--- /dev/null
+<!-- include virtual="head.html" -->
+
+<!-- ~~~~~~~~~ GnuPG Header and introduction text ~~~~~~~~~ -->
+<header class="row" id="header"><div>
+
+<h1>Email Self-Defense</h1>
+
+<!-- include virtual="translist.html" -->
+
+<ul id="menu" class="os">
+<!-- START DELETION 01, KEEP IN index -->
+<li class="spacer"><a href="index.html" class="current">GNU/Linux</a></li>
+<li><a href="mac.html">Mac OS</a></li>
+<li><a href="windows.html">Windows</a></li>
+<li class="spacer"><a href="workshops.html">Teach your friends</a></li>
+<!-- END DELETION 01 -->
+<!-- START DELETION 02, KEEP IN mac -->
+<li class="spacer"><a href="index.html">GNU/Linux</a></li>
+<li><a href="mac.html" class="current">Mac OS</a></li>
+<li><a href="windows.html">Windows</a></li>
+<li class="spacer"><a href="workshops.html">Teach your friends</a></li>
+<!-- END DELETION 02 -->
+<!-- START DELETION 03, KEEP IN windows -->
+<li class="spacer"><a href="index.html">GNU/Linux</a></li>
+<li><a href="mac.html">Mac OS</a></li>
+<li><a href="windows.html" class="current">Windows</a></li>
+<li class="spacer"><a href="workshops.html">Teach your friends</a></li>
+<!-- END DELETION 03 -->
+<li class="spacer"><a
+href="https://fsf.org/share?u=https://u.fsf.org/zb&t=Email encryption for everyone via %40fsf">
+Share
+<img src="//static.fsf.org/nosvn/enc-dev0/img/gnu-social.png" class="share-logo"
+alt="[GNU Social]" />
+<img src="//static.fsf.org/nosvn/enc-dev0/img/mastodon.png" class="share-logo"
+alt="[Mastodon]" />
+<img src="//static.fsf.org/nosvn/enc-dev0/img/reddit-alien.png" class="share-logo"
+alt="[Reddit]" />
+<img src="//static.fsf.org/nosvn/enc-dev0/img/hacker-news.png" class="share-logo"
+alt="[Hacker News]" /></a></li>
+</ul>
+
+<!-- ~~~~~~~~~ FSF Introduction ~~~~~~~~~ -->
+<div id="fsf-intro">
+
+<h3><a href="http://u.fsf.org/ys"><img
+alt="Free Software Foundation"
+src="//static.fsf.org/nosvn/enc-dev0/img/fsf-logo.png" />
+</a></h3>
+
+<div class="fsf-emphasis">
+
+<p>We fight for computer users' rights, and promote the development of free (as
+in freedom) software. Resisting bulk surveillance is very important to us.</p>
+
+<p><strong>Please donate to support Email Self-Defense. We need to keep
+improving it, and making more materials, for the benefit of people around
+the world taking the first step towards protecting their privacy.</strong></p>
+
+</div>
+
+<p><a
+href="https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&pk_campaign=email_self_defense&pk_kwd=guide_donate"><img
+alt="Donate"
+src="//static.fsf.org/nosvn/enc-dev0/img/en/donate.png" /></a></p>
+
+</div><!-- End #fsf-intro -->
+
+<!-- ~~~~~~~~~ Guide Introduction ~~~~~~~~~ -->
+<div class="intro">
+
+<p><a id="infographic" href="infographic.html"><img
+src="//static.fsf.org/nosvn/enc-dev0/img/en/infographic-button.png"
+alt="View & share our infographic →" /></a>
+Bulk surveillance violates our fundamental rights and makes free speech
+risky. This guide will teach you a basic surveillance self-defense skill: email
+encryption. Once you've finished, you'll be able to send and receive emails
+that are scrambled to make sure a surveillance agent or thief intercepting
+your email can't read them. All you need is a computer with an Internet
+connection, an email account, and about forty minutes.</p>
+
+<p>Even if you have nothing to hide, using encryption helps protect the privacy
+of people you communicate with, and makes life difficult for bulk surveillance
+systems. If you do have something important to hide, you're in good company;
+these are the same tools that whistleblowers use to protect their identities
+while shining light on human rights abuses, corruption and other crimes.</p>
+
+<p>In addition to using encryption, standing up
+to surveillance requires fighting politically for a <a
+href="http://gnu.org/philosophy/surveillance-vs-democracy.html">reduction
+in the amount of data collected on us</a>, but the essential first step is
+to protect yourself and make surveillance of your communication as difficult
+as possible. This guide helps you do that. It is designed for beginners, but
+if you already know the basics of GnuPG or are an experienced free software
+user, you'll enjoy the advanced tips and the <a href="workshops.html">guide
+to teaching your friends</a>.</p>
+
+</div><!-- End .intro -->
+</div></header><!-- End #header -->
+
+<!-- ~~~~~~~~~ Section 1: Get the pieces ~~~~~~~~~ -->
+<section class="row" id="section1"><div>
+
+<!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
+<div class="section-intro">
+
+<h2><em>#1</em> Get the pieces</h2>
+
+<!-- START DELETION 04, KEEP IN index -->
+<p class="notes">This guide relies on software which is <a
+href="https://www.gnu.org/philosophy/free-sw.html">freely licensed</a>;
+it's completely transparent and anyone can copy it or make their
+own version. This makes it safer from surveillance than proprietary
+software (like Windows). Learn more about free software at <a
+href="https://u.fsf.org/ys">fsf.org</a>.</p>
+
+<p>Most GNU/Linux operating systems come with GnuPG installed on them,
+so you don't have to download it. Before configuring GnuPG though, you'll
+need the IceDove desktop email program installed on your computer. Most
+GNU/Linux distributions have IceDove installed already, though it may be
+under the alternate name "Thunderbird." Email programs are another way to
