1 # SOME DESCRIPTIVE TITLE
2 # Copyright (C) YEAR Free Software Foundation, Inc.
3 # This file is distributed under the same license as the PACKAGE package.
4 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
9 "Project-Id-Version: PACKAGE VERSION\n"
10 "POT-Creation-Date: 2022-09-21 20:43+0200\n"
11 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
12 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13 "Language-Team: LANGUAGE <LL@li.org>\n"
16 "Content-Type: text/plain; charset=UTF-8\n"
17 "Content-Transfer-Encoding: 8bit\n"
19 #. type: Attribute 'lang' of: <html>
23 #. type: Attribute 'content' of: <html><head><meta>
24 msgid "text/html; charset=utf-8"
27 #. type: Content of: <html><head><title>
28 msgid "Email Self-Defense - a guide to fighting surveillance with GnuPG encryption"
31 #. type: Attribute 'content' of: <html><head><meta>
33 "GnuPG, GPG, openpgp, surveillance, privacy, email, security, GnuPG2, "
37 #. type: Attribute 'content' of: <html><head><meta>
39 "Email surveillance violates our fundamental rights and makes free speech "
40 "risky. This guide will teach you email self-defense in 40 minutes with "
44 #. type: Attribute 'content' of: <html><head><meta>
45 msgid "width=device-width, initial-scale=1"
48 #. type: Content of: <html><body><header><div><p>
50 "<strong>Please check your email for a confirmation link now. Thanks for "
51 "joining our list!</strong>"
54 #. type: Content of: <html><body><header><div><p>
56 "If you don't receive the confirmation link, send us an email at info@fsf.org "
57 "to be added manually."
60 #. type: Attribute 'alt' of: <html><body><header><div><p><img>
64 #. type: Content of: <html><body><header><div><p>
65 msgid "Join us on microblogging services for day-to-day updates:"
68 #. type: Content of: <html><body><section><div><div><div><p><a>
69 msgid "<a href=\"https://status.fsf.org/fsf\">"
72 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
76 #. type: Content of: <html><body><section><div><div><div><p><a>
77 msgid " GNU Social</a> | <a href=\"https://hostux.social/@fsf\">"
80 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
84 #. type: Content of: <html><body><section><div><div><div><p>
86 " Mastodon</a> | <a "
87 "href=\"https://www.twitter.com/fsf\">Twitter</a>"
90 #. type: Content of: <html><body><header><div><p>
92 "<small><a href=\"https://www.fsf.org/twitter\">Read why GNU Social and "
93 "Mastodon are better than Twitter.</a></small>"
96 #. type: Content of: <html><body><header><div><p>
97 msgid "← Return to <a href=\"index.html\">Email Self-Defense</a>"
100 #. type: Content of: <html><body><footer><div><div><h4><a>
101 msgid "<a href=\"https://u.fsf.org/ys\">"
104 #. type: Attribute 'alt' of: <html><body><footer><div><div><h4><a><img>
105 msgid "Free Software Foundation"
108 #. type: Content of: <html><body><footer><div><p>
112 #. type: Content of: <html><body><footer><div><div><p>
114 "Copyright © 2014-2021 <a href=\"https://u.fsf.org/ys\">Free Software "
115 "Foundation</a>, Inc. <a "
116 "href=\"https://my.fsf.org/donate/privacypolicy.html\">Privacy "
117 "Policy</a>. Please support our work by <a "
118 "href=\"https://u.fsf.org/yr\">joining us as an associate member.</a>"
121 #. type: Content of: <html><body><footer><div><div><p>
123 "The images on this page are under a <a "
124 "href=\"https://creativecommons.org/licenses/by/4.0/\">Creative Commons "
125 "Attribution 4.0 license (or later version)</a>, and the rest of it is under "
126 "a <a href=\"https://creativecommons.org/licenses/by-sa/4.0\">Creative "
127 "Commons Attribution-ShareAlike 4.0 license (or later version)</a>. Download "
129 "href=\"https://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz\"> "
130 "source code of Edward reply bot</a> by Andrew Engelbrecht "
131 "<andrew@engelbrecht.io> and Josh Drake <zamnedix@gnu.org>, "
132 "available under the GNU Affero General Public License. <a "
133 "href=\"https://www.gnu.org/licenses/license-list.html#OtherLicenses\">Why "
134 "these licenses?</a>"
137 #. type: Content of: <html><body><footer><div><div><p>
139 "Fonts used in the guide & infographic: <a "
140 "href=\"https://www.google.com/fonts/specimen/Dosis\">Dosis</a> by Pablo "
142 "href=\"https://www.google.com/fonts/specimen/Signika\">Signika</a> by Anna "
144 "href=\"https://www.google.com/fonts/specimen/Archivo+Narrow\">Archivo "
145 "Narrow</a> by Omnibus-Type, <a "
146 "href=\"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls\">PXL-2000</a> "
150 #. type: Content of: <html><body><footer><div><div><p>
152 "Download the <a href=\"emailselfdefense_source.zip\">source package</a> for "
153 "this guide, including fonts, image source files and the text of Edward's "
157 #. type: Content of: <html><body><footer><div><div><p>
159 "This site uses the Weblabels standard for labeling <a "
160 "href=\"https://www.fsf.org/campaigns/freejs\">free JavaScript</a>. View the "
161 "JavaScript <a href=\"https://weblabels.fsf.org/emailselfdefense.fsf.org/\" "
162 "rel=\"jslicense\">source code and license information</a>."
165 #. type: Content of: <html><body><footer><div><p><a>
167 "Infographic and guide design by <a rel=\"external\" "
168 "href=\"https://jplusplus.org\"><strong>Journalism++</strong>"
171 #. type: Attribute 'alt' of: <html><body><footer><div><p><a><img>
175 #. type: Content of: <html><body><header><div><h1>
176 msgid "Email Self-Defense"
179 #. type: Content of: <html><body><header><div><ul><li>
182 "href=\"https://libreplanet.org/wiki/GPG_guide/Translation_Guide\"> "
183 "Translate!</a></strong>"
186 #. type: Content of: <html><body><header><div><ul><li>
187 msgid "<a href=\"index.html\" class=\"current\">Set up guide</a>"
190 #. type: Content of: <html><body><header><div><ul><li>
191 msgid "<a href=\"workshops.html\">Teach your friends</a>"
194 #. type: Content of: <html><body><header><div><ul><li>
197 "href=\"http://hhldo3tnt5solzj2bwfvh7xm4slk2forpjwjyemhcfrlob5gq75gioid.onion/en\" "
198 "target=\"_blank\">This site's tor onion service</a>"
201 #. type: Content of: <html><body><header><div><ul><li><a>
204 "href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email%20encryption%20for%20everyone%20via%20%40fsf\"> "
208 #. type: Content of: <html><body><header><div><ul><li><a>
212 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
216 #. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img>
217 msgid "[Hacker News]"
220 #. type: Content of: <html><body><header><div><div><div><p>
222 "We fight for computer users' rights, and promote the development of free (as "
223 "in freedom) software. Resisting bulk surveillance is very important to us."
226 #. type: Content of: <html><body><header><div><div><div><p>
228 "<strong>Please donate to support Email Self-Defense. We need to keep "
229 "improving it, and making more materials, for the benefit of people around "
230 "the world taking the first step towards protecting their privacy.</strong>"
233 #. type: Content of: <html><body><section><div><div><div><p><a>
236 "href=\"https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&mtm_campaign=email_self_defense&mtm_kwd=guide_donate\">"
239 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
243 #. type: Content of: <html><body><header><div><div><div><h5>
247 #. type: Content of: <html><body><header><div><div><div><form><p>
248 msgid "Enter your email address to receive our monthly newsletter, the"
251 #. type: Content of: <html><body><header><div><div><div><form><p>
253 "<a href=\"https://www.fsf.org/free-software-supporter/\">Free Software "
257 #. type: Content of: <html><body><header><div><div><div><form><p>
259 "<input id=\"frmEmail\" type=\"text\" name=\"email-Primary\" size=\"18\" "
260 "maxlength=\"80\" />"
263 #. type: Content of: <html><body><header><div><div><div><form><p>
264 msgid "<input type=\"submit\" name=\"_qf_Edit_next\" value=\"Subscribe me\" />"
267 #. type: Content of: <html><body><header><div><div><div><form><div>
269 "<input name=\"postURL\" type=\"hidden\" value=\"\" /> <input type=\"hidden\" "
270 "name=\"group[25]\" value=\"1\" /> <input name=\"cancelURL\" type=\"hidden\" "
271 "value=\"https://my.fsf.org/civicrm/profile?reset=1&gid=31\" /> <input "
272 "name=\"_qf_default\" type=\"hidden\" value=\"Edit:cancel\" />"
275 #. type: Content of: <html><body><header><div><div><p><a>
276 msgid "<a id=\"infographic\" href=\"infographic.html\">"
279 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><a><img>
280 msgid "View & share our infographic →"
283 #. type: Content of: <html><body><header><div><div><p>
285 "</a> Bulk surveillance violates our fundamental rights and makes free speech "
286 "risky. This guide will teach you a basic surveillance self-defense skill: "
287 "email encryption. Once you've finished, you'll be able to send and receive "
288 "emails that are scrambled to make sure a surveillance agent or thief "
289 "intercepting your email can't read them. All you need is a computer with an "
290 "Internet connection, an email account, and about forty minutes."
