diff options
Diffstat (limited to 'src/content/docs/guides')
| -rw-r--r-- | src/content/docs/guides/encrypt-decrypt-file.md | 68 | ||||
| -rw-r--r-- | src/content/docs/guides/encrypt-decrypt-text.md | 146 | ||||
| -rw-r--r-- | src/content/docs/guides/fundamental-concepts.md | 93 | ||||
| -rw-r--r-- | src/content/docs/guides/generate-key.md | 207 | ||||
| -rw-r--r-- | src/content/docs/guides/import-export-key-pair.md | 115 | ||||
| -rw-r--r-- | src/content/docs/guides/key-server-operations.md | 166 | ||||
| -rw-r--r-- | src/content/docs/guides/sign-verify-file.md | 103 | ||||
| -rw-r--r-- | src/content/docs/guides/sign-verify-text.md | 104 | ||||
| -rw-r--r-- | src/content/docs/guides/symmetric-encrypt-decrypt.md | 64 | ||||
| -rw-r--r-- | src/content/docs/guides/understand-interface.md | 180 | ||||
| -rw-r--r-- | src/content/docs/guides/view-keypair-info.md | 199 |
11 files changed, 1445 insertions, 0 deletions
diff --git a/src/content/docs/guides/encrypt-decrypt-file.md b/src/content/docs/guides/encrypt-decrypt-file.md new file mode 100644 index 0000000..c43887e --- /dev/null +++ b/src/content/docs/guides/encrypt-decrypt-file.md @@ -0,0 +1,68 @@ +--- +title: Encrypt & Sign File +--- + +GpgFrontend offers a fast and convenient method for working with files. The +encryption and decryption process for files is nearly identical to that of text, +with the exception that file operations involve binary input and output. + +## File Extension Introduction + +For ciphertext in ASCII format, the file extension is typically "asc" and these +files can be opened with a text editor. On the other hand, if the ciphertext is +in binary format, the file extension will be "gpg". Binary ciphertext files are +generally smaller than ASCII format. + +Before version 2.0.4, GpgFrontend generated ciphertext files exclusively in +ASCII format. However, beginning with version 2.0.4, GpgFrontend now generates +ciphertext files in binary format by default. This setting can be adjusted in +the program's settings. + + + +## File Browser + +From the top menu's "File" option, you can access the file browser by pressing +Ctrl/Command + B. After choosing target directory at system navigator, you +can then use the file browser tab to do some operations on files. By using the +file browser, you can navigate to your working directory and right-click on the +file you wish to work with. This will open a pop-up menu, where you can select +the operation you want to perform on the file. + + + +Located at the top of the file tab are two control buttons. The button on the +left allows you to navigate up one level in the directory hierarchy, while the +button on the right refreshes the input box on the left with the corresponding +path. + +On the far right of the file tab, there is a button with useful options that you +can select to show system files or hidden files. + + + +### Encrypt & Sign + +GpgFrontend recommends using the encryption and signature functions in this +method, so that the recipient can verify that the ciphertext originates from +you. You can select one or more recipients' public keys as well as your own +private key to complete this operation. + +When the operation is complete, a file with the ".gpg" extension is generated. +This file contains both encrypted content and signed content. + + + +### Decrypt & Verify + +When decrypting this ciphertext, it undergoes verification, which enhances +security. Additionally, you can perform a "Only Verify" operation which verifies +the content without decrypting it. To use this operation, you must select a file +with a ".gpg" or ".asc" extension, which contains the ciphertext and signature +content. + +To encourage users to verify whether the ciphertext is signed or not when +decrypting, Gpg Frontend does not provide a separate decryption operation for +this. + + diff --git a/src/content/docs/guides/encrypt-decrypt-text.md b/src/content/docs/guides/encrypt-decrypt-text.md new file mode 100644 index 0000000..a8db7af --- /dev/null +++ b/src/content/docs/guides/encrypt-decrypt-text.md @@ -0,0 +1,146 @@ +--- +title: Encrypt & Decrypt Text +--- + +The processes of encryption and decryption are fundamental to ensuring the +privacy and security of digital communications. GpgFrontend, a graphical +interface for GnuPG, simplifies these operations, making it accessible for users +to securely encrypt and decrypt text. Before diving into the specifics of how +GpgFrontend facilitates these operations, it's essential to understand the +underlying concepts and the prerequisites for encryption and decryption. + +Encryption is the process of converting plain text into a scrambled format known +as ciphertext, which is unreadable to anyone except those who possess the +correct key to decrypt it. This transformation is done using an encryption +algorithm and a key. In the context of GpgFrontend and most modern encryption +practices, this key is the recipient's public key. A public key is part of a key +pair that includes a private key; together, they are used in asymmetric +encryption, a cornerstone of modern cryptography. + +To initiate encryption with GpgFrontend, the sender must first have access to +the recipient's public key. This key is used to encrypt the message, ensuring +that only the recipient, who holds the corresponding private key, can decrypt +and read the message. The public key can encrypt messages, but cannot decrypt +them. This is a crucial aspect of asymmetric cryptography: it allows anyone to +send encrypted messages to the key owner without being able to decrypt messages +encrypted with that same public key. + +Generating a key pair is the first step in being able to engage in these secure +communications. This process usually involves choosing a key type and size, with +larger keys offering higher security. Once generated, the key pair consists of a +private key, which must be kept secure and confidential, and a public key, which +can be shared with anyone who wishes to send you encrypted messages. + +Decrypting a message with GpgFrontend requires the private key corresponding to +the public key used for encryption. Upon receiving an encrypted message, the +recipient uses their private key with GpgFrontend to decrypt the ciphertext back +into readable plain text. This decryption process is secure because the private +key is never shared, and it is computationally infeasible for an attacker to +derive the private key from the public key or the encrypted message. + +GpgFrontend streamlines these operations, providing a user-friendly interface +that abstracts the complexities of cryptographic operations. Users can easily +import public keys, encrypt messages or files for specific recipients, and +decrypt incoming messages or files using their private keys. This makes +GpgFrontend an invaluable tool for anyone needing to secure their digital +communications, from sensitive personal correspondence to confidential business +communications. + +In summary, encryption and decryption with GpgFrontend rely on the foundational +principles of asymmetric cryptography, where a public key is used for +encryption, and a corresponding private key is used for decryption. Before +engaging in these operations, users must generate a key pair and share their +public key with those from whom they wish to receive encrypted messages. This +setup ensures that only intended recipients can read the contents of encrypted +communications, providing a robust framework for privacy and security in the +digital age. + +## Encrypt + +The Encrypt operation itself uses a public key and does not require a private +key. Remember that whoever you want to send it to encrypts it with whose public +key. For people who don't use gpg very often, they often get confused and use +their own keys to encrypt ciphertext. + +### Only Encrypt + +In this case, you only encrypt the ciphertext, which results in a shorter +ciphertext. This is because the ciphertext does not contain additional signature +information that identifies the encryptor. If you do not