| 8 |
|
|
| 9 |
Copyright (C) 2006 Timo Schulz |
Copyright (C) 2006 Timo Schulz |
| 10 |
|
|
| 11 |
Version 0.0.0 |
Version 0.2.0 |
| 12 |
|
|
| 13 |
@settitle WinPT - The Windows Privacy Tray; a free GPG front-end for Windows |
@settitle WinPT - The Windows Privacy Tray; a free GPG front-end for Windows |
| 14 |
|
|
| 22 |
|
|
| 23 |
You need at least Windows 98/2K/XP, but Windows XP or better is |
You need at least Windows 98/2K/XP, but Windows XP or better is |
| 24 |
recommend. The program also works on NT/95/ME but there is no support |
recommend. The program also works on NT/95/ME but there is no support |
| 25 |
for these OS versions any longer. |
for these OS versions any longer. Mainly because the OS vendor also |
| 26 |
|
dropped support and no bug fixes will be provided any longer. |
| 27 |
|
|
| 28 |
@section A short Introduction |
@section A short Introduction |
| 29 |
|
|
| 30 |
WinPT is a graphical GnuPG front-end which resides in the task bar. |
WinPT is a graphical GnuPG front-end which resides in the task bar. |
| 31 |
It is divided into several, so-called, managers. There is a manager |
It is divided into several, so-called, managers. There is a manager |
| 32 |
for the keyring, for files and for smart cards. The aim of the program |
for the keyring, for files and for smart cards. The aim of the program |
| 33 |
is to secure email communication and to perform file encryption. |
is to secure email communication and to perform file encryption and |
| 34 |
|
to allow an easy and user friendly way for key management. |
| 35 |
|
|
| 36 |
@subsection What is GnuPG |
@subsection What is GnuPG |
| 37 |
GnuPG is a tool for secure communication and data storage. |
GnuPG is a tool for secure communication and data storage. |
| 71 |
The fingerprint of the key is hexadecial (160-bit) sequence divided |
The fingerprint of the key is hexadecial (160-bit) sequence divided |
| 72 |
into 10 groups of 4 hex digits. You can get the fingerprint of a key |
into 10 groups of 4 hex digits. You can get the fingerprint of a key |
| 73 |
by opening the key property dialog. There you can mark the fingerprint |
by opening the key property dialog. There you can mark the fingerprint |
| 74 |
and copy it to the clipboard. |
and copy it to the clipboard. The fingerprint of a key can be compared |
| 75 |
|
to human fingerprints, it is unique for each key. |
| 76 |
|
|
| 77 |
Example: 1D75 8108 5BC9 D9FB E78B 2078 ED46 81C9 BF3D F9B4 |
Example: 1D75 8108 5BC9 D9FB E78B 2078 ED46 81C9 BF3D F9B4 |
| 78 |
|
|
| 79 |
|
It is a good idea to publish your fingerprint wherever possible. |
| 80 |
|
For example via a business card or your website. |
| 81 |
|
|
| 82 |
@section Installation of the Program |
@section Installation of the Program |
| 83 |
|
|
| 84 |
It is always recommend to use the latest version of the program. You |
It is always recommend to use the latest version of the program. You |
| 85 |
can download it from http://wald.intevation.org/projects/winpt. |
can download it from http://wald.intevation.org/projects/winpt. |
| 86 |
Download the zip file with the binaries inside and unpack them in |
Download the zip file with the binaries inside and unpack them in |
| 87 |
a folder. All files need to be in the same folder, so if you change |
a folder. All files need to be in the same folder, so if you change |
| 88 |
the folder don't forget to move all files. |
the folder do not forget to move all files. |
| 89 |
You should also download and verify the signature of the packet to |
You should also download and verify the signature of the packet to |
| 90 |
make sure that the release is really authentic. |
make sure that the release is really authentic. |
| 91 |
|
|
| 145 |
@section The First Start |
@section The First Start |
| 146 |
|
|
| 147 |
This section is only important for people who never installed |
