[Winpt-commits] r253 - trunk/Doc
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Tue Aug 1 18:37:00 CEST 2006
Author: twoaday
Date: 2006-08-01 18:36:59 +0200 (Tue, 01 Aug 2006)
New Revision: 253
Modified:
trunk/Doc/winpt.texi
Log:
Modified: trunk/Doc/winpt.texi
===================================================================
--- trunk/Doc/winpt.texi 2006-07-29 11:09:38 UTC (rev 252)
+++ trunk/Doc/winpt.texi 2006-08-01 16:36:59 UTC (rev 253)
@@ -8,70 +8,59 @@
Copyright (C) 2006 Timo Schulz
-Version 0.2.0
+Version 0.9.0
- at settitle WinPT - The Windows Privacy Tray; a free GPG front-end for Windows
+ at settitle WinPT - The Windows Privacy Tray; a free GPG front-end
@section Requirements for WinPT
-First you need to have a working GnuPG 1.4 installtion on the machine you
-plan to install WinPT. If you don't have GPG in your machine, please
-visit http://www.gnupg.org and download the latest GPG version there.
-It comes with a graphical installer so there is no need to do this
-step manually.
+First you need to have a working GnuPG 1.4 installtion on the machine you plan to install WinPT.
+If you do not have GPG in your machine, please visit http://www.gnupg.org and download the latest
+GPG version there. It comes with a graphical installer so there is no need to do this step manually.
-You need at least Windows 98/2K/XP, but Windows XP or better is
-recommend. The program also works on NT/95/ME but there is no support
-for these OS versions any longer. Mainly because the OS vendor also
-dropped support and no bug fixes will be provided any longer.
+You need at least Windows 98/2K/XP, but Windows XP or better is recommend. The program also works
+on NT/95/ME but there is no support for these OS versions any longer. Mainly because the OS
+vendor also dropped support and no bug fixes will be provided any longer.
+And it is very likely that work optimal on such platforms.
@section A short Introduction
-WinPT is a graphical GnuPG front-end which resides in the task bar.
-It is divided into several, so-called, managers. There is a manager
-for the keyring, for files and for smart cards. The aim of the program
-is to secure email communication and to perform file encryption and
+WinPT is a graphical GnuPG front-end which resides in the task bar. It is divided into several,
+so-called, managers. There is a manager for the key(ring), for files and for smart cards.
+The aim of the program is to secure email communication and to perform file encryption and
to allow an easy and user friendly way for key management.
@subsection What is GnuPG
-GnuPG is a tool for secure communication and data storage.
-It can be used to encrypt data and to create digital signatures.
-It includes an advanced key management facility and is compliant
+GnuPG is a tool for secure communication and data storage. It can be used to encrypt data and
+to create digital signatures. It includes an advanced key management facility and is compliant
with the proposed Internet standard as described in RFC2440.
@subsection The Web of Trust
-For a detailled description of these and other GnuPG topics, I
-recommend the available literature at http://www.gnupg.org. But
-at least a general overview should be given here.
+For a detailled description of these and other GnuPG topics, I recommend the available literature
+at http://www.gnupg.org. But at least a general overview should be given here.
-The certification scheme of OpenPGP does not base on a hirachical
-approach. Instead it uses a combination of ownertrust and direct
-key certification. Here is an example with Alice, Bob, Carol and Dave.
+The certification scheme of OpenPGP does not base on a hirachical approach. Instead it uses
+a combination of ownertrust and direct key certification.
+Here is an example with the imaginary persons called Alice, Bob, Carol and Dave.
-Alice knows Bob and checked the fingerprint of Bob's key when he
-met him personally. Thus she knows that the key really belongs to
-its owner and he trusts Bob to certify other keys. Then she issued
-a signature on Bob's key. Bob knows Carol and also checked her identity.
-Then he signed her key. Alice does not know Carol, but he knows Bob
-and Bob trusts Carol. And because Alice trusts Bob, at a level she
-decided before, he also trusts Carol. It's a transitiv relation.
-Dave is isolated and does not know anybody from the mentioned persons,
-thus he is not in the WoT.
-Another very important point is, that the signer can decide,
-after the certification, how much he trusts the key owner to
-certify other keys.
+Alice knows Bob and checked the fingerprint of Bob's key when he met him personally.
+Thus she knows that the key really belongs to its owner and he trusts Bob to certify other keys.
+Then she issued a signature on Bob's key. Bob knows Carol and also checked her identity.
+Then he signed her key. Alice does not know Carol, but he knows Bob and Bob trusts Carol.
+And because Alice trusts Bob, at a level she decided before, he also trusts Carol.
+It's a transitiv relation. Dave is isolated and does not know anybody for the mentioned reasons,
+thus he is not in the WoT. Another very important point is, that the signer can decide, after the
+certification, how much he trusts the key owner to certify other keys.
-It is very important to check the identify of a key owner. Mostly
-this is done by comparing the fingerprint, which were submitted
-by phone or written down at a personal meeting, with the fingerprint
-of the key in the keyring. Please bear in mind that anybody can create
-a key with an email address and a specific name. Thus it is not
-recommend to sign keys without doing this check before!
+It is very important to check the identify of a key owner. Mostly this is done by comparing the
+fingerprint, which were submitted by phone or written down at a personal meeting, with the
+fingerprint of the key in the keyring. Please bear in mind that anybody can create a key with an
+email address and a specific name.
+Thus it is not recommend to sign keys without doing this check before!
-The fingerprint of the key is hexadecial (160-bit) sequence divided
-into 10 groups of 4 hex digits. You can get the fingerprint of a key
-by opening the key property dialog. There you can mark the fingerprint
-and copy it to the clipboard. The fingerprint of a key can be compared
+The fingerprint of the key is hexadecial (160-bit) sequence divided into 10 groups of 4 hex
+digits. You can get the fingerprint of a key by opening the key property dialog. There you can
+mark the fingerprint and copy it to the clipboard. The fingerprint of a key can be compared
to human fingerprints, it is unique for each key.