+access the same email accounts you can access in a browser (like Gmail),
+but provide extra features.</p>
+<!-- END DELETION 04 -->
+<!-- START DELETION 05, KEEP IN mac windows -->
+<p class="notes">This guide relies on software which is <a
+href="https://www.gnu.org/philosophy/free-sw.html">freely licensed</a>; it's
+completely transparent and anyone can copy it or make their own version. This
+makes it safer from surveillance than proprietary software (like Windows or Mac
+OS). To defend your freedom as well as protect yourself from surveillance, we
+recommend you switch to a free software operating system like GNU/Linux. Learn
+more about free software at <a href="https://u.fsf.org/ys">fsf.org</a>.</p>
+
+<p>To get started, you'll need the IceDove desktop email program installed
+on your computer. For your system, IceDove may be known by the alternate name
+"Thunderbird." Email programs are another way to access the same email accounts
+you can access in a browser (like Gmail), but provide extra features.</p>
+<!-- END DELETION 05 -->
+
+<p>If you already have an email program, you can skip to <a
+href="#step-1b">Step 1.b</a>.</p>
+
+</div><!-- End .section-intro -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-1a" class="step">
+<div class="sidebar">
+
+<p><img
+src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1a-install-wizard.png"
+alt="Step 1.A: Install Wizard" /></p>
+
+</div><!-- /.sidebar -->
+<div class="main">
+
+<h3><em>Step 1.a</em> Set up your email program with your email account</h3>
+
+<p>Open your email program and follow the wizard (step-by-step walkthrough)
+that sets it up with your email account.</p>
+
+<p>Look for the letters SSL, TLS, or STARTTLS to the right of the servers
+when you're setting up your account. If you don't see them, you will still
+be able to use encryption, but this means that the people running your email
+system are running behind the industry standard in protecting your security
+and privacy. We recommend that you send them a friendly email asking them
+to enable SSL, TLS, or STARTTLS for your email server. They will know what
+you're talking about, so it's worth making the request even if you aren't
+an expert on these security systems.</p>
+
+<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
+<div class="troubleshooting">
+
+<h4>Troubleshooting</h4>
+
+<dl>
+<dt>The wizard doesn't launch</dt>
+<dd>You can launch the wizard yourself, but the menu option for doing so is
+named differently in each email program. The button to launch it will be in
+the program's main menu, under "New" or something similar, titled something
+like "Add account" or "New/Existing email account."</dd>
+
+<dt>The wizard can't find my account or isn't downloading my mail</dt>
+<dd>Before searching the Web, we recommend you start by asking other people
+who use your email system, to figure out the correct settings.</dd>
+
+<dt class="feedback">Don't see a solution to your problem?</dt>
+<dd class="feedback">Please let us know on the <a
+href="https://libreplanet.org/wiki/GPG_guide/Public_Review">feedback
+page</a>.</dd>
+</dl>
+
+</div><!-- /.troubleshooting -->
+</div><!-- End .main -->
+</div><!-- End #step1-a .step -->
+
+<!-- START DELETION 06, KEEP IN mac -->
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-1b" class="step">
+<div class="main">
+
+<h3><em>Step 1.b</em> Get GnuPG by downloading GPGTools</h3>
+
+<p>GPGTools is a software package that includes GnuPG. <a
+href="https://gpgtools.org/#gpgsuite">Download</a> and install it, choosing
+default options whenever asked. After it's installed, you can close any
+windows that it creates.</p>
+
+<p>There are major security flaws in versions of GnuPG provided by GPGTools
+prior to 2018.3. Make sure you have GPGTools 2018.3 or later.</p>
+
+</div><!-- End .main -->
+</div><!-- End #step1-b .step -->
+<!-- END DELETION 06 -->
+<!-- START DELETION 07, KEEP IN windows -->
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-1b" class="step">
+<div class="main">
+
+<h3><em>Step 1.b</em> Get GnuPG by downloading GPG4Win</h3>
+
+<p>GPG4Win is a software package that includes GnuPG. <a
+href="https://www.gpg4win.org/">Download</a> and install it, choosing default
+options whenever asked. After it's installed, you can close any windows that
+it creates.</p>
+
+<p>There are major security flaws in versions of GnuPG provided by GPG4Win
+prior to 3.1.2. Make sure you have GPG4Win 3.1.2 or later.</p>
+
+</div><!-- End .main -->
+</div><!-- End #step1-b .step -->
+<!-- END DELETION 07 -->
+<!-- START DELETION 08, KEEP IN index -->
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-1b" class="step">
+<div class="sidebar">
+<ul class="images">
+<li><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-01-tools-addons.png"
+alt="Step 1.B: Tools -> Add-ons" /></li>
+<li><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-02-search.png"
+alt="Step 1.B: Search Add-ons" /></li>
+<li><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-03-install.png"
+alt="Step 1.B: Install Add-ons" /></li>
+</ul>
+
+</div><!-- /.sidebar -->
+<div class="main">
+
+<h3><em>Step 1.b</em> Install the Enigmail plugin for your email program</h3>
+
+<p>In your email program's menu, select Add-ons (it may be in the Tools
+section). Make sure Extensions is selected on the left. Do you see Enigmail?
