You can generate subkeys for specific purposes, such as:
+- **Encryption Subkey**: Used to encrypt/decrypt data.
+- **Signing Subkey**: Used to create/verifiy digital signatures.
-- **Encryption Subkey**: Used solely for encrypting and decrypting messages.
-- **Signing Subkey**: Used for creating and verifying digital signatures.
+Subkeys are tied to your identity, but they can be revoked or replaced
+independently.
-Subkeys are tied to your primary key pair but can be revoked or replaced
-independently, which is useful if a subkey is compromised but your primary key
-remains secure.
+> ✅ Tip: Use subkeys for everyday tasks and keep your **primary key offline** or
+> backed up securely.
-### The Role of the Primary Key
+## 🧱 Understanding the Primary Key
-Your primary key pair is the foundation of your GPG identity. All subkeys are
-associated with this primary pair. The primary key is typically used for
-signing, to establish trust within the network, and to certify subkeys.
+Your **primary key** is your core identity. It:
+- Links to your user ID (usually name + email).
+- Signs your subkeys.
+- Can certify other people's public keys (used to build trust networks).
-#### Protect Your Primary Key
+### Why Is It So Important?
-If your primary private key is compromised, the entire security of your key ring
-is at risk. Therefore, it's crucial to:
+If someone gains access to your **primary private key**, they can impersonate
+you. That’s why:
-- Keep your primary private key in a secure location.
-- Use subkeys for day-to-day encryption and signing tasks.
-- Consider using hardware security modules (HSMs) or smart cards to store keys
- securely.
+- It should be **backed up** securely.
+- It’s best to use **subkeys** for daily operations.
+- Some people even keep their primary key **offline** for maximum safety.
-## Best Practices for Beginners
+## ✉️ How Encryption Works
-1. **Backup Your Keys**: Securely backup your private keys (especially the
- primary one) in case of hardware failure or loss.
-2. **Use Strong Passphrases**: Your key's security is only as good as your
- passphrase. Use a long, complex passphrase that is difficult to guess.
-3. **Regularly Update Your Keys**: Over time, cryptographic standards evolve.
- Regularly review and update your keys and algorithms to ensure they remain
- secure.
-4. **Learn Key Management**: Practice importing, exporting, revoking, and
- verifying keys. Good key management habits are crucial for maintaining your
- security over time.
-5. **Engage with the Community**: The GPG/PGP community is vast and supportive.
- Join forums, read blogs, and participate in discussions to learn from
- experienced users.
+Imagine you want to send a private message to someone:
-By understanding these fundamental concepts and adhering to best practices,
-you'll be well on your way to securely using GPG/PGP. Remember, the goal is to
-protect your communications and identity in the digital world, and a solid grasp
-of these basics is the first step. \ No newline at end of file
+1. You encrypt the message using their **public key**.
+2. Only their **private key** can decrypt it.
+3. You can also add your **signature** using your private key.
+4. They can **verify your signature** with your public key.
+
+This ensures:
+- **Privacy**: No one but the intended recipient can read the message.
+- **Authenticity**: The recipient knows the message is from you.
+
+## 🖋️ What Is Digital Signing?
+
+Signing is like sealing a document with your unique fingerprint. It allows
+others to:
+
+- Confirm the message hasn’t been changed.
+- Confirm that **you** are the sender.
+
+Digital signatures are used to:
+- Sign emails.
+- Sign files or software packages.
+- Sign other people's public keys (to build trust).
+
+## 📦 Real-Life Use Cases
+
+### Secure Email
+
+You want to email a sensitive document:
+- Encrypt it using the recipient’s public key.
+- Sign it with your private key.
+- The recipient decrypts and verifies it.
+
+### Software Publishing
+
+You release a file or program online:
+- You sign it.
+- Users can verify the signature before using it.
+
+### Building Trust
+
+You meet someone at a conference:
+- You exchange and sign each other’s keys.
+- Anyone who trusts your key may now also trust theirs.
+
+## ✅ Best Practices for New Users
+
+1. **Back Up Your Keys**: Store your private key and revocation certificate in a
+ secure, offline location.
+2. **Use Strong Passphrases**: The private key is only as safe as the password
+ protecting it.
+3. **Separate Daily and Master Keys**: Use subkeys for regular work; keep your
+ primary key protected.
+4. **Update When Needed**: Cryptography evolves — review and rotate keys as
+ needed.
+5. **Revoke If Compromised**: If your private key is stolen or lost, revoke it
+ immediately and inform your contacts.
+6. **Understand the Web of Trust**: GPG builds trust by people signing each
+ other's keys — this forms a decentralized trust model.
+
+## 🧭 Summary
+
+GPG is a powerful tool for privacy and digital identity. By learning:
+- How keys work,
+- When to encrypt vs. sign,
+- And how to protect your credentials,
+
+You’re taking a big step toward securing your digital life.
+
+## 🧰 Where Does GpgFrontend Fit In?
+
+While GPG/PGP itself is powerful, it is mostly command-line based — which can be
+intimidating for beginners.
+
+This is where **GpgFrontend** comes in.
+
+GpgFrontend is a graphical interface built on top of GnuPG. It helps users
+perform key operations such as:
+
+- Generating and managing key pairs
+- Encrypting and decrypting messages or files
+- Signing and verifying content
+- Uploading and fetching keys from key servers
+- More...
+
+All of this can be done through a **clear and user-friendly interface**, making
+GPG accessible without needing to learn complex commands.
+
+Whether you're just starting to explore encrypted communication or already
+managing multiple keys, GpgFrontend acts as a bridge — combining the strength of
+GPG with simplicity and clarity.
+
+> 🧩 You focus on **secure communication** — let GpgFrontend handle the
+> complexity behind it. \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 22:30:42 +0000