Example: 1D75 8108 5BC9 D9FB E78B 2078 ED46 81C9 BF3D F9B4
@@ -81,131 +70,119 @@
@section Installation of the Program
-It is always recommend to use the latest version of the program. You
-can download it from http://wald.intevation.org/projects/winpt.
-Download the zip file with the binaries inside and unpack them in
-a folder. All files need to be in the same folder, so if you change
-the folder do not forget to move all files.
-You should also download and verify the signature of the packet to
-make sure that the release is really authentic.
+It is always recommend to use the latest version of the program. You can download it from
+http://wald.intevation.org/projects/winpt. Download the zip file with the binaries inside and
+unpack them in a folder. All files need to be in the same folder, so if you change the folder do
+not forget to move all files.
+You should also download and verify the signature of the packet to make sure that the release is
+really authentic and were not altered in any way.
-To activate the program you just need to start WinPT.exe. You should
-now see a little (golden key) icon in the taskbar which indicates that
-the program is running. If you want to quit the program, right click
-on the symbol and select "Exit".
+To activate the program you just need to start WinPT.exe. You should now see a
+little (golden key) icon in the taskbar which indicates that the program is running.
+If you want to quit the program, right click on the symbol and select "Exit".
-Alternative, you may use one of the graphical GPG installers which
-are available on the internet. I recommend to use Gpg4Win which
-includes a set of very useful privacy tools, beside WinPT and it
-is very easy to use with an average size (~4MB). For non-German
-speaking users, I recommend the light version because it does not
-contain the 2 German PDF manuals.
+Alternative, you may use one of the graphical GPG installers which are available on the internet.
+I recommend to use Gpg4Win which includes a set of very useful privacy tools, beside WinPT and it
+is very easy to use with an average size (~4MB). For non-German speaking users, I recommend the
+light version because it does not contain the 2 German PDF manuals.
@subsection Getting the Source of the Program
-As free software, according to the GNU General Public License,
-WinPT also offers the source code for the program. It can be used
-for reviews, to compile your own binary and/or to modify and/or
-redistribute it or just to learn how it works. The source is available
-at the same place you downloaded the binary. If not, you should
-contact the author of the site.
-The entire program can be build with free software; the default
-environment is a cross-compiler hosted on a Linux box. All you
-need is the mingw32 packages, a working autoconf environment
+As free software, according to the GNU General Public License, WinPT also offers the source code
+for the program. It can be used for reviews, to compile your own binary and/or to modify and/or
+redistribute it or just to learn how it works. The source is available at the same place you
+downloaded the binary. If not, you should contact the author of the site.
+The entire program can be build with free software; the default environment is a cross-compiler
+hosted on a Linux box. All you need is the mingw32 packages, a working autoconf environment
and the libs WinPT depends on (currently gpgme and libgpg-error).
-It is also possible to build the binary with cygwin/mingw32 on
-Windows but this environment is not actively supported and propably
-needs adjustment of the source.
+It is also possible to build the binary with cygwin/mingw32 on Windows but this environment is
+not actively supported and propably needs adjustment of the source.
@subsection Configure the Program
-After the installation not much of the default settings need to
-be changed. If you prefer a special keyserver, it is propably a good
-idea to open the keyserver dialog and to set one of the existing
-keyservers as the default or create a new entry and mark it as the
-new default. The default keyserver is subkeys.pgp.net, which is
-the best choice for most users.
+After the installation not much of the default settings need to be changed. If you prefer a
+special keyserver, it is propably a good idea to open the keyserver dialog and to set one of the
+existing keyservers as the default or create a new entry and mark it as the new default.
+The default keyserver is subkeys.pgp.net, which is the best choice for most users.
- at subsection GPG Options
-For expert users, the GPG preference dialog might contain some
-interesting options. For example to set the expiration date of
-a signature and/or to set the signing level for key signing.
-It also allows to set a default 'encrypt-to' key and to set
-the comment in ASCII armored files.
+ at subsection The GPG Preference Dialog
+In this dialog you can change your GPG config and customize its behaviour. Please be advised that
+in most cases there is no need to overwrite the default GPG path settings.
+There are three different paths available. First, the GPG home directory. The place where the
+keyrings are stored and also the config files. The second path points directly to the gpg.exe.
+The third is the path to the language files,
+where you usually store your winpt.mo/gpg.mo files. These entries should be only changed when
+really need and extra caution is needed because with wrong settings, WinPT will not be able to
+work any longer!
+The second part of the dialog is the "General GPG options" section. Here you can influence the
+behaviour of some commands. If you do not know what they mean, it is safe not to change the
+values and stick with the default ones.
+For expert users, it is possible to set the signature class of issued key signatures and to set
+an expiration date for key signatures or to specify an comment in armor files.
+The "Encrypt to this key" might be useful for anybody who needs to decrypt mails or any data he
+sent to a recipient. The field value should contain the key ID of the default key pair.
+
@subsection Preferences
-In the WinPT preference dialog, the user can modify and/or disable
-the default options. For new users it is suggested to leave the
-default values as they are, except when there are problems related
-to the hotkeys.
+In the WinPT preference dialog, the user can modify and/or disable the default options. For new
+users it is suggested to leave the default values as they are, except when there are problems
+related to the hotkeys.
-To enable keyring backups, the user can either decide to use the
-GPG home directory as the backup folder or any other folder. In
-the latter case, a folder needs to be chosen.
+To enable keyring backups, the user can either decide to use the GPG home directory as the backup
+folder or any other folder. In the latter case, a folder needs to be chosen.
-
@section The First Start
-This section is only important for people who never installed
-and/or used WinPT before and thus no keyrings are available.
+This section is only important for people who never installed and/or used WinPT before and thus
+no keyrings are available.
-When the program is started the first time, it offers two choices.
-The one is to generate a key pair and the other is to copy
-existing GPG keyrings into the current installation.
+When the program is started the first time, it offers two choices. The one is to generate a key
+pair and the other is to copy existing GPG keyrings into the current installation.
We assume the user will select the first entry.
-Now a new dialog is shown which requests some information from
-the user to allow a meaningful association between the key and
-the user. If the user prefer RSA keys, the check box should be marked.
