/[winpt]/trunk/Doc/winpt.texi

Diff of /trunk/Doc/winpt.texi

Parent Directory | Revision Log | View Patch Patch

-revision 224 by twoaday,
Sun Jun  4 10:13:20 2006 UTC
+revision 242 by twoaday,
Thu Jun 29 11:18:27 2006 UTC
 Line 8 
 This file is free under the terms of the
  Copyright (C) 2006 Timo Schulz
- Version 0.0.0
+ Version 0.2.0
  @settitle WinPT - The Windows Privacy Tray; a free GPG front-end for Windows
 Line 25 
 recommend. The program also works on NT/
  for these OS versions any longer.
  @section A short Introduction
  WinPT is a graphical GnuPG front-end which resides in the task bar.
  It is divided into several, so-called, managers. There is a manager
  for the keyring, for files and for smart cards. The aim of the program
-Line 68 
 recommend to sign keys without doing thi
+Line 69 
 recommend to sign keys without doing thi
  The fingerprint of the key is hexadecial (160-bit) sequence divided
  into 10 groups of 4 hex digits. You can get the fingerprint of a key
  by opening the key property dialog. There you can mark the fingerprint
- and copy it to the clipboard.
+ and copy it to the clipboard. The fingerprint of a key can be compared
+ to human fingerprints, it is unique for each key.
  Example: 1D75 8108 5BC9 D9FB E78B  2078 ED46 81C9 BF3D F9B4
+ It is a good idea to publish your fingerprint wherever possible.
+ For example via a business card or your website.
  @section Installation of the Program
  It is always recommend to use the latest version of the program. You
-Line 94 
 is very easy to use with an average size
+Line 99 
 is very easy to use with an average size
  speaking users, I recommend the light version because it does not
  contain the 2 German PDF manuals.
+ @subsection Getting the Source of the Program
+ As free software, according to the GNU General Public License,
+ WinPT also offers the source code for the program. It can be used
+ for reviews, to compile your own binary and/or to modify and/or
+ redistribute it or just to learn how it works. The source is available
+ at the same place you downloaded the binary. If not, you should
+ contact the author of the site.
+ The entire program can be build with free software; the default
+ environment is a cross-compiler hosted on a Linux box. All you
+ need is the mingw32 packages, a working autoconf environment
+ and the libs WinPT depends on (currently gpgme and libgpg-error).
+ It is also possible to build the binary with cygwin/mingw32 on
+ Windows but this environment is not actively supported and propably
+ needs adjustment of the source.
  @subsection Configure the Program
  After the installation not much of the default settings need to
  be changed. If you prefer a special keyserver, it is propably a good
-Line 121 
 the latter case, a folder needs to be ch
+Line 141 
 the latter case, a folder needs to be ch
  @section The First Start
  This section is only important for people who never installed
  and/or used WinPT before.
-Line 143 
 why it is also important to store the ba
+Line 164 
 why it is also important to store the ba
  secret keyring, at a @strong{safe} place.
  @section Keyserver Access
  An easy way to retrieve keys is the keyserver. You can think of
  it like a huge database with a lot of keys as its content. It is
  possible to search keys by a pattern, a keyid or even a fingerprint.
-Line 220 
 to delete them or to add new entries. Ju
+Line 242 
 to delete them or to add new entries. Ju
  item and a popup menu will be shown with ("Edit", "Remove" and "New").
  @section Using the Clipboard
  A major aim from the first day was, that the program does not
  depend on a special mailer client. For this reason it uses the
  clipboard to encrypt and/or sign data.
-Line 240 
 The output should contain a header and a
+Line 263 
 The output should contain a header and a
  "BEGIN PGP MESSAGE" and "END PGP MESSAGE.
  @subsection Decrypt/Verify Data from the Clipboard
+ The most common case is propably that you got a signed email and
+ now you want to verify it. For this procedure, you have to copy
+ the entire signature in the clipboard. The easiest way is to
+ use CTRL+A and CTRL+C, then all available text will be copied.
+ WinPT (GnuPG) is smart enough to figure out the signature related
+ data. Now go to the taskbar, display the popup menu and select
+ Clipboard->Decrypt/Verify. Now a new dialog, the verify dialog,
+ should be available on screen with all information about the
+ signature. For example who is the signer, when was it signed
+ how much do you try this key and what was signed and most
+ important, the status of it (is the signature good or BAD).
+ A special case is when you don't have the public key to verify
+ the signature, if this happens WinPT offers to download the key
+ from the default keyserver. If the key was not found, the procedure
+ is aborted because without the key the sig cannot bed checked.
  @subsection Sign the Clipboard
+ We assume that text that shall be signed is already in the
+ clipboard. If not, select the text you want to sign and copy
+ with via CTRL+C in the clipboard. Now go to the taskbar and
+ open the peopup menu, Clipboard->Sign. If you just have one
+ secret key, the passphrase dialog will be automatically shown.
+ All you need is to enter your passphrase and confirm. In case
+ of more available secret keys, a list with all keys is shown
