trunk/Doc/winpt.texi

\input texinfo

@setfilename WinPT

This file describes the Windows Privacy Tray program and its main functions

This file is free under the terms of the GNU General Public License v2.

Copyright (C) 2006 Timo Schulz

Version 0.0.0

@settitle WinPT - The Windows Privacy Tray; a free GPG front-end for Windows

@section Requirements for WinPT

First you need to have a working GnuPG 1.4 installtion on the machine you
plan to install WinPT. If you don't have GPG in your machine, please
visit http://www.gnupg.org and download the latest GPG version there.
It comes with a graphical installer so there is no need to do this
step manually.

You need at least Windows 98/2K/XP, but Windows XP or better is
recommend. The program also works on NT/95/ME but there is no support
for these OS versions any longer.

@section A short Introduction

WinPT is a graphical GnuPG front-end which resides in the task bar.
It is divided into several, so-called, managers. There is a manager
for the keyring, for files and for smart cards. The aim of the program
is to secure email communication and to perform file encryption.

@subsection What is GnuPG
GnuPG is a tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed Internet standard as described in RFC2440.

@subsection The Web of Trust
For a detailled description of these and other GnuPG topics, I
recommend the available literature at http://www.gnupg.org. But
at least a general overview should be given here.

The certification scheme of OpenPGP does not base on a hirachical
approach. Instead it uses a combination of ownertrust and direct
key certification. Here is an example with Alice, Bob, Carol and Dave.

Alice knows Bob and checked the fingerprint of Bob's key when he
met him personally. Thus she knows that the key really belongs to
its owner and he trusts Bob to certify other keys. Then she issued
a signature on Bob's key. Bob knows Carol and also checked her identity.
Then he signed her key. Alice does not know Carol, but he knows Bob
and Bob trusts Carol. And because Alice trusts Bob, at a level she
decided before, he also trusts Carol. It's a transitiv relation.
Dave is isolated and does not know anybody from the mentioned persons,
thus he is not in the WoT.
Another very important point is, that the signer can decide,
after the certification, how much he trusts the key owner to
certify other keys.

It is very important to check the identify of a key owner. Mostly
this is done by comparing the fingerprint, which were submitted
by phone or written down at a personal meeting, with the fingerprint
of the key in the keyring. Please bear in mind that anybody can create
a key with an email address and a specific name. Thus it is not
recommend to sign keys without doing this check before!

The fingerprint of the key is hexadecial (160-bit) sequence divided
into 10 groups of 4 hex digits. You can get the fingerprint of a key
by opening the key property dialog. There you can mark the fingerprint
and copy it to the clipboard.

Example: 1D75 8108 5BC9 D9FB E78B  2078 ED46 81C9 BF3D F9B4

@section Installation of the Program

It is always recommend to use the latest version of the program. You
can download it from http://wald.intevation.org/projects/winpt.
Download the zip file with the binaries inside and unpack them in
a folder. All files need to be in the same folder, so if you change
the folder don't forget to move all files.
You should also download and verify the signature of the packet to 
make sure that the release is really authentic.

To activate the program you just need to start WinPT.exe. You should
now see a little (golden key) icon in the taskbar which indicates that 
the program is running. If you want to quit the program, right click
on the symbol and select "Exit".

Alternative, you may use one of the graphical GPG installers which
are available on the internet. I recommend to use Gpg4Win which
includes a set of very useful privacy tools, beside WinPT and it
is very easy to use with an average size (~4MB). For non-German
speaking users, I recommend the light version because it does not
contain the 2 German PDF manuals.

@subsection Getting the Source of the Program
As free software, according to the GNU General Public License,
WinPT also offers the source code for the program. It can be used
for reviews, to compile your own binary and/or to modify and/or
redistribute it or just to learn how it works. The source is available
at the same place you downloaded the binary. If not, you should
contact the author of the site.
The entire program can be build with free software; the default
environment is a cross-compiler hosted on a Linux box. All you
need is the mingw32 packages, a working autoconf environment
and the libs WinPT depends on (currently gpgme and libgpg-error).
It is also possible to build the binary with cygwin/mingw32 on
Windows but this environment is not actively supported and propably
needs adjustment of the source.

