diff options
Diffstat (limited to 'src/content/docs/guides/key-server-operations.md')
| -rw-r--r-- | src/content/docs/guides/key-server-operations.md | 166 |
1 files changed, 166 insertions, 0 deletions
diff --git a/src/content/docs/guides/key-server-operations.md b/src/content/docs/guides/key-server-operations.md new file mode 100644 index 0000000..6c01b66 --- /dev/null +++ b/src/content/docs/guides/key-server-operations.md @@ -0,0 +1,166 @@ +--- +title: Key Server Operations +--- + +Key servers play a pivotal role in the ecosystem of encrypted communication, +serving as a centralized repository for public key information. These servers +enable individuals to share and retrieve public keys necessary for encrypted +messaging, even when direct exchange is not feasible. Key servers are +particularly useful in scenarios where secure communication needs to be +established without prior direct contact, or when a user's public key needs to +be widely distributed or updated due to security concerns. + +When you wish to send an encrypted message but lack the recipient's public key, +key servers offer a solution by allowing you to search for and retrieve the +public key associated with the recipient's email address or key ID. This process +facilitates the encryption of messages in a way that ensures only the intended +recipient, who possesses the corresponding private key, can decrypt and read the +message. + +Moreover, key servers are integral to maintaining the integrity and +trustworthiness of the public key infrastructure. If a user's private key is +compromised, it is crucial to inform others not to use the associated public key +for encrypting messages anymore. By uploading a new public key to a key server +and marking the old one as obsolete or compromised, users can mitigate the risks +associated with the exposure of their private key. + +The functionality of key servers is enhanced by software tools such as +GpgFrontend, which simplifies the process of managing public keys. With +GpgFrontend, users can effortlessly upload their public key to key servers, +search for other users' public keys using an email address or key ID, and import +these keys for use in encrypted communication. The software's user-friendly +interface enables these operations to be performed with just a few mouse clicks, +making encrypted communication more accessible to a broader audience. + +It is important to note that once public key information is uploaded to a key +server, it is propagated across a network of key servers worldwide, making it +available to anyone who searches for it. This wide distribution ensures that +encrypted communication can be established easily across different platforms and +geographical locations. However, users should be aware that public keys uploaded +to key servers cannot be deleted, emphasizing the importance of careful key +management. In situations where a key needs to be updated, such as when adding a +subkey to a key pair, the new key information can overwrite the old one on the +server, thus maintaining the security and relevance of the key information +available to the public. + +In summary, key servers are essential for the secure and efficient exchange of +encrypted messages, offering a reliable method for sharing and retrieving public +keys. They support the integrity of secure communications by facilitating the +widespread distribution of public keys and enabling users to update or replace +keys when necessary. + +## Import Public Key From Key Server + +In the main page or in the key manager's Import key operation mode, there is a +key server option. After selecting this option you can see such an interface. + + + +You can get a list of public keys associated with a key server by searching for +Key ID, fingerprint or email address via the search box. If there is a suitable +public key in the list, you can import it by double-clicking it. + + + +When the import is complete, you can check whether the public key is actually +imported through the pop-up window (no need to import when the local public key +is newer), and you can also check some brief information about the public key. + + + +It is important to note that the public key you import may have expired or been +revoked. You can check the status of the key by navigating to the category tab +in the key management interface. In addition to the search box, you may also +notice a drop-down box that allows you to choose which key server to retrieve +the public key information from. To modify or add to this list of candidate +servers, please refer to the last section of this document: Key server related +settings. + +## Export My Public Key To The Key Server + +If the current key pair has a master key, you have the option to publish the +public key information to a key server. It is important to note that in order to +avoid confusion, GpgFrontend requires the presence of a master key for this +action to be performed. This ensures that users are aware of what they are doing +and the function being performed. + +### How To Use + +You can find the entry of this operation through the operation tab of the key +pair detail interface, as shown in the following figure. + + + +Perform the operation by clicking Upload key pair to key server. Note that the +naming of operations here is a bit confusing, but this is where your public key +information (not your private key) will be uploaded. + +### Synchronize public key information from a key server + +Sometimes, before you perform an encryption operation, you want to know if the +public key you are using is still valid. At this point, you can get the latest +information about the key from the key server (if the public key server has +one). + +As above, you can find this action in the Actions tab of the key pair details +screen, as shown in the image below. + +GpgFrontend will upload the public key information to the default key server +you set. The private key information is not uploaded and should not be manually +uploaded anywhere by the user. + +Refer to the last section of this document on how to set the default key server. + + + +The "Synchronize key pair with key server" function allows for automatic +retrieval of public key information from the key server, which is then compared +with the local key information. After the operation is completed, a pop-up +window will appear indicating whether the key has actually been updated. It +should be noted that this operation is not possible if the private key exists +locally. This is because, in such a case, you already have the key pair and +should publish the latest information for the key pair instead of accepting +outdated information from the key server. + +### Extra Information + +GpgFrontend automatically communicates with the default key server that you have +set to obtain the necessary information. You can refer to the last section of +this document to learn how to set the default key server. + +## Sync ALL Public Key + +This is an advanced function provided by GpgFrontend, it can synchronize all +your local public key information at one time, if you want to know, please read +[this document](../features/sync-all-public-keys.md). + +## Key Server Related Settings + +If you want to set a list of key servers or a default key server, you can do so +by accessing the Settings interface and navigating to the Key Servers tab. Here, +you will find options for managing your key server candidate list and +determining which key server is set as the default. + + + +To add a candidate key server to the list, simply enter the http or https +address of the key server you wish to add into the input box and click "Add". It +is strongly recommended that users use the https protocol to prevent +man-in-the-middle attacks. If you wish to delete a candidate key server, simply +right-click on the corresponding row in the table and select "Delete" from the +pop-up menu. To edit an existing candidate key server address, double-click on +the address in the table and edit it. + +To test the network connectivity of the servers in the key server candidate +list, click the "Test" button located at the bottom of the Key Servers tab. +However, note that the test only determines if the keyserver is reachable, not +whether the address is a valid keyserver. + +### Set Default Key Server + +To set a candidate key server as your default key server, you can follow these +steps. First, locate the candidate key server you want to set as the default in +the table. Then, right-click the row of the corresponding key server, and click +"Set as Default" in the pop-up menu. Once set, you can verify whether a +candidate key server is the default key server by checking the first column of +the table. |