software (like Windows or macOS). Learn more about free software at <a
href="https://u.fsf.org/ys">fsf.org</a>.</p>
-<p>Most GNU/Linux operating systems come with GnuPG installed on them,
-so you don't have to download it. Before configuring your encryption setup with this guide, though, you'll need a desktop email program based on Thunderbird installed on your computer. Many GNU/Linux distributions have Thunderbird installed already. If you're using a <a href="https://www.gnu.org/distros/free-distros.html">fully free distribution of GNU/Linux</a>, we recommend installing "Icedove" instead. Programs like these are another way to access the same email accounts you can access in a browser (like Gmail), but provide extra features.</p>
+<p>Most GNU/Linux operating systems come with GnuPG installed on them, so if you're running one of these systems, you don't have to download it. If you're running macOS or Windows, steps to download GnuPG are below. Before configuring your encryption setup with this guide, though, you'll need a desktop email program based on Thunderbird installed on your computer. Many GNU/Linux distributions have Thunderbird installed already. If you're using a <a href="https://www.gnu.org/distros/free-distros.html">fully free distribution of GNU/Linux</a>, we recommend installing "Icedove" instead. Programs like these are another way to access the same email accounts you can access in a browser (like Gmail), but provide extra features.</p>
<p>If you already have an email program, you can skip to <a
href="#section2">Step 2</a>.</p>
<dd>Before searching the Web, we recommend you start by asking other people
who use your email system, to figure out the correct settings.</dd>
-<dt>I can't find the menu.</dt>
+<dt>I can't find the menu</dt>
<dd>In many new email programs, the main menu is represented by an image of
three stacked horizontal bars.</dd>
<dl>
<dt>Use a third-party package manager to install GnuPG</dt>
-<dd>Your macOS comes with a terminal pre-installed, which we'll use to setup your encryption with GnuPG. However, the default macOS package manager makes it difficult to install GnuPG and other pieces of free software (like Emacs, GIMP, or Inkscape).</p>
-To make things easier, we recommend setting up the third-party package manager "Homebrew" to install GnuPG. Copy the link on the home page of <a href="https://brew.sh/">Homebrew</a> and paste it in your terminal. Click "Enter" and wait for it to finalize.</p>
-When it is done, install the program by entering the following code:</p>
+<dd>Your macOS comes with a program called Terminal pre-installed, which we'll use to set up your encryption with GnuPG, using the command line. However, the default macOS package manager makes it difficult to install GnuPG and other pieces of free software (like Emacs, GIMP, or Inkscape).</p>
+To make things easier, we recommend setting up the third-party package manager "Homebrew" to install GnuPG. Copy the link on the home page of <a href="https://brew.sh/">Homebrew</a> and paste it in Terminal. Click "Enter" and wait for it to finalize.</p>
+When it is done, install the program by entering the following code in Terminal:</p>
<text style="color:#2f5faa; font-family: monospace;">brew install gnupg gnupg2</text>. After installation is done, you can follow the steps of the rest of this guide.</dd>
</dl>
<dl>
<dt>Get GnuPG by downloading GPG4Win</dt>
<dd><a href="https://www.gpg4win.org/">GPG4Win</a> is a email and file encryption software package that includes GnuPG. Download and install the latest version, choosing default options whenever asked. After it's installed, you can close any windows that it creates.</p>
-Open the "Powershell" and follow the steps of the rest of this guide.
-<p class="notes">We use the word "terminal" in the rest of this guide, but on your Windows machine, that program will be called "PowerShell."</p>
+
+<p class="notes">To follow the rest of the steps in this guide, you'll use the program called "PowerShell", which is a program you'll see elsewhere referred to as a "terminal." This allows you to operate your computer using the command line.</p>
</dd>
</dl>
<h3><em>Step 2.a</em> Make a keypair</h3>
<h6>Make your keypair</h6>
-<p>We will use the command line to create a keypair using the gnupg program. This should be installed on your GNU/Linux operating system.