want the recipient to +know your identity, use this method to generate your ciphertexts. + +After the encryption operation, no additional information will be displayed in +the information board except for a prompt indicating whether the operation was +successful. + + + +### Encrypt Sign + +To encrypt and sign text, you need to first prepare the plaintext and have a +public key that can perform encryption operations. The public key used for +encryption should belong to the intended recipient, not yourself. It is +important to verify that the recipient's public key has cryptographic +capabilities for encryption before proceeding. + +If you want the recipient to know that the ciphertext is from you, you can also +choose to sign the text while encrypting it. This ensures that the decrypted +text is credible and comes from your hand. This method is commonly used when +both parties need to ensure the authenticity of the decrypted text, and +typically in scenarios where both parties know each other. + +To encrypt and sign at the same time, select the public key(s) you need to use +for encryption, and during the encryption process, select the private key you +need to use for signing. This private key should belong to you and should have +the capability for signature operations. You can verify this by checking the +usage column in the key toolbox on the right (letter S stands for signature). + +The ciphertext generated by this operation is longer than ciphertext generated +by only encryption because of the additional signature information attached to +it. After the operation is complete, information about the cryptographic and +signature operations will be displayed in the Infomation Board, including +information about the signature pattern and algorithm used. + +To verify the authenticity of the ciphertext before decryption, you can use the +validate operation. Once the ciphertext is verified, you can proceed with +decryption using your private key. + + + +## Decrypt + +When decrypting the ciphertext, you can simply paste the obtained ciphertext +into GpgFrontend, and it will automatically select the appropriate private key +for decryption. It is important to note that decryption must be performed with +the private key associated with the public key used for encryption. + + + +When decrypting a ciphertext, it is not necessary to check the usage column in +the key toolbox to determine if the key is valid for decryption. Instead, you +need to use a valid private key that corresponds to the public key used for +encryption. You can identify whether a key is a public key or a private key by +checking the type column in the key toolbox. If all your local keys are not +valid for decryption of the ciphertext, the program will display a decryption +failure message. + +## Decrypt Verify + +During decryption with verification, gpg will check the signature attached to +the ciphertext to ensure its authenticity. This provides an additional layer of +security and helps to prevent tampering with the encrypted message. + +To perform decryption with verification, you need to select a file with a ".gpg" +or ".asc" extension, which contains the ciphertext and signature content. If the +signature is valid, gpg will decrypt the message and display it in plain text. +Otherwise, it will display an error message indicating that the signature is not +valid. + +It is important to note that whether a key pair can be used for verification +will not be displayed in the usage column. Instead, you need to remember that a +valid public key can be used for verification. Therefore, it is a good habit to +always verify the signature during decryption, regardless of whether the +encryptor has signed in advance. This helps to ensure the authenticity and +integrity of the decrypted message. + + diff --git a/src/content/docs/guides/fundamental-concepts.md b/src/content/docs/guides/fundamental-concepts.md new file mode 100644 index 0000000..dd19888 --- /dev/null +++ b/src/content/docs/guides/fundamental-concepts.md @@ -0,0 +1,93 @@ +--- +title: Fundamental Concepts for Beginners +sidebar: + label: Fundamental Concepts + order: 1 +--- + +If you're new to GPG (GNU Privacy Guard) or PGP (Pretty Good Privacy), it's +essential to understand some key concepts before diving in. This knowledge can +help you avoid common pitfalls, such as accidentally sharing your private key, +and ensure your communications remain secure. + +## Key Concepts of GPG/PGP + +### Key Pair Basics + +In the world of GPG/PGP, everything starts with a key pair. Think of a key pair +like a set of two uniquely related keys on a key ring: + +- **Public Key**: This is like your home address that you can share with anyone. + Others will use it to send you encrypted messages or verify your digital + signature. +- **Private Key**: This is akin to the key to your house. It must be kept secret + because it can decrypt the messages sent to you or sign messages from you. + +#### Why Both Keys? + +The magic of this system lies in its use of cryptographic algorithms. Data +encrypted with your public key can only be decrypted by your private key, and +vice versa. This ensures that only the intended recipient can read the message, +and it can verify the sender's identity if a signature is used. + +### Generating Your Key Pair + +Before you can start encrypting or signing anything, you need to generate your +key pair. This process involves choosing a cryptographic algorithm (like RSA or +DSA) and often setting a key size (with larger sizes being more secure but +slower). + +#### Safety First + +When creating your key pair, you'll also be asked to enter a passphrase. This +adds an extra layer of security, as the passphrase will be needed to access your +private key. Choose a strong, memorable passphrase to protect your key. + +### Understanding Subkeys + +A GPG key pair doesn't have to be limited to just one public and one private +key. You can generate subkeys for specific purposes, such as: + +- **Encryption Subkey**: Used solely for encrypting and decrypting messages. +- **Signing Subkey**: Used for creating and verifying digital signatures. + +Subkeys are tied to your primary key pair but can be revoked or replaced +independently, which is useful if a subkey is compromised but your primary key +remains secure. + +### The Role of the Primary Key + +Your primary key pair is the foundation of your GPG identity. All subkeys are +associated with this primary pair. The primary key is typically used for +signing, to establish trust within the network, and to certify subkeys. + +#### Protect Your Primary Key + +If your primary private key is compromised, the entire security of your key ring +is at risk. Therefore, it's crucial to: + +- Keep your primary private key in a secure location. +- Use subkeys for day-to-day encryption and signing tasks. +- Consider using hardware security modules (HSMs) or smart cards to store keys + securely. + +## Best Practices for Beginners + +1. **Backup Your Keys**: Securely backup your private keys (especially the + primary one) in case of hardware failure or loss. +2. **Use Strong Passphrases**: Your key's security is only as good as your + passphrase. Use a long, complex passphrase that is difficult to guess. +3. **Regularly Update Your Keys**: Over time, cryptographic standards evolve. + Regularly review and update your keys and algorithms to ensure they remain + secure. +4. **Learn Key Management**: Practice importing, exporting, revoking, and + verifying keys. Good key management habits are crucial for maintaining your + security over time. +5. **Engage with the Community**: The GPG/PGP community is vast and supportive. + Join forums, read blogs, and participate in discussions to learn from + experienced users. + +By understanding these fundamental concepts and adhering to best practices, +you'll be well on your way to securely using GPG/PGP. Remember, the goal is to +protect your communications and identity in the digital world, and a solid grasp +of these basics is the first step.