This section is only important for people who never installed |
| 148 |
and/or used WinPT before. |
and/or used WinPT before and thus no keyrings are available. |
| 149 |
|
|
| 150 |
When the program is started the first time, it offers two choices. |
When the program is started the first time, it offers two choices. |
| 151 |
The one is to generate a key pair and the other is to copy |
The one is to generate a key pair and the other is to copy |
| 155 |
|
|
| 156 |
Now a new dialog is shown which requests some information from |
Now a new dialog is shown which requests some information from |
| 157 |
the user to allow a meaningful association between the key and |
the user to allow a meaningful association between the key and |
| 158 |
the user. If the user prefer RSA keys, the check box should be marked. |
the user. If the user prefer RSA keys, the check box should be marked. |
| 159 |
|
But this is a decision of personal taste and does not influence the security |
| 160 |
|
or anything else. |
| 161 |
If the entered data is OK, WinPT then generates a new key pair. As long |
If the entered data is OK, WinPT then generates a new key pair. As long |
| 162 |
as this step takes, a progress dialog is shown to indicate the |
as this step takes, a progress dialog is shown to indicate the |
| 163 |
enduring process. When the generation of the keypair is done, WinPT |
enduring process. When the generation of the keypair is done, WinPT |
| 167 |
why it is also important to store the backup, at least of the |
why it is also important to store the backup, at least of the |
| 168 |
secret keyring, at a @strong{safe} place. |
secret keyring, at a @strong{safe} place. |
| 169 |
|
|
| 170 |
|
@section The Passphrase for the Secret Key |
| 171 |
|
First a short explaination what passphrase is. A passphrase is like |
| 172 |
|
a password but usually longer, maybe a sentence, which can consists of |
| 173 |
|
any 7-bit ASCII characters. It is used to protect your secret key |
| 174 |
|
and thus it is very import to chose a secure passphrase. If your |
| 175 |
|
computer, and thus the secret key, were stolen and an attacker can |
| 176 |
|
guess your passphrase he is able to decrypt all your data and to |
| 177 |
|
create signatures in your name! A good passphrase is difficult |
| 178 |
|
to guess but easy to remember and should be at least 10 characters long. |
| 179 |
|
An easy way to generate a strong passphrase is to use a sentence only |
| 180 |
|
you know but you can easily remind and then take the first letter of |
| 181 |
|
each word, plus some special characters and maybe even some intentionally |
| 182 |
|
made spelling mistakes. |
| 183 |
|
|
| 184 |
|
Example: Row - row - row your boat, gently down the stream |
| 185 |
|
Passphrase: R-r-ryb,gdt |
| 186 |
|
|
| 187 |
|
Never write down or passphrase or share it among other people! |
| 188 |
|
|
| 189 |
@section Keyserver Access |
@section Keyserver Access |
| 190 |
|
|
| 191 |
An easy way to retrieve keys is the keyserver. You can think of |
An easy way to retrieve keys is the keyserver. You can think of |
| 286 |
"BEGIN PGP MESSAGE" and "END PGP MESSAGE. |
"BEGIN PGP MESSAGE" and "END PGP MESSAGE. |
| 287 |
|
|
| 288 |
@subsection Decrypt/Verify Data from the Clipboard |
@subsection Decrypt/Verify Data from the Clipboard |
| 289 |
|
The most common case is propably that you got a signed email and |
| 290 |
|
now you want to verify it. For this procedure, you have to copy |
| 291 |
|
the entire signature in the clipboard. The easiest way is to |
| 292 |
|
use CTRL+A and CTRL+C, then all available text will be copied. |
| 293 |
|
WinPT (GnuPG) is smart enough to figure out the signature related |
| 294 |
|
data. Now go to the taskbar, display the popup menu and select |
| 295 |
|
Clipboard->Decrypt/Verify. Now a new dialog, the verify dialog, |
| 296 |
|
should be available on screen with all information about the |