293 #. type: Content of: <html><body><header><div><div><p>
295 "Even if you have nothing to hide, using encryption helps protect the privacy "
296 "of people you communicate with, and makes life difficult for bulk "
297 "surveillance systems. If you do have something important to hide, you're in "
298 "good company; these are the same tools that whistleblowers use to protect "
299 "their identities while shining light on human rights abuses, corruption, and "
303 #. type: Content of: <html><body><header><div><div><p>
305 "In addition to using encryption, standing up to surveillance requires "
306 "fighting politically for a <a "
307 "href=\"https://gnu.org/philosophy/surveillance-vs-democracy.html\">reduction "
308 "in the amount of data collected on us</a>, but the essential first step is "
309 "to protect yourself and make surveillance of your communication as difficult "
310 "as possible. This guide helps you do that. It is designed for beginners, but "
311 "if you already know the basics of GnuPG or are an experienced free software "
312 "user, you'll enjoy the advanced tips and the <a "
313 "href=\"workshops.html\">guide to teaching your friends</a>."
316 #. type: Content of: <html><body><section><div><div><h2>
317 msgid "<em>#1</em> Get the pieces"
320 #. type: Content of: <html><body><section><div><div><p>
322 "This guide relies on software which is <a "
323 "href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; "
324 "it's completely transparent and anyone can copy it or make their own "
325 "version. This makes it safer from surveillance than proprietary software "
326 "(like Windows or macOS). Learn more about free software at <a "
327 "href=\"https://u.fsf.org/ys\">fsf.org</a>."
330 #. type: Content of: <html><body><section><div><div><p>
332 "Most GNU/Linux operating systems come with GnuPG installed on them, so if "
333 "you're running one of these systems, you don't have to download it. If "
334 "you're running macOS or Windows, steps to download GnuPG are below. Before "
335 "configuring your encryption setup with this guide, though, you'll need a "
336 "desktop email program installed on your computer. Many GNU/Linux "
337 "distributions have one installed already, such as Icedove, which may be "
338 "under the alternate name \"Thunderbird.\" Programs like these are another "
339 "way to access the same email accounts you can access in a browser (like "
340 "Gmail), but provide extra features."
343 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
344 msgid "Step 1.A: Install Wizard"
347 #. type: Content of: <html><body><section><div><div><div><h3>
348 msgid "<em>Step 1.a</em> Set up your email program with your email account"
351 #. type: Content of: <html><body><section><div><div><div><p>
353 "Open your email program and follow the wizard (step-by-step walkthrough) "
354 "that sets it up with your email account. This usually starts from \"Account "
355 "Settings\" → \"Add Mail Account\". You should get the email server "
356 "settings from your systems administrator or the help section of your email "
360 #. type: Content of: <html><body><section><div><div><div><div><h4>
361 msgid "Troubleshooting"
364 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
365 msgid "The wizard doesn't launch"
368 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
370 "You can launch the wizard yourself, but the menu option for doing so is "
371 "named differently in each email program. The button to launch it will be in "
372 "the program's main menu, under \"New\" or something similar, titled "
373 "something like \"Add account\" or \"New/Existing email account.\""
376 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
377 msgid "The wizard can't find my account or isn't downloading my mail"
380 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
382 "Before searching the Web, we recommend you start by asking other people who "
383 "use your email system, to figure out the correct settings."
386 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
387 msgid "I can't find the menu"
390 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
392 "In many new email programs, the main menu is represented by an image of "
393 "three stacked horizontal bars."
396 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
397 msgid "Don't see a solution to your problem?"
400 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
402 "Please let us know on the <a "
403 "href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">feedback "
407 #. type: Content of: <html><body><section><div><div><div><h3>
408 msgid "<em>Step 1.b</em> Install GnuPG"
411 #. type: Content of: <html><body><section><div><div><div><p>
413 "If you are using a GNU/Linux machine, you should already have GnuPG "
414 "installed, and you can skip to <a href=\"#section2\">Section 2</a>."
417 #. type: Content of: <html><body><section><div><div><div><p>
419 "If you are using a macOS or Windows machine, however, you need to first "
420 "install the GnuPG program. Select your operating system below and follow the "
421 "instructions. For the rest of this guide, the steps are the same for all "
425 #. type: Content of: <html><body><section><div><div><div><div><h4>
429 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
430 msgid "Use a third-party package manager to install GnuPG"
433 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
435 "The default macOS package manager makes it difficult to install GnuPG and "
436 "other pieces of free software (like Emacs, GIMP, or Inkscape). To make "
437 "things easier, we recommend setting up the third-party package manager "
438 "\"Homebrew\" to install GnuPG. For this, we will use a program called "
439 "\"Terminal,\" which is pre-installed on macOS."
442 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
444 "# Copy the first command on the home page of <a "
445 "href=\"https://brew.sh/\">Homebrew</a> by clicking on the clipboard icon, "
446 "and paste it in Terminal. Click \"Enter\" and wait for the installation to "
450 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
451 msgid "# Then install GnuPG by entering the following code in Terminal:"
454 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
455 msgid "<code>brew install gnupg gnupg2</code>"
458 #. type: Content of: <html><body><section><div><div><div><div><h4>
462 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
463 msgid "Get GnuPG by downloading GPG4Win"
466 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
468 "<a href=\"https://www.gpg4win.org/\">GPG4Win</a> is an email and file "
469 "encryption software package that includes GnuPG. Download and install the "
470 "latest version, choosing default options whenever asked. After it's "
471 "installed, you can close any windows that it creates."
474 #. type: Content of: <html><body><section><div><div><div><h3>
475 msgid "GnuPG, OpenPGP, what?"
478 #. type: Content of: <html><body><section><div><div><div><p>
480 "In general, the terms GnuPG, GPG, GNU Privacy Guard, OpenPGP and PGP are "
481 "used interchangeably. Technically, OpenPGP (Pretty Good Privacy) is the "
482 "encryption standard, and GNU Privacy Guard (often shortened to GPG or GnuPG) "
483 "is the program that implements the standard. Most email programs provide an "
484 "interface for GnuPG. There is also a newer version of GnuPG, called GnuPG2."
487 #. type: Content of: <html><body><section><div><div><h2>
488 msgid "<em>#2</em> Make your keys"
491 #. type: Attribute 'alt' of: <html><body><section><div><div><p><img>
492 msgid "A robot with a head shaped like a key holding a private and a public key"
495 #. type: Content of: <html><body><section><div><div><p>
497 "To use the GnuPG system, you'll need a public key and a private key (known "
498 "together as a keypair). Each is a long string of randomly generated numbers "
499 "and letters that are unique to you. Your public and private keys are linked "
500 "together by a special mathematical function."
503 #. type: Content of: <html><body><section><div><div><p>
505 "Your public key isn't like a physical key, because it's stored in the open "
506 "in an online directory called a keyserver. People download it and use it, "
507 "along with GnuPG, to encrypt emails they send to you. You can think of the "
508 "keyserver as a phonebook; people who want to send you encrypted email can "
509 "look up your public key."
512 #. type: Content of: <html><body><section><div><div><p>
514 "Your private key is more like a physical key, because you keep it to "
515 "yourself (on your computer). You use GnuPG and your private key together to "
516 "descramble encrypted emails other people send to you. <strong>You should "
517 "never share your private key with anyone, under any circumstances.</strong>"
520 #. type: Content of: <html><body><section><div><div><p>
522 "In addition to encryption and decryption, you can also use these keys to "
523 "sign messages and check the authenticity of other people's signatures. We'll "
524 "discuss this more in the next section."
527 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
528 msgid "Step 2.A: Make your Keypair"
531 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
532 msgid "Step 2.A: Set your passphrase"
535 #. type: Content of: <html><body><section><div><div><div><h3>
536 msgid "<em>Step 2.a</em> Make a keypair"
539 #. type: Content of: <html><body><section><div><div><div><h4>
540 msgid "Make your keypair"
543 #. type: Content of: <html><body><section><div><div><div><p>
545 "We will use the command line in a terminal to create a keypair using the "
549 #. type: Content of: <html><body><section><div><div><div><p>
551 "Whether on GNU/Linux, macOS or Windows, you can launch your terminal "
552 "(\"Terminal\" in macOS, \"PowerShell\" in Windows) from the Applications "
553 "menu (some GNU/Linux systems respond to the <kbd>Ctrl + Alt + T</kbd> "
557 #. type: Content of: <html><body><section><div><div><div><p>
558 msgid "# Enter <code>gpg --full-generate-key</code> to start the process."