\ No newline at end of file diff --git a/src/content/docs/guides/generate-key.md b/src/content/docs/guides/generate-key.md new file mode 100644 index 0000000..c52f6d9 --- /dev/null +++ b/src/content/docs/guides/generate-key.md @@ -0,0 +1,207 @@ +--- +title: Generate Key Pair & Subkey +sidebar: + order: 3 +--- + +Sure, let's go through the process of generating a key pair and subkeys. + +To generate a key pair using GpgFrontend, follow these steps: + +1. Open GpgFrontend and click on the "Generate Key" button. +2. Fill in the required information, such as your name and email address. +3. Choose the type of key you want to generate (RSA, DSA or ECC). +4. Set the key size and expiration date, if desired. +5. Create a passphrase to protect your private key. +6. Click "Generate" to create your key pair. + +Once your key pair is generated, you can add subkeys to it by following these +steps: + +1. Select the key pair you want to add a subkey to. +2. Click on the "Add Subkey" button. +3. Choose the type of subkey you want to add (encryption, signing, + authentication, or all). +4. Set the subkey size and expiration date, if desired. +5. Create a passphrase to protect your subkey. +6. Click "Add" to create your subkey. + +You can add multiple subkeys to a key pair, each with their own specific +purposes. This allows you to have more control over your key pair's security and +usage. + +## Generate Key Pair + +You can quickly understand the process of generating a key pair by watching the +following animation. + + + +### Name & Email & Comment + +The three fields, including name, email, and comment, are used to help users +differentiate this key pair from other key pairs they may have. Among these +three options, name and email are mandatory, while comment is optional. + +It is important to note that the name should be at least 5 characters long, and +the email should follow the correct format (no actual email account is +required). + + + +### Expiration Date + +Setting an expiration date for the key pair is a way to limit the validity of +the key over time. Once the expiration date is reached, the key can still be +used, but its operations, especially signature operations, will be considered +invalid. By default, GpgFrontend suggests setting the expiration date to two +years after generation, but you can also choose to check the "Never expire" +checkbox to make the key pair permanent. + +It's important to note that this option can be changed at any time after +generation, even after the expiration date has passed, as long as the primary +key still exists. + + + +### Key Size & Algo + +Setting an expiration date for the key pair is a way to limit the validity of +the key over time. Once the expiration date is reached, the key can still be +used, but its operations, especially signature operations, will be considered +invalid. By default, GpgFrontend suggests setting the expiration date to two +years after generation, but you can also choose to check the "Never expire" +checkbox to make the key pair permanent. + +It's important to note that this option can be changed at any time after +generation, even after the expiration date has passed, as long as the primary +key still exists. + + + +### Passphrase + +Setting a password to protect the primary key is crucial in case of a security +breach. If the "Do not set password" checkbox is unchecked, you will be prompted +to enter a password during the key pair generation process. Follow the prompts +to set the password. Once the password is set, whenever you need to use the +primary key for an operation, you will need to enter the password to unlock it +(some systems have a password manager to automate this process). + +However, you can also check the "Do not set password" checkbox to skip setting a +protection password for the primary key. But this is not recommended due to +security concerns. + +### Usage + +When generating a key pair, you can specify the usage for the first subkey, +which is the primary key. There are four options: + + + +- Encryption: Once generated, this key can be used for encryption purposes. + +- Signing: Once generated, this key can be used for signature purposes. + +- Certification: This key can be used to certify or verify other keys. Only the + primary key can have this usage. + +- Authentication: This key can be used for authentication purposes, such as with + SSH keys. + +The third of these four uses (authentication purposes) can only be owned by the +primary key. In addition, some usages are not available when using certain +algorithms for encryption. For example, when the DSA algorithm is selected, the +encryption uses are disabled. + +## Generate Subkey + +It is possible to append subkeys to an existing key pair. The subkey does not +require the input of a name, email, or comment, as the remaining steps are +essentially identical to those for generating a key pair. + + + +### Extra note + +Below are some guidelines that may prove useful in comprehending the +aforementioned concepts and utilizing this tool accurately. + +#### Understanding Primary Keys and Subkeys + +In the realm of cryptography, key management plays a crucial role in ensuring +data security. A key pair consists of a primary key and one or more subkeys, +each serving distinct functions yet working together to secure and manage +digital identities and communications. This structure not only enhances security +but also provides flexibility in key usage and management. + +#### The Role of Primary Key and Subkeys + +- **Primary Key**: The primary key is the cornerstone of your cryptographic + identity. It is used for identity verification, which includes signing other + keys to establish trust. The primary key's signature on a subkey validates the + subkey's association with the identity of the primary key holder. + +- **Subkeys**: Subkeys are associated with the primary key and are used for + encryption and signing documents or messages. Subkeys can be thought of as + extensions of the primary key, each designated for specific tasks. This + separation of duties allows for greater security and operational flexibility. + For example, you can have separate subkeys for signing and encryption. + +#### Advantages of Using Subkeys + +1. **Enhanced Security**: By using subkeys for day-to-day operations, you + minimize the risk associated with key exposure. If a subkey is compromised, + it can be revoked without affecting the primary key or other subkeys, thereby + limiting the potential damage. + +2. **Operational Flexibility**: Subkeys allow for specific roles (e.g., signing, + encryption) to be isolated. This means you can renew or revoke subkeys as + needed without disrupting the overall cryptographic setup. + +3. **Convenient Key Rotation**: Regularly updating keys is a best practice in + cryptography. Subkeys make it easier to rotate keys for signing and + encryption without needing to re-establish the primary key's trust + relationships. + +#### Managing Primary Keys and Subkeys + +- **Secure Storage**: The primary key should be stored in a highly secure + location, preferably offline or in a hardware security module (HSM), to + prevent unauthorized access. This is because the loss or compromise of the + primary key jeopardizes the entire cryptographic framework. + +- **Key Generation and Maintenance**: While tools like GpgFrontend provide + user-friendly interfaces for managing keys, they may lack support for advanced + operations like generating multiple subkeys. Therefore, using the command-line + `gpg` tool for such tasks is advisable. Despite this limitation, GpgFrontend + can play a critical role in monitoring the presence of the primary key, which + is essential for certain operations like adding subkeys or signing other keys. + +- **Revocation and Renewal**: Prepare revocation certificates for your primary + key and subkeys in advance. In case of key compromise or expiration, these + certificates allow you to invalidate the keys, informing others in your trust + network not to use them anymore. + +#### Practical Tips for Effective Key Management + +- **Purpose-Specific Subkeys**: If your primary key was not generated with + certain capabilities (e.g., encryption), you can create a subkey with the + required functionality. This allows the key pair to be used for the intended + cryptographic operations without regenerating the primary key. + +- **Multiple Subkeys for Different Devices**: For users operating across + multiple devices, generating separate subkeys for each device can enhance + security. If one device is compromised, only the subkey on that device needs + to be revoked, leaving the others unaffected. + +- **Backup and Recovery**: Regularly back up your key pair, including the + primary key and all subkeys. Secure backups ensure that you can recover your + cryptographic capabilities even in the event of