+Make sure it's the latest version. If so, skip this step.</p>
+
+<p>If not, search "Enigmail" with the search bar in the upper right. You
+can take it from here. Restart your email program when you're done.</p>
+
+<p>There are major security flaws in versions of GnuPG prior to 2.2.8, and
+Enigmail prior to 2.0.7. Make sure you have GnuPG 2.2.8 and Enigmail 2.0.7,
+or later versions.</p>
+
+<!-- END DELETION 08 -->
+<!-- START DELETION 09, KEEP IN mac windows -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-1c" class="step">
+<div class="sidebar">
+<ul class="images">
+<li><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-01-tools-addons.png"
+alt="Step 1.C: Tools -> Add-ons" /></li>
+<li><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-02-search.png"
+alt="Step 1.C: Search Add-ons" /></li>
+<li><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-03-install.png"
+alt="Step 1.C: Install Add-ons" /></li>
+</ul>
+
+</div><!-- /.sidebar -->
+<div class="main">
+
+<h3><em>Step 1.c</em> Install the Enigmail plugin for your email program</h3>
+
+<p>In your email program's menu, select Add-ons (it may be in the Tools
+section). Make sure Extensions is selected on the left. Do you see Enigmail?
+Make sure it's the latest version. If so, skip this step.</p>
+
+<p>If not, search "Enigmail" with the search bar in the upper right. You
+can take it from here. Restart your email program when you're done.</p>
+
+<p>There are major security flaws in Enigmail prior to version 2.0.7. Make
+sure you have Enigmail 2.0.7 or later.</p>
+
+<!-- END DELETION 09 -->
+<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
+<div class="troubleshooting">
+
+<h4>Troubleshooting</h4>
+
+<dl>
+<dt>I can't find the menu.</dt>
+<dd>In many new email programs, the main menu is represented by an image of
+three stacked horizontal bars.</dd>
+
+<dt>My email looks weird</dt>
+<dd>Enigmail doesn't tend to play nice with HTML, which is used to format
+emails, so it may disable your HTML formatting automatically. To send an
+HTML-formatted email without encryption or a signature, hold down the Shift
+key when you select compose. You can then write an email as if Enigmail
+wasn't there.</dd>
+
+<dt class="feedback">Don't see a solution to your problem?</dt>
+<dd class="feedback">Please let us know on the <a
+href="https://libreplanet.org/wiki/GPG_guide/Public_Review">feedback
+page</a>.</dd>
+</dl>
+
+</div><!-- /.troubleshooting -->
+</div><!-- End .main -->
+</div><!-- End #step-1b .step -->
+</div></section><!-- End #section1 -->
+
+<!-- ~~~~~~~~~ Section 2: Make your keys ~~~~~~~~~ -->
+<section class="row" id="section2"><div>
+
+<!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
+<div class="section-intro">
+
+<h2><em>#2</em> Make your keys</h2>
+
+<p>To use the GnuPG system, you'll need a public key and a private key (known
+together as a keypair). Each is a long string of randomly generated numbers
+and letters that are unique to you. Your public and private keys are linked
+together by a special mathematical function.</p>
+
+<p>Your public key isn't like a physical key, because it's stored in the open
+in an online directory called a keyserver. People download it and use it,
+along with GnuPG, to encrypt emails they send to you. You can think of the
+keyserver as a phonebook; people who want to send you encrypted email can
+look up your public key.</p>
+
+<p>Your private key is more like a physical key, because you keep it to
+yourself (on your computer). You use GnuPG and your private key together to
+descramble encrypted emails other people send to you. <span style="font-weight:
+bold;">You should never share your private key with anyone, under any
+circumstances.</span></p>
+
+<p>In addition to encryption and decryption, you can also use these keys to
+sign messages and check the authenticity of other people's signatures. We'll
+discuss this more in the next section.</p>
+
+</div><!-- End .section-intro -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-2a" class="step">
+<div class="sidebar">
+
+<p><img
+src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step2a-01-make-keypair.png"
+alt="Step 2.A: Make a Keypair" /></p>
+
+</div><!-- /.sidebar -->
+<div class="main">
+
+<h3><em>Step 2.a</em> Make a keypair</h3>
+
+<p>The Enigmail Setup wizard may start automatically. If it doesn't, select
+Enigmail → Setup Wizard from your email program's menu. You don't need
+to read the text in the window that pops up unless you'd like to, but it's
+good to read the text on the later screens of the wizard. Click Next with
+the default options selected, except in these instances, which are listed
+in the order they appear:</p>
+
+<ul>
+<li>On the screen titled "Encryption," select "Encrypt all of my messages
+by default, because privacy is critical to me."</li>
+
+<li>On the screen titled "Signing," select "Don't sign my messages by
+default."</li>
+
+<li>On the screen titled "Key Selection," select "I want to create a new
+key pair for signing and encrypting my email."</li>
+
+<li>On the screen titled "Create Key," pick a strong password! You can
+do it manually, or you can use the Diceware method. Doing it manually
+is faster but not as secure. Using Diceware takes longer and requires
+dice, but creates a password that is much harder for attackers to figure
+out. To use it, read the section "Make a secure passphrase with Diceware" in <a
+href="https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/">
+this article</a> by Micah Lee.</li>
+</ul>
+
+<p>If you'd like to pick a password manually, come up with something
+you can remember which is at least twelve characters long, and includes
+at least one lower case and upper case letter and at least one number or
+punctuation symbol. Never pick a password you've used elsewhere. Don't use
+any recognizable patterns, such as birthdays, telephone numbers, pets' names,
+song lyrics, quotes from books, and so on.</p>
+
+<p class="notes">The program will take a little while to finish the next