@subsection Configure the Program
After the installation not much of the default settings need to
be changed. If you prefer a special keyserver, it is propably a good 
idea to open the keyserver dialog and to set one of the existing 
keyservers as the default or create a new entry and mark it as the 
new default. The default keyserver is subkeys.pgp.net, which is
the best choice for most users.

@subsection GPG Options
For expert users, the GPG preference dialog might contain some
interesting options. For example to set the expiration date of
a signature and/or to set the signing level for key signing.
It also allows to set a default 'encrypt-to' key and to set
the comment in ASCII armored files.

@subsection Preferences
In the WinPT preference dialog, the user can modify and/or disable
the default options. For new users it is suggested to leave the
default values as they are, except when there are problems related
to the hotkeys.

To enable keyring backups, the user can either decide to use the
GPG home directory as the backup folder or any other folder. In
the latter case, a folder needs to be chosen.


@section The First Start

This section is only important for people who never installed
and/or used WinPT before.

When the program is started the first time, it offers two choices.
The one is to generate a key pair and the other is to copy
existing GPG keyrings into the current installation.

We assume the user will select the first entry.

Now a new dialog is shown which requests some information from
the user to allow a meaningful association between the key and
the user. If the user prefer RSA keys, the check box should be marked. 
If the entered data is OK, WinPT then generates a new key pair. As long
as this step takes, a progress dialog is shown to indicate the 
enduring process. When the generation of the keypair is done, WinPT 
offers the chance to backup the existing keyrings. This is definitely
an important decision because if the keyring will get corrupted
or lost, there is no way to recover the encrypted data. That is
why it is also important to store the backup, at least of the
secret keyring, at a @strong{safe} place.

@section Keyserver Access

An easy way to retrieve keys is the keyserver. You can think of
it like a huge database with a lot of keys as its content. It is 
possible to search keys by a pattern, a keyid or even a fingerprint.
WinPT allows to access different kind of keyservers. For example
LDAP, HKP, Finger and HTTP. But the focus will be set on HKP because
this is the common case.

In some situations WinPT asks the user whether to retrieve keys 
automatically. One example is the signature verification when the 
key that issued the signature was not found in the keyring.

The main keyserver dialog allows to fetch one or more keys directly
or to search for a given pattern.

@subsection Retrieve a key by Key ID
The best way to fetch a key from the server is by the key ID.
Just enter the key ID, it is always a good idea to prefix it
with 0x and click the "Receive" button.

An example:

pattern: 0xBF3DF9B4

[Receive]


@subsection Retrieve a key by its email address
If you only know the email address from your partner, you can
enter it instead of the key ID. It is unlikely but possible
that there are more keys with the same address. In this situation,
WinPT will warn you that multiple keys were imported. The difference
to the search function is, that the keys were dirctly fetched and
not displayed as a key result list.


An example:

pattern: name_of_friend@@gmx.net

[Receive]


@subsection Search for a key by pattern
If you want to communicate with a new mail partner and you are
not sure about the key ID, it can be useful to search for his
email address. This address is considered as quite unique.

An example:

pattern: winpt@@windows-privacy-tray.com

[Search]

Now a dialog is opened with a list of all keys which matched
the search string. If the name @strong{and} the email address
is known, the matching key should be selected and "Receive"
should be clicked. Then the key will be downloaded and added
to your keyring. Now you can encrypt data with this key, for
example an email.

@subsection Sending a Key to the Keyserver
After you generated a new key pair, it is a good idea to send your
key to the keyserver to make it available for other users. If you
issue a signature, the key ID is part of the signature and people can 
automatically retrieve your key when they try to verify the signature.

Actually, the action is performed in the Key Manager and not in the
keyserver dialog. Just open the Key Manager, select the key you want
to send right-click on it and chose "Send to Keyserver" in the popup
menu. Then a message box with the result is shown.

@subsection Add, Delete or Edit a Keyserver Entry
The keyserver dialog allow to change the existing keyserver entries,
to delete them or to add new entries. Just right click on a selected
item and a popup menu will be shown with ("Edit", "Remove" and "New").

@section Using the Clipboard

A major aim from the first day was, that the program does not
depend on a special mailer client. For this reason it uses the
clipboard to encrypt and/or sign data.
For the examples, let's assume that you want to write a new
mail or that you received a mail protected by GnuPG.