hardware failure or data loss. + +In summary, understanding and implementing a robust key management strategy, +with a clear distinction between primary keys and subkeys, is essential for +maintaining the integrity and security of cryptographic operations. By adhering +to best practices for key usage, storage, and renewal, users can safeguard their +digital identities and ensure the confidentiality and authenticity of their +communications. diff --git a/src/content/docs/guides/import-export-key-pair.md b/src/content/docs/guides/import-export-key-pair.md new file mode 100644 index 0000000..d8f35d0 --- /dev/null +++ b/src/content/docs/guides/import-export-key-pair.md @@ -0,0 +1,115 @@ +--- +title: Import & Export Key Pair +--- + +GpgFrontend provides various methods for importing or exporting key pairs, some +of which are outlined below. Please refer to the guide for more information. + +## Import Key Pair + +To access the import options, navigate to the toolbar and select the desired +method based on your specific requirements. Additionally, you can access +additional options by selecting the action menu in the key management section. + + + +In fact, you can find the action menu in the key management section, which +provides access to additional key management options beyond those available in +the toolbar. + + + +### File + +This option allows you to select a public or private key file in text format +with any extension to import. + +### Editor + +You can paste the contents of a key file onto a blank text label page and +GpgFrontend will automatically recognize and import the corresponding key. + +### Clipboard + +You can copy the contents of a key to your system clipboard and then select this +option to import the corresponding key. + +### Key server + +This feature enables users to search for and import public keys from a key +server. Users must first enter the email or ID associated with the desired key +and select the appropriate key server. Upon clicking the search button, a list +of public keys that can be imported from the server will be displayed. Users can +choose to import multiple keys together or double-click on a specific table row +to import a corresponding public key. It is important to note that when using +this method, only public keys can be imported. + +A detailed description of this part can be found +[Here](./key-server-operations.md). + +### Dropdown on Key Toolbox + +You can drag the key file directly to the key toolbox, and then follow the +prompts of GpgFrontend to import the key. + +## Export Key Pair + +When deriving the public key of a key pair using the private key, you can derive +either the public key or the private key or both of all the keys present in the +key pair. However, if there are numerous keys in the key pair, the exported data +can be lengthy. Multiple export methods are available, which are similar to the +import process. + +In Gpg Frontend, the exported data is encoded in ASCII to ensure compatibility +between computers. + +### Export Public Key + +You can find this operation in many places. The following will introduce them +one by one. + +#### Append Public Key to Editor + +To append a public key to the editor in GpgFrontend, right-click on a row in the +key toolbox and select "Append Select Key(s) to Editor" from the pop-up menu. +This will add the public key of the selected key to the end of the text label +page. You can then copy the content to any location as needed. + +#### Export on the Key Pair at Operations Tab + +To export a public key using the Key Pair at Operations Tab, follow the steps +shown in the screenshot below. This will save the data to a file. Before +proceeding, please make sure to choose a suitable directory to store the file +containing the public key data. + + + +### Export multiple public keys at once + +To export public key data for multiple key pairs at once, select the desired key +pairs on the key management interface and click on the "Export to Clipboard" +option. This will copy the data to your system clipboard, which you can then +paste into any application or file. + + + +### Export Private Key + +Private key options are available in various locations on the detail page that +contains the private key (either the primary key or subkey). From there, you can +select a destination and GpgFrontend will export the corresponding private key +content to that location. + + + +Exporting the private key also exports both the public key and private key data, +as the private key data alone is meaningless without the corresponding public +key. Thus, the private key content is typically bundled with the public key +content during export. However, it's essential to note that the private key file +should never be disclosed to others. If leaked, it could compromise the security +of all ciphertexts encrypted by the key. + +You can export the private key data in your key pair in two ways. + +1. Full export: Include all key data and UID and UID signature in the key pair. +2. Minimal export: Only all key data in the key pair is included. diff --git a/src/content/docs/guides/key-server-operations.md b/src/content/docs/guides/key-server-operations.md new file mode 100644 index 0000000..6c01b66 --- /dev/null +++ b/src/content/docs/guides/key-server-operations.md @@ -0,0 +1,166 @@ +--- +title: Key Server Operations +--- + +Key servers play a pivotal role in the ecosystem of encrypted communication, +serving as a centralized repository for public key information. These servers +enable individuals to share and retrieve public keys necessary for encrypted +messaging, even when direct exchange is not feasible. Key servers are +particularly useful in scenarios where secure communication needs to be +established without prior direct contact, or when a user's public key needs to +be widely distributed or updated due to security concerns. + +When you wish to send an encrypted message but lack the recipient's public key, +key servers offer a solution by allowing you to search for and retrieve the +public key associated with the recipient's email address or key ID. This process +facilitates the encryption of messages in a way that ensures only the intended +recipient, who possesses the corresponding private key, can decrypt and read the +message. + +Moreover, key servers are integral to maintaining the integrity and +trustworthiness of the public key infrastructure. If a user's private key is +compromised, it is crucial to inform others not to use the associated public key +for encrypting messages anymore. By uploading a new public key to a key server +and marking the old one as obsolete or compromised, users can mitigate the risks +associated with the exposure of their private key. + +The functionality of key servers is enhanced by software tools such as +GpgFrontend, which simplifies the process of managing public keys. With +GpgFrontend, users can effortlessly upload their public key to key servers, +search for other users' public keys using an email address or key ID, and import +these keys for use in encrypted communication. The software's user-friendly +interface enables these operations to be performed with just a few mouse clicks, +making encrypted communication more accessible to a broader audience. + +It is important to note that once public key information is uploaded to a key +server, it is propagated across a network of key servers worldwide, making it +available to anyone who searches for it. This wide distribution ensures that +encrypted communication can be established easily across different platforms and +geographical locations. However, users should be aware that public keys uploaded +to key servers cannot be deleted, emphasizing the importance of careful key +management. In situations where a key needs to be updated, such as when adding a +subkey to a key pair, the new key information can overwrite the old one on the +server, thus maintaining the security and relevance of the key information +available to the public. + +In summary, key servers are essential for the secure and efficient exchange of +encrypted messages, offering a reliable method for sharing and retrieving public +keys. They support the integrity of secure communications by facilitating the +widespread distribution of public keys and enabling users to update or replace +keys when necessary. + +## Import Public Key From Key Server + +In the main page or in the key manager's Import key operation mode, there is a +key server option. After selecting this option you can see such an interface. + + + +You can get a list of public keys associated with a key server by searching for +Key ID, fingerprint or email address via the search box. If there is a suitable +public key in the list, you can import it by double-clicking it. + + + +When the import is complete, you can check whether the public key is actually +imported through