| 297 |
|
signature. For example who is the signer, when was it signed |
| 298 |
|
how much do you try this key and what was signed and most |
| 299 |
|
important, the status of it (is the signature good or BAD). |
| 300 |
|
A special case is when you don't have the public key to verify |
| 301 |
|
the signature, if this happens WinPT offers to download the key |
| 302 |
|
from the default keyserver. If the key was not found, the procedure |
| 303 |
|
is aborted because without the key the sig cannot bed checked. |
| 304 |
|
|
| 305 |
@subsection Sign the Clipboard |
@subsection Sign the Clipboard |
| 306 |
|
We assume that text that shall be signed is already in the |
| 307 |
|
clipboard. If not, select the text you want to sign and copy |
| 308 |
|
with via CTRL+C in the clipboard. Now go to the taskbar and |
| 309 |
|
open the peopup menu, Clipboard->Sign. If you just have one |
| 310 |
|
secret key, the passphrase dialog will be automatically shown. |
| 311 |
|
All you need is to enter your passphrase and confirm. In case |
| 312 |
|
of more available secret keys, a list with all keys is shown |
| 313 |
|
and you can select which key shall be used for signing. |
| 314 |
|
The output is always a cleartext signature which is in text |
| 315 |
|
format. Do not try to sign binary clipboard data, the result |
| 316 |
|
would be unpredictable and not readable by human beings. |
| 317 |
|
|
| 318 |
|
@section The Current Window Support |
| 319 |
|
Compared to the clipboard mode, the CWS mode has some advantages. |
| 320 |
|
Let us assume that you want to extract text from an editor window. |
| 321 |
|
With the CWS mode, the program automatically tries to focus the |
| 322 |
|
window to select the text and to copy it to the clipboard and |
| 323 |
|
execute the selected command (Sign, Encrypt, Decrypt). |
| 324 |
|
No manual user interaction is needed. Except this different behaviour, |
| 325 |
|
it is very likewise to the clipboard mode and thus we do not describe |
| 326 |
|
each command again. |
| 327 |
|
|
| 328 |
@section The Key Manager |
@section The Key Manager |
| 329 |
|
|
| 376 |
default values. Just select a file name and enter the passphrase. |
default values. Just select a file name and enter the passphrase. |
| 377 |
The program issues a warning which should be read carefully. |
The program issues a warning which should be read carefully. |
| 378 |
|
|
| 379 |
@subsection Adding a new secondary key |
@subsection Adding a new Secondary Key |
| 380 |
|
|
| 381 |
For most users the existing keys in the key pair are enough |
For most users the existing keys in the key pair are enough |
| 382 |
and no extra key is needed. But there are some exceptions. |
and no extra key is needed. But there are some exceptions. |
| 400 |
users it's a good idea to let the program chose the key size (in bits). |
users it's a good idea to let the program chose the key size (in bits). |
| 401 |
The default settings should be secure enough for most purposes. |
The default settings should be secure enough for most purposes. |
| 402 |
|
|
| 403 |
@subsection Adding a new user ID |
@subsection Adding a new User ID |
| 404 |
If you got a new email account, it's propably a good idea to |
If you got a new email account, it's propably a good idea to |
| 405 |
add these new account to your key also. For example: |
add these new account to your key also. For example: |
| 406 |
|
|
| 416 |
Now email programs are able to associate this address with your |
Now email programs are able to associate this address with your |
| 417 |
key when somebody wants to send you a protected mail to this account. |
key when somebody wants to send you a protected mail to this account. |
| 418 |
|
|
| 419 |
@subsection Adding a photographic ID |
@subsection Adding a new Photographic ID |
| 420 |
With this function you can add a photo to your public. It will be |