@subsection Encrypt Data in the Clipboard
Just copy the text from the mailer window into the clipboard.
This is usually done by CTRL+C, make sure you really selected
all portions of the text. Then right-click on the tray icon
and select Clipboard->Encryption. Now a dialog is shown to
select the recipients. This means you need to select all
keys which should be able to decrypt the mail. Confirm with "OK".
GnuPG now encrypts the data with the selected recipients. At the
end a message box with the result is shown. Now the clipboard should 
contain the encrypted data. Just paste it into the mailer window.
The output should contain a header and a footer
"BEGIN PGP MESSAGE" and "END PGP MESSAGE.

@subsection Decrypt/Verify Data from the Clipboard

@subsection Sign the Clipboard

@section The Key Manager

This part of the program is propably most important for many users.
It contains function to manage your keyring and to perform actions
which are required and/or useful in the OpenPGP environment.

@subsection Tips

@itemize @bullet

@item
If you want to import quickly a key from a into the keyring, just
drag and drop the file into the Key Manager window. Then the import
procedure will be automatically started.

@item
Key which were fetched from keyservers often contain a lot of,
maybe obsolete, self signatures, if you want to get rid of them
you can use the Key Edit->Clean feature. Just start the edit
dialog and select the clean command. That's it.

@item
The keyserver dialog does not allow to import a key directly
via an URL, as an alternative you may use the "Import HTTP..."
feature in the Key Manager. With it you can directly fetch keys
from the web (Example: http://www.users.my-isp.de/~joe/gpg-keys.asc).

@item
To customize the parameters of the generated key, you can use
the expert key generation. It allows you to set the public key
algorithm and/or the size of the key directly.

@item
Most of the list view based dialogs allow to use the right
mouse button, to show popup menus with available commands.

@end itemize

@subsection Create a Revocation Certificate

It is very important to do this step early as possible. With this
certificate, you can revoke your entire key. The reason for this
can be for example, that your key is no longer used or even compromised.
After you generated the revoc cert, you should move it to a secure place
because anybody who gets access to it, can render your key unuseable.

Just right-click on your key and select "Revoke Cert". If you do this
step directly after key generation, there is no need to change the 
default values. Just select a file name and enter the passphrase.
The program issues a warning which should be read carefully.

@subsection Adding a new secondary key

For most users the existing keys in the key pair are enough
and no extra key is needed. But there are some exceptions.

@itemize @bullet

@item
The primary key has no secondary key and the primary key is not
able to encrypt data. In this case it can be a good idea to
add a secondary encryption key.

@item
A lot of people use secondary encryption keys with an expiration
date. Usually the key is valid for 1-2 years. After the key is expired,
a new key is needed in order to encrypt data.

@end itemize

What kind of public key algorithm should be selected is a matter
of taste. RSA and ElGamal are both capable for encryption. For most
users it's a good idea to let the program chose the key size (in bits).
The default settings should be secure enough for most purposes.

@subsection Adding a new user ID
If you got a new email account, it's propably a good idea to
add these new account to your key also. For example:

A new account was registed at gmail.com (john.doo@@gmail.com).
Then you should create a new user ID with the following fields:

name: John Doo

email: john.doo@@gmail.com

comment: (optional)

Now email programs are able to associate this address with your
key when somebody wants to send you a protected mail to this account.

@subsection Adding a photographic ID
With this function you can add a photo to your public. It will be
displayed in the key property dialog.

You just need to select a JPEG file which contains the photo and
enter your passphrase and confirm with OK. Please read the note
in the dialog carefully to make sure the photo has a proper size
(file, height and weight).

@subsection Adding a new designated revoker
If you want to allow another key to revoke your own key, this
might be useful if you lost your secret or a simliar situation,
you can use this function to add a designated revoker to your key.

All you need to do is to select the key you want to add as a desig
revoker. But please bear in mind that this procedure cannot be undone
and that this person really has the power to make your public key
unuseable. You really should trust the selected key, in case it is
not a key owned by yourself.

@subsection Export a Public Key
There are several reason why to export a public key and there
are also several ways to do it. If you want to send the key
directly to a mail recipient, you can select the key, right-click,
and select "Send Key to Mail Recipient". As an alternative, you
can also export it to the clipboard or to a file. To export a
key to the clipboard, you can select "Copy key to Clipboard"
in the popup menu of the selected key. To export it to a file,
you need to select the menu "Key" and then "Export...". The
program will automatically suggest a name for the output.