the pop-up window (no need to import when the local public key +is newer), and you can also check some brief information about the public key. + + + +It is important to note that the public key you import may have expired or been +revoked. You can check the status of the key by navigating to the category tab +in the key management interface. In addition to the search box, you may also +notice a drop-down box that allows you to choose which key server to retrieve +the public key information from. To modify or add to this list of candidate +servers, please refer to the last section of this document: Key server related +settings. + +## Export My Public Key To The Key Server + +If the current key pair has a master key, you have the option to publish the +public key information to a key server. It is important to note that in order to +avoid confusion, GpgFrontend requires the presence of a master key for this +action to be performed. This ensures that users are aware of what they are doing +and the function being performed. + +### How To Use + +You can find the entry of this operation through the operation tab of the key +pair detail interface, as shown in the following figure. + + + +Perform the operation by clicking Upload key pair to key server. Note that the +naming of operations here is a bit confusing, but this is where your public key +information (not your private key) will be uploaded. + +### Synchronize public key information from a key server + +Sometimes, before you perform an encryption operation, you want to know if the +public key you are using is still valid. At this point, you can get the latest +information about the key from the key server (if the public key server has +one). + +As above, you can find this action in the Actions tab of the key pair details +screen, as shown in the image below. + +GpgFrontend will upload the public key information to the default key server +you set. The private key information is not uploaded and should not be manually +uploaded anywhere by the user. + +Refer to the last section of this document on how to set the default key server. + + + +The "Synchronize key pair with key server" function allows for automatic +retrieval of public key information from the key server, which is then compared +with the local key information. After the operation is completed, a pop-up +window will appear indicating whether the key has actually been updated. It +should be noted that this operation is not possible if the private key exists +locally. This is because, in such a case, you already have the key pair and +should publish the latest information for the key pair instead of accepting +outdated information from the key server. + +### Extra Information + +GpgFrontend automatically communicates with the default key server that you have +set to obtain the necessary information. You can refer to the last section of +this document to learn how to set the default key server. + +## Sync ALL Public Key + +This is an advanced function provided by GpgFrontend, it can synchronize all +your local public key information at one time, if you want to know, please read +[this document](../features/sync-all-public-keys.md). + +## Key Server Related Settings + +If you want to set a list of key servers or a default key server, you can do so +by accessing the Settings interface and navigating to the Key Servers tab. Here, +you will find options for managing your key server candidate list and +determining which key server is set as the default. + + + +To add a candidate key server to the list, simply enter the http or https +address of the key server you wish to add into the input box and click "Add". It +is strongly recommended that users use the https protocol to prevent +man-in-the-middle attacks. If you wish to delete a candidate key server, simply +right-click on the corresponding row in the table and select "Delete" from the +pop-up menu. To edit an existing candidate key server address, double-click on +the address in the table and edit it. + +To test the network connectivity of the servers in the key server candidate +list, click the "Test" button located at the bottom of the Key Servers tab. +However, note that the test only determines if the keyserver is reachable, not +whether the address is a valid keyserver. + +### Set Default Key Server + +To set a candidate key server as your default key server, you can follow these +steps. First, locate the candidate key server you want to set as the default in +the table. Then, right-click the row of the corresponding key server, and click +"Set as Default" in the pop-up menu. Once set, you can verify whether a +candidate key server is the default key server by checking the first column of +the table. diff --git a/src/content/docs/guides/sign-verify-file.md b/src/content/docs/guides/sign-verify-file.md new file mode 100644 index 0000000..c25ddd6 --- /dev/null +++ b/src/content/docs/guides/sign-verify-file.md @@ -0,0 +1,103 @@ +--- +title: Signing & Verifying Files +--- + +GpgFrontend extends its utility from handling text-based operations to +facilitating file operations with ease and security. The principle behind +signing and verifying files mirrors that of text, leveraging the robust +framework of digital signatures. However, a significant distinction lies in the +nature of the input and output for file operations, which can be binary, +accommodating a wider range of file types beyond simple text documents. + +When signing a file using GpgFrontend, the software utilizes the private key of +the user to create a digital signature. This process begins by computing a hash +of the file's contents, regardless of whether the file is a document, image, +executable, or any other binary format. This hash serves as a compact +representation of the file's data. Subsequently, the hash is encrypted with the +user's private key, producing a digital signature unique to both the file and +the key used. The resulting signature can either be attached to the file or +stored separately, depending on the user's preference and the requirements of +the application. + +Verifying a signed file with GpgFrontend involves the corresponding public key +of the private key that was used for signing. The verification process decrypts +the digital signature using this public key to extract the original hash value +that was generated during the signing. Simultaneously, the software computes a +new hash from the file that is purported to be authentic. By comparing these two +hash values, GpgFrontend can determine if the file has been altered after it was +signed. If the hashes match, it confirms the file's integrity and authenticity, +assuring the recipient of its untampered state and the signer's identity. + +This binary capability of file operations in GpgFrontend not only broadens the +scope of digital signatures to encompass a variety of file types but also +ensures that the integrity and authenticity verification process is not limited +to text-based data. It provides a critical layer of security in digital +communications, where files of all kinds are shared and exchanged with the +expectation of privacy and trust. + +The application of digital signatures to files through tools like GpgFrontend is +especially relevant in scenarios where the authenticity of the file source and +the integrity of its contents are paramount. This includes software +distribution, where verifying the source and integrity of software packages is +crucial to prevent malware distribution; document sharing in legal and financial +contexts, where tampering could have serious implications; and multimedia +content distribution, where copyright and ownership are significant concerns. + +In summary, GpgFrontend's support for signing and verifying files elevates the +security of digital file exchanges by applying the principles of cryptography in +a user-friendly manner. By accommodating binary file operations, it ensures that +digital signatures are accessible and applicable across a broad spectrum of file +types, reinforcing the pillars of trust and security in digital communications. + +## Introduction to File Extensions + +For ASCII-formatted ciphertext, the filename suffix is usually "asc", and these +files can be opened directly with a text editor. However, if the ciphertext is +binary, its file extension will be "sig" or "gpg". Typically, binary ciphertext +files are smaller than ASCII-formatted ones. + +Prior to v2.0.4, the ciphertext files generated by GpgFrontend were all in ASCII +format. But starting with v2.0.4, GpgFrontend defaults to generating +binary-formatted ciphertext files. You can modify this setting in the settings. + + + +## File Browser + +You can open the file browser (Ctrl/Command + B) via the top menu file option. +After selecting a target directory at system navigator, you can get a new File +browser tab. Using the file