With this function you can add a photo to your public. It will be |
| 421 |
displayed in the key property dialog. |
displayed in the key property dialog. |
| 422 |
|
|
| 425 |
in the dialog carefully to make sure the photo has a proper size |
in the dialog carefully to make sure the photo has a proper size |
| 426 |
(file, height and weight). |
(file, height and weight). |
| 427 |
|
|
| 428 |
@subsection Adding a new designated revoker |
@subsection Adding a new Designated Revoker |
| 429 |
If you want to allow another key to revoke your own key, this |
If you want to allow another key to revoke your own key, this |
| 430 |
might be useful if you lost your secret or a simliar situation, |
might be useful if you lost your secret or a simliar situation, |
| 431 |
you can use this function to add a designated revoker to your key. |
you can use this function to add a designated revoker to your key. |
| 459 |
a key from a file in general, just drag the file and drop it |
a key from a file in general, just drag the file and drop it |
| 460 |
into the Key Manager window or use "Key" -> "Import...". |
into the Key Manager window or use "Key" -> "Import...". |
| 461 |
|
|
| 462 |
|
@subsection Sign a Public Key |
| 463 |
|
If you verified that a key really belongs to its owner, you |
| 464 |
|
should sign the key to integrate it into your Web of Trust |
| 465 |
|
and also to mark the key as valid in your keyring. Do not sign |
| 466 |
|
a key you just got via email with the request to sign it. Anybody |
| 467 |
|
can create a key with your (or better ANY) name, these information |
| 468 |
|
are no hint to whom the key really belongs. You can check a key |
| 469 |
|
by meeting or calling the key owner and verify the key fingerprint |
| 470 |
|
of the key with the one published by the key owner. Additional checks |
| 471 |
|
should be to watch at his driver license or the identity card to make |
| 472 |
|
sure that name of the key matches the name of the key owner. After |
| 473 |
|
this procedure is done, you can open the Key Manager, select the |
| 474 |
|
right key and either use the context menu "Sign Key" or use the |
| 475 |
|
toolbar button. |
| 476 |
|
|
| 477 |
|
The next dialog will summarize the key information and some |
| 478 |
|
additional options. For example if the signature should be |
| 479 |
|
local or exportable. Local means the signature will be stripped |
| 480 |
|
if you export the key and no one else except you can use it to |
| 481 |
|
calculate the validity. If you mark the signature exportable, |
| 482 |
|
any other user can see and use it. Now you can select the key |
| 483 |
|
you want to use to sign and enter the passphrase. Confirm with "OK" |
| 484 |
|
and the key will be signed. Now the validity of the new key is |
| 485 |
|
"Full". It is propably a good idea to set the ownertrust of the |
| 486 |
|
key. For a detailled description, see the chapter "Key Ownertrust". |
| 487 |
|
|
| 488 |
|
@subsection Key Ownertrust |
| 489 |
|
First we should explain what the ownertrust of a key is. The ownertrust |
| 490 |
|
is a measurement how much you trust somebody to certify and check keys |
| 491 |
|
of other people. For example, if you know that Bob is really the owner |
| 492 |
|
of the key, you should sign it. But he is also known to sign other keys |
| 493 |
|
without checking the idenity of the other key owner. Values for the |
| 494 |
|
ownertrust are 1) Don't Know 2) Don't Trust 3) Marginal 4) Full |
| 495 |
|
and thus you should propably use an ownertrust value like "Marginal". |
| 496 |
|
But this is a personal decision and stored in a separate file and |
| 497 |
|
never exported with the public keys. For further information, please |
| 498 |
|
take a look into the GNU Privacy Handbook. |
| 499 |
|
Just a last work on Key Pairs, they are automatically marked as |
| 500 |
|
