<link rel="shortcut icon"
href="../static/img/favicon.ico" />
</head>
-
<body>
<!--<div style="text-align: center; padding: 2.5px; background-color: #a94442; color:#fcf8e3;"><p>Due to Enigmail's PGP functionality being migrated into Icedove and Thunderbird, steps 2 and 3 of the guide are currently out of date.</p><p> Thank you for your patience while we're working on a new round of updates.</p></div>-->
<!-- PLACE FUNDRAISER MODAL WINDOW HERE -->
-
<!-- ~~~~~~~~~ GnuPG Header and introduction text ~~~~~~~~~ -->
<header class="row" id="header"><div>
<!-- Language list for browsers that do not have JS enabled -->
<ul id="languages" class="os">
-<li><a class="current" href="/en">English - v5.0</a></li>
-<!--<li><a href="/cs">čeština - v5.0</a></li>
-<li><a href="/de">Deutsch - v4.0</a></li>
-<li><a href="/el">ελληνικά - v3.0</a></li>
-<li><a href="/es">español - v4.0</a></li>
-<li><a href="/fa">فارسی - v4.0</a></li>
-<li><a href="/fr">français - v4.0</a></li>
-<li><a href="/it">italiano - v3.0</a></li>
-<li><a href="/ja">日本語 - v4.0</a></li>
-<li><a href="/pt-br">português do Brasil - v3.0</a></li>
-<li><a href="/ro">română - v3.0</a></li>
-<li><a href="/ru">русский - v4.0</a></li>
-<li><a href="/sq">Shqip - v4.0</a></li>
-<li><a href="/sv">svenska - v4.0</a></li>
-<li><a href="/tr">Türkçe - v5.0</a></li>
-<li><a href="/zh-hans">简体中文 - v4.0</a></li>-->
<li><strong><a href="https://libreplanet.org/wiki/GPG_guide/Translation_Guide">
Translate!</a></strong></li>
</ul>
</div>
-<p><a
-href="https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&mtm_campaign=email_self_defense&mtm_kwd=guide_donate"><img
-alt="Donate"
-src="../static/img/en/donate.png" /></a></p>
+<center><p><a href="https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&mtm_campaign=email_self_defense&mtm_kwd=guide_donate"><img alt="Donate" src="../static/img/en/donate.png" style="img align: center;"/></a></p></center>
+
+<div style="text-align: center;">
+<h5>Sign up</h5>
+<form action="https://my.fsf.org/civicrm/profile/create?reset=1&gid=31" method="post">
+<p>Enter your email address to receive our monthly newsletter, the<br><a href="https://www.fsf.org/free-software-supporter/">Free Software Supporter</a></p>
+
+<p><input id="frmEmail" type="text" name="email-Primary" size="18" maxlength="80" /></p>
+<p><input type="submit" name="_qf_Edit_next" value="Subscribe me" /></p>
+<div><input name="postURL" type="hidden" value="" />
+<input type="hidden" name="group[25]" value="1" />
+<input name="cancelURL" type="hidden" value="https://my.fsf.org/civicrm/profile?reset=1&gid=31" />
+<input name="_qf_default" type="hidden" value="Edit:cancel" />
+</div>
+</form></div>
</div><!-- End #fsf-intro -->
<div id="step-1a" class="step">
<div class="sidebar">
-<p><img
src="../static/img/en/screenshots/step1a-install-wizard.png"
alt="Step 1.A: Install Wizard" /></p>
<div id="step-1b" class="step">
<div class="main">
-<h3><em>Step 1.b</em> Get your terminal ready and install GnuPG</h3>
+<h3><em>Step 1.b</em> Install GnuPG</h3>
<p>If you are using a GNU/Linux machine, you should already have GnuPG installed, and you can skip to <a href="#section2">Section 2</a>.</p>
-<p>If you are using a macOS or Windows machine, however, you need to first install the GnuPG program. Select your operating system below and follow the steps. For the rest of the steps in this guide, the steps are the same for all operating systems. </p>
+
+<p>If you are using a macOS or Windows machine, however, you need to first install the GnuPG program. Select your operating system below and follow the instructions. For the rest of this guide, the steps are the same for all operating systems. </p>
<!-- ~~~~~~~~~ MACOS ~~~~~~~~~ -->
<div class="troubleshooting">
<dl>
<dt>Use a third-party package manager to install GnuPG</dt>
-<dd>Your macOS comes with a program called "Terminal" pre-installed, which we'll use to set up your encryption with GnuPG, using the command line. However, the default macOS package manager makes it difficult to install GnuPG and other pieces of free software (like Emacs, GIMP, or Inkscape).<br/>
-To make things easier, we recommend setting up the third-party package manager "Homebrew" to install GnuPG. Copy the link on the home page of <a href="https://brew.sh/">Homebrew</a> and paste it in Terminal. Click "Enter" and wait for it to finalize.<br/>