browser, navigate to your working directory. Then, +right-click the file you wish to operate on, and select the desired operation +from the pop-up menu. + + + +Two control buttons are located at the top of the file tab. The one on the left +allows you to go up a level, and the one on the right enables you to enter or +refresh the corresponding path in the input box on the left. + +On the far right is a button offering useful options, such as displaying system +files or hidden files. + + + +### Sign + +Through the right-click menu, you can rapidly sign a file. This operation will +generate a file with a "sig" or "asc" suffix, which contains the signature +content. In this scenario, you need to pass both this file and the original file +to the other party to allow them to verify it. + + + +### Verify + +This operation requires you to select a file with a "gpg" suffix (this may be +invalid for binary file ciphertext) or a file with a "sig" suffix for +verification. + +When selecting a file with the "sig" suffix, ensure that the source file is also +present in this directory. This implies that the source file's name is simply +missing a "sig" suffix. + + diff --git a/src/content/docs/guides/sign-verify-text.md b/src/content/docs/guides/sign-verify-text.md new file mode 100644 index 0000000..02d7057 --- /dev/null +++ b/src/content/docs/guides/sign-verify-text.md @@ -0,0 +1,104 @@ +--- +title: Signing & Verifying Text +--- + +Digital signatures, much like their analog counterparts, serve as a method for +asserting the authenticity and integrity of a digital document or message. +However, unlike traditional signatures, digital signatures offer a much higher +level of security, making it possible to ascertain not only the identity of the +signer but also whether the content has been tampered with since it was signed. + +The foundation of digital signing and verification lies in the field of public +key cryptography, a cornerstone of modern secure communication. This system +relies on two keys: a private key, which is kept secret by the owner, and a +public key, which can be shared with anyone. To sign a document, the signer uses +their private key to generate a digital signature on the document. This +signature is unique to both the document and the private key, ensuring that any +changes made to the document after it has been signed can be detected. + +Verification, on the other hand, requires the corresponding public key. When a +document is received along with its digital signature, the recipient can use the +signer's public key to verify the signature. This process checks that the +signature matches the document and was created with the private key +corresponding to the public key. If the document has been altered after signing, +the verification will fail, alerting the recipient to the tampering. + +One of the advantages of digital signatures is the ability to use multiple +private keys for signing a document, similar to having a document signed by +multiple parties. Each signer uses their private key to sign the document, and +each signature can be independently verified with the corresponding public key. +This method is particularly useful in scenarios requiring the approval or +authorization of multiple entities. + +Digital signatures are a critical component of secure communications, providing +assurances of authenticity, integrity, and non-repudiation. Non-repudiation +means that a signer cannot later deny the authenticity of the signature on a +document they signed. This is especially important in legal, financial, and +sensitive communications, where trust and authenticity are paramount. + +Tools like GpgFrontend facilitate the process of creating and verifying digital +signatures in a user-friendly manner. GpgFrontend is built on top of the OpenPGP +standard, which is a widely accepted protocol for encryption and digital +signatures. The tool allows users to easily manage their encryption keys, sign +documents, and verify the signatures of received documents, thereby enhancing +the security and trustworthiness of digital communications. + +In summary, digital signing and verification through tools like GpgFrontend +leverage public key cryptography to ensure the security and integrity of digital +communications. By enabling users to sign documents with their private keys and +allowing others to verify those signatures with corresponding public keys, +digital signatures provide a robust mechanism for authenticating the origin and +integrity of digital documents, far surpassing the capabilities of traditional +handwritten signatures. + +## Signature Only + +By signing the text, you establish that you are the sole and unalterable +authority for this text. You can simply sign the text without encrypting it as +follows: + + + +To check whether a key can be used for signing, please review the 'Usage' column +in the key toolbox on the right (the letter 'S' stands for signature). + +## Signature with Encryption + +You also have the option to sign and encrypt at the same time by choosing a +public key for encryption and your private key for signing. This is a common +practice where you select two key pairs: one belonging to someone else for +encryption, and your private key for signing. If you don't select a key for +signing, only encryption is possible, but you will receive a warning. It's worth +noting that combining signing with encryption provides an additional layer of +security as it assures the recipient that the message hasn't been altered and it +came from the sender whose identity is verified by the digital signature. + + + +## Verification + +Once you have a plaintext and its corresponding signature, you can verify the +signature using the signer's public key. However, this type of signature isn't +suitable for emails as it can make the email less readable. + + + +To verify a signature with text, you need to have the corresponding public key +for all included signatures. If a suitable public key for a signature isn't +found locally during verification, GpgFrontend will prompt you to import it. + + + +## Verification with Decryption + +When decrypting a ciphertext, it's advised to verify it simultaneously, +regardless of whether the encryptor signed it or not. It's impossible to +determine from the ciphertext's format if it has been signed. Therefore, it's a +good habit to always perform decryption operations with verification whenever +possible. + + diff --git a/src/content/docs/guides/symmetric-encrypt-decrypt.md b/src/content/docs/guides/symmetric-encrypt-decrypt.md new file mode 100644 index 0000000..c6b7ed5 --- /dev/null +++ b/src/content/docs/guides/symmetric-encrypt-decrypt.md @@ -0,0 +1,64 @@ +--- +title: Symmetric Encryption & Decryption +sidebar: + label: Symmetric Crypto +--- + +## About Symmetric Encryption & Decryption + +Symmetric encryption, in contrast to asymmetric encryption, uses a single key +for both the encryption of plaintext and the decryption of ciphertext. This +method is characterized by its simplicity and speed, making it a popular choice +for encrypting large volumes of data or for scenarios where the sharing of keys +between the sender and receiver can be securely managed. GpgFrontend provides a +user-friendly interface for implementing symmetric encryption, streamlining the +process for users who may not be familiar with the intricacies of cryptographic +operations. + +The process of symmetric encryption with GpgFrontend begins when a user opts to +encrypt data without selecting a recipient's public key from the Key Toolbox. +This action signals the software to use symmetric encryption for the task at +hand. At this point, the user is prompted to create a password. This password +acts as the encryption key, transforming the plaintext into ciphertext through a +cryptographic algorithm. It's crucial that this password is strong and unique, +as the security of the encrypted data directly depends on the password's +complexity and unpredictability. + +Once the password is established, GpgFrontend proceeds to encrypt the data. The +resulting ciphertext can only be decrypted with the exact password used for its +encryption. This means that anyone who wishes to access the encrypted data must +know the password, highlighting the importance of securely sharing this password +between the sender and receiver. + +Decrypting symmetrically encrypted data with GpgFrontend requires the same +password used during the encryption phase. When the 'Decrypt' function is +initiated, the software prompts the user to enter the password. Upon successful +authentication with the correct password, the software decrypts the ciphertext +back into readable plaintext. This decryption process, like encryption, is +straightforward and efficient, but the security of the data relies entirely on +the password's confidentiality. + +Symmetric encryption