trunk/Doc/winpt.texi

\input texinfo

@setfilename WinPT

This file describes the Windows Privacy Tray program and its main functions

This file is free under the terms of the GNU General Public License v2.

Copyright (C) 2006 Timo Schulz

Version 0.2.0

@settitle WinPT - The Windows Privacy Tray; a free GPG front-end for Windows

@section Requirements for WinPT

First you need to have a working GnuPG 1.4 installtion on the machine you
plan to install WinPT. If you don't have GPG in your machine, please
visit http://www.gnupg.org and download the latest GPG version there.
It comes with a graphical installer so there is no need to do this
step manually.

You need at least Windows 98/2K/XP, but Windows XP or better is
recommend. The program also works on NT/95/ME but there is no support
for these OS versions any longer. Mainly because the OS vendor also
dropped support and no bug fixes will be provided any longer.

@section A short Introduction

WinPT is a graphical GnuPG front-end which resides in the task bar.
It is divided into several, so-called, managers. There is a manager
for the keyring, for files and for smart cards. The aim of the program
is to secure email communication and to perform file encryption and
to allow an easy and user friendly way for key management.

@subsection What is GnuPG
GnuPG is a tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed Internet standard as described in RFC2440.

@subsection The Web of Trust
For a detailled description of these and other GnuPG topics, I
recommend the available literature at http://www.gnupg.org. But
at least a general overview should be given here.

The certification scheme of OpenPGP does not base on a hirachical
approach. Instead it uses a combination of ownertrust and direct
key certification. Here is an example with Alice, Bob, Carol and Dave.

Alice knows Bob and checked the fingerprint of Bob's key when he
met him personally. Thus she knows that the key really belongs to
its owner and he trusts Bob to certify other keys. Then she issued
a signature on Bob's key. Bob knows Carol and also checked her identity.
Then he signed her key. Alice does not know Carol, but he knows Bob
and Bob trusts Carol. And because Alice trusts Bob, at a level she
decided before, he also trusts Carol. It's a transitiv relation.
Dave is isolated and does not know anybody from the mentioned persons,
thus he is not in the WoT.
Another very important point is, that the signer can decide,
after the certification, how much he trusts the key owner to
certify other keys.

It is very important to check the identify of a key owner. Mostly
this is done by comparing the fingerprint, which were submitted
by phone or written down at a personal meeting, with the fingerprint
of the key in the keyring. Please bear in mind that anybody can create
a key with an email address and a specific name. Thus it is not
recommend to sign keys without doing this check before!

The fingerprint of the key is hexadecial (160-bit) sequence divided
into 10 groups of 4 hex digits. You can get the fingerprint of a key
by opening the key property dialog. There you can mark the fingerprint
and copy it to the clipboard. The fingerprint of a key can be compared
to human fingerprints, it is unique for each key.

Example: 1D75 8108 5BC9 D9FB E78B  2078 ED46 81C9 BF3D F9B4

It is a good idea to publish your fingerprint wherever possible.
For example via a business card or your website.

@section Installation of the Program

It is always recommend to use the latest version of the program. You
can download it from http://wald.intevation.org/projects/winpt.
Download the zip file with the binaries inside and unpack them in
a folder. All files need to be in the same folder, so if you change
the folder do not forget to move all files.
You should also download and verify the signature of the packet to 
make sure that the release is really authentic.

To activate the program you just need to start WinPT.exe. You should
now see a little (golden key) icon in the taskbar which indicates that 
the program is running. If you want to quit the program, right click
on the symbol and select "Exit".

Alternative, you may use one of the graphical GPG installers which
are available on the internet. I recommend to use Gpg4Win which
includes a set of very useful privacy tools, beside WinPT and it
is very easy to use with an average size (~4MB). For non-German
speaking users, I recommend the light version because it does not
contain the 2 German PDF manuals.

@subsection Getting the Source of the Program
As free software, according to the GNU General Public License,
WinPT also offers the source code for the program. It can be used
for reviews, to compile your own binary and/or to modify and/or
redistribute it or just to learn how it works. The source is available
at the same place you downloaded the binary. If not, you should
contact the author of the site.
The entire program can be build with free software; the default
environment is a cross-compiler hosted on a Linux box. All you
need is the mingw32 packages, a working autoconf environment
and the libs WinPT depends on (currently gpgme and libgpg-error).
It is also possible to build the binary with cygwin/mingw32 on
Windows but this environment is not actively supported and propably
needs adjustment of the source.