-Open a terminal using <text style="color:#2f5faa; font-family: monospace;">ctrl + alt + t</text>, or find it in your applications, and use the following code to create your keypair:</p>
+<p>Open a terminal using <text style="color:#2f5faa; font-family: monospace;">ctrl + alt + t</text> (on GNU/linux), or find it in your applications, and use the following code to create your keypair:</p>
+
+<p class="notes">We will use the command line in a terminal to create a keypair using the GnuPG program. A terminal should be installed on your GNU/Linux operating system, if you are using a macOS or Windows OS system, use the programs "Terminal" (macOS) or "PowerShell" (Windows) that were also used in section 1.</p>
<p># <text style="color:#2f5faa; font-family: monospace;">gpg --full-generate-key</text> to start the process.</p>
<p># To answer what kind of key you would like to create, select the default option <text style="color:#2f5faa; font-family: monospace;"> 1 RSA and RSA<text>.</p>
<dl>
<dt>GnuPG is not installed</dt>
<dd>
-GPG is not installed. You can check if this is the case with the command <text style="color:#2f5faa; font-family: monospace;">gpg --version</text>
+GPG is not installed. You can check if this is the case with the command <text style="color:#2f5faa; font-family: monospace;">gpg --version</text>.
If GnuPG is not installed, it would bring up the following result on most GNU/Linux operating systems, or something like it:
<text style="color:#2f5faa; font-family: monospace;">Command 'gpg' not found, but can be installed with:
sudo apt install gnupg</text>. Follow that command and install the program.</dd>
<dt>I took too long to create my passphrase</dt>
-<dd>That's okay. It's important to think about your passphrase, when you're ready, just follow the steps to create your key again.</dd>
+<dd>That's okay. It's important to think about your passphrase. When you're ready, just follow the steps from the beginning again to create your key.</dd>
-<dt>How can i see my key?</dt>
+<dt>How can I see my key?</dt>
<dd>
-Use the following command to see all keys <text style="color:#2f5faa; font-family: monospace;">gpg --list-keys</text>. Yours should be listed in there, and later, so will Edward's (<a href="#section3">section 3</a>). If you want to see only your key, you can use <text style="color:#2f5faa; font-family: monospace;">gpg --list-key [your@email]</text>
+Use the following command to see all keys <text style="color:#2f5faa; font-family: monospace;">gpg --list-keys</text>. Yours should be listed in there, and later, so will Edward's (<a href="#section3">section 3</a>). If you want to see only your key, you can use <text style="color:#2f5faa; font-family: monospace;">gpg --list-key [your@email]</text>.
You can also use <text style="color:#2f5faa; font-family: monospace;">gpg --list-secret-key</text> to see your own private key.</dd>
<dt>More resources</dt>
<br />
<h6>Generate a revocation certificate</h6>
-<p>Just in case you lose your key, or it gets compromised, you want to generate a certificate and choose to save it in a safe place on your computer for now (please refer to <a href="#step-6c"> step 6.C for how to best store your revocation cerficate safely). This step is essential for your email self-defense, as you'll learn more about in <a href="#section5">Section
-5</a>.</p>
+<p>Just in case you lose your key, or it gets compromised, you want to generate a certificate and choose to save it in a safe place on your computer for now (please refer to <a href="#step-6c"> step 6.C</a> for how to best store your revocation cerficate safely). This step is essential for your email self-defense, as you'll learn more about in <a href="#section5">Section 5</a>.</p>
+
<p># Copy your keyID <text style="color:#2f5faa; font-family: monospace;">gnupg --list-key [your@email]</text> will list your public ("pub") key information, including your keyID, which is a unique list of numbers and letters. Copy this keyID, so you can use it in the following command.</p>
<p># Upload your key to a server: <text style="color:#2f5faa; font-family: monospace;">gpg --output revoke.asc [keyID]</text></p>
<p># It will prompt you to give a reason for revocation, we recommend to use <text style="color:#2f5faa; font-family: monospace;">1 "key has been compromised"</text></p>
<h4>Troubleshooting</h4>
<dl>
-<dt>My key doesn't seem to be working or I get a "permission denied".</dt>