+ and you can select which key shall be used for signing.
+ The output is always a cleartext signature which is in text
+ format. Do not try to sign binary clipboard data, the result
+ would be unpredictable and not readable by human beings.
+ @section The Current Window Support
+ Compared to the clipboard mode, the CWS mode has some advantages.
+ Let us assume that you want to extract text from an editor window.
+ With the CWS mode, the program automatically tries to focus the
+ window to select the text and to copy it to the clipboard and
+ execute the selected command (Sign, Encrypt, Decrypt).
+ No manual user interaction is needed. Except this different behaviour,
+ it is very likewise to the clipboard mode and thus we do not describe
+ each command again.
  @section The Key Manager
  This part of the program is propably most important for many users.
  It contains function to manage your keyring and to perform actions
  which are required and/or useful in the OpenPGP environment.
-Line 274 
 To customize the parameters of the gener
+Line 334 
 To customize the parameters of the gener
  the expert key generation. It allows you to set the public key
  algorithm and/or the size of the key directly.
+ @item
+ Most of the list view based dialogs allow to use the right
+ mouse button, to show popup menus with available commands.
  @end itemize
- @subsection Adding a new secondary key
+ @subsection Create a Revocation Certificate
+ It is very important to do this step early as possible. With this
+ certificate, you can revoke your entire key. The reason for this
+ can be for example, that your key is no longer used or even compromised.
+ After you generated the revoc cert, you should move it to a secure place
+ because anybody who gets access to it, can render your key unuseable.
+ Just right-click on your key and select "Revoke Cert". If you do this
+ step directly after key generation, there is no need to change the
+ default values. Just select a file name and enter the passphrase.
+ The program issues a warning which should be read carefully.
+ @subsection Adding a new Secondary Key
  For most users the existing keys in the key pair are enough
  and no extra key is needed. But there are some exceptions.
-Line 300 
 of taste. RSA and ElGamal are both capab
+Line 377 
 of taste. RSA and ElGamal are both capab
  users it's a good idea to let the program chose the key size (in bits).
  The default settings should be secure enough for most purposes.
- @subsection Adding a new user ID
+ @subsection Adding a new User ID
  If you got a new email account, it's propably a good idea to
  add these new account to your key also. For example:
-Line 316 
 comment: (optional)
+Line 393 
 comment: (optional)
  Now email programs are able to associate this address with your
  key when somebody wants to send you a protected mail to this account.
- @subsection Adding a photographic ID
+ @subsection Adding a new Photographic ID
  With this function you can add a photo to your public. It will be
  displayed in the key property dialog.
-Line 325 
 enter your passphrase and confirm with O
+Line 402 
 enter your passphrase and confirm with O
  in the dialog carefully to make sure the photo has a proper size
  (file, height and weight).
- @subsection Adding a new designated revoker
+ @subsection Adding a new Designated Revoker
  If you want to allow another key to revoke your own key, this
  might be useful if you lost your secret or a simliar situation,
  you can use this function to add a designated revoker to your key.
-Line 336 
 and that this person really has the powe
+Line 413 
 and that this person really has the powe
  unuseable. You really should trust the selected key, in case it is
  not a key owned by yourself.
+ @subsection Export a Public Key
+ There are several reason why to export a public key and there
+ are also several ways to do it. If you want to send the key
+ directly to a mail recipient, you can select the key, right-click,
+ and select "Send Key to Mail Recipient". As an alternative, you
+ can also export it to the clipboard or to a file. To export a
+ key to the clipboard, you can select "Copy key to Clipboard"
+ in the popup menu of the selected key. To export it to a file,
+ you need to select the menu "Key" and then "Export...". The
+ program will automatically suggest a name for the output.
+ @subsection Import a Public Key
+ Similar to the key import, the import of a key can be done in
+ several ways. First, let's assume you got a mail with an OpenPGP
+ key included as inline text. Then you can use the current window
+ feature and "Decrypt/Verify" to import the key. Alternative you
+ also may use the clipboard. To achieve this, you first need to
+ select the entire key (CTRL+A) and then copy it to the clipboard
+ (CTRL+C), then use the Key Manager (Edit->Paste) to import it.
+ If the key is stored as an attachment, or you want to import
+ a key from a file in general, just drag the file and drop it
+ into the Key Manager window or use "Key" -> "Import...".
+ @subsection Sign a Public Key
+ If you verified that a key really belongs to its owner, you
+ should sign the key to integrate it into your Web of Trust
+ and also to mark the key as valid in your keyring. Do not sign
+ a key you just got via email with the request to sign it. Anybody