-But this is a decision of personal taste and does not influence the security
-or anything else.
-If the entered data is OK, WinPT then generates a new key pair. As long
-as this step takes, a progress dialog is shown to indicate the
-enduring process. When the generation of the keypair is done, WinPT
-offers the chance to backup the existing keyrings. This is definitely
-an important decision because if the keyring will get corrupted
-or lost, there is no way to recover the encrypted data. That is
-why it is also important to store the backup, at least of the
-secret keyring, at a @strong{safe} place.
+Now a new dialog is shown which requests some information from the user to allow a meaningful
+association between the key and the user. If the user prefer RSA keys, the check box should be
+marked.
+But this is a decision of personal taste and does not influence the security or anything else.
+If the entered data is OK, WinPT then generates a new key pair. As long as this step takes, a
+progress dialog is shown to indicate the enduring process. When the generation of the keypair is
+done, WinPT offers the chance to backup the existing keyrings.
+This is definitely an important decision because if the keyring will get corrupted or lost, there
+is no way to recover the encrypted data. That is why it is also important to store the backup, at
+least of the secret keyring, at a @strong{safe} place.
@section The Passphrase for the Secret Key
-First a short explaination what passphrase is. A passphrase is like
-a password but usually longer, maybe a sentence, which can consists of
-any 7-bit ASCII characters. It is used to protect your secret key
-and thus it is very import to chose a secure passphrase. If your
-computer, and thus the secret key, were stolen and an attacker can
-guess your passphrase he is able to decrypt all your data and to
-create signatures in your name! A good passphrase is difficult
-to guess but easy to remember and should be at least 10 characters long.
-An easy way to generate a strong passphrase is to use a sentence only
-you know but you can easily remind and then take the first letter of
-each word, plus some special characters and maybe even some intentionally
-made spelling mistakes.
+First a short explaination what passphrase is. A passphrase is like a password but usually
+longer, maybe a sentence, which can consists of any 7-bit ASCII characters. It is used to protect
+your secret key and thus it is very import to chose a secure passphrase. If your computer, and
+thus the secret key, were stolen and an attacker can guess your passphrase he is able to decrypt
+all your data and to create signatures in your name! A good passphrase is difficult to guess but
+easy to remember and should be at least 10 characters long.
+An easy way to generate a strong passphrase is to use a sentence only you know but you can easily
+remind and then take the first letter of each word, plus some special characters and maybe even
+some intentionally made spelling mistakes.
+
Example: Row - row - row your boat, gently down the stream
-Passphrase: R-r-ryb,gdt
+Passphrase: "R - r - ryb,gdt"
Never write down or passphrase or share it among other people!
@section Keyserver Access
-An easy way to retrieve keys is the keyserver. You can think of
-it like a huge database with a lot of keys as its content. It is
-possible to search keys by a pattern, a keyid or even a fingerprint.
-WinPT allows to access different kind of keyservers. For example
-LDAP, HKP, Finger and HTTP. But the focus will be set on HKP because
-this is the common case.
+An easy way to retrieve keys is the keyserver. You can think of it like a huge database with a
+lot of keys as its content. It is possible to search keys by a pattern, a keyid or even a
+fingerprint.
+WinPT allows to access different kind of keyservers. For example LDAP, HKP, Finger and HTTP.
+But the focus will be set on HKP because this is the common case.
-In some situations WinPT asks the user whether to retrieve keys
-automatically. One example is the signature verification when the
-key that issued the signature was not found in the keyring.
+In some situations WinPT asks the user whether to retrieve keys automatically. One example is the
+signature verification when the key that issued the signature was not found in the keyring.
-The main keyserver dialog allows to fetch one or more keys directly
-or to search for a given pattern.
+The main keyserver dialog allows to fetch one or more keys directly or to search for a given pattern.
@subsection Retrieve a key by Key ID
The best way to fetch a key from the server is by the key ID.
-Just enter the key ID, it is always a good idea to prefix it
-with 0x and click the "Receive" button.
+Just enter the key ID, it is a good idea to prefix it with 0x, and click the "Receive" button.
An example:
@@ -215,12 +192,10 @@
@subsection Retrieve a key by its email address
-If you only know the email address from your partner, you can
-enter it instead of the key ID. It is unlikely but possible
-that there are more keys with the same address. In this situation,
-WinPT will warn you that multiple keys were imported. The difference
-to the search function is, that the keys were dirctly fetched and
-not displayed as a key result list.
+If you only know the email address from your partner, you can enter it instead of the key ID.
+It is unlikely but possible that there are more keys with the same address. In this situation,
+WinPT will warn you that multiple keys were imported. The difference to the search function is,
+that the keys were dirctly fetched and not displayed as a key result list.
An example:
@@ -231,9 +206,8 @@
@subsection Search for a key by pattern
-If you want to communicate with a new mail partner and you are
-not sure about the key ID, it can be useful to search for his
-email address. This address is considered as quite unique.
+If you want to communicate with a new mail partner and you are not sure about the key ID, it can
+be useful to search for his email address. This address is considered as quite unique.
An example:
@@ -241,170 +215,146 @@
[Search]
-Now a dialog is opened with a list of all keys which matched
-the search string. If the name @strong{and} the email address
-is known, the matching key should be selected and "Receive"
-should be clicked. Then the key will be downloaded and added
-to your keyring. Now you can encrypt data with this key, for
-example an email.
+Now a dialog is opened with a list of all keys which matched the search string. If the name
+ at strong{and} the email address is known, the matching key should be selected and "Receive"
+should be clicked. Then the key will be downloaded and added to your keyring. Now you can encrypt
+data with this key, for example an email.
@subsection Sending a Key to the Keyserver
-After you generated a new key pair, it is a good idea to send your
-key to the keyserver to make it available for other users. If you
-issue a signature, the key ID is part of the signature and people can
-automatically retrieve your key when they try to verify the signature.
+After you generated a new key pair, it is a good idea to send your key to the keyserver to make
+it available for other users. If you issue a signature, the key ID is part of the signature and
+people can automatically retrieve your key when they try to verify the signature.