+<dt>My key doesn't seem to be working or I get a "permission denied."</dt>
<dd>Like every other file or folder, gpg keys are subject to permissions. If these are not set correctly, your system may not be accepting your keys. You can follow the next steps to check, and update to the right permissions.</p>
# Check your permissions: <text style="color:#2f5faa; font-family: monospace;">ls -l ~/.gnupg/*</text></p>
-# Set permissions to read, write, execute for only yourself, no others. This is the recommended permission for your folder, you can use the code <text style="color:#2f5faa">
+# Set permissions to read, write, execute for only yourself, no others. This is the recommended permission for your folder. You can use the code <text style="color:#2f5faa">
chmod 700 ~/.gnupg</text>.</p>
-# Set permissions to read, write for only yourself, no others. This is the recommended permission for the keys inside your folder, you can use the code: <text style="color:#2f5faa; font-family: monospace;">chmod 600 ~/.gnupg/*</text>.</p>
+# Set permissions to read and write for yourself only, no others. This is the recommended permission for the keys inside your folder. You can use the code: <text style="color:#2f5faa; font-family: monospace;">chmod 600 ~/.gnupg/*</text>.</p>
<p class="notes"><p>If you have (for any reason) created your own folders inside ~/.gnupg, you must also additionally apply execute permissions to that folder. Folders require execution privileges to be opened. For more information on permissions, you can check out <a href="https://helpdeskgeek.com/linux-tips/understanding-linux-permissions-chmod-usage/">this detailed information guide</a>.</p>
</dd>
<dl>
<dt>I'm not sure the import worked correctly</dt>
<dd>
-Under "Edit" (in Icedove) or "Tools" (in Thunderbird) look for "Account settings" → "End-To-End Encryption" you can see if your personal key associated with this email is found. If it is not, you can try again via the <text style="color:#2f5faa;">Add key</text> option. Make sure you have the correct, active, secret key file.
+Look for "Account settings" → "End-To-End Encryption" (Under "Edit" (in Icedove) or "Tools" (in Thunderbird)). Here you can see if your personal key associated with this email is found. If it is not, you can try again via the <text style="color:#2f5faa;">Add key</text> option. Make sure you have the correct, active, secret key file.
</dd>
<dt class="feedback">Don't see a solution to your problem?</dt>
<p class="notes">It may take two or three minutes for Edward to
respond. In the meantime, you might want to skip ahead and check out the <a
-href="#section6">Use it Well</a> section of this guide. Once you received a response,
+href="#section6">Use it Well</a> section of this guide. Once you have received a response,
head to the next step. From here on, you'll be doing just the same thing as
when corresponding with a real person.</p>
<h6>Get Edward's key</h6>
<p>To encrypt an email to Edward, you need its public key, so now you'll have
to download it from a keyserver. You can do this in two different ways:</p>
-<p>Option 1. In the email answer you received from Edward as a response to your first email, Edward's public key was included. On the right of the email, just above the writing area, you will find an "OpenPGP" button that has a lock and a little wheel next to it. Click that, and select <text style="color:#2f5faa">Discover</text> next to the text: "This message was sent with a key that you don't have yet." A popup with Edward's key details will follow.
+<p><strong>Option 1.</strong> In the email answer you received from Edward as a response to your first email, Edward's public key was included. On the right of the email, just above the writing area, you will find an "OpenPGP" button that has a lock and a little wheel next to it. Click that, and select <text style="color:#2f5faa">Discover</text> next to the text: "This message was sent with a key that you don't have yet." A popup with Edward's key details will follow.
-<p>Option 2. Open your OpenPGP manager and under "Keyserver" choose <text style="color:#2f5faa">Discover Keys Online</text>. Here, fill in Edward's email address, and import Edward's key.
+<p><strong>Option 2.</strong> Open your OpenPGP manager and under "Keyserver" choose <text style="color:#2f5faa">Discover Keys Online</text>. Here, fill in Edward's email address, and import Edward's key.