is particularly useful in scenarios where encrypted data +needs to be stored securely or transmitted over a secure channel, and where the +overhead of managing public and private keys is not desirable. However, the +challenge of securely exchanging the password between the sender and receiver +cannot be understated. If this password is intercepted or guessed by an +unauthorized party, the encrypted data's security is compromised. + +In summary, GpgFrontend's support for symmetric encryption provides a powerful +tool for users needing to secure their data with a password. This method is +distinguished by its reliance on a single password for both encryption and +decryption, offering a balance between simplicity and security. Users must +exercise caution in creating a strong password and ensure its secure exchange to +maintain the confidentiality and integrity of their encrypted data. Symmetric +encryption with GpgFrontend is a testament to the versatility of cryptographic +practices, catering to a wide range of security needs with user-friendly +solutions. + +## How to use it? + +Symmetric encryption is initiated when you click the 'Encrypt' button without +selecting any key in the Key Toolbox. For this type of encryption, a password +must be established for the encryption process. Subsequently, to decrypt the +data, you will need to provide the same password that was used during the +encryption phase. diff --git a/src/content/docs/guides/understand-interface.md b/src/content/docs/guides/understand-interface.md new file mode 100644 index 0000000..9825105 --- /dev/null +++ b/src/content/docs/guides/understand-interface.md @@ -0,0 +1,180 @@ +--- +title: Interface Understanding +sidebar: + order: 2 +--- + +As a beginner, you're only required to swiftly comprehend a few crucial sections +of the page. The exploration that follows will gradually unveil additional +functionalities. Bear in mind that interfaces may vary across different +versions. + + + +## Text Editor + +The text editing zone allows you the liberty to input any desired text or +establish a new tab through the "New" choice in the file menu at the top. Moving +or closing tabs can be done with ease as per your needs. + +Numerous operations can be performed on your text using options available in the +Operations Bar. Alternatively, you may utilize standard shortcuts like +Ctrl+C/V/S for copy, paste, and save operations, or even searching within the +text. + +The edited text within the text box is encoded in UTF8 without any formatting. +This plain text format ensures that no message alteration leads to confusion. +While we have plans to introduce rich text editing in the future, the specifics +are still being deliberated. + +### Large Text File Support + +GpgFrontend accommodates opening larger files without hindrance. However, when +dealing with relatively large files, editing of the tab won't be feasible until +the entire file is loaded. During this time, despite not being able to edit the +file, you still have the capability to view it. + +## Information Board + +GpgFrontend presents the outcome of the current tab page operation on the +Information Board, signifying the success or failure of the operation. +Additionally, the Information Board's text includes supplementary details to +assist in understanding the particulars of your encryption, decryption, +signature, and other operations. Depending on your language settings, the output +displayed on the dashboard may differ. + +The Information Board was conceived to provide a comprehensive view of more +information within the same space. However, GpgFrontend plans to incorporate a +graphical interface in the future to augment the user's comprehension of this +information. + +### Color Coding + +- **Green**: Indicates a successful operation that has been thoroughly verified + and found devoid of any issues. The appearance of green font color signifies + an all-clear. +- **Yellow**: Denotes a successful operation with some potential issues detected + during result testing. The yellow font color serves as a subtle alert for the + user, necessitating a detailed review of the operation. +- **Red**: Symbolizes an unsuccessful operation or a significant discrepancy in + the operation's outcome. The red font color acts as a clear warning, demanding + the user to meticulously inspect the operation's specifics to ensure security. + +### Customizable Font Size + +Should you find the font size on the information board to be diminutive, you can +easily adjust it under the 'Application' section in the settings. The default +font size is 10, and it can be modified to any value ranging from 9 to 18. + +### Dashboard Actions Menu + +The dashboard actions menu facilitates quick and easy access to common +functionalities related to the content of the information board. It empowers +users to efficiently manage and process large chunks of content on the +Information Board for various purposes. + +#### Copy + +This function allows users to swiftly capture significant portions of content +from the Information Board for other applications. + +#### Save File + +This operation archives the contents of the information board into the file +system, utilizing the UTF-8 format. Although the resultant output file lacks a +suffix, it is essentially in a plain text format. + +#### Clear + +This command promptly purges all content from the information board. The +clearance includes both the contents and statuses of the information board. A +new operation (such as encryption) will automatically trigger this clearing +process. + +### Optional Actions Menu + +In addition to the Information Board, an Optional Actions Menu will be presented +below it. If any auxiliary operations can be performed post your main operation +(such as displaying more detailed information, sending encrypted text via email, +etc.), the access points for these supplementary tasks will be made available +here. + +## Key ToolBox + +This feature presents a comprehensive list of key pairs stored on your device, +intended for use with Gpg operations. The keys within the ToolBox are classified +into multiple categories, each corresponding to a unique usage context. +Additionally, the ToolBox provides access to a variety of common operations, all +of which can be found in the Key List Menu. + +### Usage + +Most Gpg-related operations require specifying a key pair (for tasks like +encryption, decryption, signature, etc.). You can select the checkbox in the +first column of the Key ToolBox's table to designate one or more keys for your +operation. Categories that contain only public keys are frequently utilized in +cryptographic scenarios. + +### Classification + +The ToolBox showcases categories via tabbed display. None of these categories +include any expired or revoked keys. To view such keys, you should refer to the +Key Manager. The default category comprises all private and public keys. During +any operation, only the keys from the currently selected category will be +considered for input. + +### Columns + +Understanding this list is crucial. Let's walk through its components step by +step. + +- **Select**: Check the box in this column to notify Gpg Frontend that you wish + to use the key from this row for your subsequent operation. + +- **Type**: This column informs you about the key type and whether the primary + key exists in your key pair. + + - `pub` signifies that it is a public key, which can be used for encryption or + verification operations. + - `pub/sec` indicates that the key pair contains both public and private keys. + It can be employed for nearly all operations (consult the 'Usage' column to + confirm this). + - `pub/sec#` shows that the key pair has a public key and a private key, but + the primary key is absent from the key pair. This suggests you won't be able + to perform certain specific operations (like adding subkeys, signing other + key pairs, etc.) + - `pub/sec^` implies that one or more keys (subkeys or master keys) from the + key pair are in the smart card. + - `pub/sec#^` denotes a simultaneous occurrence of the previous two + situations. + +- **Name**: Represents the identity information of the key pair. +- **Email Address**: Also denotes the identity information of the key pair. +- **Usage**: Determines which operations the key pair can execute. Composed of + four uppercase letters, each letter signifies a specific use. + + - `C` stands for Certificate. Key pairs containing the primary key generally + have this usage. + - `E` stands for Encrypt. The key pair can be used for encryption operations. + - `S` stands for Sign. The key pair can be used for signing operations. + - `A` stands for Authenticate. The key pair can be used to perform operations + like SSH authentication. + +- **Validity**: A Gpg concept that roughly represents the level of trust in this + key. + +## Operations