From: AndersonIsaac Date: Mon, 14 Dec 2020 21:58:55 +0000 (+0200) Subject: ua: Initial commit. Copied ua/ from en/. A few changes to the esd-ua.po. Getting... X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=5ec82b3fe2a7bd9aad702bf2e540c6da432a5be0;p=enc.git ua: Initial commit. Copied ua/ from en/. A few changes to the esd-ua.po. Getting the hang of the workflow. --- diff --git a/esd-ua.po b/esd-ua.po new file mode 100644 index 00000000..5328b5a1 --- /dev/null +++ b/esd-ua.po @@ -0,0 +1,3704 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Free Software Foundation, Inc. +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: emailselfdefense 4.0\n" +"POT-Creation-Date: 2020-06-25 17:51+0200\n" +"PO-Revision-Date: 2020-12-14 23:22+0200\n" +"Last-Translator: Andrew V. Isakov \n" +"Language-Team: \n" +"Language: ua\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. type: Attribute 'lang' of: +msgid "en" +msgstr "en" + +#. type: Attribute 'content' of: +msgid "text/html; charset=utf-8" +msgstr "text/html; charset=utf-8" + +#. type: Content of: +msgid "Email Self-Defense - a guide to fighting surveillance with GnuPG encryption" +msgstr "E-mail самозахист - довідник боротьби проти налгяду з допомогою GnuPG шифрування" + +#. type: Attribute 'content' of: <html><head><meta> +msgid "GnuPG, GPG, openpgp, surveillance, privacy, email, Enigmail" +msgstr "" + +# може краще "свободу самовираження"? +#. type: Attribute 'content' of: <html><head><meta> +msgid "" +"Email surveillance violates our fundamental rights and makes free speech " +"risky. This guide will teach you email self-defense in 40 minutes with " +"GnuPG." +msgstr "E-mail нагляд порушує наші найфундаментальніші права та робить свободу слова ризикованою. Цей довідник навчить вас e-mail самозахисту всього за 40 хвилин з GnuPG." + +#. type: Attribute 'content' of: <html><head><meta> +msgid "width=device-width, initial-scale=1" +msgstr "width=device-width, initial-scale=1" + +#. type: Content of: <html><body><header><div><p> +msgid "" +"<strong>Please check your email for a confirmation link now. Thanks for " +"joining our list!</strong>" +msgstr "<strong>Будь ласка перевірте чи прийшло на вашу електронну пошту посилання з підтвердженням. Щиро дякуємо, що долучаєтесь до розсилки!</strong>" + +#. type: Content of: <html><body><header><div><p> +msgid "" +"If you don't receive the confirmation link, send us an email at info@fsf.org " +"to be added manually." +msgstr "Якщо ви не отримаєте посилання з підтвердженням, надішліть нам листа на info@fsf.org аби ми вас додали вручну." + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Try it out." +msgstr "Спробуйте." + +#. type: Content of: <html><body><header><div><p> +msgid "Join us on microblogging services for day-to-day updates:" +msgstr "Приєднуйтесь до нас на сервісах мікроблоггінгу для щоденних оновлень:" + +#. type: Content of: <html><body><section><div><div><div><p><a> +msgid "<a href=\"https://status.fsf.org/fsf\">" +msgstr "<a href=\"https://status.fsf.org/fsf\">" + +#. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img> +msgid "[GNU Social]" +msgstr "[GNU Social]" + +#. type: Content of: <html><body><section><div><div><div><p><a> +msgid " GNU Social</a>  |  <a href=\"https://hostux.social/@fsf\">" +msgstr " GNU Social</a>  |  <a href=\"https://hostux.social/@fsf\">" + +#. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img> +msgid "[Mastodon]" +msgstr "[Mastodon]" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +" Mastodon</a>  |  <a " +"href=\"https://www.twitter.com/fsf\">Twitter</a>" +msgstr " Mastodon</a>  |  <a href=\"https://www.twitter.com/fsf\">Twitter</a>" + +#. type: Content of: <html><body><header><div><p> +msgid "" +"<small><a href=\"https://www.fsf.org/twitter\">Read why GNU Social and " +"Mastodon are better than Twitter.</a></small>" +msgstr "<small><a href=\"https://www.fsf.org/twitter\">Читайте чому GNU Social and Mastodon кращі за Twitter.</a></small>" + +#. type: Content of: <html><body><header><div><p> +msgid "← Return to <a href=\"index.html\">Email Self-Defense</a>" +msgstr "← Повернутися на <a href=\"index.html\">E-mail самозахист</a>" + +#. type: Content of: <html><body><footer><div><div><h4><a> +msgid "<a href=\"https://u.fsf.org/ys\">" +msgstr "<a href=\"https://u.fsf.org/ys\">" + +#. type: Attribute 'alt' of: <html><body><footer><div><div><h4><a><img> +msgid "Free Software Foundation" +msgstr "Free Software Foundation" + +#. type: Content of: <html><body><footer><div><p> +msgid "</a>" +msgstr "</a>" + +#. type: Content of: <html><body><footer><div><div><p> +msgid "" +"Copyright © 2014-2016 <a href=\"https://u.fsf.org/ys\">Free Software " +"Foundation</a>, Inc. <a " +"href=\"https://my.fsf.org/donate/privacypolicy.html\">Privacy " +"Policy</a>. Please support our work by <a " +"href=\"https://u.fsf.org/yr\">joining us as an associate member.</a>" +msgstr "Copyright © 2014-2016 <a href=\"https://u.fsf.org/ys\">Free Software Foundation</a>, Inc. <a href=\"https://my.fsf.org/donate/privacypolicy.html\">Політика конфіденційності</a>. Будь ласка підтримайте нашу роботу, <a href=\"https://u.fsf.org/yr\">долучаючись до нас як асоційований партнер.