-Actually, the action is performed in the Key Manager and not in the
-keyserver dialog. Just open the Key Manager, select the key you want
-to send right-click on it and chose "Send to Keyserver" in the popup
-menu. Then a message box with the result is shown.
+Actually, the action is performed in the Key Manager and not in the keyserver dialog. Just open
+the Key Manager, select the key you want to send right-click on it and chose "Send to Keyserver"
+in the popup menu. Then a message box with the result is shown.
@subsection Add, Delete or Edit a Keyserver Entry
-The keyserver dialog allow to change the existing keyserver entries,
-to delete them or to add new entries. Just right click on a selected
-item and a popup menu will be shown with ("Edit", "Remove" and "New").
+The keyserver dialog allow to change the existing keyserver entries, to delete them or to add new
+entries. Just right click on a selected item and a popup menu will be
+shown with ("Edit", "Remove" and "New").
@section Using the Clipboard
-A major aim from the first day was, that the program does not
-depend on a special mailer client. For this reason it uses the
-clipboard to encrypt and/or sign data.
-For the examples, let's assume that you want to write a new
-mail or that you received a mail protected by GnuPG.
+A major aim from the first day was, that the program does not depend on a special mailer client.
+For this reason it uses the clipboard to encrypt and/or sign data.
+For the examples, let's assume that you want to write a new mail or that you received a mail
+protected by GnuPG.
+ at subsection The Clipboard Editor
+This dialog allows it to modify the clipboard contents directly and/or to display the contents of
+the clipboard. It is also possible to load a text file into the clipboard or store the contents
+into a file. For the convenience, the dialog also allows to encrypt and/or decrypt clipboard data.
+
@subsection Encrypt Data in the Clipboard
-Just copy the text from the mailer window into the clipboard.
-This is usually done by CTRL+C, make sure you really selected
-all portions of the text. Then right-click on the tray icon
-and select Clipboard->Encryption. Now a dialog is shown to
-select the recipients. This means you need to select all
-keys which should be able to decrypt the mail. Confirm with "OK".
-GnuPG now encrypts the data with the selected recipients. At the
-end a message box with the result is shown. Now the clipboard should
-contain the encrypted data. Just paste it into the mailer window.
-The output should contain a header and a footer
-"BEGIN PGP MESSAGE" and "END PGP MESSAGE.
+Just copy the text from the mailer window into the clipboard. This is usually done by CTRL+C,
+make sure you really selected all portions of the text. Then right-click on the tray icon and
+select Clipboard->Encryption. Now a dialog is shown to select the recipients. This means you need
+to select all keys which should be able to decrypt the mail. Confirm with "OK". GnuPG now
+encrypts the data with the selected recipients. At the end a message box with the result is
+shown. Now the clipboard should contain the encrypted data. Just paste it into the mailer window.
+The output should contain a header and a footer "BEGIN PGP MESSAGE" and "END PGP MESSAGE.
@subsection Decrypt/Verify Data from the Clipboard
-The most common case is propably that you got a signed email and
-now you want to verify it. For this procedure, you have to copy
-the entire signature in the clipboard. The easiest way is to
-use CTRL+A and CTRL+C, then all available text will be copied.
-WinPT (GnuPG) is smart enough to figure out the signature related
-data. Now go to the taskbar, display the popup menu and select
-Clipboard->Decrypt/Verify. Now a new dialog, the verify dialog,
-should be available on screen with all information about the
-signature. For example who is the signer, when was it signed
-how much do you try this key and what was signed and most
-important, the status of it (is the signature good or BAD).
-A special case is when you don't have the public key to verify
-the signature, if this happens WinPT offers to download the key
-from the default keyserver. If the key was not found, the procedure
-is aborted because without the key the sig cannot bed checked.
+The most common case is propably that you got a signed email and now you want to verify it. For
+this procedure, you have to copy the entire signature in the clipboard. The easiest way is to
+use CTRL+A and CTRL+C, then all available text will be copied. WinPT (GnuPG) is smart enough to
+figure out the signature related data. Now go to the taskbar, display the popup menu and select
+Clipboard->Decrypt/Verify. Now a new dialog, the verify dialog, should be available on screen
+with all information about the signature. For example who is the signer, when was it signed how
+much do you try this key and what was signed and most important, the status of it (is the
+signature good or BAD).
+A special case is when you don't have the public key to verify the signature, if this happens
+WinPT offers to download the key from the default keyserver. If the key was not found, the
+procedure is aborted because without the key the sig cannot bed checked.
@subsection Sign the Clipboard
-We assume that text that shall be signed is already in the
-clipboard. If not, select the text you want to sign and copy
-with via CTRL+C in the clipboard. Now go to the taskbar and
-open the peopup menu, Clipboard->Sign. If you just have one
-secret key, the passphrase dialog will be automatically shown.
-All you need is to enter your passphrase and confirm. In case
-of more available secret keys, a list with all keys is shown
-and you can select which key shall be used for signing.
-The output is always a cleartext signature which is in text
-format. Do not try to sign binary clipboard data, the result
-would be unpredictable and not readable by human beings.
+We assume that text that shall be signed is already in the clipboard. If not, select the text you
+want to sign and copy with via CTRL+C in the clipboard. Now go to the taskbar and open the peopup
+menu, Clipboard->Sign. If you just have one secret key, the passphrase dialog will be automatically shown.
+All you need is to enter your passphrase and confirm. In case of more available secret keys, a
+list with all keys is shown and you can select which key shall be used for signing.
+The output is always a cleartext signature which is in text format. Do not try to sign binary
+clipboard data, the result would be unpredictable and not readable by human beings.
@section The Current Window Support
-Compared to the clipboard mode, the CWS mode has some advantages.
-Let us assume that you want to extract text from an editor window.
-With the CWS mode, the program automatically tries to focus the
-window to select the text and to copy it to the clipboard and
-execute the selected command (Sign, Encrypt, Decrypt).
-No manual user interaction is needed. Except this different behaviour,
-it is very likewise to the clipboard mode and thus we do not describe
-each command again.