+step, the "Key Creation" screen. While you wait, do something else with your
+computer, like watching a movie or browsing the Web. The more you use the
+computer at this point, the faster the key creation will go.</p>
+
+<p><span style="font-weight: bold;">When the "Key Generation Completed" screen
+pops up, select Generate Certificate and choose to save it in a safe place on
+your computer (we recommend making a folder called "Revocation Certificate"
+in your home folder and keeping it there). This step is essential for your
+email self-defense, as you'll learn more about in <a href="#section5">Section
+5</a>.</span></p>
+
+<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
+<div class="troubleshooting">
+
+<h4>Troubleshooting</h4>
+
+<dl>
+<dt>I can't find the Enigmail menu.</dt>
+<dd>In many new email programs, the main menu is represented by an image
+of three stacked horizontal bars. Enigmail may be inside a section called
+Tools.</dd>
+
+<!-- START DELETION 12, KEEP IN index -->
+<dt>The wizard says that it cannot find GnuPG.</dt>
+<dd>Open whatever program you usually use for installing software, and search
+for GnuPG, then install it. Then restart the Enigmail setup wizard by going
+to Enigmail → Setup Wizard.</dd>
+
+<!-- END DELETION 12, KEEP IN index -->
+<dt>More resources</dt>
+<dd>If you're having trouble with our
+instructions or just want to learn more, check out <a
+href="https://www.enigmail.net/documentation/Key_Management#Generating_your_own_key_pair">
+Enigmail's wiki instructions for key generation</a>.</dd>
+
+<dt class="feedback">Don't see a solution to your problem?</dt>
+<dd class="feedback">Please let us know on the <a
+href="https://libreplanet.org/wiki/GPG_guide/Public_Review">feedback
+page</a>.</dd>
+</dl>
+
+</div><!-- /.troubleshooting -->
+
+<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
+<div class="troubleshooting">
+
+<h4>Advanced</h4>
+
+<dl>
+<dt>Command line key generation</dt>
+<dd>If you prefer using the command line for a higher
+degree of control, you can follow the documentation from <a
+href="https://www.gnupg.org/gph/en/manual/c14.html#AEN25">The GNU Privacy
+Handbook</a>. Make sure you stick with "RSA and RSA" (the default),
+because it's newer and more secure than the algorithms the documentation
+recommends. Also make sure your key is at least 2048 bits, or 4096 if you
+want to be extra secure.</dd>
+
+<dt>Advanced key pairs</dt>
+<dd>When GnuPG creates a new keypair, it compartmentalizes
+the encryption function from the signing function through <a
+href="https://wiki.debian.org/Subkeys">subkeys</a>. If you use
+subkeys carefully, you can keep your GnuPG identity much more
+secure and recover from a compromised key much more quickly. <a
+href="https://alexcabal.com/creating-the-perfect-gpg-keypair/">Alex Cabal</a>
+and <a href="http://keyring.debian.org/creating-key.html">the Debian wiki</a>
+provide good guides for setting up a secure subkey configuration.</dd>
+</dl>
+
+</div><!-- /.troubleshooting -->
+</div><!-- End .main -->
+</div><!-- End #step-2a .step -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-2b" class="step">
+<div class="main">
+
+<h3><em>Step 2.b</em> Upload your public key to a keyserver</h3>
+
+<p>In your email program's menu, select Enigmail → Key Management.</p>
+
+<p>Right click on your key and select Upload Public Keys to Keyserver. You
+don't have to use the default keyserver. If, after research, you would like
+to change to a different default keyserver, you can change that setting
+manually in the Enigmail preferences.</p>
+
+<p class="notes">Now someone who wants to send you an encrypted message can
+download your public key from the Internet. There are multiple keyservers
+that you can select from the menu when you upload, but they are all copies
+of each other, so it doesn't matter which one you use. However, it sometimes
+takes a few hours for them to match each other when a new key is uploaded.</p>
+
+<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
+<div class="troubleshooting">
+
+<h4>Troubleshooting</h4>
+
+<dl>
+<dt>The progress bar never finishes</dt>
+<dd>Close the upload popup, make sure you are connected to the Internet,
+and try again. If that doesn't work, try again, selecting a different
+keyserver.</dd>
+
+<dt>My key doesn't appear in the list</dt>
+<dd>Try checking "Display All Keys by Default."</dd>
+
+<dt>More documentation</dt>
+<dd>If you're having trouble with our
+instructions or just want to learn more, check out <a
+href="https://www.enigmail.net/documentation/Key_Management#Distributing_your_public_key">
+Enigmail's documentation</a>.</dd>
+
+<dt class="feedback">Don't see a solution to your problem?</dt>
+<dd class="feedback">Please let us know on the <a
+href="https://libreplanet.org/wiki/GPG_guide/Public_Review">feedback
+page</a>.</dd>
+</dl>
+
+</div><!-- /.troubleshooting -->
+
+<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
+<div class="troubleshooting">
+
+<h4>Advanced</h4>
+
+<dl>
+<dt>Uploading a key from the command line</dt>
+<dd>You can also upload your keys to a keyserver through the <a
+href="https://www.gnupg.org/gph/en/manual/x457.html">command line</a>. <a
+href="https://sks-keyservers.net/overview-of-pools.php">The sks Web site</a>
+maintains a list of highly interconnected keyservers. You can also <a
+href="https://www.gnupg.org/gph/en/manual/x56.html#AEN64">directly export
+your key</a> as a file on your computer.</dd>
+</dl>
+
+</div><!-- /.troubleshooting -->
+</div><!-- End .main -->
+</div><!-- End #step-2b .step -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="terminology" class="step">
+<div class="main">
+
+<h3>GnuPG, OpenPGP, what?</h3>
+
+<p>In general, the terms GnuPG, GPG, GNU Privacy Guard, OpenPGP and PGP
+are used interchangeably. Technically, OpenPGP (Pretty Good Privacy) is the
+encryption standard, and GNU Privacy Guard (often shortened to GPG or GnuPG)
+is the program that implements the standard. Enigmail is a plug-in program
+for your email program that provides an interface for GnuPG.</p>