</a>" + +#. type: Content of: <html><body><footer><div><div><p> +msgid "" +"The images on this page are under a <a " +"href=\"https://creativecommons.org/licenses/by/4.0/\">Creative Commons " +"Attribution 4.0 license (or later version)</a>, and the rest of it is under " +"a <a href=\"https://creativecommons.org/licenses/by-sa/4.0\">Creative " +"Commons Attribution-ShareAlike 4.0 license (or later version)</a>. Download " +"the <a " +"href=\"http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz\"> " +"source code of Edward reply bot</a> by Andrew Engelbrecht " +"<andrew@engelbrecht.io> and Josh Drake <zamnedix@gnu.org>, " +"available under the GNU Affero General Public License. <a " +"href=\"http://www.gnu.org/licenses/license-list.html#OtherLicenses\">Why " +"these licenses?</a>" +msgstr "Зображення на цій сторінці ліцензуються <a href=\"https://creativecommons.org/licenses/by/4.0/\">Creative Commons Attribution 4.0 ліцензією (чи пізнішою версією)</a>, всі інші елементи ліцензуються <a href=\"https://creativecommons.org/licenses/by-sa/4.0\">Creative Commons Attribution-ShareAlike 4.0 ліцензією (чи пізнішою версією)</a>. Завантажити <a href=\"http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz\"> вихідний код Едварда, бота-відповідача,</a> створеного Андрієм Енгельбрехтом (Andrew Engelbrecht) <andrew@engelbrecht.io> та Джошем Дрейком (Josh Drake) <zamnedix@gnu.org>, доступним за ліцензією GNU Affero General Public License. <a href=\"http://www.gnu.org/licenses/license-list.html#OtherLicenses\">Чому ці ліцензії?</a>" + +#. type: Content of: <html><body><footer><div><div><p> +msgid "" +"Fonts used in the guide & infographic: <a " +"href=\"https://www.google.com/fonts/specimen/Dosis\">Dosis</a> by Pablo " +"Impallari, <a " +"href=\"http://www.google.com/fonts/specimen/Signika\">Signika</a> by Anna " +"Giedryś, <a " +"href=\"http://www.google.com/fonts/specimen/Archivo+Narrow\">Archivo " +"Narrow</a> by Omnibus-Type, <a " +"href=\"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls\">PXL-2000</a> " +"by Florian Cramer." +msgstr "Шрифти використані в цьому довіднику & інфографіка: <a href=\"https://www.google.com/fonts/specimen/Dosis\">Dosis</a> by Pablo Impallari, <a href=\"http://www.google.com/fonts/specimen/Signika\">Signika</a> by Anna Giedryś, <a href=\"http://www.google.com/fonts/specimen/Archivo+Narrow\">Archivo Narrow</a> by Omnibus-Type, <a href=\"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls\">PXL-2000</a> by Florian Cramer." + +#. type: Content of: <html><body><footer><div><div><p> +msgid "" +"Download the <a href=\"emailselfdefense_source.zip\">source package</a> for " +"this guide, including fonts, image source files and the text of Edward's " +"messages." +msgstr "Завантажити <a href=\"emailselfdefense_source.zip\">архів з вихідним кодом</a> для цього довідника, включно з шрифтами, вихідними зображеннями та текстом повідомлень Едварда." + +#. type: Content of: <html><body><footer><div><div><p> +msgid "" +"This site uses the Weblabels standard for labeling <a " +"href=\"https://www.fsf.org/campaigns/freejs\">free JavaScript</a>. View the " +"JavaScript <a href=\"//weblabels.fsf.org/emailselfdefense.fsf.org/\" " +"rel=\"jslicense\">source code and license information</a>." +msgstr "Цей сайт використовує Weblabels стандарт для маркування <a href=\"https://www.fsf.org/campaigns/freejs\">вільного JavaScript</a>. Переглянути вихідний код та інформацію про ліцензування <a href=\"//weblabels.fsf.org/emailselfdefense.fsf.org/\" rel=\"jslicense\">JavaScript</a>." + +#. type: Content of: <html><body><footer><div><p><a> +msgid "" +"Infographic and guide design by <a rel=\"external\" " +"href=\"http://jplusplus.org\"><strong>Journalism++</strong>" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><footer><div><p><a><img> +msgid "Journalism++" +msgstr "" + +#. type: Content of: <html><body><header><div><h1> +msgid "Email Self-Defense" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a class=\"current\" href=\"/en\">English - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/ar\">العربية <span class=\"tip\">tip</span></a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/cs\">čeÅ¡tina - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/de\">Deutsch - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/el\">ελληνικά - v3.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/es\">español - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/fa\">فارسی - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/fr\">français - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/it\">italiano - v3.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/ja\">日本語 - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/ko\">한국어 <span class=\"tip\">tip</span></a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/ml\">മലയാളം <span class=\"tip\">tip</span></a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/pt-br\">português do Brasil - v3.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/ro\">română - v3.