561 #. type: Content of: <html><body><section><div><div><div><p>
563 "# To answer what kind of key you would like to create, select the default "
564 "option: <samp>1 RSA and RSA</samp>."
567 #. type: Content of: <html><body><section><div><div><div><p>
568 msgid "# Enter the following keysize: <code>4096</code> for a strong key."
571 #. type: Content of: <html><body><section><div><div><div><p>
572 msgid "# Choose the expiration date; we suggest <code>2y</code> (2 years)."
575 #. type: Content of: <html><body><section><div><div><div><p>
576 msgid "Follow the prompts to continue setting up with your personal details."
579 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
581 "Depending on your version of GPG, you may need to use <code>--gen-key</code> "
582 "instead of <code>--full-generate-key</code>."
585 #. type: Content of: <html><body><section><div><div><div><h4>
586 msgid "Set your passphrase"
589 #. type: Content of: <html><body><section><div><div><div><p>
591 "On the screen titled \"Passphrase,\" pick a strong password! You can do it "
592 "manually, or you can use the Diceware method. Doing it manually is faster "
593 "but not as secure. Using Diceware takes longer and requires dice, but "
594 "creates a password that is much harder for attackers to figure out. To use "
595 "it, read the section \"Make a secure passphrase with Diceware\" in <a "
596 "href=\"https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/\"> "
597 "this article</a> by Micah Lee."
600 #. type: Content of: <html><body><section><div><div><div><p>
602 "If you'd like to pick a passphrase manually, come up with something you can "
603 "remember which is at least twelve characters long, and includes at least one "
604 "lower case and upper case letter and at least one number or punctuation "
605 "symbol. Never pick a password you've used elsewhere. Don't use any "
606 "recognizable patterns, such as birthdays, telephone numbers, pets' names, "
607 "song lyrics, quotes from books, and so on."
610 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
611 msgid "GnuPG is not installed"
614 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
616 "You can check if this is the case with the command <code>gpg "
617 "--version</code>. If GnuPG is not installed, it will bring up the "
618 "following result on most GNU/Linux operating systems, or something like it: "
619 "<samp>Command 'gpg' not found, but can be installed with: sudo apt install "
620 "gnupg</samp>. Follow that command and install the program."
623 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
624 msgid "<i>gpg --full-generate-key</i> command not working"
627 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
629 "Some distributions use a different version of GPG. When you receive an error "
630 "code that is something along the lines of: <samp>gpg: Invalid option "
631 "\"--full-generate-key\"</samp>, you can try the following commands:"
634 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
635 msgid "<code>sudo apt update</code>"
638 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
639 msgid "<code>sudo apt install gnupg2</code>"
642 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
643 msgid "<code>gpg2 --full-generate-key</code>"
646 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
648 "If this resolved the issue, you need to continue to use the gpg2 identifier "
649 "instead of gpg throughout the following steps of the guide."
652 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
653 msgid "I took too long to create my passphrase"
656 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
658 "That's okay. It's important to think about your passphrase. When you're "
659 "ready, just follow the steps from the beginning again to create your key."
662 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
663 msgid "How can I see my key?"
666 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
668 "Use the following command to see all keys: <code>gpg "
669 "--list-keys</code>. Yours should be listed in there, and later, so "
670 "will Edward's (<a href=\"#section3\">Section 3</a>)."
673 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
675 "If you want to see only your key, you can use <code>gpg --list-key "
676 "[your@email]</code>."
679 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
681 "You can also use <code>gpg --list-secret-key</code> to see your own private "
685 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
686 msgid "More resources"
689 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
691 "For more information about this process, you can also refer to <a "
692 "href=\"https://www.gnupg.org/gph/en/manual/c14.html#AEN25\">The GNU Privacy "
693 "Handbook</a>. Make sure you stick with \"RSA and RSA\" (the default), "
694 "because it's newer and more secure than the algorithms the documentation "
695 "recommends. Also make sure your key is at least 4096 bits if you want "
699 #. type: Content of: <html><body><section><div><div><div><div><h4>
703 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
704 msgid "Advanced key pairs"
707 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
709 "When GnuPG creates a new keypair, it compartmentalizes the encryption "
710 "function from the signing function through <a "
711 "href=\"https://wiki.debian.org/Subkeys\">subkeys</a>. If you use subkeys "
712 "carefully, you can keep your GnuPG identity more secure and recover from a "
713 "compromised key much more quickly. <a "
714 "href=\"https://alexcabal.com/creating-the-perfect-gpg-keypair/\">Alex "
715 "Cabal</a> and <a href=\"https://keyring.debian.org/creating-key.html\">the "
716 "Debian wiki</a> provide good guides for setting up a secure subkey "
720 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
721 msgid "Step 2.B: Send to server and generate a certificate"
724 #. type: Content of: <html><body><section><div><div><div><h3>
725 msgid "<em>Step 2.b</em> Some important steps following creation"
728 #. type: Content of: <html><body><section><div><div><div><h4>
729 msgid "Upload your key to a keyserver"
732 #. type: Content of: <html><body><section><div><div><div><p>
734 "We will upload your key to a keyserver, so if someone wants to send you an "
735 "encrypted message, they can download your public key from the "
736 "Internet. There are multiple keyservers that you can select from the menu "
737 "when you upload, but they are mostly all copies of each other. Any server "
738 "will work, but it's good to remember which one you uploaded your key to "
739 "originally. Also keep in mind, sometimes takes a few hours for them to match "
740 "each other when a new key is uploaded."
743 #. type: Content of: <html><body><section><div><div><div><p>
745 "# Copy your keyID: <code>gpg --list-key [your@email]</code> will list your "
746 "public (\"pub\") key information, including your keyID, which is a unique "
747 "list of numbers and letters. Copy this keyID, so you can use it in the "
751 #. type: Content of: <html><body><section><div><div><div><p>
752 msgid "# Upload your key to a server: <code>gpg --send-key [keyID]</code>"
755 #. type: Content of: <html><body><section><div><div><div><h4>
756 msgid "Export your key to a file"
759 #. type: Content of: <html><body><section><div><div><div><p>
761 "Use the following command to export your secret key so you can import it "
762 "into your email client at the next <a href=\"#section3\">step</a>. To avoid "
763 "getting your key compromised, store this in a safe place, and make sure that "
764 "if it is transferred, it is done so in a trusted way. Exporting your keys "
765 "can be done with the following commands:"
768 #. type: Content of: <html><body><section><div><div><div><p><code>
769 msgid "<code> $ gpg --export-secret-keys -a [keyID] > my_secret_key.asc"
772 #. type: Content of: <html><body><section><div><div><div><p>
773 msgid "$ gpg --export -a [keyID] > my_public_key.asc </code>"
776 #. type: Content of: <html><body><section><div><div><div><h4>
777 msgid "Generate a revocation certificate"
780 #. type: Content of: <html><body><section><div><div><div><p>
782 "Just in case you lose your key, or it gets compromised, you want to generate "
783 "a certificate and choose to save it in a safe place on your computer for now "
784 "(please refer to <a href=\"#step-6c\">Step 6.C</a> for how to best store "
785 "your revocation cerficate safely). This step is essential for your email "
786 "self-defense, as you'll learn more about in <a href=\"#section5\">Section "
790 #. type: Content of: <html><body><section><div><div><div><p>
792 "# Generate a revocation certificate: <code>gpg --gen-revoke --output "
793 "revoke.asc [keyID]</code>"
796 #. type: Content of: <html><body><section><div><div><div><p>
798 "# It will prompt you to give a reason for revocation, we recommend to use "
799 "<samp>1 = key has been compromised</samp>."
802 #. type: Content of: <html><body><section><div><div><div><p>
804 "# You don't have to fill in a reason, but you can; then press \"Enter\" for "
805 "an empty line, and confirm your selection."
808 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
809 msgid "Sending my key to the keyserver is not working"
812 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
814 "Instead of using the general command to upload your key to the keyserver, "
815 "you can use a more specific command and add the keyserver to your command "
816 "<code>gpg --keyserver keys.openpgp.org --send-key [keyID]</code>."
819 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
820 msgid "My key doesn't seem to be working or I get a \"permission denied.\""
823 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
825 "Like every other file or folder, gpg keys are subject to permissions. If "
826 "these are not set correctly, your system may not be accepting your keys. You "
827 "can follow the next steps to check, and update to the right permissions."
830 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
831 msgid "# Check your permissions: <code>ls -l ~/.gnupg/*</code>"
834 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
836 "# Set permissions to read, write, execute for only yourself, no "
837 "others. These are the recommended permissions for your folder."
840 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
841 msgid "You can use the code: <code>chmod 700 ~/.gnupg</code>"
844 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
846 "# Set permissions to read and write for yourself only, no others. These are "
847 "the recommended permissions for the keys inside your folder."
850 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
851 msgid "You can use the code: <code>chmod 600 ~/.gnupg/*</code>"
854 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
856 "If you have (for any reason) created your own folders inside ~/.gnupg, you "
857 "must also additionally apply execute permissions to that folder. Folders "
858 "require execution privileges to be opened. For more information on "
859 "permissions, you can check out <a "
860 "href=\"https://helpdeskgeek.com/linux-tips/understanding-linux-permissions-chmod-usage/\">this "
861 "detailed information guide</a>."