<p>The option <text style="color:#2f5faa">Accepted (unverified)</text> will add this key to your key manager, and now it can be used to send encrypted emails and to verify digital signatures from Edward.</p>
-<p class="notes">Edward has many different emails associated with its key, you can safely import the key.</p>
+<p class="notes">In the popup window confirming if you want to import Edward's key, you'll see many different emails that are all associated with its key. This is correct; you can safely import the key.</p>
<p class="notes">Since you encrypted this email with Edward's public key,
Edward's private key is required to decrypt it. Edward is the only one with
href="mailto:edward-en@fsf.org">edward-en@fsf.org</a>. Make the subject
"Encryption test" or something similar and write something in the body.</p>
-<p>This time, make sure encryption is turned on by using the drowpdown menu "Security" and select <text style="color:#2f5faa">Require Encryption</text>. Once encryption is on, hit Send.</p>
+<p>This time, make sure encryption is turned on by using the dropdown menu "Security" and select <text style="color:#2f5faa">Require Encryption</text>. Once encryption is on, hit Send.</p>
<br />
<dd>You may be trying to send an encrypted email to someone when you do not have their public key yet. Make sure you follow the steps above to import the key to your key manager. Open OpenPGP Key Manager to make sure the recipient is listed there.</dd>
<dt>Unable to send message</dt>
-<dd>You could get the following message when trying to send your encrypted email: "Unable to send this message with end-to-end encryption, because there are problems with the keys of the following recipients: edward-en@fsf.org." This usually means you imported the key with the "unaccepted (unverified) option," if you go to the "key properties" of this key by right clicking on the key in the OpenPGP Key Manager, you can select the option <text style="color:#2f5faa">Yes, but I have not verified that this is the correct key.</text> in the "Acceptance" option at the bottom of this window. Resend the email.</dd>
+<dd>You could get the following message when trying to send your encrypted email: "Unable to send this message with end-to-end encryption, because there are problems with the keys of the following recipients: edward-en@fsf.org." This usually means you imported the key with the "unaccepted (unverified) option." Go to the "key properties" of this key by right clicking on the key in the OpenPGP Key Manager, and select the option <text style="color:#2f5faa">Yes, but I have not verified that this is the correct key</text> in the "Acceptance" option at the bottom of this window. Resend the email.</dd>
<dt>I can't find Edward's key</dt>
<dd>Close the pop-ups that have appeared since you clicked Send. Make sure
<!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
<div class="section-intro">
-<h2><em>#5</em> Learn the Web of Trust</h2>
+<h2><em>#5</em> Learn about the Web of Trust</h2>
<p><img style="float:right; width:250px; margin-bottom:20px;" src="../static/img/en/screenshots/section4-web-of-trust.png" alt="Illustration of keys all interconnected with a web of lines"/></p>
-<p>Email encryption is a powerful technology, but it has a weakness;
+<p>Email encryption is a powerful technology, but it has a weakness:
it requires a way to verify that a person's public key is actually
theirs. Otherwise, there would be no way to stop an attacker from making
-an email address with your friend's name, creating keys to go with it and
+an email address with your friend's name, creating keys to go with it, and
impersonating your friend. That's why the free software programmers that
developed email encryption created keysigning and the Web of Trust.</p>
<p>In your email program's menu, go to OpenPGP Key Manager and select <text style="color:#2f5faa">Key properties</text> by right clicking on Edward's key.</p>
-<p>Under "Your Acceptance," you can select <text style="color:#2f5faa">Yes, I've verified in person this key has the correct fingerprint"</text></p>
+<p>Under "Your Acceptance," you can select <text style="color:#2f5faa">Yes, I've verified in person this key has the correct fingerprint"</text>.</p>
<p class="notes">You've just effectively said "I trust that Edward's public
key actually belongs to Edward." This doesn't mean much because Edward isn't
-a real person, but it's good practice, and for real people it is important. You can read more about signing a person's key in the <a href="#check-ids-before-signing">check IDs before signing</a> section</p>
+a real person, but it's good practice, and for real people it is important. You can read more about signing a person's key in the <a href="#check-ids-before-signing">check IDs before signing</a> section.</p>
<!--<div id="pgp-pathfinder">
<div id="step-lost_key" class="step">
<div class="main">
-<h3><em>Important:</em> act swiftly if someone gets your private key</h3>
+<h3><em>IMPORTANT:</em> ACT SWIFTLY if someone gets your private key</h3>
-<p>If you lose your private key or someone else gets ahold
+<p>If you lose your private key or someone else gets a hold
of it (say, by stealing or cracking your computer), it's
important to revoke it immediately before someone else uses
it to read your encrypted email or forge your signature. This
email address without a public key fingerprint.</p>
</div>--><!-- End .main
-</div> End #step-6d .step-->
+</div> <!--End #step-6d .step-->
</div></section><!-- End #section6 -->
<!-- ~~~~~~~~~ Section 7: Next steps ~~~~~~~~~ -->
-<section class="row" id="section6">
+<section class="row" id="section7">
<div id="step-click_here" class="step">
<div class="main">
projects / enc-live.git / commitdiff