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/ru\">русский - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/sq\">Shqip - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/sv\">svenska - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/tr\">Türkçe - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/zh-hans\">简体中文 - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "" +"<a href=\"https://libreplanet.org/wiki/GPG_guide/Translation_Guide\"> " +"<strong><span style=\"color: #2F5FAA;\">Translate!</span></strong></a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"index.html\" class=\"current\">GNU/Linux</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"mac.html\">Mac OS</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"windows.html\">Windows</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"workshops.html\">Teach your friends</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li><a> +msgid "" +"<a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email " +"encryption for everyone via %40fsf\"> Share " +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li><a> +msgid " " +msgstr "" + +#. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img> +msgid "[Reddit]" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img> +msgid "[Hacker News]" +msgstr "" + +#. type: Content of: <html><body><header><div><div><h3><a> +msgid "<a href=\"http://u.fsf.org/ys\">" +msgstr "" + +#. type: Content of: <html><body><header><div><div><div><p> +msgid "" +"We fight for computer users' rights, and promote the development of free (as " +"in freedom) software. Resisting bulk surveillance is very important to us." +msgstr "" + +#. type: Content of: <html><body><header><div><div><div><p> +msgid "" +"<strong>Please donate to support Email Self-Defense. We need to keep " +"improving it, and making more materials, for the benefit of people around " +"the world taking the first step towards protecting their privacy.</strong>" +msgstr "" + +#. type: Content of: <html><body><header><div><div><p><a> +msgid "" +"<a " +"href=\"https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&pk_campaign=email_self_defense&pk_kwd=guide_donate\">" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img> +msgid "Donate" +msgstr "" + +#. type: Content of: <html><body><header><div><div><p><a> +msgid "<a id=\"infographic\" href=\"infographic.html\">" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img> +msgid "View & share our infographic →" +msgstr "" + +#. type: Content of: <html><body><header><div><div><p> +msgid "" +"</a> Bulk surveillance violates our fundamental rights and makes free speech " +"risky. This guide will teach you a basic surveillance self-defense skill: " +"email encryption. Once you've finished, you'll be able to send and receive " +"emails that are scrambled to make sure a surveillance agent or thief " +"intercepting your email can't read them. All you need is a computer with an " +"Internet connection, an email account, and about forty minutes." +msgstr "" + +#. type: Content of: <html><body><header><div><div><p> +msgid "" +"Even if you have nothing to hide, using encryption helps protect the privacy " +"of people you communicate with, and makes life difficult for bulk " +"surveillance systems. If you do have something important to hide, you're in " +"good company; these are the same tools that whistleblowers use to protect " +"their identities while shining light on human rights abuses, corruption and " +"other crimes." +msgstr "" + +#. type: Content of: <html><body><header><div><div><p> +msgid "" +"In addition to using encryption, standing up to surveillance requires " +"fighting politically for a <a " +"href=\"http://gnu.org/philosophy/surveillance-vs-democracy.html\">reduction " +"in the amount of data collected on us</a>, but the essential first step is " +"to protect yourself and make surveillance of your communication as difficult " +"as possible. This guide helps you do that. It is designed for beginners, but " +"if you already know the basics of GnuPG or are an experienced free software " +"user, you'll enjoy the advanced tips and the <a " +"href=\"workshops.html\">guide to teaching your friends</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#1</em> Get the pieces" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"This guide relies on software which is <a " +"href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; " +"it's completely transparent and anyone can copy it or make their own " +"version. This makes it safer from surveillance than proprietary software " +"(like Windows). Learn more about free software at <a " +"href=\"https://u.fsf.org/ys\">fsf.org</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Most GNU/Linux operating systems come with GnuPG installed on them, so you " +"don't have to download it. Before configuring GnuPG though, you'll need the " +"IceDove desktop email program installed on your computer. Most GNU/Linux " +"distributions have IceDove installed already, though it may be under the " +"alternate name \"Thunderbird.