864 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
865 msgid "More about keyservers"
868 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
870 "You can find some more keyserver information<a "
871 "href=\"https://www.gnupg.org/gph/en/manual/x457.html\"> in this "
872 "manual</a>. <a href=\"https://sks-keyservers.net/overview-of-pools.php\">The "
873 "sks Web site</a> maintains a list of highly interconnected keyservers. You "
875 "href=\"https://www.gnupg.org/gph/en/manual/x56.html#AEN64\">directly export "
876 "your key</a> as a file on your computer."
879 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
880 msgid "Transferring your keys"
883 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
885 "Use the following commands to transfer your keys. To avoid getting your key "
886 "compromised, store it in a safe place, and make sure that if it is "
887 "transferred, it is done so in a trusted way. Importing and exporting a key "
888 "can be done with the following commands:"
891 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p><code>
892 msgid "<code> $ gpg --export-secret-keys -a [keyID] > my_private_key.asc"
895 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p><code>
896 msgid "$ gpg --export -a [keyID] > my_public_key.asc"
899 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p><code>
900 msgid "$ gpg --import my_private_key.asc"
903 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
904 msgid "$ gpg --import my_public_key.asc </code>"
907 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
909 "Ensure that the keyID printed is the correct one, and if so, then go ahead "
910 "and add ultimate trust for it:"
913 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
914 msgid "<code> $ gpg --edit-key [your@email] </code>"
917 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
919 "Because this is your key, you should choose "
920 "<code>ultimate</code>. You shouldn't trust anyone else's key "
924 #. type: Content of: <html><body><section><div><div><div><div><dl><dd><p>
926 "Refer to <a href=\"#step-2b\">Troubleshooting in Step 2.B</a> for more "
927 "information on permissions. When transferring keys, your permissions may get "
928 "mixed, and errors may be prompted. These are easily avoided when your "
929 "folders and files have the right permissions"
932 #. type: Content of: <html><body><section><div><div><h2>
933 msgid "<em>#3</em> Set up email encryption"
936 #. type: Content of: <html><body><section><div><div><p>
938 "The Icedove (or Thunderbird) email program has PGP functionality integrated, "
939 "which makes it pretty easy to work with. We'll take you through the steps of "
940 "integrating and using your key in these email clients."
943 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
944 msgid "Step 3.A: Email Menu"
947 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
948 msgid "Step 3.A: Import From File"
951 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
952 msgid "Step 3.A: Success"
955 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
956 msgid "Step 3.A: Troubleshoot"
959 #. type: Content of: <html><body><section><div><div><div><h3>
960 msgid "<em>Step 3.a</em> Set up your email with encryption"
963 #. type: Content of: <html><body><section><div><div><div><p>
965 "Once you have set up your email with encryption, you can start contributing "
966 "to encrypted traffic on the Internet. First we'll get your email client to "
967 "import your secret key, and we will also learn how to get other people's "
968 "public keys from servers so you can send and receive encrypted email."
971 #. type: Content of: <html><body><section><div><div><div><p>
972 msgid "# Open your email client and use \"Tools\" → <i>OpenPGP Key Manager</i>"
975 #. type: Content of: <html><body><section><div><div><div><p>
976 msgid "# Under \"File\" → <i>Import Secret Key(s) From File</i>"
979 #. type: Content of: <html><body><section><div><div><div><p>
981 "# Select the file you saved under the name [my_secret_key.asc] in <a "
982 "href=\"#step-2b\">Step 2.B</a> when you exported your key"
985 #. type: Content of: <html><body><section><div><div><div><p>
986 msgid "# Unlock with your passphrase"
989 #. type: Content of: <html><body><section><div><div><div><p>
991 "# You will receive a \"OpenPGP keys successfully imported\" window to "
995 #. type: Content of: <html><body><section><div><div><div><p>
997 "# Go to \"Account settings\" → \"End-To-End Encryption,\" and make sure "
998 "your key is imported and select <i>Treat this key as a Personal Key</i>."
1001 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1002 msgid "I'm not sure the import worked correctly"
1005 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1007 "Look for \"Account settings\" → \"End-To-End Encryption.\" Here you can "
1008 "see if your personal key associated with this email is found. If it is not, "
1009 "you can try again via the <i>Add key</i> option. Make sure you have the "
1010 "correct, active, secret key file."
1013 #. type: Content of: <html><body><section><div><div><h2>
1014 msgid "<em>#4</em> Try it out!"
1017 #. type: Attribute 'alt' of: <html><body><section><div><div><p><img>
1018 msgid "Illustration of a person in a house with a cat connected to a server"
1021 #. type: Content of: <html><body><section><div><div><p>
1023 "Now you'll try a test correspondence with an FSF computer program named "
1024 "Edward, who knows how to use encryption. Except where noted, these are the "
1025 "same steps you'd follow when corresponding with a real, live person."
1028 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1029 msgid "Step 4.A Send key to Edward."
1032 #. type: Content of: <html><body><section><div><div><div><h3>
1033 msgid "<em>Step 4.a</em> Send Edward your public key"
1036 #. type: Content of: <html><body><section><div><div><div><p>
1038 "This is a special step that you won't have to do when corresponding with "
1039 "real people. In your email program's menu, go to \"Tools\" → \"OpenPGP "
1040 "Key Manager.\" You should see your key in the list that pops up. Right click "
1041 "on your key and select <i>Send Public Keys by Email</i>. This will create a "
1042 "new draft message, as if you had just hit the \"Write\" button, but in the "
1043 "attachment you will find your public keyfile."
1046 #. type: Content of: <html><body><section><div><div><div><p>
1048 "Address the message to <a "
1049 "href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Put at least one "
1050 "word (whatever you want) in the subject and body of the email. Don't send "
1054 #. type: Content of: <html><body><section><div><div><div><p>
1056 "We want Edward to be able to open the email with your keyfile, so we want "
1057 "this first special message to be unencrypted. Make sure encryption is turned "
1058 "off by using the dropdown menu \"Security\" and select <i>Do Not "
1059 "Encrypt</i>. Once encryption is off, hit Send."
1062 #. type: Content of: <html><body><section><div><div><div><p>
1064 "It may take two or three minutes for Edward to respond. In the meantime, you "
1065 "might want to skip ahead and check out the <a href=\"#section6\">Use it "
1066 "Well</a> section of this guide. Once you have received a response, head to "
1067 "the next step. From here on, you'll be doing just the same thing as when "
1068 "corresponding with a real person."
1071 #. type: Content of: <html><body><section><div><div><div><p>
1073 "When you open Edward's reply, GnuPG may prompt you for your passphrase "
1074 "before using your private key to decrypt it."
1077 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1078 msgid "Step 4.B Option 1. Verify key"
1081 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1082 msgid "Step 4.B Option 2. Import key"
1085 #. type: Content of: <html><body><section><div><div><div><h3>
1086 msgid "<em>Step 4.b</em> Send a test encrypted email"
1089 #. type: Content of: <html><body><section><div><div><div><h4>
1090 msgid "Get Edward's key"
1093 #. type: Content of: <html><body><section><div><div><div><p>
1095 "To encrypt an email to Edward, you need its public key, so now you'll have "
1096 "to download it from a keyserver. You can do this in two different ways:"
1099 #. type: Content of: <html><body><section><div><div><div><p>
1101 "<strong>Option 1.</strong> In the email answer you received from Edward as a "
1102 "response to your first email, Edward's public key was included. On the right "
1103 "of the email, just above the writing area, you will find an \"OpenPGP\" "
1104 "button that has a lock and a little wheel next to it. Click that, and select "
1105 "<i>Discover</i> next to the text: \"This message was signed with a key that "
1106 "you don't yet have.\" A popup with Edward's key details will follow."
1109 #. type: Content of: <html><body><section><div><div><div><p>
1111 "<strong>Option 2.</strong> Open your OpenPGP Key manager, and under "
1112 "\"Keyserver\" choose <i>Discover Keys Online</i>. Here, fill in Edward's "
1113 "email address, and import Edward's key."
1116 #. type: Content of: <html><body><section><div><div><div><p>
1118 "The option <i>Accepted (unverified)</i> will add this key to your key "
1119 "manager, and now it can be used to send encrypted emails and to verify "
1120 "digital signatures from Edward."
1123 #. type: Content of: <html><body><section><div><div><div><p>
1125 "In the popup window confirming if you want to import Edward's key, you'll "
1126 "see many different emails that are all associated with its key. This is "
1127 "correct; you can safely import the key."
1130 #. type: Content of: <html><body><section><div><div><div><p>
1132 "Since you encrypted this email with Edward's public key, Edward's private "
1133 "key is required to decrypt it. Edward is the only one with its private key, "
1134 "so no one except Edward can decrypt it."