@subsection Import a Public Key
Similar to the key import, the import of a key can be done in
several ways. First, let's assume you got a mail with an OpenPGP
key included as inline text. Then you can use the current window
feature and "Decrypt/Verify" to import the key. Alternative you
also may use the clipboard. To achieve this, you first need to
select the entire key (CTRL+A) and then copy it to the clipboard
(CTRL+C), then use the Key Manager (Edit->Paste) to import it.
If the key is stored as an attachment, or you want to import
a key from a file in general, just drag the file and drop it
into the Key Manager window or use "Key" -> "Import...".

@bye
1	twoaday	222	\input texinfo
2
3			@setfilename WinPT
4
5			This file describes the Windows Privacy Tray program and its main functions
6
7			This file is free under the terms of the GNU General Public License v2.
8
9			Copyright (C) 2006 Timo Schulz
10
11			Version 0.0.0
12
13			@settitle WinPT - The Windows Privacy Tray; a free GPG front-end for Windows
14
15			@section Requirements for WinPT
16
17			First you need to have a working GnuPG 1.4 installtion on the machine you
18			plan to install WinPT. If you don't have GPG in your machine, please
19			visit http://www.gnupg.org and download the latest GPG version there.
20			It comes with a graphical installer so there is no need to do this
21			step manually.
22
23			You need at least Windows 98/2K/XP, but Windows XP or better is
24			recommend. The program also works on NT/95/ME but there is no support
25			for these OS versions any longer.
26
27	twoaday	224	@section A short Introduction
28	twoaday	225
29	twoaday	224	WinPT is a graphical GnuPG front-end which resides in the task bar.
30			It is divided into several, so-called, managers. There is a manager
31			for the keyring, for files and for smart cards. The aim of the program
32			is to secure email communication and to perform file encryption.
33	twoaday	222
34	twoaday	224	@subsection What is GnuPG
35			GnuPG is a tool for secure communication and data storage.
36			It can be used to encrypt data and to create digital signatures.
37			It includes an advanced key management facility and is compliant
38			with the proposed Internet standard as described in RFC2440.
39
40			@subsection The Web of Trust
41			For a detailled description of these and other GnuPG topics, I
42			recommend the available literature at http://www.gnupg.org. But
43			at least a general overview should be given here.
44
45			The certification scheme of OpenPGP does not base on a hirachical
46			approach. Instead it uses a combination of ownertrust and direct
47			key certification. Here is an example with Alice, Bob, Carol and Dave.
48
49			Alice knows Bob and checked the fingerprint of Bob's key when he
50			met him personally. Thus she knows that the key really belongs to
51			its owner and he trusts Bob to certify other keys. Then she issued
52			a signature on Bob's key. Bob knows Carol and also checked her identity.
53			Then he signed her key. Alice does not know Carol, but he knows Bob
54			and Bob trusts Carol. And because Alice trusts Bob, at a level she
55			decided before, he also trusts Carol. It's a transitiv relation.
56			Dave is isolated and does not know anybody from the mentioned persons,
57			thus he is not in the WoT.
58			Another very important point is, that the signer can decide,
59			after the certification, how much he trusts the key owner to
60			certify other keys.
61
62			It is very important to check the identify of a key owner. Mostly
63			this is done by comparing the fingerprint, which were submitted
64			by phone or written down at a personal meeting, with the fingerprint
65			of the key in the keyring. Please bear in mind that anybody can create
66			a key with an email address and a specific name. Thus it is not
67			recommend to sign keys without doing this check before!
68
69			The fingerprint of the key is hexadecial (160-bit) sequence divided
70			into 10 groups of 4 hex digits. You can get the fingerprint of a key
71			by opening the key property dialog. There you can mark the fingerprint
72			and copy it to the clipboard.
73
74			Example: 1D75 8108 5BC9 D9FB E78B 2078 ED46 81C9 BF3D F9B4
75
76	twoaday	222	@section Installation of the Program
77
78			It is always recommend to use the latest version of the program. You
79			can download it from http://wald.intevation.org/projects/winpt.
80			Download the zip file with the binaries inside and unpack them in
81			a folder. All files need to be in the same folder, so if you change
82			the folder don't forget to move all files.
83	twoaday	224	You should also download and verify the signature of the packet to
84			make sure that the release is really authentic.
85	twoaday	222
86			To activate the program you just need to start WinPT.exe. You should
87			now see a little (golden key) icon in the taskbar which indicates that