\" Email programs are another way to access the " +"same email accounts you can access in a browser (like Gmail), but provide " +"extra features." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"If you already have an email program, you can skip to <a " +"href=\"#step-1b\">Step 1.b</a>." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Step 1.A: Install Wizard" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 1.a</em> Set up your email program with your email account" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Open your email program and follow the wizard (step-by-step walkthrough) " +"that sets it up with your email account." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Look for the letters SSL, TLS, or STARTTLS to the right of the servers when " +"you're setting up your account. If you don't see them, you will still be " +"able to use encryption, but this means that the people running your email " +"system are running behind the industry standard in protecting your security " +"and privacy. We recommend that you send them a friendly email asking them to " +"enable SSL, TLS, or STARTTLS for your email server. They will know what " +"you're talking about, so it's worth making the request even if you aren't an " +"expert on these security systems." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><h4> +msgid "Troubleshooting" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "The wizard doesn't launch" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"You can launch the wizard yourself, but the menu option for doing so is " +"named differently in each email program. The button to launch it will be in " +"the program's main menu, under \"New\" or something similar, titled " +"something like \"Add account\" or \"New/Existing email account.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "The wizard can't find my account or isn't downloading my mail" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Before searching the Web, we recommend you start by asking other people who " +"use your email system, to figure out the correct settings." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Don't see a solution to your problem?" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Please let us know on the <a " +"href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">feedback " +"page</a>." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img> +msgid "Step 1.B: Tools -> Add-ons" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img> +msgid "Step 1.B: Search Add-ons" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img> +msgid "Step 1.B: Install Add-ons" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 1.b</em> Install the Enigmail plugin for your email program" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"In your email program's menu, select Add-ons (it may be in the Tools " +"section). Make sure Extensions is selected on the left. Do you see Enigmail? " +"Make sure it's the latest version. If so, skip this step." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"If not, search \"Enigmail\" with the search bar in the upper right. You can " +"take it from here. Restart your email program when you're done." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"There are major security flaws in versions of GnuPG prior to 2.2.8, and " +"Enigmail prior to 2.0.7. Make sure you have GnuPG 2.2.8 and Enigmail 2.0.7, " +"or later versions." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "I can't find the menu." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"In many new email programs, the main menu is represented by an image of " +"three stacked horizontal bars." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "My email looks weird" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Enigmail doesn't tend to play nice with HTML, which is used to format " +"emails, so it may disable your HTML formatting automatically. To send an " +"HTML-formatted email without encryption or a signature, hold down the Shift " +"key when you select compose. You can then write an email as if Enigmail " +"wasn't there." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#2</em> Make your keys" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"To use the GnuPG system, you'll need a public key and a private key (known " +"together as a keypair). Each is a long string of randomly generated numbers " +"and letters that are unique to you. Your public and private keys are linked " +"together by a special mathematical function." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Your public key isn't like a physical key, because it's stored in the open " +"in an online directory called a keyserver. People download it and use it, " +"along with GnuPG, to encrypt emails they send to you. You can think of the " +"keyserver as a phonebook; people who want to send you encrypted email can " +"look up your public key." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Your private key is more like a physical key, because you keep it to " +"yourself (on your computer). You use GnuPG and your private key together to " +"descramble encrypted emails other people send to you. <span " +"style=\"font-weight: bold;\">You should never share your private key with " +"anyone, under any circumstances.