"Ultimate" because the key belongs to you and you trust it implicit. |
| 501 |
|
|
| 502 |
|
@section The File Manager |
| 503 |
|
|
| 504 |
|
@subsection Introduction |
| 505 |
|
The File Manager is no replacement for an Explorer Extension. |
| 506 |
|
If you secure your files frequently and you want to do this |
| 507 |
|
fast and easy, I suggest to install GPGee. It is a program |
| 508 |
|
which integrates itself into the explorer and provide menu |
| 509 |
|
entries in the context menu of files and directory. But the |
| 510 |
|
File Manager can be very useful if you just want to decrypt |
| 511 |
|
and/or encrypt some files without additional programs. You |
| 512 |
|
can find the File Manager via the symbol in the taskbar, |
| 513 |
|
right click and then "File Manager". |
| 514 |
|
|
| 515 |
|
@subsection An Overview of the GUI |
| 516 |
|
First there are different ways to add (open) files in the |
| 517 |
|
Key Manager. The easiest way is to use drag and drop to |
| 518 |
|
add files into the File Manager. Just drag a file from the |
| 519 |
|
explorer and drop it into the File Manager window. The second |
| 520 |
|
way is to use File->Open. A dialog opens which is common for |
| 521 |
|
all "File Open" operations in most Windows application. Now |
| 522 |
|
you can select one or more files and confirm. The files will |
| 523 |
|
be automatically added to the File Manager window. The main |
| 524 |
|
window consists of a listview with three rows. |
| 525 |
|
|
| 526 |
|
The first row is the status of the file. It can be "ENCRYPTED", |
| 527 |
|
"SIGNED", "PUBKEY", "SECKEY", "SIG" or "UNKNOWN". Dependent on |
| 528 |
|
the file status, the File Manager offers different choices. For example |
| 529 |
|
"SIG" enables the verify options in the (popup) menu. "UNKNOWN" is |
| 530 |
|
the default for all plaintext files. |
| 531 |
|
The second row is the file name. And the last row is the status of |
| 532 |
|
the operation. It can be either "", "SUCCESS" or "FAILED". An empty status |
| 533 |
|
means no operation was started yet. FAILED indicates that the |
| 534 |
|
GnuPG operation failed. In this case an error message was issued before. |
| 535 |
|
|
| 536 |
|
Now it follows an example: |
| 537 |
|
We assume that user wants to encrypt "c:\My Ideas\GPG GUI.txt". |
| 538 |
|
Drag the file from the Explorer and drop it into the open File |
| 539 |
|
Manager, the main window. The file will be added and recognized |
| 540 |
|
as "UNKNOWN". Now we select the file and right click, a popup |
| 541 |
|
menu is shown and we select "Encrypt". An new dialog is opened |
| 542 |
|
which looks similar to the Clipboard Encryption dialog. Just |
| 543 |
|
select the recipients and confirm. In contrast to clipboard encryption, |
| 544 |
|
file encryption offers some more extra options. They are described |
| 545 |
|
later. And hour glass will be shown as long as GnuPG takes to encrypt |
| 546 |
|
the file. When the procedure is done, the third row should be change |
| 547 |
|
to "SUCCESS" and the first row to "ENCRYPTED". |
| 548 |
|
|
| 549 |
|
@subsection General Options |
| 550 |
|
Now we describe the general options which are possible in some |
| 551 |
|
File Manager dialogs. |
| 552 |
|
|
| 553 |
|
@itemize |
| 554 |
|
|
| 555 |
|
@item Text Output |
| 556 |
|
When this option is checked, the output will be encoded in ASCII armor. |
| 557 |
|
This can be useful if the file should be transfered via email. The |
| 558 |
|
size of the output file is larger than the usual binary output. |
| 559 |
|
|
| 560 |
|
@item Wipe Original |
| 561 |
|
If this option is checked, the original file will be deleted after |
| 562 |
|
successfull encryption. This can be useful if data should not be |
| 563 |
|
available in plaintext any longer on a machine. |
| 564 |
|
|
| 565 |
|
@end itemize |
| 566 |
|
|
| 567 |
@bye |
@bye |
Parent Directory
| 
Revision Log
| 
Patch