+
+</div><!-- End .main -->
+</div><!-- End #terminology.step-->
+</div></section><!-- End #section2 -->
+
+<!-- ~~~~~~~~~ Section 3: Try it out ~~~~~~~~~ -->
+<section class="row" id="section3"><div>
+
+<!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
+<div class="section-intro">
+
+<h2><em>#3</em> Try it out!</h2>
+
+<p>Now you'll try a test correspondence with a computer program named Edward,
+who knows how to use encryption. Except where noted, these are the same
+steps you'd follow when corresponding with a real, live person.</p>
+
+<!-- <p>NOTE: Edward is currently having some technical difficulties, so he
+may take a long time to respond, or not respond at all. We're sorry about
+this and we're working hard to fix it. Your key will still work even without
+testing with Edward.</p> -->
+</div><!-- End .section-intro -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-3a" class="step">
+<div class="sidebar">
+
+<p><img
+src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/section3-try-it-out.png"
+alt="Try it out." /></p>
+
+</div><!-- /.sidebar -->
+<div class="main">
+
+<h3><em>Step 3.a</em> Send Edward your public key</h3>
+
+<p>This is a special step that you won't have to do when corresponding
+with real people. In your email program's menu, go to Enigmail → Key
+Management. You should see your key in the list that pops up. Right click
+on your key and select Send Public Keys by Email. This will create a new
+draft message, as if you had just hit the Write button.</p>
+
+<p>Address the message to <a
+href="mailto:edward-en@fsf.org">edward-en@fsf.org</a>. Put at least one word
+(whatever you want) in the subject and body of the email. Don't send yet.</p>
+
+<p>The lock icon in the top left should be yellow, meaning encryption is
+turned on. We want this first special message to be unencrypted, so
+click the icon once to turn it off. The lock should become grey, with a
+blue dot on it (to alert you that the setting has been changed from the
+default). Once encryption is off, hit Send.</p>
+
+<p class="notes">It may take two or three minutes for Edward to
+respond. In the meantime, you might want to skip ahead and check out the <a
+href="#section5">Use it Well</a> section of this guide. Once he's responded,
+head to the next step. From here on, you'll be doing just the same thing as
+when corresponding with a real person.</p>
+
+<p>When you open Edward's reply, GnuPG may prompt you for your password
+before using your private key to decrypt it.</p>
+
+</div><!-- End .main -->
+</div><!-- End #step-3a .step -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-3b" class="step">
+<div class="main">
+
+<h3><em>Step 3.b</em> Send a test encrypted email</h3>
+
+<p>Write a new email in your email program, addressed to <a
+href="mailto:edward-en@fsf.org">edward-en@fsf.org</a>. Make the subject
+"Encryption test" or something similar and write something in the body.</p>
+
+<p>The lock icon in the top left of the window should be yellow, meaning
+encryption is on. This will be your default from now on.</p>
+
+<p class="notes">Next to the lock, you'll notice an icon of a pencil. We'll
+get to this in a moment.</p>
+
+<p>Click Send. Enigmail will pop up a window that says "Recipients not valid,
+not trusted or not found."</p>
+
+<p>To encrypt an email to Edward, you need his public key, so now you'll have
+Enigmail download it from a keyserver. Click Download Missing Keys and use
+the default in the pop-up that asks you to choose a keyserver. Once it finds
+keys, check the first one (Key ID starting with C), then select ok. Select
+ok in the next pop-up.</p>
+
+<p>Now you are back at the "Recipients not valid, not trusted or not found"
+screen. Check the box in front of Edward's key and click Send.</p>
+
+<p class="notes">Since you encrypted this email with Edward's public key,
+Edward's private key is required to decrypt it. Edward is the only one with
+his private key, so no one except him can decrypt it.</p>
+
+<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
+<div class="troubleshooting">
+
+<h4>Troubleshooting</h4>
+
+<dl>
+<dt>Enigmail can't find Edward's key</dt>
+<dd>Close the pop-ups that have appeared since you clicked Send. Make sure
+you are connected to the Internet and try again. If that doesn't work, repeat
+the process, choosing a different keyserver when it asks you to pick one.</dd>
+
+<dt>Unscrambled messages in the Sent folder</dt>
+<dd>Even though you can't decrypt messages encrypted to someone else's key,
+your email program will automatically save a copy encrypted to your public key,
+which you'll be able to view from the Sent folder like a normal email. This
+is normal, and it doesn't mean that your email was not sent encrypted.</dd>
+
+<dt>More resources</dt>
+<dd>If you're still having trouble with our
+instructions or just want to learn more, check out <a
+href="https://www.enigmail.net/documentation/Signature_and_Encryption#Encrypting_a_message">
+Enigmail's wiki</a>.</dd>
+
+<dt class="feedback">Don't see a solution to your problem?</dt>
+<dd class="feedback">Please let us know on the <a
+href="https://libreplanet.org/wiki/GPG_guide/Public_Review">feedback
+page</a>.</dd>
+</dl>
+
+</div><!-- /.troubleshooting -->
+
+<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
+<div class="troubleshooting">
+
+<h4>Advanced</h4>
+
+<dl>
+<dt>Encrypt messages from the command line</dt>
+<dd>You can also encrypt and decrypt messages and files from the <a
+href="https://www.gnupg.org/gph/en/manual/x110.html">command line</a>,
+if that's your preference. The option --armor makes the encrypted output
+appear in the regular character set.</dd>
+</dl>
+
+</div><!-- /.troubleshooting -->
+</div><!-- End .main -->
+</div><!-- End #step-3b .step -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-headers_unencrypted" class="step">
+<div class="main">
+
+<h3><em>Important:</em> Security tips</h3>
+
+<p>Even if you encrypt your email, the subject line is not encrypted, so
+don't put private information there. The sending and receiving addresses