+Compared to the clipboard mode, the CWS mode has some advantages. Let us assume that you want to
+extract text from an editor window. With the CWS mode, the program automatically tries to focus
+the window to select the text and to copy it to the clipboard and execute the
+selected command (Sign, Encrypt, Decrypt).
+No manual user interaction is needed. Except this different behaviour, it is very likewise to the
+clipboard mode and thus we do not describe each command again.
@section The Key Manager
-This part of the program is propably most important for many users.
-It contains function to manage your keyring and to perform actions
-which are required and/or useful in the OpenPGP environment.
+This part of the program is propably most important for many users. It contains function to
+manage your keyring and to perform actions which are required and/or useful in the OpenPGP environment.
@subsection Tips
@itemize @bullet
@item
-If you want to import quickly a key from a into the keyring, just
-drag and drop the file into the Key Manager window. Then the import
-procedure will be automatically started.
+If you want to import quickly a key from a into the keyring, just drag and drop the file into the
+Key Manager window. Then the import procedure will be automatically started.
@item
-Key which were fetched from keyservers often contain a lot of,
-maybe obsolete, self signatures, if you want to get rid of them
-you can use the Key Edit->Clean feature. Just start the edit
+Key which were fetched from keyservers often contain a lot of, maybe obsolete, self signatures,
+if you want to get rid of them you can use the Key Edit->Clean feature. Just start the edit
dialog and select the clean command. That's it.
@item
-The keyserver dialog does not allow to import a key directly
-via an URL, as an alternative you may use the "Import HTTP..."
-feature in the Key Manager. With it you can directly fetch keys
+The keyserver dialog does not allow to import a key directly via an URL, as an alternative you
+may use the "Import HTTP..." feature in the Key Manager. With it you can directly fetch keys
from the web (Example: http://www.users.my-isp.de/~joe/gpg-keys.asc).
@item
-To customize the parameters of the generated key, you can use
-the expert key generation. It allows you to set the public key
-algorithm and/or the size of the key directly.
+To customize the parameters of the generated key, you can use the expert key generation.
+It allows you to set the public key algorithm and/or the size of the key directly.
@item
-Most of the list view based dialogs allow to use the right
-mouse button, to show popup menus with available commands.
+Most of the list view based dialogs allow to use the right mouse button, to show popup menus with
+available commands.
@end itemize
@subsection Create a Revocation Certificate
+It is very important to do this step early as possible. With this certificate, you can revoke
+your entire key. The reason for this can be for example, that your key is no longer used or even
+compromised.
+After you generated the revocation cert, you should move it to a secure place because anybody who
+gets access to it, can render your key unuseable.
-It is very important to do this step early as possible. With this
-certificate, you can revoke your entire key. The reason for this
-can be for example, that your key is no longer used or even compromised.
-After you generated the revoc cert, you should move it to a secure place
-because anybody who gets access to it, can render your key unuseable.
+Just right-click on your key and select "Revoke Cert". If you do this step directly after key
+generation, there is no need to change the default values. Just select a file name and enter the
+passphrase. The program issues a warning which should be read carefully.
-Just right-click on your key and select "Revoke Cert". If you do this
-step directly after key generation, there is no need to change the
-default values. Just select a file name and enter the passphrase.
-The program issues a warning which should be read carefully.
-
@subsection Adding a new Secondary Key
-For most users the existing keys in the key pair are enough
-and no extra key is needed. But there are some exceptions.
+For most users the existing keys in the key pair are enough and no extra key is needed. But there
+are some exceptions.
@itemize @bullet
@item
-The primary key has no secondary key and the primary key is not
-able to encrypt data. In this case it can be a good idea to
-add a secondary encryption key.
+The primary key has no secondary key and the primary key is not able to encrypt data. In this
+case it can be a good idea to add a secondary encryption key.
@item
-A lot of people use secondary encryption keys with an expiration
-date. Usually the key is valid for 1-2 years. After the key is expired,
-a new key is needed in order to encrypt data.
+A lot of people use secondary encryption keys with an expiration date. Usually the key is valid
+for 1-2 years. After the key is expired, a new key is needed in order to encrypt data.
@end itemize
-What kind of public key algorithm should be selected is a matter
-of taste. RSA and ElGamal are both capable for encryption. For most
-users it's a good idea to let the program chose the key size (in bits).
-The default settings should be secure enough for most purposes.
+What kind of public key algorithm should be selected is a matter of taste. RSA and ElGamal are
+both capable for encryption. For most users it's a good idea to let the program chose the key
+size (in bits). The default settings should be secure enough for most purposes.
@subsection Adding a new User ID
-If you got a new email account, it's propably a good idea to
-add these new account to your key also. For example:
+If you got a new email account, it's propably a good idea to add these new account to your key
+also. For example:
-A new account was registed at gmail.com (john.doo@@gmail.com).
+A new account was registed at gmail.com (john.doo@@gmail.com).
Then you should create a new user ID with the following fields:
name: John Doo
@@ -413,155 +363,265 @@
comment: (optional)
-Now email programs are able to associate this address with your
-key when somebody wants to send you a protected mail to this account.
+Now email programs are able to associate this address with your key when somebody wants to send
+you a protected mail to this account.
@subsection Adding a new Photographic ID
-With this function you can add a photo to your public. It will be
-displayed in the key property dialog.
+With this function you can add a photo to your public. It will be displayed in the key property
+dialog.
-You just need to select a JPEG file which contains the photo and
-enter your passphrase and confirm with OK. Please read the note
-in the dialog carefully to make sure the photo has a proper size
-(file, height and weight).
+You just need to select a JPEG file which contains the photo and enter your passphrase and
+confirm with OK. Please read the note in the dialog carefully to make sure the photo has a proper
+size (file, height and weight).
@subsection Adding a new Designated Revoker
-If you want to allow another key to revoke your own key, this
-might be useful if you lost your secret or a simliar situation,
-you can use this function to add a designated revoker to your key.
+If you want to allow another key to revoke your own key, this might be useful if you lost your
+secret or a simliar situation, you can use this function to add a designated revoker to your key.