1137 #. type: Content of: <html><body><section><div><div><div><h4>
1138 msgid "Send Edward an encrypted email"
1141 #. type: Content of: <html><body><section><div><div><div><p>
1143 "Write a new email in your email program, addressed to <a "
1144 "href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Make the subject "
1145 "\"Encryption test\" or something similar and write something in the body."
1148 #. type: Content of: <html><body><section><div><div><div><p>
1150 "This time, make sure encryption is turned on by using the dropdown menu "
1151 "\"Security\" and select <i>Require Encryption</i>. Once encryption is on, "
1155 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1156 msgid "\"Recipients not valid, not trusted or not found\""
1159 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1161 "You could get the above error message, or something along these lines: "
1162 "\"Unable to send this message with end-to-end encryption, because there are "
1163 "problems with the keys of the following recipients: ...\" In these cases, "
1164 "you may be trying to send an encrypted email to someone when you do not have "
1165 "their public key yet. Make sure you follow the steps above to import the key "
1166 "to your key manager. Open the OpenPGP Key Manager to make sure the recipient "
1170 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1171 msgid "Unable to send message"
1174 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1176 "You could get the following message when trying to send your encrypted "
1177 "email: \"Unable to send this message with end-to-end encryption, because "
1178 "there are problems with the keys of the following recipients: "
1179 "edward-en@fsf.org.\" This usually means you imported the key with the "
1180 "\"unaccepted (unverified) option.\" Go to the \"key properties\" of this key "
1181 "by right clicking on the key in the OpenPGP Key Manager, and select the "
1182 "option <i>Yes, but I have not verified that this is the correct key</i> in "
1183 "the \"Acceptance\" option at the bottom of this window. Resend the email."
1186 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1187 msgid "I can't find Edward's key"
1190 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1192 "Close the pop-ups that have appeared since you clicked Send. Make sure you "
1193 "are connected to the Internet and try again. If that doesn't work, you can "
1194 "download the key manually from <a "
1195 "href=\"https://keys.openpgp.org/search?q=edward-en%40fsf.org\">the "
1196 "keyserver</a>, and import it by using the <i>Import Public Key(s) from "
1197 "File</i> option in the OpenPGP Key Manager."
1200 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1201 msgid "Unscrambled messages in the Sent folder"
1204 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1206 "Even though you can't decrypt messages encrypted to someone else's key, your "
1207 "email program will automatically save a copy encrypted to your public key, "
1208 "which you'll be able to view from the Sent folder like a normal email. This "
1209 "is normal, and it doesn't mean that your email was not sent encrypted."
1212 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1213 msgid "Encrypt messages from the command line"
1216 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1218 "You can also encrypt and decrypt messages and files from the <a "
1219 "href=\"https://www.gnupg.org/gph/en/manual/x110.html\">command line</a>, if "
1220 "that's your preference. The option --armor makes the encrypted output appear "
1221 "in the regular character set."
1224 #. type: Content of: <html><body><section><div><div><div><h3>
1225 msgid "<em>Important:</em> Security tips"
1228 #. type: Content of: <html><body><section><div><div><div><p>
1230 "Even if you encrypt your email, the subject line is not encrypted, so don't "
1231 "put private information there. The sending and receiving addresses aren't "
1232 "encrypted either, so a surveillance system can still figure out who you're "
1233 "communicating with. Also, surveillance agents will know that you're using "
1234 "GnuPG, even if they can't figure out what you're saying. When you send "
1235 "attachments, you can choose to encrypt them or not, independent of the "
1239 #. type: Content of: <html><body><section><div><div><div><p>
1241 "For greater security against potential attacks, you can turn off "
1242 "HTML. Instead, you can render the message body as plain text. In order to do "
1243 "this in Icedove or Thunderbird, go to \"View\" → \"Message Body As\" "
1244 "→ <i>Plain Text</i>."
1247 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1248 msgid "Step 4.C Edward's response"
1251 #. type: Content of: <html><body><section><div><div><div><h3>
1252 msgid "<em>Step 4.c</em> Receive a response"
1255 #. type: Content of: <html><body><section><div><div><div><p>
1257 "When Edward receives your email, it will use its private key to decrypt it, "
1258 "then reply to you."
1261 #. type: Content of: <html><body><section><div><div><div><p>
1263 "It may take two or three minutes for Edward to respond. In the meantime, you "
1264 "might want to skip ahead and check out the <a href=\"#section6\">Use it "
1265 "Well</a> section of this guide."
1268 #. type: Content of: <html><body><section><div><div><div><p>
1270 "Edward will send you an encrypted email back saying your email was received "
1271 "and decrypted. Your email client will automatically decrypt Edward's "
1275 #. type: Content of: <html><body><section><div><div><div><p>
1277 "The OpenPGP button in the email will show a little green checkmark over the "
1278 "lock symbol to show the message is encrypted, and a little orange warning "
1279 "sign which means that you have accepted the key, but not verified it. When "
1280 "you have not yet accepted the key, you will see a little question mark "
1281 "there. Clicking the prompts in this button will lead you to key properties "
1285 #. type: Content of: <html><body><section><div><div><div><h3>
1286 msgid "<em>Step 4.d</em> Send a signed test email"
1289 #. type: Content of: <html><body><section><div><div><div><p>
1291 "GnuPG includes a way for you to sign messages and files, verifying that they "
1292 "came from you and that they weren't tampered with along the way. These "
1293 "signatures are stronger than their pen-and-paper cousins -- they're "
1294 "impossible to forge, because they're impossible to create without your "
1295 "private key (another reason to keep your private key safe)."
1298 #. type: Content of: <html><body><section><div><div><div><p>
1300 "You can sign messages to anyone, so it's a great way to make people aware "
1301 "that you use GnuPG and that they can communicate with you securely. If they "
1302 "don't have GnuPG, they will be able to read your message and see your "
1303 "signature. If they do have GnuPG, they'll also be able to verify that your "
1304 "signature is authentic."
1307 #. type: Content of: <html><body><section><div><div><div><p>
1309 "To sign an email to Edward, compose any message to the email address and "
1310 "click the pencil icon next to the lock icon so that it turns gold. If you "
1311 "sign a message, GnuPG may ask you for your password before it sends the "
1312 "message, because it needs to unlock your private key for signing."
1315 #. type: Content of: <html><body><section><div><div><div><p>
1317 "In \"Account Settings\" → \"End-To-End-Encryption\" you can opt to "
1318 "<i>add digital signature by default</i>."
1321 #. type: Content of: <html><body><section><div><div><div><h3>
1322 msgid "<em>Step 4.e</em> Receive a response"
1325 #. type: Content of: <html><body><section><div><div><div><p>
1327 "When Edward receives your email, he will use your public key (which you sent "
1328 "him in <a href=\"#step-3a\">Step 3.A</a>) to verify the message you sent has "
1329 "not been tampered with and to encrypt a reply to you."
1332 #. type: Content of: <html><body><section><div><div><div><p>
1334 "Edward's reply will arrive encrypted, because he prefers to use encryption "
1335 "whenever possible. If everything goes according to plan, it should say "
1336 "\"Your signature was verified.\" If your test signed email was also "
1337 "encrypted, he will mention that first."
1340 #. type: Content of: <html><body><section><div><div><div><p>
1342 "When you receive Edward's email and open it, your email client will "
1343 "automatically detect that it is encrypted with your public key, and then it "
1344 "will use your private key to decrypt it."
1347 #. type: Content of: <html><body><section><div><div><h2>
1348 msgid "<em>#5</em> Learn about the Web of Trust"
1351 #. type: Attribute 'alt' of: <html><body><section><div><div><p><img>
1352 msgid "Illustration of keys all interconnected with a web of lines"
1355 #. type: Content of: <html><body><section><div><div><p>
1357 "Email encryption is a powerful technology, but it has a weakness: it "
1358 "requires a way to verify that a person's public key is actually "
1359 "theirs. Otherwise, there would be no way to stop an attacker from making an "
1360 "email address with your friend's name, creating keys to go with it, and "
1361 "impersonating your friend. That's why the free software programmers that "
1362 "developed email encryption created keysigning and the Web of Trust."
1365 #. type: Content of: <html><body><section><div><div><p>
1367 "When you sign someone's key, you are publicly saying that you've verified "
1368 "that it belongs to them and not someone else."
1371 #. type: Content of: <html><body><section><div><div><p>
1373 "Signing keys and signing messages use the same type of mathematical "
1374 "operation, but they carry very different implications. It's a good practice "
1375 "to generally sign your email, but if you casually sign people's keys, you "
1376 "may accidentally end up vouching for the identity of an imposter."
1379 #. type: Content of: <html><body><section><div><div><p>
1381 "People who use your public key can see who has signed it. Once you've used "
1382 "GnuPG for a long time, your key may have hundreds of signatures. You can "
1383 "consider a key to be more trustworthy if it has many signatures from people "
1384 "that you trust. The Web of Trust is a constellation of GnuPG users, "
1385 "connected to each other by chains of trust expressed through signatures."