+aren't encrypted either, so a surveillance system can still figure out who
+you're communicating with. Also, surveillance agents will know that you're
+using GnuPG, even if they can't figure out what you're saying. When you
+send attachments, Enigmail will give you the choice to encrypt them or not,
+independent of the actual email.</p>
+
+<!-- START DELETION 10, KEEP IN index -->
+<p>For greater security against potential attacks, you can turn off
+HTML. Instead, you can render the message body as plain text. In order
+to do this in Thunderbird, go to View > Message Body As > Plain
+Text.</p>
+<!-- END DELETION 10 -->
+<!-- START DELETION 11, KEEP IN mac windows -->
+<p>For greater security against potential attacks, you can turn off
+HTML. Instead, you can render the message body as plain text.</p>
+<!-- END DELETION 11 -->
+
+</div><!-- End .main -->
+</div><!-- End #step-headers_unencrypted .step-->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-3c" class="step">
+<div class="main">
+
+<h3><em>Step 3.c</em> Receive a response</h3>
+
+<p>When Edward receives your email, he will use his private key to decrypt
+it, then reply to you. </p>
+
+<p class="notes">It may take two or three minutes for Edward to
+respond. In the meantime, you might want to skip ahead and check out the <a
+href="#section5">Use it Well</a> section of this guide.</p>
+
+</div><!-- End .main -->
+</div><!-- End #step-3c .step -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-3d" class="step">
+<div class="main">
+
+<h3><em>Step 3.d</em> Send a test signed email</h3>
+
+<p>GnuPG includes a way for you to sign messages and files, verifying that
+they came from you and that they weren't tampered with along the way. These
+signatures are stronger than their pen-and-paper cousins -- they're impossible
+to forge, because they're impossible to create without your private key
+(another reason to keep your private key safe).</p>
+
+<p>You can sign messages to anyone, so it's a great way to make people
+aware that you use GnuPG and that they can communicate with you securely. If
+they don't have GnuPG, they will be able to read your message and see your
+signature. If they do have GnuPG, they'll also be able to verify that your
+signature is authentic.</p>
+
+<p>To sign an email to Edward, compose any message to him and click the
+pencil icon next to the lock icon so that it turns gold. If you sign a
+message, GnuPG may ask you for your password before it sends the message,
+because it needs to unlock your private key for signing.</p>
+
+<p>With the lock and pencil icons, you can choose whether each message will
+be encrypted, signed, both, or neither.</p>
+
+</div>
+</div>
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-3e" class="step">
+<div class="main">
+
+<h3><em>Step 3.e</em> Receive a response</h3>
+
+<p>When Edward receives your email, he will use your public key (which
+you sent him in <a href="#step-3a">Step 3.A</a>) to verify the message
+you sent has not been tampered with and to encrypt his reply to you.</p>
+
+<p class="notes">It may take two or three minutes for Edward to
+respond. In the meantime, you might want to skip ahead and check out the <a
+href="#section5">Use it Well</a> section of this guide.</p>
+
+<p>Edward's reply will arrive encrypted, because he prefers to use encryption
+whenever possible. If everything goes according to plan, it should say
+"Your signature was verified." If your test signed email was also encrypted,
+he will mention that first.</p>
+
+<p>When you receive Edward's email and open it, Enigmail will
+automatically detect that it is encrypted with your public key, and
+then it will use your private key to decrypt it.</p>
+
+<p>Notice the bar that Enigmail shows you above the message, with
+information about the status of Edward's key.</p>
+
+</div><!-- End .main -->
+</div><!-- End #step-3e .step -->
+</div></section>
+
+<!-- ~~~~~~~~~ Section 4: Learn the Web of Trust ~~~~~~~~~ -->
+<section class="row" id="section4"><div>
+
+<!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
+<div class="section-intro">
+
+<h2><em>#4</em> Learn the Web of Trust</h2>
+
+<p>Email encryption is a powerful technology, but it has a weakness;
+it requires a way to verify that a person's public key is actually
+theirs. Otherwise, there would be no way to stop an attacker from making
+an email address with your friend's name, creating keys to go with it and
+impersonating your friend. That's why the free software programmers that
+developed email encryption created keysigning and the Web of Trust.</p>
+
+<p>When you sign someone's key, you are publicly saying that you've verified
+that it belongs to them and not someone else.</p>
+
+<p>Signing keys and signing messages use the same type of mathematical
+operation, but they carry very different implications. It's a good practice
+to generally sign your email, but if you casually sign people's keys, you
+may accidently end up vouching for the identity of an imposter.</p>
+
+<p>People who use your public key can see who has signed it. Once you've
+used GnuPG for a long time, your key may have hundreds of signatures. You
+can consider a key to be more trustworthy if it has many signatures from
+people that you trust. The Web of Trust is a constellation of GnuPG users,
+connected to each other by chains of trust expressed through signatures.</p>
+
+</div><!-- End .section-intro -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-4a" class="step">
+<div class="sidebar">
+
+<p><img
+src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/section4-web-of-trust.png"
+alt="Section 4: Web of Trust" /></p>
+
+</div><!-- /.sidebar -->
+<div class="main">
+
+<h3><em>Step 4.a</em> Sign a key</h3>
+
+<p>In your email program's menu, go to Enigmail → Key Management.</p>
+
+<p>Right click on Edward's public key and select Sign Key from the context
+menu.</p>
+
+<p>In the window that pops up, select "I will not answer" and click ok.</p>
+
+<p>Now you should be back at the Key Management menu. Select Keyserver →