-All you need to do is to select the key you want to add as a desig
-revoker. But please bear in mind that this procedure cannot be undone
-and that this person really has the power to make your public key
-unuseable. You really should trust the selected key, in case it is
-not a key owned by yourself.
+All you need to do is to select the key you want to add as a desig revoker. But please bear in
+mind that this procedure cannot be undone and that this person really has the power to make your
+public key unuseable. You really should trust the selected key, in case it is not a key owned by yourself.
@subsection Export a Public Key
-There are several reason why to export a public key and there
-are also several ways to do it. If you want to send the key
-directly to a mail recipient, you can select the key, right-click,
-and select "Send Key to Mail Recipient". As an alternative, you
-can also export it to the clipboard or to a file. To export a
-key to the clipboard, you can select "Copy key to Clipboard"
-in the popup menu of the selected key. To export it to a file,
-you need to select the menu "Key" and then "Export...". The
-program will automatically suggest a name for the output.
+There are several reason why to export a public key and there are also several ways to do it. If
+you want to send the key directly to a mail recipient, you can select the key, right-click,
+and select "Send Key to Mail Recipient". As an alternative, you can also export it to the
+clipboard or to a file. To export a key to the clipboard, you can select "Copy key to Clipboard"
+in the popup menu of the selected key. To export it to a file, you need to select the menu "Key"
+and then "Export...". The program will automatically suggest a name for the output.
+ at subsection Export your Secret Key
+This command should be used with caution because it exports your secret key. Please bear in mind
+that you should never export your key to a place where it can be accessed by others.
+An USB stick or a likewise mobile storage device should be used for the export.
+
@subsection Import a Public Key
-Similar to the key import, the import of a key can be done in
-several ways. First, let's assume you got a mail with an OpenPGP
-key included as inline text. Then you can use the current window
-feature and "Decrypt/Verify" to import the key. Alternative you
-also may use the clipboard. To achieve this, you first need to
-select the entire key (CTRL+A) and then copy it to the clipboard
-(CTRL+C), then use the Key Manager (Edit->Paste) to import it.
-If the key is stored as an attachment, or you want to import
-a key from a file in general, just drag the file and drop it
+Similar to the key import, the import of a key can be done in several ways. First, let's assume
+you got a mail with an OpenPGP key included as inline text. Then you can use the current window
+feature and "Decrypt/Verify" to import the key. Alternative you also may use the clipboard.
+To achieve this, you first need to select the entire key (CTRL+A) and then copy it to the
+clipboard (CTRL+C), then use the Key Manager (Edit->Paste) to import it. If the key is stored as
+an attachment, or you want to import a key from a file in general, just drag the file and drop it
into the Key Manager window or use "Key" -> "Import...".
@subsection Sign a Public Key
-If you verified that a key really belongs to its owner, you
-should sign the key to integrate it into your Web of Trust
-and also to mark the key as valid in your keyring. Do not sign
-a key you just got via email with the request to sign it. Anybody
-can create a key with your (or better ANY) name, these information
-are no hint to whom the key really belongs. You can check a key
-by meeting or calling the key owner and verify the key fingerprint
-of the key with the one published by the key owner. Additional checks
-should be to watch at his driver license or the identity card to make
-sure that name of the key matches the name of the key owner. After
-this procedure is done, you can open the Key Manager, select the
-right key and either use the context menu "Sign Key" or use the
-toolbar button.
+If you verified that a key really belongs to its owner, you should sign the key to integrate it
+into your Web of Trust and also to mark the key as valid in your keyring. Do not sign a key you
+just got via email with the request to sign it. Anybody can create a key with your (or better ANY) name,
+these information are no hint to whom the key really belongs. You can check a key
+by meeting or calling the key owner and verify the key fingerprint of the key with the one
+published by the key owner. Additional checks should be to watch at his driver license or the
+identity card to make sure that name of the key matches the name of the key owner. After this
+procedure is done, you can open the Key Manager, select the right key and either use the context
+menu "Sign Key" or use the toolbar button.
-The next dialog will summarize the key information and some
-additional options. For example if the signature should be
-local or exportable. Local means the signature will be stripped
-if you export the key and no one else except you can use it to
-calculate the validity. If you mark the signature exportable,
-any other user can see and use it. Now you can select the key
-you want to use to sign and enter the passphrase. Confirm with "OK"
-and the key will be signed. Now the validity of the new key is
-"Full". It is propably a good idea to set the ownertrust of the
-key. For a detailled description, see the chapter "Key Ownertrust".
+The next dialog will summarize the key information and some additional options. For example if
+the signature should be local or exportable. Local means the signature will be stripped if you
+export the key and no one else except you can use it to calculate the validity. If you mark the
+signature exportable, any other user can see and use it. Now you can select the key you want to
+use to sign and enter the passphrase. Confirm with "OK" and the key will be signed. Now the validity
+of the new key is "Full". It is propably a good idea to set the ownertrust of the key.
+For a detailled description, see the chapter "Key Ownertrust".
@subsection Key Ownertrust
-First we should explain what the ownertrust of a key is. The ownertrust
-is a measurement how much you trust somebody to certify and check keys
-of other people. For example, if you know that Bob is really the owner
-of the key, you should sign it. But he is also known to sign other keys
-without checking the idenity of the other key owner. Values for the
-ownertrust are 1) Don't Know 2) Don't Trust 3) Marginal 4) Full
-and thus you should propably use an ownertrust value like "Marginal".
-But this is a personal decision and stored in a separate file and
-never exported with the public keys. For further information, please
-take a look into the GNU Privacy Handbook.
-Just a last work on Key Pairs, they are automatically marked as
-"Ultimate" because the key belongs to you and you trust it implicit.
+First we should explain what the ownertrust of a key is. The ownertrust is a measurement how much
+you trust somebody to certify and check keys of other people. For example, if you know that Bob
+is really the owner of the key, you should sign it. But he is also known to sign other keys
+without checking the idenity of the other key owner. Values for the ownertrust are
+1) Don't Know 2) Don't Trust 3) Marginal 4) Full
+and thus you should propably use an ownertrust value like "Marginal". But this is a personal
+decision and stored in a separate file and never exported with the public keys. For further
+information, please take a look into the GNU Privacy Handbook.