88			the program is running. If you want to quit the program, right click
89			on the symbol and select "Exit".
90
91			Alternative, you may use one of the graphical GPG installers which
92			are available on the internet. I recommend to use Gpg4Win which
93			includes a set of very useful privacy tools, beside WinPT and it
94			is very easy to use with an average size (~4MB). For non-German
95			speaking users, I recommend the light version because it does not
96			contain the 2 German PDF manuals.
97
98	twoaday	225	@subsection Getting the Source of the Program
99			As free software, according to the GNU General Public License,
100			WinPT also offers the source code for the program. It can be used
101			for reviews, to compile your own binary and/or to modify and/or
102			redistribute it or just to learn how it works. The source is available
103			at the same place you downloaded the binary. If not, you should
104			contact the author of the site.
105			The entire program can be build with free software; the default
106			environment is a cross-compiler hosted on a Linux box. All you
107			need is the mingw32 packages, a working autoconf environment
108			and the libs WinPT depends on (currently gpgme and libgpg-error).
109			It is also possible to build the binary with cygwin/mingw32 on
110			Windows but this environment is not actively supported and propably
111			needs adjustment of the source.
112
113	twoaday	222	@subsection Configure the Program
114			After the installation not much of the default settings need to
115			be changed. If you prefer a special keyserver, it is propably a good
116			idea to open the keyserver dialog and to set one of the existing
117			keyservers as the default or create a new entry and mark it as the
118			new default. The default keyserver is subkeys.pgp.net, which is
119			the best choice for most users.
120
121			@subsection GPG Options
122			For expert users, the GPG preference dialog might contain some
123			interesting options. For example to set the expiration date of
124			a signature and/or to set the signing level for key signing.
125			It also allows to set a default 'encrypt-to' key and to set
126			the comment in ASCII armored files.
127
128			@subsection Preferences
129			In the WinPT preference dialog, the user can modify and/or disable
130			the default options. For new users it is suggested to leave the
131			default values as they are, except when there are problems related
132			to the hotkeys.
133
134			To enable keyring backups, the user can either decide to use the
135			GPG home directory as the backup folder or any other folder. In
136	twoaday	224	the latter case, a folder needs to be chosen.
137	twoaday	222
138
139			@section The First Start
140	twoaday	225
141	twoaday	222	This section is only important for people who never installed
142			and/or used WinPT before.
143
144			When the program is started the first time, it offers two choices.
145			The one is to generate a key pair and the other is to copy
146			existing GPG keyrings into the current installation.
147
148			We assume the user will select the first entry.
149
150			Now a new dialog is shown which requests some information from
151			the user to allow a meaningful association between the key and
152			the user. If the user prefer RSA keys, the check box should be marked.
153			If the entered data is OK, WinPT then generates a new key pair. As long
154			as this step takes, a progress dialog is shown to indicate the
155			enduring process. When the generation of the keypair is done, WinPT
156			offers the chance to backup the existing keyrings. This is definitely
157			an important decision because if the keyring will get corrupted
158			or lost, there is no way to recover the encrypted data. That is
159			why it is also important to store the backup, at least of the
160			secret keyring, at a @strong{safe} place.
161
162			@section Keyserver Access
163	twoaday	225
164	twoaday	222	An easy way to retrieve keys is the keyserver. You can think of
165			it like a huge database with a lot of keys as its content. It is
166			possible to search keys by a pattern, a keyid or even a fingerprint.
167			WinPT allows to access different kind of keyservers. For example
168			LDAP, HKP, Finger and HTTP. But the focus will be set on HKP because
169			this is the common case.
170
171			In some situations WinPT asks the user whether to retrieve keys
172			automatically. One example is the signature verification when the
173			key that issued the signature was not found in the keyring.
174
175			The main keyserver dialog allows to fetch one or more keys directly
176			or to search for a given pattern.
177
178			@subsection Retrieve a key by Key ID
179	twoaday	224	The best way to fetch a key from the server is by the key ID.
180			Just enter the key ID, it is always a good idea to prefix it