@subsection Configure the Program
After the installation not much of the default settings need to
be changed. If you prefer a special keyserver, it is propably a good 
idea to open the keyserver dialog and to set one of the existing 
keyservers as the default or create a new entry and mark it as the 
new default. The default keyserver is subkeys.pgp.net, which is
the best choice for most users.

@subsection GPG Options
For expert users, the GPG preference dialog might contain some
interesting options. For example to set the expiration date of
a signature and/or to set the signing level for key signing.
It also allows to set a default 'encrypt-to' key and to set
the comment in ASCII armored files.

@subsection Preferences
In the WinPT preference dialog, the user can modify and/or disable
the default options. For new users it is suggested to leave the
default values as they are, except when there are problems related
to the hotkeys.

To enable keyring backups, the user can either decide to use the
GPG home directory as the backup folder or any other folder. In
the latter case, a folder needs to be chosen.


@section The First Start

This section is only important for people who never installed
and/or used WinPT before and thus no keyrings are available.

When the program is started the first time, it offers two choices.
The one is to generate a key pair and the other is to copy
existing GPG keyrings into the current installation.

We assume the user will select the first entry.

Now a new dialog is shown which requests some information from
the user to allow a meaningful association between the key and
the user. If the user prefer RSA keys, the check box should be marked.
But this is a decision of personal taste and does not influence the security 
or anything else.
If the entered data is OK, WinPT then generates a new key pair. As long
as this step takes, a progress dialog is shown to indicate the 
enduring process. When the generation of the keypair is done, WinPT 
offers the chance to backup the existing keyrings. This is definitely
an important decision because if the keyring will get corrupted
or lost, there is no way to recover the encrypted data. That is
why it is also important to store the backup, at least of the
secret keyring, at a @strong{safe} place.

@section The Passphrase for the Secret Key
First a short explaination what passphrase is. A passphrase is like
a password but usually longer, maybe a sentence, which can consists of
any 7-bit ASCII characters. It is used to protect your secret key
and thus it is very import to chose a secure passphrase. If your
computer, and thus the secret key, were stolen and an attacker can
guess your passphrase he is able to decrypt all your data and to
create signatures in your name! A good passphrase is difficult
to guess but easy to remember and should be at least 10 characters long.
An easy way to generate a strong passphrase is to use a sentence only
you know but you can easily remind and then take the first letter of
each word, plus some special characters and maybe even some intentionally
made spelling mistakes. 

Example: Row - row - row your boat, gently down the stream
Passphrase: R-r-ryb,gdt

Never write down or passphrase or share it among other people!

@section Keyserver Access

An easy way to retrieve keys is the keyserver. You can think of
it like a huge database with a lot of keys as its content. It is 
possible to search keys by a pattern, a keyid or even a fingerprint.
WinPT allows to access different kind of keyservers. For example
LDAP, HKP, Finger and HTTP. But the focus will be set on HKP because
this is the common case.

In some situations WinPT asks the user whether to retrieve keys 
automatically. One example is the signature verification when the 
key that issued the signature was not found in the keyring.

The main keyserver dialog allows to fetch one or more keys directly
or to search for a given pattern.

@subsection Retrieve a key by Key ID
The best way to fetch a key from the server is by the key ID.
Just enter the key ID, it is always a good idea to prefix it
with 0x and click the "Receive" button.

An example:

pattern: 0xBF3DF9B4

[Receive]


@subsection Retrieve a key by its email address
If you only know the email address from your partner, you can
enter it instead of the key ID. It is unlikely but possible
that there are more keys with the same address. In this situation,
WinPT will warn you that multiple keys were imported. The difference
to the search function is, that the keys were dirctly fetched and
not displayed as a key result list.


An example:

pattern: name_of_friend@@gmx.net

[Receive]


@subsection Search for a key by pattern
If you want to communicate with a new mail partner and you are
not sure about the key ID, it can be useful to search for his
email address. This address is considered as quite unique.