1388 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1389 msgid "Section 5: trusting a key"
1392 #. type: Content of: <html><body><section><div><div><div><h3>
1393 msgid "<em>Step 5.a</em> Sign a key"
1396 #. type: Content of: <html><body><section><div><div><div><p>
1398 "In your email program's menu, go to OpenPGP Key Manager and select <i>Key "
1399 "properties</i> by right clicking on Edward's key."
1402 #. type: Content of: <html><body><section><div><div><div><p>
1404 "Under \"Your Acceptance,\" you can select <i>Yes, I've verified in person "
1405 "this key has the correct fingerprint\"</i>."
1408 #. type: Content of: <html><body><section><div><div><div><p>
1410 "You've just effectively said \"I trust that Edward's public key actually "
1411 "belongs to Edward.\" This doesn't mean much because Edward isn't a real "
1412 "person, but it's good practice, and for real people it is important. You can "
1413 "read more about signing a person's key in the <a "
1414 "href=\"#check-ids-before-signing\">check IDs before signing</a> section."
1417 #. type: Content of: <html><body><section><div><div><div><h3>
1418 msgid "Identifying keys: Fingerprints and IDs"
1421 #. type: Content of: <html><body><section><div><div><div><p>
1423 "People's public keys are usually identified by their key fingerprint, which "
1424 "is a string of digits like F357AA1A5B1FA42CFD9FE52A9FF2194CC09A61E8 (for "
1425 "Edward's key). You can see the fingerprint for your public key, and other "
1426 "public keys saved on your computer, by going to OpenPGP Key Management in "
1427 "your email program's menu, then right clicking on the key and choosing Key "
1428 "Properties. It's good practice to share your fingerprint wherever you share "
1429 "your email address, so that people can double-check that they have the "
1430 "correct public key when they download yours from a keyserver."
1433 #. type: Content of: <html><body><section><div><div><div><p>
1435 "You may also see public keys referred to by a shorter keyID. This keyID is "
1436 "visible directly from the Key Management window. These eight character "
1437 "keyIDs were previously used for identification, which used to be safe, but "
1438 "is no longer reliable. You need to check the full fingerprint as part of "
1439 "verifying you have the correct key for the person you are trying to "
1440 "contact. Spoofing, in which someone intentionally generates a key with a "
1441 "fingerprint whose final eight characters are the same as another, is "
1442 "unfortunately common."
1445 #. type: Content of: <html><body><section><div><div><div><h3>
1446 msgid "<em>Important:</em> What to consider when signing keys"
1449 #. type: Content of: <html><body><section><div><div><div><p>
1451 "Before signing a person's key, you need to be confident that it actually "
1452 "belongs to them, and that they are who they say they are. Ideally, this "
1453 "confidence comes from having interactions and conversations with them over "
1454 "time, and witnessing interactions between them and others. Whenever signing "
1455 "a key, ask to see the full public key fingerprint, and not just the shorter "
1456 "keyID. If you feel it's important to sign the key of someone you've just "
1457 "met, also ask them to show you their government identification, and make "
1458 "sure the name on the ID matches the name on the public key."
1461 #. type: Content of: <html><body><section><div><div><div><div><dl><dt>
1462 msgid "Master the Web of Trust"
1465 #. type: Content of: <html><body><section><div><div><div><div><dl><dd>
1467 "Unfortunately, trust does not spread between users the way <a "
1468 "href=\"https://fennetic.net/irc/finney.org/~hal/web_of_trust.html\">many "
1469 "people think</a>. One of the best ways to strengthen the GnuPG community is "
1471 "href=\"https://www.gnupg.org/gph/en/manual/x334.html\">understand</a> the "
1472 "Web of Trust and to carefully sign as many people's keys as circumstances "
1476 #. type: Content of: <html><body><section><div><div><h2>
1477 msgid "<em>#6</em> Use it well"
1480 #. type: Content of: <html><body><section><div><div><p>
1482 "Everyone uses GnuPG a little differently, but it's important to follow some "
1483 "basic practices to keep your email secure. Not following them, you risk the "
1484 "privacy of the people you communicate with, as well as your own, and damage "
1488 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1489 msgid "Section 6: Use it Well (1)"
1492 #. type: Content of: <html><body><section><div><div><div><h3>
1493 msgid "When should I encrypt? When should I sign?"
1496 #. type: Content of: <html><body><section><div><div><div><p>
1498 "The more you can encrypt your messages, the better. If you only encrypt "
1499 "emails occasionally, each encrypted message could raise a red flag for "
1500 "surveillance systems. If all or most of your email is encrypted, people "
1501 "doing surveillance won't know where to start. That's not to say that only "
1502 "encrypting some of your email isn't helpful -- it's a great start and it "
1503 "makes bulk surveillance more difficult."
1506 #. type: Content of: <html><body><section><div><div><div><p>
1508 "Unless you don't want to reveal your own identity (which requires other "
1509 "protective measures), there's no reason not to sign every message, whether "
1510 "or not you are encrypting. In addition to allowing those with GnuPG to "
1511 "verify that the message came from you, signing is a non-intrusive way to "
1512 "remind everyone that you use GnuPG and show support for secure "
1513 "communication. If you often send signed messages to people that aren't "
1514 "familiar with GnuPG, it's nice to also include a link to this guide in your "
1515 "standard email signature (the text kind, not the cryptographic kind)."
1518 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1519 msgid "Section 6: Use it Well (2)"
1522 #. type: Content of: <html><body><section><div><div><div><h3>
1523 msgid "Be wary of invalid keys"
1526 #. type: Content of: <html><body><section><div><div><div><p>
1528 "GnuPG makes email safer, but it's still important to watch out for invalid "
1529 "keys, which might have fallen into the wrong hands. Email encrypted with "
1530 "invalid keys might be readable by surveillance programs."
1533 #. type: Content of: <html><body><section><div><div><div><p>
1535 "In your email program, go back to the first encrypted email that Edward sent "
1536 "you. Because Edward encrypted it with your public key, it will have a green "
1537 "checkmark a at the top \"OpenPGP\" button."
1540 #. type: Content of: <html><body><section><div><div><div><p>
1542 "<strong>When using GnuPG, make a habit of glancing at that button. The "
1543 "program will warn you there if you get an email signed with a key that can't "
1544 "be trusted.</strong>"
1547 #. type: Content of: <html><body><section><div><div><div><h3>
1548 msgid "Copy your revocation certificate to somewhere safe"
1551 #. type: Content of: <html><body><section><div><div><div><p>
1553 "Remember when you created your keys and saved the revocation certificate "
1554 "that GnuPG made? It's time to copy that certificate onto the safest storage "
1555 "that you have -- a flash drive, disk, or hard drive stored in a safe place "
1556 "in your home could work, not on a device you carry with you regularly. The "
1557 "safest way we know is actually to print the revocation certificate and store "
1558 "it in a safe place."
1561 #. type: Content of: <html><body><section><div><div><div><p>
1563 "If your private key ever gets lost or stolen, you'll need this certificate "
1564 "file to let people know that you are no longer using that keypair."
1567 #. type: Content of: <html><body><section><div><div><div><h3>
1568 msgid "<em>IMPORTANT:</em> ACT SWIFTLY if someone gets your private key"
1571 #. type: Content of: <html><body><section><div><div><div><p>
1573 "If you lose your private key or someone else gets a hold of it (say, by "
1574 "stealing or cracking your computer), it's important to revoke it immediately "
1575 "before someone else uses it to read your encrypted email or forge your "
1576 "signature. This guide doesn't cover how to revoke a key, but you can follow "
1578 "href=\"https://www.hackdiary.com/2004/01/18/revoking-a-gpg-key/\">instructions</a>. "
1579 "After you're done revoking, make a new key and send an email to everyone "
1580 "with whom you usually use your key to make sure they know, including a copy "
1584 #. type: Content of: <html><body><section><div><div><div><h3>
1585 msgid "Webmail and GnuPG"
1588 #. type: Content of: <html><body><section><div><div><div><p>
1590 "When you use a web browser to access your email, you're using webmail, an "
1591 "email program stored on a distant website. Unlike webmail, your desktop "
1592 "email program runs on your own computer. Although webmail can't decrypt "
1593 "encrypted email, it will still display it in its encrypted form. If you "
1594 "primarily use webmail, you'll know to open your email client when you "
1595 "receive a scrambled email."
1598 #. type: Content of: <html><body><section><div><div><div><h3>
1599 msgid "Make your public key part of your online identity"
1602 #. type: Content of: <html><body><section><div><div><div><p>
1604 "First add your public key fingerprint to your email signature, then compose "
1605 "an email to at least five of your friends, telling them you just set up "
1606 "GnuPG and mentioning your public key fingerprint. Link to this guide and ask "
1607 "them to join you. Don't forget that there's also an awesome <a "
1608 "href=\"infographic.html\">infographic to share.</a>"
1611 #. type: Content of: <html><body><section><div><div><div><p>
1613 "Start writing your public key fingerprint anywhere someone would see your "
1614 "email address: your social media profiles, blog, Website, or business "
1615 "card. (At the Free Software Foundation, we put ours on our <a "
1616 "href=\"https://fsf.org/about/staff\">staff page</a>.) We need to get our "
1617 "culture to the point that we feel like something is missing when we see an "
1618 "email address without a public key fingerprint."
