<dl>
<dt>Use a third-party package manager to install GnuPG</dt>
-<dd>Your macOS comes with a program called "Terminal" pre-installed, which we'll use to set up your encryption with GnuPG, using the command line. However, the default macOS package manager makes it difficult to install GnuPG and other pieces of free software (like Emacs, GIMP, or Inkscape).<br>
-To make things easier, we recommend setting up the third-party package manager "Homebrew" to install GnuPG. Copy the link on the home page of <a href="https://brew.sh/">Homebrew</a> and paste it in Terminal. Click "Enter" and wait for it to finalize.<br>
-When it is done, install the program by entering the following code in Terminal:<br>
+<dd>Your macOS comes with a program called "Terminal" pre-installed, which we'll use to set up your encryption with GnuPG, using the command line. However, the default macOS package manager makes it difficult to install GnuPG and other pieces of free software (like Emacs, GIMP, or Inkscape).<br/>
+To make things easier, we recommend setting up the third-party package manager "Homebrew" to install GnuPG. Copy the link on the home page of <a href="https://brew.sh/">Homebrew</a> and paste it in Terminal. Click "Enter" and wait for it to finalize.<br/>
+When it is done, install the program by entering the following code in Terminal:<br/>
<span style="color:#2f5faa; font-family: monospace;">brew install gnupg gnupg2</span>. After installation is done, you can follow the steps of the rest of this guide.</dd>
</dl>
<dl>
<dt>Get GnuPG by downloading GPG4Win</dt>
-<dd><a href="https://www.gpg4win.org/">GPG4Win</a> is a email and file encryption software package that includes GnuPG. Download and install the latest version, choosing default options whenever asked. After it's installed, you can close any windows that it creates.<br>
+<dd><a href="https://www.gpg4win.org/">GPG4Win</a> is a email and file encryption software package that includes GnuPG. Download and install the latest version, choosing default options whenever asked. After it's installed, you can close any windows that it creates.<br/>
<p class="notes">To follow the rest of the steps in this guide, you'll use the program called "PowerShell", which is a program you'll see elsewhere referred to as a "terminal." This allows you to operate your computer using the command line.</p>
href="https://alexcabal.com/creating-the-perfect-gpg-keypair/">Alex Cabal</a>
and <a href="https://keyring.debian.org/creating-key.html">the Debian wiki</a>
provide good guides for setting up a secure subkey configuration.</dd>
+</dl>
</div><!-- /.troubleshooting -->
</div><!-- End .main -->
<br />
<h6>Export your key to a file</h6>
-<p>Use the following command to export your secret key so you can import it into your email client at the next <a href=#section3>step</a>. To avoid getting your key compromised, store this in a safe place, and make sure that if it is transferred, it is done so in a trusted way. Exporting your keys can be done with the following commands:</p>
+<p>Use the following command to export your secret key so you can import it into your email client at the next <a href="#section3">step</a>. To avoid getting your key compromised, store this in a safe place, and make sure that if it is transferred, it is done so in a trusted way. Exporting your keys can be done with the following commands:</p>
<span style="color:#2f5faa; font-family: monospace;">
-$ gpg --export-secret-keys -a keyid > my_secret_key.asc<br>
-$ gpg --export -a keyid > my_public_key.asc<br>
+$ gpg --export-secret-keys -a [keyid] > my_secret_key.asc<br/>
+$ gpg --export -a [keyid] > my_public_key.asc<br/>
</span><br />
<br />
<p>Just in case you lose your key, or it gets compromised, you want to generate a certificate and choose to save it in a safe place on your computer for now (please refer to <a href="#step-6c"> step 6.C</a> for how to best store your revocation cerficate safely). This step is essential for your email self-defense, as you'll learn more about in <a href="#section5">Section 5</a>.</p>
<p># Copy your keyID <span style="color:#2f5faa; font-family: monospace;">gnupg --list-key [your@email]</span> will list your public ("pub") key information, including your keyID, which is a unique list of numbers and letters. Copy this keyID, so you can use it in the following command.</p>
-<p># Generate a revocation certificate: <span style="color:#2f5faa; font-family: monospace;">gpg --output revoke.asc [keyID]</span></p>
+<p># Generate a revocation certificate: <span style="color:#2f5faa; font-family: monospace;">gpg --gen-revoke --output revoke.asc [keyID]</span></p>
<p># It will prompt you to give a reason for revocation, we recommend to use <span style="color:#2f5faa; font-family: monospace;">1 "key has been compromised"</span></p>
<p># You don't have to fill in a reason, but you can, then press enter for an empty line, and comfirm your selection.</p>
<dl>
<dt>My key doesn't seem to be working or I get a "permission denied."</dt>
-<dd>Like every other file or folder, gpg keys are subject to permissions. If these are not set correctly, your system may not be accepting your keys. You can follow the next steps to check, and update to the right permissions.<br><br>
+<dd>Like every other file or folder, gpg keys are subject to permissions. If these are not set correctly, your system may not be accepting your keys. You can follow the next steps to check, and update to the right permissions.<br/><br/>
-# Check your permissions: <span style="color:#2f5faa; font-family: monospace;">ls -l ~/.gnupg/*</span><br><br>
-# Set permissions to read, write, execute for only yourself, no others. This is the recommended permission for your folder. <br>