181			with 0x and click the "Receive" button.
182	twoaday	222
183	twoaday	224	An example:
184
185			pattern: 0xBF3DF9B4
186
187			[Receive]
188
189
190	twoaday	222	@subsection Retrieve a key by its email address
191	twoaday	224	If you only know the email address from your partner, you can
192			enter it instead of the key ID. It is unlikely but possible
193			that there are more keys with the same address. In this situation,
194			WinPT will warn you that multiple keys were imported. The difference
195			to the search function is, that the keys were dirctly fetched and
196			not displayed as a key result list.
197	twoaday	222
198	twoaday	224
199			An example:
200
201			pattern: name_of_friend@@gmx.net
202
203			[Receive]
204
205
206	twoaday	222	@subsection Search for a key by pattern
207			If you want to communicate with a new mail partner and you are
208			not sure about the key ID, it can be useful to search for his
209			email address. This address is considered as quite unique.
210
211			An example:
212
213	twoaday	224	pattern: winpt@@windows-privacy-tray.com
214	twoaday	222
215			[Search]
216
217			Now a dialog is opened with a list of all keys which matched
218			the search string. If the name @strong{and} the email address
219			is known, the matching key should be selected and "Receive"
220			should be clicked. Then the key will be downloaded and added
221			to your keyring. Now you can encrypt data with this key, for
222			example an email.
223
224	twoaday	224	@subsection Sending a Key to the Keyserver
225			After you generated a new key pair, it is a good idea to send your
226			key to the keyserver to make it available for other users. If you
227			issue a signature, the key ID is part of the signature and people can
228			automatically retrieve your key when they try to verify the signature.
229	twoaday	222
230	twoaday	224	Actually, the action is performed in the Key Manager and not in the
231			keyserver dialog. Just open the Key Manager, select the key you want
232			to send right-click on it and chose "Send to Keyserver" in the popup
233			menu. Then a message box with the result is shown.
234
235			@subsection Add, Delete or Edit a Keyserver Entry
236			The keyserver dialog allow to change the existing keyserver entries,
237			to delete them or to add new entries. Just right click on a selected
238			item and a popup menu will be shown with ("Edit", "Remove" and "New").
239
240			@section Using the Clipboard
241	twoaday	225
242	twoaday	224	A major aim from the first day was, that the program does not
243			depend on a special mailer client. For this reason it uses the
244			clipboard to encrypt and/or sign data.
245			For the examples, let's assume that you want to write a new
246			mail or that you received a mail protected by GnuPG.
247
248			@subsection Encrypt Data in the Clipboard
249			Just copy the text from the mailer window into the clipboard.
250			This is usually done by CTRL+C, make sure you really selected
251			all portions of the text. Then right-click on the tray icon
252			and select Clipboard->Encryption. Now a dialog is shown to
253			select the recipients. This means you need to select all
254			keys which should be able to decrypt the mail. Confirm with "OK".
255			GnuPG now encrypts the data with the selected recipients. At the
256			end a message box with the result is shown. Now the clipboard should
257			contain the encrypted data. Just paste it into the mailer window.
258			The output should contain a header and a footer
259			"BEGIN PGP MESSAGE" and "END PGP MESSAGE.
260
261			@subsection Decrypt/Verify Data from the Clipboard
262
263			@subsection Sign the Clipboard
264
265			@section The Key Manager
266	twoaday	225
267	twoaday	224	This part of the program is propably most important for many users.
268			It contains function to manage your keyring and to perform actions
269			which are required and/or useful in the OpenPGP environment.
270
271			@subsection Tips
272
273			@itemize @bullet
274
275			@item
276			If you want to import quickly a key from a into the keyring, just
277			drag and drop the file into the Key Manager window. Then the import
278			procedure will be automatically started.
279
280			@item
281			Key which were fetched from keyservers often contain a lot of,
282			maybe obsolete, self signatures, if you want to get rid of them
283			you can use the Key Edit->Clean feature. Just start the edit
284			dialog and select the clean command. That's it.
285
286			@item
287			The keyserver dialog does not allow to import a key directly
288			via an URL, as an alternative you may use the "Import HTTP..."
289			feature in the Key Manager. With it you can directly fetch keys
290			from the web (Example: http://www.users.my-isp.de/~joe/gpg-keys.asc).
291
292			@item
293			To customize the parameters of the generated key, you can use
294			the expert key generation. It allows you to set the public key