1621 #. type: Content of: <html><body><section><div><div><h2>
1622 msgid "<a href=\"next_steps.html\">Great job! Check out the next steps.</a>"
1625 #. type: Content of: <html><body><header><div><p>
1626 msgid "← Read the <a href=\"index.html\">full guide</a>"
1629 #. type: Content of: <html><body><header><div><h3><a>
1632 "href=\"https://fsf.org/share?u=https://u.fsf.org/zc&t=How%20public-key%20encryption%20works.%20Infographic%20via%20%40fsf\">"
1635 #. type: Content of: <html><body><header><div><h3>
1636 msgid " Share our infographic </a> with the hashtag #EmailSelfDefense"
1639 #. type: Attribute 'alt' of: <html><body><header><div><p><img>
1640 msgid "View & share our infographic"
1643 #. type: Content of: <html><body><header><div><h1>
1647 #. type: Content of: <html><body><section><div><div><h2>
1648 msgid "<em>#7</em> Next steps"
1651 #. type: Content of: <html><body><section><div><div><p>
1653 "You've now completed the basics of email encryption with GnuPG, taking "
1654 "action against bulk surveillance. These next steps will help make the most "
1655 "of the work you've done."
1658 #. type: Content of: <html><body><section><div><div><div><p>
1659 msgid "← <a href=\"index.html\">Return to the guide</a>"
1662 #. type: Content of: <html><body><section><div><div><div><h3>
1663 msgid "Join the movement"
1666 #. type: Content of: <html><body><section><div><div><div><p>
1668 "You've just taken a huge step towards protecting your privacy online. But "
1669 "each of us acting alone isn't enough. To topple bulk surveillance, we need "
1670 "to build a movement for the autonomy and freedom of all computer users. Join "
1671 "the Free Software Foundation's community to meet like-minded people and work "
1672 "together for change."
1675 #. type: Content of: <html><body><section><div><div><div><p>
1677 "<small>Read <a href=\"https://www.fsf.org/twitter\">why GNU Social and "
1678 "Mastodon are better than Twitter</a>, and <a "
1679 "href=\"https://www.fsf.org/facebook\">why we don't use Facebook</a>.</small>"
1682 #. type: Content of: <html><body><section><div><div><div><div><p>
1683 msgid "Low-volume mailing list"
1686 #. type: Content of: <html><body><section><div><div><div><div><form>
1688 "<input type=\"text\" value=\"Type your email...\" name=\"email-Primary\" "
1689 "id=\"frmEmail\" /> <input type=\"submit\" value=\"Add me\" "
1690 "name=\"_qf_Edit_next\" /> <input type=\"hidden\" "
1691 "value=\"https://emailselfdefense.fsf.org/en/confirmation.html\" "
1692 "name=\"postURL\" /> <input type=\"hidden\" value=\"1\" name=\"group[25]\" /> "
1693 "<input type=\"hidden\" "
1694 "value=\"https://my.fsf.org/civicrm/profile?reset=1&gid=391\" "
1695 "name=\"cancelURL\" /> <input type=\"hidden\" value=\"Edit:cancel\" "
1696 "name=\"_qf_default\" />"
1699 #. type: Content of: <html><body><section><div><div><div><div><p>
1701 "<small>Read our <a "
1702 "href=\"https://my.fsf.org/donate/privacypolicy.html\">privacy "
1703 "policy</a>.</small>"
1706 #. type: Content of: <html><body><section><div><div><div><h3>
1707 msgid "Bring Email Self-Defense to new people"
1710 #. type: Content of: <html><body><section><div><div><div><p>
1712 "Understanding and setting up email encryption is a daunting task for "
1713 "many. To welcome them, make it easy to find your public key and offer to "
1714 "help with encryption. Here are some suggestions:"
1717 #. type: Content of: <html><body><section><div><div><div><ul><li>
1719 "# Lead an Email Self-Defense workshop for your friends and community, using "
1720 "our <a href=\"workshops.html\">teaching guide</a>."
1723 #. type: Content of: <html><body><section><div><div><div><ul><li>
1726 "href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Encrypt%20with%20me%20using%20Email%20Self-Defense%20%40fsf\"> "
1727 "our sharing page</a> to compose a message to a few friends and ask them to "
1728 "join you in using encrypted email. Remember to include your GnuPG public key "
1729 "fingerprint so they can easily download your key."
1732 #. type: Content of: <html><body><section><div><div><div><ul><li>
1734 "# Add your public key fingerprint anywhere that you normally display your "
1735 "email address. Some good places are: your email signature (the text kind, "
1736 "not the cryptographic kind), social media profiles, blogs, Web sites, or "
1737 "business cards. At the Free Software Foundation, we put ours on our <a "
1738 "href=\"https://fsf.org/about/staff\">staff page</a>."
1741 #. type: Content of: <html><body><section><div><div><div><h3>
1742 msgid "Protect more of your digital life"
1745 #. type: Content of: <html><body><section><div><div><div><p>
1747 "Learn surveillance-resistant technologies for instant messages, hard drive "
1748 "storage, online sharing, and more at <a "
1749 "href=\"https://directory.fsf.org/wiki/Collection:Privacy_pack\"> the Free "
1750 "Software Directory's Privacy Pack</a> and <a "
1751 "href=\"https://prism-break.org\">prism-break.org</a>."
1754 #. type: Content of: <html><body><section><div><div><div><p>
1756 "If you are using Windows, macOS or any other proprietary operating system, "
1757 "we recommend you switch to a free software operating system like "
1758 "GNU/Linux. This will make it much harder for attackers to enter your "
1759 "computer through hidden back doors. Check out the Free Software Foundation's "
1760 "<a href=\"https://www.gnu.org/distros/free-distros.html\">endorsed versions "
1764 #. type: Content of: <html><body><section><div><div><div><h3>
1765 msgid "Optional: Add more email protection with Tor"
1768 #. type: Content of: <html><body><section><div><div><div><p>
1770 "<a href=\"https://www.torproject.org/about/overview.html.en\">The Onion "
1771 "Router (Tor) network</a> wraps Internet communication in multiple layers of "
1772 "encryption and bounces it around the world several times. When used "
1773 "properly, Tor confuses surveillance field agents and the global surveillance "
1774 "apparatus alike. Using it simultaneously with GnuPG's encryption will give "
1775 "you the best results."
1778 #. type: Content of: <html><body><section><div><div><div><p>
1780 "To have your email program send and receive email over Tor, install the <a "
1781 "href=\"https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/\">Torbirdy "
1782 "plugin</a> by searching for it through Add-ons."
1785 #. type: Content of: <html><body><section><div><div><div><p>
1787 "Before beginning to check your email over Tor, make sure you understand <a "
1788 "href=\"https://www.torproject.org/docs/faq.html.en#WhatProtectionsDoesTorProvide\"> "
1789 "the security tradeoffs involved</a>. This <a "
1790 "href=\"https://www.eff.org/pages/tor-and-https\">infographic</a> from our "
1791 "friends at the Electronic Frontier Foundation demonstrates how Tor keeps you "
1795 #. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img>
1796 msgid "Section 7: Next Steps"
1799 #. type: Content of: <html><body><section><div><div><div><h3>
1800 msgid "Make Email Self-Defense tools even better"
1803 #. type: Content of: <html><body><section><div><div><div><p>
1805 "<a href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">Leave "
1806 "feedback and suggest improvements to this guide</a>. We welcome "
1807 "translations, but we ask that you contact us at <a "
1808 "href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a> before you start, so "
1809 "that we can connect you with other translators working in your language."
1812 #. type: Content of: <html><body><section><div><div><div><p>
1814 "If you like programming, you can contribute code to <a "
1815 "href=\"https://www.gnupg.org/\">GnuPG</a>."
1818 #. type: Content of: <html><body><section><div><div><div><p>
1820 "To go the extra mile, support the Free Software Foundation so we can keep "
1821 "improving Email Self-Defense, and make more tools like it."
1824 #. type: Content of: <html><body><header><div><ul><li>
1825 msgid "<a href=\"index.html\">Set up guide</a>"
1828 #. type: Content of: <html><body><header><div><ul><li>
1829 msgid "<a href=\"workshops.html\" class=\"current\">Teach your friends</a>"
1832 #. type: Content of: <html><body><header><div><div><div><p>
1834 "We want to translate this guide into more languages, and make a version for "
1835 "encryption on mobile devices. Please donate, and help people around the "
1836 "world take the first step towards protecting their privacy with free "
1840 #. type: Content of: <html><body><header><div><div><p><a>
1843 "href=\"https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&pk_campaign=email_self_defense&pk_kwd=guide_donate\">"
1846 #. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img>
1847 msgid "View & share our infographic →"
1850 #. type: Content of: <html><body><header><div><div><p>
1852 "</a> Understanding and setting up email encryption sounds like a daunting "
1853 "task to many people. That's why helping your friends with GnuPG plays such "
1854 "an important role in helping spread encryption. Even if only one person "
1855 "shows up, that's still one more person using encryption who wasn't "
1856 "before. You have the power to help your friends keep their digital love "
1857 "letters private, and teach them about the importance of free software. If "
1858 "you use GnuPG to send and receive encrypted email, you're a perfect "
1859 "candidate for leading a workshop!"