-You can use the code <span style="color:#2f5faa; font-family: monospace;">chmod 700 ~/.gnupg</span><br><br>
-# Set permissions to read and write for yourself only, no others. This is the recommended permission for the keys inside your folder. <br>
-You can use the code: <span style="color:#2f5faa; font-family: monospace;">chmod 600 ~/.gnupg/*</span><br><br>
+# Check your permissions: <span style="color:#2f5faa; font-family: monospace;">ls -l ~/.gnupg/*</span><br/><br/>
+# Set permissions to read, write, execute for only yourself, no others. This is the recommended permission for your folder. <br/>
+You can use the code <span style="color:#2f5faa; font-family: monospace;">chmod 700 ~/.gnupg</span><br/><br/>
+# Set permissions to read and write for yourself only, no others. This is the recommended permission for the keys inside your folder. <br/>
+You can use the code: <span style="color:#2f5faa; font-family: monospace;">chmod 600 ~/.gnupg/*</span><br/><br/>
-<p class="notes"><p>If you have (for any reason) created your own folders inside ~/.gnupg, you must also additionally apply execute permissions to that folder. Folders require execution privileges to be opened. For more information on permissions, you can check out <a href="https://helpdeskgeek.com/linux-tips/understanding-linux-permissions-chmod-usage/">this detailed information guide</a>.<br>
+<p class="notes">If you have (for any reason) created your own folders inside ~/.gnupg, you must also additionally apply execute permissions to that folder. Folders require execution privileges to be opened. For more information on permissions, you can check out <a href="https://helpdeskgeek.com/linux-tips/understanding-linux-permissions-chmod-usage/">this detailed information guide</a>.</p><br/>
</dd>
<dt class="feedback">Don't see a solution to your problem?</dt>
<dd class="feedback">Please let us know on the <a
your key</a> as a file on your computer.</dd>
<dt>Transferring your keys</dt>
-<dd>Use the following commands to transfer your keys. To avoid getting your key compromised, store it in a safe place, and make sure that if it is transferred, it is done so in a trusted way. Importing and exporting a key can be done with the following commands:<br>
+<dd>Use the following commands to transfer your keys. To avoid getting your key compromised, store it in a safe place, and make sure that if it is transferred, it is done so in a trusted way. Importing and exporting a key can be done with the following commands:<br/>
<span style="color:#2f5faa; font-family: monospace;">
-$ gpg --export-secret-keys -a keyid > my_private_key.asc<br>
-$ gpg --export -a keyid > my_public_key.asc<br>
-$ gpg --import my_private_key.asc<br>
-$ gpg --import my_public_key.asc<br>
+$ gpg --export-secret-keys -a keyid > my_private_key.asc<br/>
+$ gpg --export -a keyid > my_public_key.asc<br/>
+$ gpg --import my_private_key.asc<br/>
+$ gpg --import my_public_key.asc<br/>
</span>
<p>Ensure that the keyID printed is the correct one, and if so, then go ahead and add ultimate trust for it:</p>
<span style="color:#2f5faa; font-family: monospace;">
$ gpg --edit-key [your@email]
-</span><br>
+</span><br/>
Because this is your key, you should choose <span style="color:#2f5faa; font-family: monospace;">ultimate</span>. You shouldn't trust anyone else's key ultimately.
<div class="section-intro">
<h2><em>#3</em> Set up email encryption</h2>
-<p class="notes"><p>The Icedove (or Thunderbird) email program has PGP functionality integrated, which makes it pretty easy to work with. We'll take you through the steps of integrating and using your key in these email clients.</p>
+<p class="notes">The Icedove (or Thunderbird) email program has PGP functionality integrated, which makes it pretty easy to work with. We'll take you through the steps of integrating and using your key in these email clients.</p>
</div><!-- End .section-intro -->
<h6>Get Edward's key</h6>
<p>To encrypt an email to Edward, you need its public key, so now you'll have
to download it from a keyserver. You can do this in two different ways:</p>
-<p><strong>Option 1.</strong> In the email answer you received from Edward as a response to your first email, Edward's public key was included. On the right of the email, just above the writing area, you will find an "OpenPGP" button that has a lock and a little wheel next to it. Click that, and select <span style="color:#2f5faa">Discover</span> next to the text: "This message was sent with a key that you don't have yet." A popup with Edward's key details will follow.
+<p><strong>Option 1.</strong> In the email answer you received from Edward as a response to your first email, Edward's public key was included. On the right of the email, just above the writing area, you will find an "OpenPGP" button that has a lock and a little wheel next to it. Click that, and select <span style="color:#2f5faa">Discover</span> next to the text: "This message was sent with a key that you don't have yet." A popup with Edward's key details will follow.</p>
-<p><strong>Option 2.</strong> Open your OpenPGP manager and under "Keyserver" choose <span style="color:#2f5faa">Discover Keys Online</span>. Here, fill in Edward's email address, and import Edward's key.
+<p><strong>Option 2.</strong> Open your OpenPGP manager and under "Keyserver" choose <span style="color:#2f5faa">Discover Keys Online</span>. Here, fill in Edward's email address, and import Edward's key.</p>
<p>The option <span style="color:#2f5faa">Accepted (unverified)</span> will add this key to your key manager, and now it can be used to send encrypted emails and to verify digital signatures from Edward.</p>
projects / enc-live.git / blobdiff