+ can create a key with your (or better ANY) name, these information
+ are no hint to whom the key really belongs. You can check a key
+ by meeting or calling the key owner and verify the key fingerprint
+ of the key with the one published by the key owner. Additional checks
+ should be to watch at his driver license or the identity card to make
+ sure that name of the key matches the name of the key owner. After
+ this procedure is done, you can open the Key Manager, select the
+ right key and either use the context menu "Sign Key" or use the
+ toolbar button.
+ The next dialog will summarize the key information and some
+ additional options. For example if the signature should be
+ local or exportable. Local means the signature will be stripped
+ if you export the key and no one else except you can use it to
+ calculate the validity. If you mark the signature exportable,
+ any other user can see and use it. Now you can select the key
+ you want to use to sign and enter the passphrase. Confirm with "OK"
+ and the key will be signed. Now the validity of the new key is
+ "Full". It is propably a good idea to set the ownertrust of the
+ key. For a detailled description, see the chapter "Key Ownertrust".
+ @subsection Key Ownertrust
+ First we should explain what the ownertrust of a key is. The ownertrust
+ is a measurement how much you trust somebody to certify and check keys
+ of other people. For example, if you know that Bob is really the owner
+ of the key, you should sign it. But he is also known to sign other keys
+ without checking the idenity of the other key owner. Values for the
+ ownertrust are 1) Don't Know 2) Don't Trust 3) Marginal 4) Full
+ and thus you should propably use an ownertrust value like "Marginal".
+ But this is a personal decision and stored in a separate file and
+ never exported with the public keys. For further information, please
+ take a look into the GNU Privacy Handbook.
+ Just a last work on Key Pairs, they are automatically marked as
+ "Ultimate" because the key belongs to you and you trust it implicit.
+ @section The File Manager
+ @subsection Introduction
+ The File Manager is no replacement for an Explorer Extension.
+ If you secure your files frequently and you want to do this
+ fast and easy, I suggest to install GPGee. It is a program
+ which integrates itself into the explorer and provide menu
+ entries in the context menu of files and directory. But the
+ File Manager can be very useful if you just want to decrypt
+ and/or encrypt some files without additional programs. You
+ can find the File Manager via the symbol in the taskbar,
+ right click and then "File Manager".
+ @subsection An Overview of the GUI
+ First there are different ways to add (open) files in the
+ Key Manager. The easiest way is to use drag and drop to
+ add files into the File Manager. Just drag a file from the
+ explorer and drop it into the File Manager window. The second
+ way is to use File->Open. A dialog opens which is common for
+ all "File Open" operations in most Windows application. Now
+ you can select one or more files and confirm. The files will
+ be automatically added to the File Manager window. The main
+ window consists of a listview with three rows.
+ The first row is the status of the file. It can be "ENCRYPTED",
+ "SIGNED", "PUBKEY", "SECKEY", "SIG" or "UNKNOWN". Dependent on
+ the file status, the File Manager offers different choices. For example
+ "SIG" enables the verify options in the (popup) menu. "UNKNOWN" is
+ the default for all plaintext files.
+ The second row is the file name. And the last row is the status of
+ the operation. It can be either "", "SUCCESS" or "FAILED". An empty status
+ means no operation was started yet. FAILED indicates that the
+ GnuPG operation failed. In this case an error message was issued before.
+ Now it follows an example:
+ We assume that user wants to encrypt "c:\My Ideas\GPG GUI.txt".
+ Drag the file from the Explorer and drop it into the open File
+ Manager, the main window. The file will be added and recognized
+ as "UNKNOWN". Now we select the file and right click, a popup
+ menu is shown and we select "Encrypt". An new dialog is opened
+ which looks similar to the Clipboard Encryption dialog. Just
+ select the recipients and confirm. In contrast to clipboard encryption,
+ file encryption offers some more extra options. They are described
+ later. And hour glass will be shown as long as GnuPG takes to encrypt
+ the file. When the procedure is done, the third row should be change
+ to "SUCCESS" and the first row to "ENCRYPTED".
+ @subsection General Options
+ Now we describe the general options which are possible in some
+ File Manager dialogs.
+ @itemize
+ @item Text Output
+ When this option is checked, the output will be encoded in ASCII armor.
+ This can be useful if the file should be transfered via email. The
+ size of the output file is larger than the usual binary output.
+ @item Wipe Original
+ If this option is checked, the original file will be deleted after
+ successfull encryption. This can be useful if data should not be
+ available in plaintext any longer on a machine.
+ @end itemize
  @bye

 Legend:



Removed from v.224
 


changed lines


 
Added in v.242
 Legend:



Removed from v.224
 


changed lines


 
Added in v.242
-Removed from v.224
+Added in v.242

[email protected]	ViewVC Help
Powered by ViewVC 1.1.26