-When it is done, install the program by entering the following code in Terminal:<br/>
-<code>brew install gnupg gnupg2</code>. After installation is done, you can follow the steps of the rest of this guide.</dd>
+<dd>
+<p>The default macOS package manager makes it difficult to install GnuPG and other pieces of free software (like Emacs, GIMP, or Inkscape). To make things easier, we recommend setting up the third-party package manager "Homebrew" to install GnuPG. For this, we will use a program called "Terminal," which is pre-installed on macOS.</p>
+
+<p># Copy the first command on the home page of <a href="https://brew.sh/">Homebrew</a> by clicking on the clipboard icon, and paste it in Terminal. Click "Enter" and wait for the installation to finalize.</p>
+<p># Then install GnuPG by entering the following code in Terminal:<br/>
+<code>brew install gnupg gnupg2</code></p>
+</dd>
</dl>
</div><!-- /.troubleshooting -->
<div class="section-intro">
<h2><em>#2</em> Make your keys</h2>
-<p><img style="float:right; width:400px; margin-bottom:20px;" src="../static/img/en/screenshots/step2a-01-make-keypair.png" alt="A robot with a head shaped like a key holding a private and a public key"/></p>
+<p class="float medium"><img src="../static/img/en/screenshots/step2a-01-make-keypair.png" alt="A robot with a head shaped like a key holding a private and a public key"/></p>
<p>To use the GnuPG system, you'll need a public key and a private key (known
together as a keypair). Each is a long string of randomly generated numbers
<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
<div id="step-2a" class="step">
<div class="sidebar">
-<p><img
src="../static/img/en/screenshots/step2a-02-make-keypair.png"
alt="Step 2.A: Make your Keypair" /></p>
-<br />
-<p><img
+
src="../static/img/en/screenshots/step2a-03-make-keypair.png"
alt="Step 2.A: Set your passphrase" /></p>
<p>We will use the command line in a terminal to create a keypair using the
GnuPG program.</p>
-<p class="notes">A terminal is installed by default on most GNU/Linux
-systems; if you are running macOS, use "Terminal" as in Step 1.B; if you
-are running Windows, use a program named "PowerShell". You can launch your
-terminal from the Applications menu, or (on some GNU/Linux systems) with
-the <kbd>Ctrl + Alt + T</kbd> shortcut.</p>
+<p class="notes">Whether on GNU/Linux, macOS or Windows, you can launch your
+terminal ("Terminal" in macOS, "PowerShell" in Windows) from the Applications
+menu (some GNU/Linux systems respond to the <kbd>Ctrl + Alt + T</kbd>
+shortcut).</p>
<p># Enter <code>gpg --full-generate-key</code> to start the process.</p>
<p># To answer what kind of key you would like to create, select the default option: <samp>1 RSA and RSA</samp>.</p>
<p># Enter the following keysize: <code>4096</code> for a strong key.</p>
<p># Choose the expiration date; we suggest <code>2y</code> (2 years).</p>
<p>Follow the prompts to continue setting up with your personal details.</p>
+<p class="notes"> Depending on your version of GPG, you may need to use
+<code>--gen-key</code> instead of <code>--full-generate-key</code>.</p>
<h4>Set your passphrase</h4>
<p>On the screen titled "Passphrase," pick a strong password! You can
<dl>
<dt>GnuPG is not installed</dt>
<dd>
-GPG is not installed. You can check if this is the case with the command <code>gpg --version</code>.
-If GnuPG is not installed, it would bring up the following result on most GNU/Linux operating systems, or something like it:
+You can check if this is the case with the command <code>gpg --version</code>.
+If GnuPG is not installed, it will bring up the following result on most GNU/Linux operating systems, or something like it:
<samp>Command 'gpg' not found, but can be installed with:
sudo apt install gnupg</samp>. Follow that command and install the program.</dd>
+<dt><i>gpg --full-generate-key</i> command not working</dt>
+<dd>Some distributions use a different version of GPG. When you receive an error code that is something along the lines of: <samp>gpg: Invalid option "--full-generate-key"</samp>, you can try the following commands: <br />
+<code>sudo apt update</code><br />
+<code>sudo apt install gnupg2</code><br />
+<code>gpg2 --full-generate-key</code><br />
+If this resolved the issue, you need to continue to use the gpg2 identifier instead of gpg throughout the following steps of the guide.