An example:

pattern: winpt@@windows-privacy-tray.com

[Search]

Now a dialog is opened with a list of all keys which matched
the search string. If the name @strong{and} the email address
is known, the matching key should be selected and "Receive"
should be clicked. Then the key will be downloaded and added
to your keyring. Now you can encrypt data with this key, for
example an email.

@subsection Sending a Key to the Keyserver
After you generated a new key pair, it is a good idea to send your
key to the keyserver to make it available for other users. If you
issue a signature, the key ID is part of the signature and people can 
automatically retrieve your key when they try to verify the signature.

Actually, the action is performed in the Key Manager and not in the
keyserver dialog. Just open the Key Manager, select the key you want
to send right-click on it and chose "Send to Keyserver" in the popup
menu. Then a message box with the result is shown.

@subsection Add, Delete or Edit a Keyserver Entry
The keyserver dialog allow to change the existing keyserver entries,
to delete them or to add new entries. Just right click on a selected
item and a popup menu will be shown with ("Edit", "Remove" and "New").

@section Using the Clipboard

A major aim from the first day was, that the program does not
depend on a special mailer client. For this reason it uses the
clipboard to encrypt and/or sign data.
For the examples, let's assume that you want to write a new
mail or that you received a mail protected by GnuPG.

@subsection Encrypt Data in the Clipboard
Just copy the text from the mailer window into the clipboard.
This is usually done by CTRL+C, make sure you really selected
all portions of the text. Then right-click on the tray icon
and select Clipboard->Encryption. Now a dialog is shown to
select the recipients. This means you need to select all
keys which should be able to decrypt the mail. Confirm with "OK".
GnuPG now encrypts the data with the selected recipients. At the
end a message box with the result is shown. Now the clipboard should 
contain the encrypted data. Just paste it into the mailer window.
The output should contain a header and a footer
"BEGIN PGP MESSAGE" and "END PGP MESSAGE.

@subsection Decrypt/Verify Data from the Clipboard
The most common case is propably that you got a signed email and 
now you want to verify it. For this procedure, you have to copy 
the entire signature in the clipboard. The easiest way is to
use CTRL+A and CTRL+C, then all available text will be copied.
WinPT (GnuPG) is smart enough to figure out the signature related
data. Now go to the taskbar, display the popup menu and select
Clipboard->Decrypt/Verify. Now a new dialog, the verify dialog,
should be available on screen with all information about the
signature. For example who is the signer, when was it signed
how much do you try this key and what was signed and most 
important, the status of it (is the signature good or BAD).
A special case is when you don't have the public key to verify
the signature, if this happens WinPT offers to download the key
from the default keyserver. If the key was not found, the procedure
is aborted because without the key the sig cannot bed checked.

@subsection Sign the Clipboard
We assume that text that shall be signed is already in the
clipboard. If not, select the text you want to sign and copy
with via CTRL+C in the clipboard. Now go to the taskbar and
open the peopup menu, Clipboard->Sign. If you just have one
secret key, the passphrase dialog will be automatically shown.
All you need is to enter your passphrase and confirm. In case
of more available secret keys, a list with all keys is shown
and you can select which key shall be used for signing.
The output is always a cleartext signature which is in text
format. Do not try to sign binary clipboard data, the result
would be unpredictable and not readable by human beings.

@section The Current Window Support
Compared to the clipboard mode, the CWS mode has some advantages.
Let us assume that you want to extract text from an editor window.
With the CWS mode, the program automatically tries to focus the
window to select the text and to copy it to the clipboard and
execute the selected command (Sign, Encrypt, Decrypt).
No manual user interaction is needed. Except this different behaviour,
it is very likewise to the clipboard mode and thus we do not describe
each command again.

@section The Key Manager

This part of the program is propably most important for many users.
It contains function to manage your keyring and to perform actions
which are required and/or useful in the OpenPGP environment.

@subsection Tips

@itemize @bullet

@item
If you want to import quickly a key from a into the keyring, just
drag and drop the file into the Key Manager window. Then the import
procedure will be automatically started.