+Just a last work on Key Pairs, they are automatically marked as "Ultimate" because the key
+belongs to you and you trust it implicit.
+ at subsection List Signatures
+This dialog contains a list of all signatures of the selected key. The basic dialog, the tree
+based version, just shows signatures when the issuer key is in the public keyring. A double click
+opens the signature property dialog which contains detailled description about the selected
+signature. A dialog which is useful for people who wants to get all information about the key
+signatures, can click on the "Edit.." button.
+
+ at subsection Copy Key Information to the Clipboard
+Often it is useful to copy parts of the user ID to the clipboard. One example is that you want to
+send an email to the key owner or that you want to search the key by the email address or you
+want to copy the fingerprint to the clipboard to paste it somewhere else.
+This command is available in the popup menu (right click).
+
+ at subsection Delete one or more Keys
+To delete a key, or more than one key, you just need to select the keys in the Key Manager and
+either select "Delete" or use the toolbar button.
+Be careful if you delete a key pair, because you will not be able to decrypt and/or sign data any
+longer. In any case you should have a backup of your key pair at a safe place.
+
+ at subsection Re-verify Signatures
+After you refreshed or imported a lot of new keys, either from a file or the keyserver, it is a
+good idea to re-verify the signature in the keyring. This speeds up listing operations.
+
+ at subsection WinPT Website
+If you want to check for updates or general information about the Windows Privacy Tray program,
+you can select this menu item.
+The WWW webite of WinPT will be loaded in the default browser.
+If you want to visit the project website directly, select the "Project Website" entry.
+
+ at subsection The Key Edit Dialog
+For the average GPG user, the popup menu of the Key Manager contains all command to manage your
+keys. For example to add a key/userid/revoker/photo, just right click on the click and select the
+command from the "Add" submenu.
+But for advanced users, this dialog contain a lot of extra commands to customize your key.
+
+The main dialog contains a list of all keys in the first list view box and all user IDs in the
+second list view box. The help button gives you a short hint about each command and what it does.
+For example you can set the primary user ID via the "primary" command or with "deluid" you can
+delete the selected user ID. Please always bear in mind, that most keyserver are not able to
+remove user IDs in its database so if another user fetch your 'updated' key from the keyserver
+the user ID might be still part of the key. If you want to make an user ID unuseable, you should
+revoke it. This is also possible with this dialog.
+
+ at subsection Update your Preferences in the Key Manager
+To avoid that the user needs detour to select the taskbar icon, click on it, etc., all
+preferences can be changed in the Key Manager via the Edit->Preferences... menu.
+
@section The File Manager
@subsection Introduction
-The File Manager is no replacement for an Explorer Extension.
-If you secure your files frequently and you want to do this
-fast and easy, I suggest to install GPGee. It is a program
-which integrates itself into the explorer and provide menu
-entries in the context menu of files and directory. But the
-File Manager can be very useful if you just want to decrypt
-and/or encrypt some files without additional programs. You
-can find the File Manager via the symbol in the taskbar,
-right click and then "File Manager".
+The File Manager is no replacement for an Explorer Extension. If you secure your files frequently
+and you want to do this fast and easy, I suggest to install GPGee. It is a program which
+integrates itself into the explorer and provide menu entries in the context menu of files and
+directory. But the File Manager can be very useful if you just want to decrypt and/or encrypt
+some files without additional programs. You can find the File Manager via the symbol in the
+taskbar, right click and then "File Manager".
@subsection An Overview of the GUI
-First there are different ways to add (open) files in the
-Key Manager. The easiest way is to use drag and drop to
-add files into the File Manager. Just drag a file from the
-explorer and drop it into the File Manager window. The second
-way is to use File->Open. A dialog opens which is common for
-all "File Open" operations in most Windows application. Now
-you can select one or more files and confirm. The files will
-be automatically added to the File Manager window. The main
-window consists of a listview with three rows.
+First there are different ways to add (open) files in the Key Manager. The easiest way is to use
+drag and drop to add files into the File Manager. Just drag a file from the explorer and drop it
+into the File Manager window. The second way is to use File->Open. A dialog opens which is common
+for all "File Open" operations in most Windows application. Now you can select one or more files
+and confirm. The files will be automatically added to the File Manager window. The main window
+consists of a listview with three rows.
-The first row is the status of the file. It can be "ENCRYPTED",
-"SIGNED", "PUBKEY", "SECKEY", "SIG" or "UNKNOWN". Dependent on
-the file status, the File Manager offers different choices. For example
-"SIG" enables the verify options in the (popup) menu. "UNKNOWN" is
-the default for all plaintext files.
-The second row is the file name. And the last row is the status of
-the operation. It can be either "", "SUCCESS" or "FAILED". An empty status
-means no operation was started yet. FAILED indicates that the
-GnuPG operation failed. In this case an error message was issued before.
+The first row is the status of the file. It can be "ENCRYPTED", "SIGNED", "PUBKEY", "SECKEY",
+"SIG" or "UNKNOWN". Dependent on the file status, the File Manager offers different choices.
+For example "SIG" enables the verify options in the (popup) menu. "UNKNOWN" is the default for
+all plaintext files.
+The second row is the file name. And the last row is the status of the operation. It can be
+either "", "SUCCESS" or "FAILED". An empty status means no operation was started yet. FAILED
+indicates that the GnuPG operation failed. In this case an error message was issued before.
Now it follows an example:
-We assume that user wants to encrypt "c:\My Ideas\GPG GUI.txt".
-Drag the file from the Explorer and drop it into the open File
-Manager, the main window. The file will be added and recognized
-as "UNKNOWN". Now we select the file and right click, a popup
-menu is shown and we select "Encrypt". An new dialog is opened
-which looks similar to the Clipboard Encryption dialog. Just
-select the recipients and confirm. In contrast to clipboard encryption,
-file encryption offers some more extra options. They are described
-later. And hour glass will be shown as long as GnuPG takes to encrypt
-the file. When the procedure is done, the third row should be change
+We assume that user wants to encrypt "c:\My Ideas\GPG GUI.txt". Drag the file from the Explorer
+and drop it into the open File Manager, the main window. The file will be added and recognized
+as "UNKNOWN". Now we select the file and right click, a popup menu is shown and we select
+"Encrypt". An new dialog is opened which looks similar to the Clipboard Encryption dialog.