+<p class="notes"> Depending on your version of GPG, you may need to use
+<code>--gen-key</code> instead of <code>--full-generate-key</code>.</p>
+</dd>
+
<dt>I took too long to create my passphrase</dt>
<dd>That's okay. It's important to think about your passphrase. When you're ready, just follow the steps from the beginning again to create your key.</dd>
<dt>How can I see my key?</dt>
<dd>
-Use the following command to see all keys: <code>gpg--list-keys</code>. Yours should be listed in there, and later, so will Edward's (<a href="#section3">section 3</a>). If you want to see only your key, you can use <code>gpg --list-key [your@email]</code>.
+Use the following command to see all keys: <code>gpg --list-keys</code>. Yours should be listed in there, and later, so will Edward's (<a href="#section3">Section 3</a>).<br />
+If you want to see only your key, you can use <code>gpg --list-key [your@email]</code>.<br />
You can also use <code>gpg --list-secret-key</code> to see your own private key.</dd>
<dt>More resources</dt>
href="https://www.gnupg.org/gph/en/manual/c14.html#AEN25">The GNU Privacy
Handbook</a>. Make sure you stick with "RSA and RSA" (the default),
because it's newer and more secure than the algorithms the documentation
-recommends. Also make sure your key is at least 4096 bits if you
+recommends. Also make sure your key is at least 4096 bits if you
want to be secure.</dd>
<dt class="feedback">Don't see a solution to your problem?</dt>
<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
<div id="step-2b" class="step">
<div class="sidebar">
-<p><img
src="../static/img/en/screenshots/step2b-04-upload-and-certificate.png"
alt="Step 2.B: Send to server and generate a certificate" /></p>
<h4>Upload your key to a keyserver</h4>
<p>We will upload your key to a keyserver, so if someone wants to send you an encrypted message, they can download your public key from the Internet. There are multiple keyservers
-that you can select from the menu when you upload, but they are all copies
-of each other, so it doesn't matter which one you use. However, it sometimes
-takes a few hours for them to match each other when a new key is uploaded.</p>
+that you can select from the menu when you upload, but they are mostly all copies
+of each other. Any server will work, but it's good to remember which one you uploaded your key to originally. Also keep in mind, sometimes takes a few hours for them to match each other when a new key is uploaded.</p>
<p># Copy your keyID: <code>gpg --list-key [your@email]</code> will list your public ("pub") key information, including your keyID, which is a unique list of numbers and letters. Copy this keyID, so you can use it in the following command.</p>
<p># Upload your key to a server:
<code>gpg --send-key [keyID]</code></p>
<h4>Export your key to a file</h4>
<p>Use the following command to export your secret key so you can import it into your email client at the next <a href="#section3">step</a>. To avoid getting your key compromised, store this in a safe place, and make sure that if it is transferred, it is done so in a trusted way. Exporting your keys can be done with the following commands:</p>
-<p>
-<code>$ gpg --export-secret-keys -a [keyID] > my_secret_key.asc</code>
-<code>$ gpg --export -a [keyID] > my_public_key.asc</code>
-</p>
+<p><code>
+$ gpg --export-secret-keys -a [keyID] > my_secret_key.asc<br/>
+$ gpg --export -a [keyID] > my_public_key.asc
+</code></p>
<h4>Generate a revocation certificate</h4>
-<p>Just in case you lose your key, or it gets compromised, you want to generate a certificate and choose to save it in a safe place on your computer for now (please refer to <a href="#step-6c">
step 6.C</a> for how to best store your revocation cerficate safely). This step is essential for your email self-defense, as you'll learn more about in <a href="#section5">Section 5</a>.</p>
+<p>Just in case you lose your key, or it gets compromised, you want to generate a certificate and choose to save it in a safe place on your computer for now (please refer to <a href="#step-6c">
Step 6.C</a> for how to best store your revocation cerficate safely). This step is essential for your email self-defense, as you'll learn more about in <a href="#section5">Section 5</a>.</p>
<p># Copy your keyID: <code>gpg --list-key [your@email]</code> will list your public ("pub") key information, including your keyID, which is a unique list of numbers and letters. Copy this keyID, so you can use it in the following command.</p>