295			algorithm and/or the size of the key directly.
296
297	twoaday	225	@item
298			Most of the list view based dialogs allow to use the right
299			mouse button, to show popup menus with available commands.
300
301	twoaday	224	@end itemize
302
303	twoaday	225	@subsection Create a Revocation Certificate
304
305			It is very important to do this step early as possible. With this
306			certificate, you can revoke your entire key. The reason for this
307			can be for example, that your key is no longer used or even compromised.
308			After you generated the revoc cert, you should move it to a secure place
309			because anybody who gets access to it, can render your key unuseable.
310
311			Just right-click on your key and select "Revoke Cert". If you do this
312			step directly after key generation, there is no need to change the
313			default values. Just select a file name and enter the passphrase.
314			The program issues a warning which should be read carefully.
315
316	twoaday	222	@subsection Adding a new secondary key
317
318			For most users the existing keys in the key pair are enough
319			and no extra key is needed. But there are some exceptions.
320
321			@itemize @bullet
322
323			@item
324			The primary key has no secondary key and the primary key is not
325			able to encrypt data. In this case it can be a good idea to
326			add a secondary encryption key.
327
328			@item
329			A lot of people use secondary encryption keys with an expiration
330			date. Usually the key is valid for 1-2 years. After the key is expired,
331			a new key is needed in order to encrypt data.
332
333			@end itemize
334
335			What kind of public key algorithm should be selected is a matter
336			of taste. RSA and ElGamal are both capable for encryption. For most
337			users it's a good idea to let the program chose the key size (in bits).
338			The default settings should be secure enough for most purposes.
339
340			@subsection Adding a new user ID
341			If you got a new email account, it's propably a good idea to
342			add these new account to your key also. For example:
343
344			A new account was registed at gmail.com (john.doo@@gmail.com).
345			Then you should create a new user ID with the following fields:
346
347			name: John Doo
348
349			email: john.doo@@gmail.com
350
351			comment: (optional)
352
353			Now email programs are able to associate this address with your
354			key when somebody wants to send you a protected mail to this account.
355
356			@subsection Adding a photographic ID
357			With this function you can add a photo to your public. It will be
358			displayed in the key property dialog.
359
360			You just need to select a JPEG file which contains the photo and
361			enter your passphrase and confirm with OK. Please read the note
362			in the dialog carefully to make sure the photo has a proper size
363			(file, height and weight).
364
365			@subsection Adding a new designated revoker
366			If you want to allow another key to revoke your own key, this
367			might be useful if you lost your secret or a simliar situation,
368			you can use this function to add a designated revoker to your key.
369
370			All you need to do is to select the key you want to add as a desig
371			revoker. But please bear in mind that this procedure cannot be undone
372			and that this person really has the power to make your public key
373			unuseable. You really should trust the selected key, in case it is
374			not a key owned by yourself.
375
376	twoaday	226	@subsection Export a Public Key
377			There are several reason why to export a public key and there
378			are also several ways to do it. If you want to send the key
379			directly to a mail recipient, you can select the key, right-click,
380			and select "Send Key to Mail Recipient". As an alternative, you
381			can also export it to the clipboard or to a file. To export a
382			key to the clipboard, you can select "Copy key to Clipboard"
383			in the popup menu of the selected key. To export it to a file,
384			you need to select the menu "Key" and then "Export...". The
385			program will automatically suggest a name for the output.
386
387			@subsection Import a Public Key
388			Similar to the key import, the import of a key can be done in
389			several ways. First, let's assume you got a mail with an OpenPGP
390			key included as inline text. Then you can use the current window
391			feature and "Decrypt/Verify" to import the key. Alternative you
392			also may use the clipboard. To achieve this, you first need to
393			select the entire key (CTRL+A) and then copy it to the clipboard
394			(CTRL+C), then use the Key Manager (Edit->Paste) to import it.
395			If the key is stored as an attachment, or you want to import
396			a key from a file in general, just drag the file and drop it
397			into the Key Manager window or use "Key" -> "Import...".
398
399	twoaday	222	@bye