diff options
Diffstat (limited to 'src/content/docs/guides/view-keypair-info.md')
| -rw-r--r-- | src/content/docs/guides/view-keypair-info.md | 136 |
1 files changed, 118 insertions, 18 deletions
diff --git a/src/content/docs/guides/view-keypair-info.md b/src/content/docs/guides/view-keypair-info.md index d24c2d0..7661e56 100644 --- a/src/content/docs/guides/view-keypair-info.md +++ b/src/content/docs/guides/view-keypair-info.md @@ -10,18 +10,13 @@ key toolbox or key management interface and selecting "Show key details". This section may include a brief introduction to gpg-related concepts and could be relatively long. -Below is a screenshot of a friend's public key that I obtained from the key -server. - - - -And here is a randomly generated private key. The most significant difference +Here is a randomly generated private key. The most significant difference between this and the previous key is that the key pair with only the public key is used for encryption only, but if you possess the private key, you can perform more actions (it also depends on your algorithm; DSA can only be used for signatures). - + ## General Info @@ -37,7 +32,7 @@ set it as the primary UID to change it. According to the OpenPGP protocol, this part is divided into Name, Email, and Comment. - + ### Primary Key @@ -53,7 +48,7 @@ not exist, but this doesn't mean that neither the public key nor the private key exists. Please remember: Each subkey and primary key consist of a pair of public and private keys. - + #### Key ID @@ -67,8 +62,20 @@ is shorter and more user-friendly. This refers to the algorithm used for key generation. This also pertains to the generation algorithm of the primary key. The generation algorithm determines the properties and capabilities of the key. Algorithms such as RSA can be used for -encryption and signature, but DSA can only be used for signature. However, the -DSA key length can be shorter. +both encryption and signatures, whereas DSA can only be used for signatures. +More modern algorithms like ECDH (Elliptic-curve Diffie-Hellman) are used for +secure key exchange, and ECDSA (Elliptic Curve Digital Signature Algorithm) is +employed for digital signatures. These elliptic curve algorithms offer enhanced +security with shorter key lengths compared to traditional algorithms. + +### Algorithm Detail + +Algorithm Detail displays both the key type and the key length. In some cases, +the key algorithm shown here is more precise. For example, it can specify +particular algorithms such as ED25519 or NISTP256, providing detailed +information about the specific cryptographic methods employed. + + #### Key Size @@ -118,7 +125,7 @@ other key pairs. ### Fingerprint - + The fingerprint of the key pair is used for humans to quickly compare whether the key pair is the expected key pair. This field is unique for all keys in the @@ -135,7 +142,7 @@ pair is what they expected. However, for accurate identification, fingerprints or key IDs should be compared. A key can have multiple UIDs, but a key pair can only have one primary UID, which is always listed first in the interface. - + UID has three elements: Name, Email, Comment. The name should be at least five characters long, and the email should conform to the format. The rules for @@ -151,10 +158,18 @@ keyring with their signature to the keyserver. If many people do the same, the public key on the keyserver will have numerous signatures, making it trustworthy. + + You can also use the primary key of another key pair to sign a UID. Generally, a primary UID of a key pair with many valid signatures is considered more trustworthy. +As shown in the image, some signatures do not have the signer's UID identified. +If you need to identify these signatures, you can try importing the +corresponding key from other sources, such as key servers. The Key ID is already +provided, which can help you locate and import the necessary keys to recognize +the signer's UID. + ## Subkey Info The sub-key mechanism is a crucial feature of GPG that improves both flexibility @@ -174,6 +189,8 @@ points: - The disclosure of a subkey only affects that subkey, while the disclosure of the primary key endangers the entire key pair. + + The primary key and all subkeys in the key pair are displayed on the interface. Some information about the key is also listed below. @@ -188,12 +205,95 @@ and is irreversible. In this column, what you can do differs for a key pair that only has a public key and a key pair that includes a private key. -Here's what you can do with a public key-only key pair: +### Operations on a Public Key + +This interface provides various general operations that can be performed on the +selected public key. Below is an explanation of each button's function: + + + +1. **Export Public Key**: + + - **Function**: This button allows you to export the public key to a file. + Exporting a public key is useful when you need to share it with others or + upload it to a keyserver. The exported file can then be distributed or + backed up as needed. + +2. **Key Server Operation (Pubkey)**: + + - **Function**: This dropdown menu provides options for interacting with + keyservers. A keyserver is a repository where public keys are stored and + can be retrieved by others. The operations might include uploading your + public key to a keyserver, refreshing your public key with updates from the + keyserver, or searching for other public keys on the keyserver. + +3. **Set Owner Trust Level**: + - **Function**: This button allows you to set the trust level for the owner + of the public key. Trust levels are part of the web of trust model used in + public key infrastructures. By setting the trust level, you indicate how + much you trust the key owner to correctly verify and sign other keys. This + affects how your system evaluates the validity of signatures made by the + key owner. + +These operations facilitate the management and sharing of public keys, helping +to establish and maintain trust within a cryptographic system. + +### Operations on a Private Key + +This interface provides various general operations that can be performed on the +selected key pair, including both public and private key operations. Below is an +explanation of each button's function: + + + +1. **Export Public Key**: + + - **Function**: This button allows you to export the public key to a file. + This is useful for sharing your public key with others or for uploading it + to a keyserver. The exported file can be distributed or backed up as + needed. + +2. **Export Private Key**: + + - **Function**: This button provides options for exporting the private key. + There are typically two modes for exporting: + - **Export Complete Private Key**: This exports the entire private key, + including all associated information. It is used when you need a full + backup or when transferring the key to another system. + - **Export Minimal Private Key**: This exports only the essential + components of the private key, minimizing the amount of data. This can be + useful for more secure key transfers or for environments with specific + security requirements. + +3. **Modify Expiration Datetime (Primary Key)**: + + - **Function**: This button allows you to modify the expiration date and time + of the primary key. This is important for managing the key's lifecycle and + ensuring that it remains valid for the desired period. Adjusting the + expiration date can help maintain security by ensuring keys are + periodically reviewed and updated. + +4. **Modify Password**: + + - **Function**: This button enables you to change the password that protects + the private key. Changing the password can enhance security, especially if + you suspect that the current password may have been compromised or if you + want to follow best practices for regular password updates. - +5. **Key Server Operation (Pubkey)**: -And here's what you can do with a key pair that includes a private key: + - **Function**: This dropdown menu provides options for interacting with + keyservers using the public key. Operations might include uploading the + public key to a keyserver, or refreshing the key from the keyserver. + Keyservers facilitate the distribution and retrieval of public keys. - +6. **Revoke Certificate Operation**: + - **Function**: This dropdown menu provides options for revoking a key + certificate. Revoking a certificate is necessary if the key has been + compromised or if it is no longer needed. This action invalidates the key, + ensuring it cannot be used maliciously. The revocation information is + typically uploaded to a keyserver so that others are aware of the key's + revoked status. -These operations will be explained in detail throughout the documentation. +These operations help manage the lifecycle of key pairs, ensuring their secure +use and proper distribution. |