<p># Generate a revocation certificate: <code>gpg --gen-revoke --output revoke.asc [keyID]</code></p>
<p># It will prompt you to give a reason for revocation, we recommend to use <samp>1 = key has been compromised</samp>.</p>
-<p># You don't have to fill in a reason, but you can, then press enter for an empty line, and confirm your selection.</p>
+<p># You don't have to fill in a reason, but you can; then press "Enter" for an empty line, and confirm your selection.</p>
<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
<h4>Troubleshooting</h4>
<dl>
+<dt>Sending my key to the keyserver is not working</dt>
+<dd>Instead of using the general command to upload your key to the keyserver, you can use a more specific command and add the keyserver to your command <code>gpg --keyserver keys.openpgp.org --send-key [keyID]</code>.</dd>
+
<dt>My key doesn't seem to be working or I get a "permission denied."</dt>
<dd><p>Like every other file or folder, gpg keys are subject to permissions. If these are not set correctly, your system may not be accepting your keys. You can follow the next steps to check, and update to the right permissions.</p>
<p class="notes">If you have (for any reason) created your own folders inside ~/.gnupg, you must also additionally apply execute permissions to that folder. Folders require execution privileges to be opened. For more information on permissions, you can check out <a href="https://helpdeskgeek.com/linux-tips/understanding-linux-permissions-chmod-usage/">this detailed information guide</a>.</p>
</dd>
+
<dt class="feedback">Don't see a solution to your problem?</dt>
<dd class="feedback">Please let us know on the <a
href="https://libreplanet.org/wiki/GPG_guide/Public_Review">feedback
<dd>
<p>Use the following commands to transfer your keys. To avoid getting your key compromised, store it in a safe place, and make sure that if it is transferred, it is done so in a trusted way. Importing and exporting a key can be done with the following commands:</p>
-<p>
-<code>$ gpg --export-secret-keys -a [keyID] > my_private_key.asc</code>
-<code>$ gpg --export -a [keyID] > my_public_key.asc</code>
-<code>$ gpg --import my_private_key.asc</code>
-<code>$ gpg --import my_public_key.asc</code>
-</p>
+<p><code>
+$ gpg --export-secret-keys -a [keyID] > my_private_key.asc<br />
+$ gpg --export -a [keyID] > my_public_key.asc<br />
+$ gpg --import my_private_key.asc<br />
+$ gpg --import my_public_key.asc
+</code></p>
<p>Ensure that the keyID printed is the correct one, and if so, then go ahead and add ultimate trust for it:</p>
$ gpg --edit-key [your@email]
</code></p>
-<p>Because this is your key, you should choose <code>ultimate</code>. You shouldn't trust anyone else's key ultimately.</p>
+<p>Because this is your key, you should choose <code>ultimate</code>. You shouldn't trust anyone else's key ultimately.</p>
<p class="notes"> Refer to <a href="#step-2b">Troubleshooting in Step 2.B</a> for more information on permissions. When transferring keys, your permissions may get mixed, and errors may be prompted. These are easily avoided when your folders and files have the right permissions</p>
</dd>
<div id="step-3a" class="step">
<div class="sidebar">
-<p><img src="../static/img/en/screenshots/step3a-open-key-manager.png"
+<p
class="large"><img src="../static/img/en/screenshots/step3a-open-key-manager.png"
alt="Step 3.A: Email Menu" /></p>
-<br />
-<p><img src="../static/img/en/screenshots/step3a-import-from-file.png"
+
+<p
class="large"><img src="../static/img/en/screenshots/step3a-import-from-file.png"
alt="Step 3.A: Import From File" /></p>
-<br />
-<p><img src="../static/img/en/screenshots/step3a-success.png"
+
+<p
class="large"><img src="../static/img/en/screenshots/step3a-success.png"
alt="Step 3.A: Success" /></p>
-<br />
-<p><img src="../static/img/en/screenshots/step3a-troubleshoot.png"
+
+<p
class="large"><img src="../static/img/en/screenshots/step3a-troubleshoot.png"
alt="Step 3.A: Troubleshoot" /></p>
</div><!-- /.sidebar -->
<div class="main">
<div class="section-intro">
<h2><em>#4</em> Try it out!</h2>
-<p><img style="float:right; width:250px; margin-bottom:20px;" src="../static/img/en/screenshots/section3-try-it-out.png" alt="Illustration of a person in a house with a cat connected to a server"/></p>
+<p class="float small"><img src="../static/img/en/screenshots/section3-try-it-out.png" alt="Illustration of a person in a house with a cat connected to a server"/></p>
<p>Now you'll try a test correspondence with an FSF computer program named Edward,