@item
Key which were fetched from keyservers often contain a lot of,
maybe obsolete, self signatures, if you want to get rid of them
you can use the Key Edit->Clean feature. Just start the edit
dialog and select the clean command. That's it.

@item
The keyserver dialog does not allow to import a key directly
via an URL, as an alternative you may use the "Import HTTP..."
feature in the Key Manager. With it you can directly fetch keys
from the web (Example: http://www.users.my-isp.de/~joe/gpg-keys.asc).

@item
To customize the parameters of the generated key, you can use
the expert key generation. It allows you to set the public key
algorithm and/or the size of the key directly.

@item
Most of the list view based dialogs allow to use the right
mouse button, to show popup menus with available commands.

@end itemize

@subsection Create a Revocation Certificate

It is very important to do this step early as possible. With this
certificate, you can revoke your entire key. The reason for this
can be for example, that your key is no longer used or even compromised.
After you generated the revoc cert, you should move it to a secure place
because anybody who gets access to it, can render your key unuseable.

Just right-click on your key and select "Revoke Cert". If you do this
step directly after key generation, there is no need to change the 
default values. Just select a file name and enter the passphrase.
The program issues a warning which should be read carefully.

@subsection Adding a new Secondary Key

For most users the existing keys in the key pair are enough
and no extra key is needed. But there are some exceptions.

@itemize @bullet

@item
The primary key has no secondary key and the primary key is not
able to encrypt data. In this case it can be a good idea to
add a secondary encryption key.

@item
A lot of people use secondary encryption keys with an expiration
date. Usually the key is valid for 1-2 years. After the key is expired,
a new key is needed in order to encrypt data.

@end itemize

What kind of public key algorithm should be selected is a matter
of taste. RSA and ElGamal are both capable for encryption. For most
users it's a good idea to let the program chose the key size (in bits).
The default settings should be secure enough for most purposes.

@subsection Adding a new User ID
If you got a new email account, it's propably a good idea to
add these new account to your key also. For example:

A new account was registed at gmail.com (john.doo@@gmail.com).
Then you should create a new user ID with the following fields:

name: John Doo

email: john.doo@@gmail.com

comment: (optional)

Now email programs are able to associate this address with your
key when somebody wants to send you a protected mail to this account.

@subsection Adding a new Photographic ID
With this function you can add a photo to your public. It will be
displayed in the key property dialog.

You just need to select a JPEG file which contains the photo and
enter your passphrase and confirm with OK. Please read the note
in the dialog carefully to make sure the photo has a proper size
(file, height and weight).

@subsection Adding a new Designated Revoker
If you want to allow another key to revoke your own key, this
might be useful if you lost your secret or a simliar situation,
you can use this function to add a designated revoker to your key.

All you need to do is to select the key you want to add as a desig
revoker. But please bear in mind that this procedure cannot be undone
and that this person really has the power to make your public key
unuseable. You really should trust the selected key, in case it is
not a key owned by yourself.

@subsection Export a Public Key
There are several reason why to export a public key and there
are also several ways to do it. If you want to send the key
directly to a mail recipient, you can select the key, right-click,
and select "Send Key to Mail Recipient". As an alternative, you
can also export it to the clipboard or to a file. To export a
key to the clipboard, you can select "Copy key to Clipboard"
in the popup menu of the selected key. To export it to a file,
you need to select the menu "Key" and then "Export...". The
program will automatically suggest a name for the output.

@subsection Import a Public Key
Similar to the key import, the import of a key can be done in
several ways. First, let's assume you got a mail with an OpenPGP
key included as inline text. Then you can use the current window
feature and "Decrypt/Verify" to import the key. Alternative you
also may use the clipboard. To achieve this, you first need to
select the entire key (CTRL+A) and then copy it to the clipboard
(CTRL+C), then use the Key Manager (Edit->Paste) to import it.
If the key is stored as an attachment, or you want to import
a key from a file in general, just drag the file and drop it
into the Key Manager window or use "Key" -> "Import...".