+Upload Public Keys and hit ok.</p>
+
+<p class="notes">You've just effectively said "I trust that Edward's public
+key actually belongs to Edward." This doesn't mean much because Edward isn't
+a real person, but it's good practice.</p>
+
+<!--<div id="pgp-pathfinder">
+
+<form enctype="application/x-www-form-urlencoded" action="/mk_path.cgi"
+method="get">
+
+<p><strong>From:</strong><input type="text" value="xD41A008"
+name="FROM"></p>
+
+<p><strong>To:</strong><input type="text" value="50BD01x4" name="TO"></p>
+
+<p class="buttons"><input type="submit" value="trust paths" name="PATHS"><input
+type="reset" value="reset" name=".reset"></p>
+
+</form>
+
+</div>End #pgp-pathfinder -->
+</div><!-- End .main -->
+</div><!-- End #step-4a .step -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-identify_keys" class="step">
+<div class="main">
+
+<h3>Identifying keys: Fingerprints and IDs</h3>
+
+<p>People's public keys are usually identified by their key fingerprint,
+which is a string of digits like F357AA1A5B1FA42CFD9FE52A9FF2194CC09A61E8
+(for Edward's key). You can see the fingerprint for your public key, and
+other public keys saved on your computer, by going to Enigmail → Key
+Management in your email program's menu, then right clicking on the key
+and choosing Key Properties. It's good practice to share your fingerprint
+wherever you share your email address, so that people can double-check that
+they have the correct public key when they download yours from a keyserver.</p>
+
+<p class="notes">You may also see public keys referred to by a shorter
+key ID. This key ID is visible directly from the Key Management
+window. These eight character key IDs were previously used for
+identification, which used to be safe, but is no longer reliable. You
+need to check the full fingerprint as part of verifying you have the
+correct key for the person you are trying to contact. Spoofing, in
+which someone intentionally generates a key with a fingerprint whose
+final eight characters are the same as another, is unfortunately
+common.</p>
+
+</div><!-- End .main -->
+</div><!-- End #step-identify_keys .step-->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="check-ids-before-signing" class="step">
+<div class="main">
+
+<h3><em>Important:</em> What to consider when signing keys</h3>
+
+<p>Before signing a person's key, you need to be confident that it actually
+belongs to them, and that they are who they say they are. Ideally, this
+confidence comes from having interactions and conversations with them over
+time, and witnessing interactions between them and others. Whenever signing
+a key, ask to see the full public key fingerprint, and not just the shorter
+key ID. If you feel it's important to sign the key of someone you've just
+met, also ask them to show you their government identification, and make
+sure the name on the ID matches the name on the public key. In Enigmail,
+answer honestly in the window that pops up and asks "How carefully have you
+verified that the key you are about to sign actually belongs to the person(s)
+named above?"</p>
+
+<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
+<div class="troubleshooting">
+
+<h4>Advanced</h4>
+
+<dl>
+<dt>Master the Web of Trust</dt>
+<dd>Unfortunately, trust does not spread between users the way <a
+href="http://fennetic.net/irc/finney.org/~hal/web_of_trust.html">many people
+think</a>. One of best ways to strengthen the GnuPG community is to deeply <a
+href="https://www.gnupg.org/gph/en/manual/x334.html">understand</a> the Web of
+Trust and to carefully sign as many people's keys as circumstances permit.</dd>
+
+<dt>Set ownertrust</dt>
+<dd>If you trust someone enough to validate other people's keys, you can assign
+them an ownertrust level through Enigmails's key management window. Right
+click on the other person's key, go to the "Select Owner Trust" menu option,
+select the trustlevel and click OK. Only do this once you feel you have a
+deep understanding of the Web of Trust.</dd>
+</dl>
+
+</div><!-- /.troubleshooting -->
+</div><!-- End .main -->
+</div><!-- End #check-ids-before-signing .step-->
+</div></section><!-- End #section4 -->
+
+<!-- ~~~~~~~~~ Section 5: Use it well ~~~~~~~~~ -->
+<section id="section5" class="row"><div>
+
+<!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
+<div class="section-intro">
+
+<h2><em>#5</em> Use it well</h2>
+
+<p>Everyone uses GnuPG a little differently, but it's important to follow
+some basic practices to keep your email secure. Not following them, you
+risk the privacy of the people you communicate with, as well as your own,
+and damage the Web of Trust.</p>
+
+</div><!-- End .section-intro -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-5a" class="step">
+<div class="sidebar">
+
+<p><img
+src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/section5-01-use-it-well.png"
+alt="Section 5: Use it Well (1)" /></p>
+
+</div><!-- /.sidebar -->
+<div class="main">
+
+<h3>When should I encrypt? When should I sign?</h3>
+
+<p>The more you can encrypt your messages, the better. If you only encrypt
+emails occasionally, each encrypted message could raise a red flag for
+surveillance systems. If all or most of your email is encrypted, people
+doing surveillance won't know where to start. That's not to say that only
+encrypting some of your email isn't helpful -- it's a great start and it
+makes bulk surveillance more difficult.</p>
+
+<p>Unless you don't want to reveal your own identity (which requires other
+protective measures), there's no reason not to sign every message, whether or
+not you are encrypting. In addition to allowing those with GnuPG to verify
+that the message came from you, signing is a non-intrusive way to remind
+everyone that you use GnuPG and show support for secure communication. If you
+often send signed messages to people that aren't familiar with GnuPG, it's
+nice to also include a link to this guide in your standard email signature
+(the text kind, not the cryptographic kind).</p>