who knows how to use encryption. Except where noted, these are the same
steps you'd follow when corresponding with a real, live person.</p>
may take a long time to respond, or not respond at all. We're sorry about
this and we're working hard to fix it. Your key will still work even without
testing with Edward.</p> -->
+
+<div style="clear: both"></div>
</div><!-- End .section-intro -->
<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
<div id="step-4a" class="step">
<div class="sidebar">
-<p><img
src="../static/img/en/screenshots/step4a-send-key-to-Edward.png"
alt="Step 4.A Send key to Edward." /></p>
<div id="step-4b" class="step">
<div class="sidebar">
-<p><img
src="../static/img/en/screenshots/step4b-option1-verify-key.png"
alt="Step 4.B Option 1. Verify key" /></p>
-<br />
-<p><img
+
src="../static/img/en/screenshots/step4b-option2-import-key.png"
alt="Step 4.B Option 2. Import key" /></p>
</div><!-- /.sidebar -->
<dl>
<dt>"Recipients not valid, not trusted or not found"</dt>
-<dd>You could get the above error message, or something along these lines: "Unable to send this message with end-to-end encryption, because there are problems with the keys of the following recipients: ..." In these cases, you may be trying to send an encrypted email to someone when you do not have their public key yet. Make sure you follow the steps above to import the key to your key manager. Open OpenPGP Key Manager to make sure the recipient is listed there.</dd>
+<dd>You could get the above error message, or something along these lines: "Unable to send this message with end-to-end encryption, because there are problems with the keys of the following recipients: ..." In these cases, you may be trying to send an encrypted email to someone when you do not have their public key yet. Make sure you follow the steps above to import the key to your key manager. Open the OpenPGP Key Manager to make sure the recipient is listed there.</dd>
<dt>Unable to send message</dt>
<dd>You could get the following message when trying to send your encrypted email: "Unable to send this message with end-to-end encryption, because there are problems with the keys of the following recipients: edward-en@fsf.org." This usually means you imported the key with the "unaccepted (unverified) option." Go to the "key properties" of this key by right clicking on the key in the OpenPGP Key Manager, and select the option <i>Yes, but I have not verified that this is the correct key</i> in the "Acceptance" option at the bottom of this window. Resend the email.</dd>
<dt>I can't find Edward's key</dt>
<dd>Close the pop-ups that have appeared since you clicked Send. Make sure
-you are connected to the Internet and try again. If that doesn't work, repeat
-the process, choosing a different keyserver when it asks you to pick one.</dd>
+you are connected to the Internet and try again. If that doesn't work, you can download the key manually from <a href="https://keys.openpgp.org/search?q=edward-en%40fsf.org">the keyserver</a>, and import it by using the <i>Import Public Key(s) from File</i> option in the OpenPGP Key Manager.</dd>
<dt>Unscrambled messages in the Sent folder</dt>
<dd>Even though you can't decrypt messages encrypted to someone else's key,
<div id="step-4c" class="step">
<div class="sidebar">
-<p><img
src="../static/img/en/screenshots/step4c-Edward-response.png"
alt="Step 4.C Edward's response" /></p>
<div class="section-intro">
<h2><em>#5</em> Learn about the Web of Trust</h2>
-<p><img style="float:right; width:250px; margin-bottom:20px;" src="../static/img/en/screenshots/section5-web-of-trust.png" alt="Illustration of keys all interconnected with a web of lines"/></p>
+<p class="float small"><img src="../static/img/en/screenshots/section5-web-of-trust.png" alt="Illustration of keys all interconnected with a web of lines"/></p>
<p>Email encryption is a powerful technology, but it has a weakness:
it requires a way to verify that a person's public key is actually
<div id="step-5a" class="step">
<div class="sidebar">
-<p><img
src="../static/img/en/screenshots/step5a-key-properties.png"
alt="Section 5: trusting a key" /></p>
<div id="step-6a" class="step">
<div class="sidebar">
-<p><img
src="../static/img/en/screenshots/section6-01-use-it-well.png"
alt="Section 6: Use it Well (1)" /></p>
<div id="step-6b" class="step">
<div class="sidebar">
-<p><img
src="../static/img/en/screenshots/section6-02-use-it-well.png"
alt="Section 6: Use it Well (2)" /></p>
projects / enc.git / blobdiff