- The progress bar never finishes
- Close the upload popup, make sure you are on the Internet and try again. If that doesn't work, try again, selecting a different keyserver.
+- My key doesnt appear in the list
+ - Try checking Show Default Keys.
- Don't see a solution to your problem?
- Please let us know on the feedback page.
@@ -232,7 +219,7 @@
#3 Try it out!
-
Now you'll try a test correspondence with a computer program named Adele, which knows how to use encryption.
+
Now you'll try a test correspondence with a computer program named Adele, which knows how to use encryption. Except where noted, these are the same steps you'd follow when corresponding with a real, live person.
@@ -256,7 +243,8 @@
Step 3.b Send a test encrypted email
Write a new email in your email program, addressed to adele-en@gnupp.de. Make the subject "Encryption test" or something similar and write something in the body. Don't send it yet.
Click the icon of the key in the bottom right of the composition window (it should turn yellow). This tells Enigmail to encrypt the email with the key you downloaded in the last step.
- Click Send. Enigmail will pop up a window that says "Recipients not valid, not trusted or not found."
+ Next to the key, you'll notice an icon of a pencil. Clicking this tells Enigmail to add a special, uniqe signature to your message, generated using your private key. This is a separate feature from encryption, and you don't have to use it for this guide.
+Click Send. Enigmail will pop up a window that says "Recipients not valid, not trusted or not found."
To encrypt and email to Adele, you need her public key, and so now you'll have Enigmail download it from a keyserver. Click Download Missing Keys and use the default in the pop-up that asks you to choose a keyserver. Once it finds keys, check the first one (Key ID starting with 9), then select ok. Select ok in the next pop-up.
@@ -277,8 +265,9 @@
@@ -314,13 +303,12 @@
#4 Learn the Web of Trust
-
Email encryption is a powerful technology, but it has a weakness; it requires a way to verify that a person's public key is actually theirs. Otherwise, there would be no way to stop an attacker from making an email address with your friend's name, creating keys to go with it and impersonating your friend.
-
-
That's why the programmers that developed email encryption created keysigning and the Web of Trust. When you sign someone's key, you are publicly saying that you trust that it does belong to them and not an impostor.
+
Email encryption is a powerful technology, but it has a weakness; it requires a way to verify that a person's public key is actually theirs. Otherwise, there would be no way to stop an attacker from making an email address with your friend's name, creating keys to go with it and impersonating your friend. That's why the free software programmers that developed email encryption created keysigning and the Web of Trust.
-
People who use your public key can see the number of signatures it has. Once you've used GnuPG for a long time, you may have hundreds of signatures. The Web of Trust is the constellation of GnuPG users, connected to each other by chains of trust expressed through signatures, into a giant Web. The more signatures a key has, and the more signatures its signers' keys have, the more trustworthy that key is.
+
When you sign someone's key, you are publicly saying that you trust that it does belong to them and not an impostor. People who use your public key can see the number of signatures it has. Once you've used GnuPG for a long time, you may have hundreds of signatures. The Web of Trust is the constellation of all GnuPG users, connected to each other by chains of trust expressed through signatures, into a giant Web. The more signatures a key has, and the more signatures its signers' keys have, the more trustworthy that key is.
-
People's public keys are usually identified by their key ID, which is a short string of digits like 9G6E29F7. You may also see them referred to by their key fingerprint, which is a slightly longer string of digits often prefaced with 0x, like 0x2C1008316F3E89B7.
+
People's public keys are usually identified by their key ID, which is a short string of 8 digits like 92AB3FF7 (for Adele's key). You can see your key ID on the right in OpenPGP → Key Management in your email program's menu.
+
It's good practice to share your key ID, so that so that people can double-check that they have the correct public key when they download yours from a keyserver. You may also see public keys referred to by their key fingerprint, which is a longer string of digits, like DD878C06E8C2BEDDD4A440D3E573346992AB3FF7. The key ID is just the last 8 digits of the fingerprint.
@@ -393,7 +381,7 @@
Important: Be wary of invalid keys
GnuPG makes email safer, but it's still important to watch out for invalid keys, which might have fallen into the wrong hands. Email encrypted with invalid keys might be readable by surveillance programs.
-
In your email program, go back to the second email that Adele sent you. Because it was encrypted with her key, it will have a message from OpenPGP at the top, which most likely says "OpenPGP: Part of this message encrypted."
+
In your email program, go back to the second email that Adele sent you. Because Adele encrypted it with your public key, it will have a message from OpenPGP at the top, which most likely says "OpenPGP: Part of this message encrypted."
When using GnuPG, make a habit of glancing at that bar. The program will warn you there if you get an email encrypted with a key that can't be trusted.