Bar + +Here, you can execute corresponding operations by clicking on the buttons +provided. For instance, after inputting text into a text editor and specifying +the desired key in the key toolbox, you can click the encryption button to +perform the operation. + +Some operations require key specification, while others do not, as will be +detailed in the respective sections of this document. + +### Customization + +For operations that you may not use for a while, you have the option to uncheck +the associated function group in the top menu view. Conversely, for the +operations you frequently use, you have the ability to add them here. diff --git a/src/content/docs/guides/view-keypair-info.md b/src/content/docs/guides/view-keypair-info.md new file mode 100644 index 0000000..d24c2d0 --- /dev/null +++ b/src/content/docs/guides/view-keypair-info.md @@ -0,0 +1,199 @@ +--- +title: View Key Pair Details +sidebar: + label: Key Pair Details +--- + +You can view the details of a key pair by right-clicking on the key pair in the +key toolbox or key management interface and selecting "Show key details". + +This section may include a brief introduction to gpg-related concepts and could +be relatively long. + +Below is a screenshot of a friend's public key that I obtained from the key +server. + + + +And here is a randomly generated private key. The most significant difference +between this and the previous key is that the key pair with only the public key +is used for encryption only, but if you possess the private key, you can perform +more actions (it also depends on your algorithm; DSA can only be used for +signatures). + + + +## General Info + +This interface provides some useful information to help you manage your key pair +properly. + +### Owner + +This section enables you to know the owner of this key pair. This information is +not fixed and can be changed. You can create a new UID in the UID section and +set it as the primary UID to change it. + +According to the OpenPGP protocol, this part is divided into Name, Email, and +Comment. + + + +### Primary Key + +This part is the information of the primary key of the key pair. The primary key +is very crucial because without it, you cannot perform related management +operations like adding and revoking sub-keys (similar to not being able to open +the key ring). Let's introduce the information of the primary key separately +below. If you want to learn more, see the [Basic Concepts](../basic-concepts.md) +section. + +The absence of the master key means that the private key of the master key does +not exist, but this doesn't mean that neither the public key nor the private key +exists. Please remember: Each subkey and primary key consist of a pair of public +and private keys. + + + +#### Key ID + +This is the unique identifier of the key, which is fixed and unchanging. Note +that this key ID is the key ID of the primary key. The key ID is uniquely +determined after the key is generated. Compared with the fingerprint, the key ID +is shorter and more user-friendly. + +#### Algorithm + +This refers to the algorithm used for key generation. This also pertains to the +generation algorithm of the primary key. The generation algorithm determines the +properties and capabilities of the key. Algorithms such as RSA can be used for +encryption and signature, but DSA can only be used for signature. However, the +DSA key length can be shorter. + +#### Key Size + +This is the length of the primary key. Generally, the longer the key, the harder +it is to crack the ciphertext. But at the same time, it takes more time for a +single operation. Generally speaking, a length of 2048 bits is safe enough (this +refers to the key generated using the RSA algorithm). + +#### Normal Usage + +This refers to what the key pair can conceptually be used for, including the +conceptual usage of the primary key and sub-key. When the primary key or subkey +generation can be used to sign, but it has already expired or does not exist, +the signature usage will still be displayed here. + +#### Actual Usage + +This is the actual usage of the primary key and all subkeys, which is the union +of their usage. If there is only one primary key in the key pair that can be +used for signing, but this primary key does not exist, then the signature usage +will not appear here, only in Normal Usage. In addition, when there is only one +subkey that can be used for signing, if it has expired, the signature purpose +will not be displayed here. + +#### Expires on + +This is the expiration time of the primary key. When the primary key expires, it +will become invalid and you can't use it for any operation. In addition, the +subkeys in the key pair will also be unavailable. Fortunately, you can change +the expiration time of the primary key at any time, or even set it to never +expire. The prerequisite for this is that the primary key exists in the key +pair. + +#### Last Update + +This is the time when the content of the key pair was last updated. Operations +such as adding a UID or subkey will modify the content of the key pair. + +#### Secret Key Existence + +This indicates whether the actual content of the primary key exists. When the +primary key does not exist, if there are still available subkeys in the key +pair, the key pair can still be used for normal operations. However, in the +above case, the content of the key pair cannot be modified (that is, operations +such as adding UID or subkey cannot be performed), and the key pair cannot sign +other key pairs. + +### Fingerprint + + + +The fingerprint of the key pair is used for humans to quickly compare whether +the key pair is the expected key pair. This field is unique for all keys in the +world. You can certainly do this with the key ID mentioned above. + +This also refers to the fingerprint of the primary key. + +## UID Info + +User ID (UID) is used to identify a key, mainly for human identification. It's +similar to a name tag that accompanies a key ring, indicating who the key ring +belongs to. By looking at the UID, users can get a rough idea of whether a key +pair is what they expected. However, for accurate identification, fingerprints +or key IDs should be compared. A key can have multiple UIDs, but a key pair can +only have one primary UID, which is always listed first in the interface. + + + +UID has three elements: Name, Email, Comment. The name should be at least five +characters long, and the email should conform to the format. The rules for +comments are relatively loose. + +### Signature of UID + +The lower section of the interface displays the signature of the selected User +ID (UID), not the checked one. This is a key trust system. When someone receives +your public key, they can use their private key to sign your nameplate, +indicating their recognition of your public key. Afterward, they can upload the +keyring with their signature to the keyserver. If many people do the same, the +public key on the keyserver will have numerous signatures, making it +trustworthy. + +You can also use the primary key of another key pair to sign a UID. Generally, a +primary UID of a key pair with many valid signatures is considered more +trustworthy. + +## Subkey Info + +The sub-key mechanism is a crucial feature of GPG that improves both flexibility +and security. However, it also introduces some complexity, which can be +challenging for beginners. For a basic understanding, consider the following +points: + +- A key pair can be likened to a key ring, comprising a primary key (a pair of + public and private keys) and multiple subkeys (or none). +- Each subkey and primary key consists of a pair of public and private keys. +- The subkey can perform related operations (such as signing, encryption) in the + absence or unavailability of the primary key. +- The functions of subkeys can overlap, and when both subkeys can be used for + signing, the earlier one is selected. +- Subkeys can use more algorithms than the primary key, but usually have the + same effect on daily operations. +- The disclosure of a subkey only affects that subkey, while the disclosure of + the primary key endangers the entire key pair. + +The primary key and all subkeys in the key pair are displayed on the interface. +Some information about the key is also listed below. + +### Key In smart card + +Whether a key is in the smart card refers to whether the key is moved to the +smart card. Moving the key to the smart card changes the structure of the key +and is irreversible. + +### Operations + +In this column, what you can do differs for a key pair that only has a public +key and a key pair that includes a private key. + +Here's what you can do with a public key-only key pair: + + + +And here's what you can do with a key pair that includes a private key: + + + +These operations will be explained in detail throughout the documentation. |