@subsection Sign a Public Key
If you verified that a key really belongs to its owner, you
should sign the key to integrate it into your Web of Trust
and also to mark the key as valid in your keyring. Do not sign
a key you just got via email with the request to sign it. Anybody
can create a key with your (or better ANY) name, these information 
are no hint to whom the key really belongs. You can check a key 
by meeting or calling the key owner and verify the key fingerprint 
of the key with the one published by the key owner. Additional checks
should be to watch at his driver license or the identity card to make
sure that name of the key matches the name of the key owner. After
this procedure is done, you can open the Key Manager, select the
right key and either use the context menu "Sign Key" or use the
toolbar button.

The next dialog will summarize the key information and some
additional options. For example if the signature should be
local or exportable. Local means the signature will be stripped
if you export the key and no one else except you can use it to
calculate the validity. If you mark the signature exportable,
any other user can see and use it. Now you can select the key
you want to use to sign and enter the passphrase. Confirm with "OK"
and the key will be signed. Now the validity of the new key is
"Full". It is propably a good idea to set the ownertrust of the
key. For a detailled description, see the chapter "Key Ownertrust".

@subsection Key Ownertrust
First we should explain what the ownertrust of a key is. The ownertrust
is a measurement how much you trust somebody to certify and check keys
of other people. For example, if you know that Bob is really the owner
of the key, you should sign it. But he is also known to sign other keys
without checking the idenity of the other key owner. Values for the
ownertrust are 1) Don't Know 2) Don't Trust 3) Marginal 4) Full
and thus you should propably use an ownertrust value like "Marginal".
But this is a personal decision and stored in a separate file and
never exported with the public keys. For further information, please
take a look into the GNU Privacy Handbook.
Just a last work on Key Pairs, they are automatically marked as
"Ultimate" because the key belongs to you and you trust it implicit.

@section The File Manager

@subsection Introduction
The File Manager is no replacement for an Explorer Extension.
If you secure your files frequently and you want to do this
fast and easy, I suggest to install GPGee. It is a program
which integrates itself into the explorer and provide menu
entries in the context menu of files and directory. But the
File Manager can be very useful if you just want to decrypt
and/or encrypt some files without additional programs. You
can find the File Manager via the symbol in the taskbar,
right click and then "File Manager".

@subsection An Overview of the GUI
First there are different ways to add (open) files in the
Key Manager. The easiest way is to use drag and drop to
add files into the File Manager. Just drag a file from the
explorer and drop it into the File Manager window. The second
way is to use File->Open. A dialog opens which is common for
all "File Open" operations in most Windows application. Now
you can select one or more files and confirm. The files will
be automatically added to the File Manager window. The main
window consists of a listview with three rows. 

The first row is the status of the file. It can be "ENCRYPTED",
"SIGNED", "PUBKEY", "SECKEY", "SIG" or "UNKNOWN". Dependent on 
the file status, the File Manager offers different choices. For example
"SIG" enables the verify options in the (popup) menu. "UNKNOWN" is
the default for all plaintext files.
The second row is the file name. And the last row is the status of 
the operation. It can be either "", "SUCCESS" or "FAILED". An empty status
means no operation was started yet. FAILED indicates that the 
GnuPG operation failed. In this case an error message was issued before.

Now it follows an example:
We assume that user wants to encrypt "c:\My Ideas\GPG GUI.txt".
Drag the file from the Explorer and drop it into the open File
Manager, the main window. The file will be added and recognized
as "UNKNOWN". Now we select the file and right click, a popup
menu is shown and we select "Encrypt". An new dialog is opened
which looks similar to the Clipboard Encryption dialog. Just
select the recipients and confirm. In contrast to clipboard encryption,
file encryption offers some more extra options. They are described
later. And hour glass will be shown as long as GnuPG takes to encrypt
the file. When the procedure is done, the third row should be change
to "SUCCESS" and the first row to "ENCRYPTED".

@subsection General Options
Now we describe the general options which are possible in some
File Manager dialogs.

@itemize

@item Text Output
When this option is checked, the output will be encoded in ASCII armor.
This can be useful if the file should be transfered via email. The
size of the output file is larger than the usual binary output.

@item Wipe Original
If this option is checked, the original file will be deleted after
successfull encryption. This can be useful if data should not be
available in plaintext any longer on a machine.

@end itemize

@bye