1862 #. type: Attribute 'alt' of: <html><body><section><div><div><p><img>
1863 msgid "A small workshop among friends"
1866 #. type: Content of: <html><body><section><div><div><h2>
1867 msgid "<em>#1</em> Get your friends or community interested"
1870 #. type: Content of: <html><body><section><div><div><p>
1872 "If you hear friends grumbling about their lack of privacy, ask them if "
1873 "they're interested in attending a workshop on Email Self-Defense. If your "
1874 "friends don't grumble about privacy, they may need some convincing. You "
1875 "might even hear the classic \"if you've got nothing to hide, you've got "
1876 "nothing to fear\" argument against using encryption."
1879 #. type: Content of: <html><body><section><div><div><p>
1881 "Here are some talking points you can use to help explain why it's worth it "
1882 "to learn GnuPG. Mix and match whichever you think will make sense to your "
1886 #. type: Content of: <html><body><section><div><div><div><h3>
1887 msgid "Strength in numbers"
1890 #. type: Content of: <html><body><section><div><div><div><p>
1892 "Each person who chooses to resist mass surveillance with encryption makes it "
1893 "easier for others to resist as well. People normalizing the use of strong "
1894 "encryption has multiple powerful effects: it means those who need privacy "
1895 "the most, like potential whistle-blowers and activists, are more likely to "
1896 "learn about encryption. More people using encryption for more things also "
1897 "makes it harder for surveillance systems to single out those that can't "
1898 "afford to be found, and shows solidarity with those people."
1901 #. type: Content of: <html><body><section><div><div><div><h3>
1902 msgid "People you respect may already be using encryption"
1905 #. type: Content of: <html><body><section><div><div><div><p>
1907 "Many journalists, whistleblowers, activists, and researchers use GnuPG, so "
1908 "your friends might unknowingly have heard of a few people who use it "
1909 "already. You can search for \"BEGIN PUBLIC KEY BLOCK\" + keyword to help "
1910 "make a list of people and organizations who use GnuPG whom your community "
1911 "will likely recognize."
1914 #. type: Content of: <html><body><section><div><div><div><h3>
1915 msgid "Respect your friends' privacy"
1918 #. type: Content of: <html><body><section><div><div><div><p>
1920 "There's no objective way to judge what constitutes privacy-sensitive "
1921 "correspondence. As such, it's better not to presume that just because you "
1922 "find an email you sent to a friend innocuous, your friend (or a surveillance "
1923 "agent, for that matter!) feels the same way. Show your friends respect by "
1924 "encrypting your correspondence with them."
1927 #. type: Content of: <html><body><section><div><div><div><h3>
1928 msgid "Privacy technology is normal in the physical world"
1931 #. type: Content of: <html><body><section><div><div><div><p>
1933 "In the physical realm, we take window blinds, envelopes, and closed doors "
1934 "for granted as ways of protecting our privacy. Why should the digital realm "
1938 #. type: Content of: <html><body><section><div><div><div><h3>
1939 msgid "We shouldn't have to trust our email providers with our privacy"
1942 #. type: Content of: <html><body><section><div><div><div><p>
1944 "Some email providers are very trustworthy, but many have incentives not to "
1945 "protect your privacy and security. To be empowered digital citizens, we need "
1946 "to build our own security from the bottom up."
1949 #. type: Content of: <html><body><section><div><div><h2>
1950 msgid "<em>#2</em> Plan The Workshop"
1953 #. type: Content of: <html><body><section><div><div><p>
1955 "Once you've got at least one interested friend, pick a date and start "
1956 "planning out the workshop. Tell participants to bring their computer and ID "
1957 "(for signing each other's keys). If you'd like to make it easy for the "
1958 "participants to use <a "
1959 "href=\"https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/\">Diceware</a> "
1960 "for choosing passwords, get a pack of dice beforehand. Make sure the "
1961 "location you select has an easily accessible Internet connection, and make "
1962 "backup plans in case the connection stops working on the day of the "
1963 "workshop. Libraries, coffee shops, and community centers make great "
1964 "locations. Try to get all the participants to set up an email client based "
1965 "on Thunderbird before the event. Direct them to their email provider's IT "
1966 "department or help page if they run into errors."
1969 #. type: Content of: <html><body><section><div><div><p>
1971 "Estimate that the workshop will take at least forty minutes plus ten minutes "
1972 "for each participant. Plan extra time for questions and technical glitches."
1975 #. type: Content of: <html><body><section><div><div><p>
1977 "The success of the workshop requires understanding and catering to the "
1978 "unique backgrounds and needs of each group of participants. Workshops should "
1979 "stay small, so that each participant receives more individualized "
1980 "instruction. If more than a handful of people want to participate, keep the "
1981 "facilitator to participant ratio high by recruiting more facilitators, or by "
1982 "facilitating multiple workshops. Small workshops among friends work great!"
1985 #. type: Content of: <html><body><section><div><div><h2>
1986 msgid "<em>#3</em> Follow the guide as a group"
1989 #. type: Content of: <html><body><section><div><div><p>
1991 "Work through the Email Self-Defense guide a step at a time as a group. Talk "
1992 "about the steps in detail, but make sure not to overload the participants "
1993 "with minutia. Pitch the bulk of your instructions to the least tech-savvy "
1994 "participants. Make sure all the participants complete each step before the "
1995 "group moves on to the next one. Consider facilitating secondary workshops "
1996 "afterwards for people that had trouble grasping the concepts, or those that "
1997 "grasped them quickly and want to learn more."
2000 #. type: Content of: <html><body><section><div><div><p>
2002 "In <a href=\"index.html#section2\">Section 2</a> of the guide, make sure the "
2003 "participants upload their keys to the same keyserver so that they can "
2004 "immediately download each other's keys later (sometimes there is a delay in "
2005 "synchronization between keyservers). During <a "
2006 "href=\"index.html#section3\">Section 3</a>, give the participants the option "
2007 "to send test messages to each other instead of or as well as "
2008 "Edward. Similarly, in <a href=\"index.html#section4\">Section 4</a>, "
2009 "encourage the participants to sign each other's keys. At the end, make sure "
2010 "to remind people to safely back up their revocation certificates."
2013 #. type: Content of: <html><body><section><div><div><h2>
2014 msgid "<em>#4</em> Explain the pitfalls"
2017 #. type: Content of: <html><body><section><div><div><p>
2019 "Remind participants that encryption works only when it's explicitly used; "
2020 "they won't be able to send an encrypted email to someone who hasn't already "
2021 "set up encryption. Also remind participants to double-check the encryption "
2022 "icon before hitting send, and that subjects and timestamps are never "
2026 #. type: Content of: <html><body><section><div><div><p>
2029 "href=\"https://www.gnu.org/proprietary/proprietary.html\">dangers of running "
2030 "a proprietary system</a> and advocate for free software, because without it, "
2032 "href=\"https://www.fsf.org/bulletin/2013/fall/how-can-free-software-protect-us-from-surveillance\">meaningfully "
2033 "resist invasions of our digital privacy and autonomy</a>."
2036 #. type: Content of: <html><body><section><div><div><h2>
2037 msgid "<em>#5</em> Share additional resources"
2040 #. type: Content of: <html><body><section><div><div><p>
2042 "GnuPG's advanced options are far too complex to teach in a single "
2043 "workshop. If participants want to know more, point out the advanced "
2044 "subsections in the guide and consider organizing another workshop. You can "
2046 "href=\"https://www.gnupg.org/documentation/index.html\">GnuPG's</a> official "
2047 "documentation and mailing lists, and the <a "
2048 "href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">Email "
2049 "Self-Defense feedback</a> page. Many GNU/Linux distribution's Web sites also "
2050 "contain a page explaining some of GnuPG's advanced features."
2053 #. type: Content of: <html><body><section><div><div><h2>
2054 msgid "<em>#6</em> Follow up"
2057 #. type: Content of: <html><body><section><div><div><p>
2059 "Make sure everyone has shared email addresses and public key fingerprints "
2060 "before they leave. Encourage the participants to continue to gain GnuPG "
2061 "experience by emailing each other. Send them each an encrypted email one "
2062 "week after the event, reminding them to try adding their public key ID to "
2063 "places where they publicly list their email address."
2066 #. type: Content of: <html><body><section><div><div><p>
2068 "If you have any suggestions for improving this workshop guide, please let us "
2069 "know at <a href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a>."