+
+</div><!-- End .main -->
+</div><!-- End #step-5a .step -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-5b" class="step">
+<div class="sidebar">
+
+<p><img
+src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/section5-02-use-it-well.png"
+alt="Section 5: Use it Well (2)" /></p>
+
+</div><!-- /.sidebar -->
+<div class="main">
+
+<h3>Be wary of invalid keys</h3>
+
+<p>GnuPG makes email safer, but it's still important to watch out for invalid
+keys, which might have fallen into the wrong hands. Email encrypted with
+invalid keys might be readable by surveillance programs.</p>
+
+<p>In your email program, go back to the first encrypted email that Edward
+sent you. Because Edward encrypted it with your public key, it will have a
+message from Enigmail at the top, which most likely says "Enigmail: Part of
+this message encrypted."</p>
+
+<p><b>When using GnuPG, make a habit of glancing at that bar. The program
+will warn you there if you get an email signed with a key that can't
+be trusted.</b></p>
+
+</div><!-- End .main -->
+</div><!-- End #step-5b .step -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-5c" class="step">
+<div class="main">
+
+<h3>Copy your revocation certificate to somewhere safe</h3>
+
+<p>Remember when you created your keys and saved the revocation certificate
+that GnuPG made? It's time to copy that certificate onto the safest digital
+storage that you have -- the ideal thing is a flash drive, disk, or hard
+drive stored in a safe place in your home, not on a device you carry with
+you regularly.</p>
+
+<p>If your private key ever gets lost or stolen, you'll need this certificate
+file to let people know that you are no longer using that keypair.</p>
+
+</div><!-- End .main -->
+</div><!-- End #step-5c .step -->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="step-lost_key" class="step">
+<div class="main">
+
+<h3><em>Important:</em> act swiftly if someone gets your private key</h3>
+
+<p>If you lose your private key or someone else gets ahold
+of it (say, by stealing or cracking your computer), it's
+important to revoke it immediately before someone else uses
+it to read your encrypted email or forge your signature. This
+guide doesn't cover how to revoke a key, but you can follow these <a
+href="https://www.hackdiary.com/2004/01/18/revoking-a-gpg-key/">instructions</a>.
+After you're done revoking, make a new key and send an email to everyone
+with whom you usually use your key to make sure they know, including a copy
+of your new key.</p>
+
+</div><!-- End .main -->
+</div><!-- End #step-lost_key .step-->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<!---<div id="transfer-key" class="step">
+<div class="main">
+
+<h3>Transferring you key</h3>
+
+<p>You can use Enigmail's <a
+href="https://www.enigmail.net/documentation/Key_Management">key management
+window</a> to import and export keys. If you want to be able to read
+your encrypted email on a different computer, you will need to export
+your secret key from here. Be warned, if you transfer the key without <a
+href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">encrypting</a>
+the drive it's on the transfer will be dramatically less secure.</p>
+
+</div>--><!-- End .main
+</div> End #transfer-key .step-->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
+<div id="webmail-and-GnuPG" class="step">
+<div class="main">
+
+<h3>Webmail and GnuPG</h3>
+
+<p>When you use a web browser to access your email, you're using webmail,
+an email program stored on a distant website. Unlike webmail, your desktop
+email program runs on your own computer. Although webmail can't decrypt
+encrypted email, it will still display it in its encrypted form. If you
+primarily use webmail, you'll know to open your email client when you receive
+a scrambled email.</p>
+
+</div><!-- End .main -->
+</div><!-- End #webmail-and-GnuPG .step-->
+
+<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~
+<div id="step-5d" class="step">
+<div class="main">
+
+<h3>Make your public key part of your online identity</h3>
+
+<p> First add your public key fingerprint to your email signature, then
+compose an email to at least five of your friends, telling them you just
+set up GnuPG and mentioning your public key fingerprint. Link to this guide
+and ask them to join you. Don't forget that there's also an awesome <a
+href="infographic.html">infographic to share.</a></p>
+
+<p class="notes">Start writing your public key fingerprint anywhere someone
+would see your email address: your social media profiles, blog, Website,
+or business card. (At the Free Software Foundation, we put ours on our
+<a href="https://fsf.org/about/staff">staff page</a>.) We need to get our
+culture to the point that we feel like something is missing when we see an
+email address without a public key fingerprint.</p>
+
+</div>--><!-- End .main
+</div> End #step-5d .step-->
+</div></section><!-- End #section5 -->
+
+<!-- ~~~~~~~~~ Section 6: Next steps ~~~~~~~~~ -->
+<section class="row" id="section6">
+<div id="step-click_here" class="step">
+<div class="main">
+
+<h2><a href="next_steps.html">Great job! Check out the next steps.</a></h2>
+
+</div><!-- End .main -->
+</div><!-- End #step-click_here .step-->
+</section><!-- End #section6 -->
+
+<!-- ~~~~~~~~~ FAQ ~~~~~~~~~ -->
+<!-- When un-commenting this section go to main.css and search
+for /* Guide Sections Background */ then add #faq to the desired color
+<section class="row" id="faq"><div>
+<div class="sidebar">
+
+<h2>FAQ</h2>
+
+</div>
+<div class="main">
+
+<dl>
+<dt>My key expired</dt>
+<dd>Answer coming soon.</dd>
+
+<dt>Who can read encrypted messages? Who can read signed ones?</dt>
+<dd>Answer coming soon.</dd>
+
+<dt>My email program is opening at times I don't want it to open/is now my
+default program and I don't want it to be.</dt>
+<dd>Answer coming soon.</dd>
+</dl>
+
+</div>
+</div>
+</section> --><!-- End #faq -->
+
+<!-- include virtual="footer.html" -->
+
+<!-- include virtual="javascript.html" -->
projects / enc.git / blobdiff