+Just select the recipients and confirm. In contrast to clipboard encryption, file encryption
+offers some more extra options. They are described later. And hour glass will be shown as long as
+GnuPG takes to encrypt the file. When the procedure is done, the third row should be change
to "SUCCESS" and the first row to "ENCRYPTED".
@subsection General Options
-Now we describe the general options which are possible in some
-File Manager dialogs.
+Now we describe the general options which are possible in some File Manager dialogs.
@itemize
@item Text Output
-When this option is checked, the output will be encoded in ASCII armor.
-This can be useful if the file should be transfered via email. The
-size of the output file is larger than the usual binary output.
+When this option is checked, the output will be encoded in ASCII armor. This can be useful if the
+file should be transfered via email. The size of the output file is larger than the usual binary
+output.
@item Wipe Original
-If this option is checked, the original file will be deleted after
-successfull encryption. This can be useful if data should not be
-available in plaintext any longer on a machine.
+If this option is checked, the original file will be deleted after successfull encryption.
+This can be useful if data should not be available in plaintext any longer on a machine.
@end itemize
+ at section Reporting a Problem (Bug) or a Feature Request
+
+For the case that you have problems with the program, that includes crashes or or the handling,
+please first check the forum at http://wald.intevation.org to see if someone else reported and/or
+wrote about the issue. It is possible that the issue is already solved/answered in the forum.
+Plus all other users can benefit of it because maybe another person has the same problem and then
+he can check the forum and will find the answer.
+
+Feature requests can be submitted at the same site in a different tab (Tracker->Feature Request).
+There is no guarantee that the request will be implemented in the next version. The reason is,
+that other issues might be more important or that the request must be first discussed with other
+developers. But each request will be considered.
+
+For the case that you found a bug, it is very important to provide much details as possible to
+allow the developers to track down the problem and to fix it easily. Please do not forgot to be
+precise as possible and the best idea is to provide a step-by-step text to reproduce the problem.
+
+ at section Problem with the Program or an unexpected Behaviour
+
+First let me say that it is very important always to use the newest version. Each new version
+contains bug fixes and might also fix usability issues. This is also valid for GPG, WinPT
+checks that the minimum GPG version is available but even so it is important and often useful to
+have the newest GPG version if this is possible.
+
+But sometimes the problem is not the software itself, but the software which was involved to
+transfer the data. Here are some examples of what could happen:
+
+- The downloaded file could be broken (FTP ascii->binary issue) and thus WinPT is unable to
+ verify the signature. In this case you should download the file again.
+
+- A mailer broke the signature because the line endings were altered or the mail text was wrapped
+ after the signature was issued. There is no solution to this problem, except to use
+ a smart Mail Client.
+
+- A public key (file or clipboard) will not be recognized but the data should definitely contain
+ one or more keys. Sometimes line endings are messed up or white spaces were removed. In
+ this case GPG/WinPT is not able to detect when the data begins and the header section starts.
+ You can use the clipboard editor to see if the ascii armor is broken. If this happened, the
+ file must be repaired manually or should be sent again.
+
+- WinPT reports that the key could not be imported because of missing self signature or a
+ likewise message. To make sure that the receiver can really verify the key belongs to its
+ owner, the key carries a self signature which can be checked by anybody. Some PGP 2.6 version
+ do not issue this self signature and some other PGP versions might be also able to
+ supress its generation. Such a key cannot be used, even if the import were forced. The solution
+ to this problem is easy but sometimes not possible. Ask the key issuer to self sign his key and
+ to upload it to the keyserver or send it again.
+ But sometimes companies have a policy and thus newly generated keys are not self signed. I do
+ not know what to do in this case except for asking if it would be possible to sign a copy of
+ the key.
+
+- You received a message from a user which uses PGP and WinPT/GPG will not be able to decrypt it.
+ First let me say that this should happen very seldom with newer (PGP >= 7) versions of PGP.
+ The reason could be, that IDEA has been used. A patented Cipher which is not included in GPG.
+ GPG will not be able to decrypt the data because it has been ciphered with IDEA. There is no
+ solution for this problem, except to use the IDEA plug-in. But be advised that the IDEA
+ algorithm is only free for private use and NOT for commercial mails.
+
+ Another problem could be, that your files cannot be automatically decrypted by the receiver
+ (who uses PGP) because the file extension of it is .GPG. You can solve this problem by changing
+ the default extension in the WinPT preferences from .GPG to .PGP.
+
+ To minimize the change of problems when you communicate with a PGP user, you can add "pgp8" or
+ "pgp7" to your gpg.conf. This can be done via the Key Manager
+ ->Edit->Preferences...->GPG Config Preferences.
+
+
+ at section How can I help the Project
+
+There are several ways to help the project. For example you could provide (or work on) the
+existing documentation or write new docs. You could translate WinPT into a new language or
+maintain an existing language file. Of course it is also possible to contribute code or to
+become part of the WinPT developer crew.
+Commercial support for WinPT is available via g10 Code GmbH.
+
+ at subsection What I need for Development
+First, you need a Windows C-compiler and knowledge how to use the tools and the Win32 API. There
+is no need to use MS-Visual C, you can use Ming-W32 (gcc) and a free IDE to hack some code.
+The default building environment is a mingw32 hosted on Linux and it produces W32 executables.
+
+If you plan to contribute some code or to work on an item from the TODO file, please contact me
+first to make sure no one else is working on it and that and we can discuss the details.
+
+ at section Closing Words
+Please remember that currently the core WinPT crew is just me and thus it might take some time to
+respond to forum messages, and mails. If my spare time allows it, I try to respond quick as
+possible. But as a free software project, I do most coding in my spare time and I can't guarantee
+anything. If you need commercial support for WinPT or GPG in general,
+please contact g10 Code GmbH.
+
@bye
More information about the Winpt-commits
mailing list