</span>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"In addition to encryption and decryption, you can also use these keys to " +"sign messages and check the authenticity of other people's signatures. We'll " +"discuss this more in the next section." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Step 2.A: Make a Keypair" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 2.a</em> Make a keypair" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"The Enigmail Setup wizard may start automatically. If it doesn't, select " +"Enigmail → Setup Wizard from your email program's menu. You don't need " +"to read the text in the window that pops up unless you'd like to, but it's " +"good to read the text on the later screens of the wizard. Click Next with " +"the default options selected, except in these instances, which are listed in " +"the order they appear:" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"On the screen titled \"Encryption,\" select \"Encrypt all of my messages by " +"default, because privacy is critical to me.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"On the screen titled \"Signing,\" select \"Don't sign my messages by " +"default.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"On the screen titled \"Key Selection,\" select \"I want to create a new key " +"pair for signing and encrypting my email.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"On the screen titled \"Create Key,\" pick a strong password! You can do it " +"manually, or you can use the Diceware method. Doing it manually is faster " +"but not as secure. Using Diceware takes longer and requires dice, but " +"creates a password that is much harder for attackers to figure out. To use " +"it, read the section \"Make a secure passphrase with Diceware\" in <a " +"href=\"https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/\"> " +"this article</a> by Micah Lee." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"If you'd like to pick a password manually, come up with something you can " +"remember which is at least twelve characters long, and includes at least one " +"lower case and upper case letter and at least one number or punctuation " +"symbol. Never pick a password you've used elsewhere. Don't use any " +"recognizable patterns, such as birthdays, telephone numbers, pets' names, " +"song lyrics, quotes from books, and so on." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"The program will take a little while to finish the next step, the \"Key " +"Creation\" screen. While you wait, do something else with your computer, " +"like watching a movie or browsing the Web. The more you use the computer at " +"this point, the faster the key creation will go." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"<span style=\"font-weight: bold;\">When the \"Key Generation Completed\" " +"screen pops up, select Generate Certificate and choose to save it in a safe " +"place on your computer (we recommend making a folder called \"Revocation " +"Certificate\" in your home folder and keeping it there). This step is " +"essential for your email self-defense, as you'll learn more about in <a " +"href=\"#section5\">Section 5</a>.</span>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "I can't find the Enigmail menu." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"In many new email programs, the main menu is represented by an image of " +"three stacked horizontal bars. Enigmail may be inside a section called " +"Tools." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "The wizard says that it cannot find GnuPG." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Open whatever program you usually use for installing software, and search " +"for GnuPG, then install it. Then restart the Enigmail setup wizard by going " +"to Enigmail → Setup Wizard." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "More resources" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"If you're having trouble with our instructions or just want to learn more, " +"check out <a " +"href=\"https://www.enigmail.net/documentation/Key_Management#Generating_your_own_key_pair\"> " +"Enigmail's wiki instructions for key generation</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><h4> +msgid "Advanced" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Command line key generation" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"If you prefer using the command line for a higher degree of control, you can " +"follow the documentation from <a " +"href=\"https://www.gnupg.org/gph/en/manual/c14.html#AEN25\">The GNU Privacy " +"Handbook</a>. Make sure you stick with \"RSA and RSA\" (the default), " +"because it's newer and more secure than the algorithms the documentation " +"recommends. Also make sure your key is at least 2048 bits, or 4096 if you " +"want to be extra secure." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Advanced key pairs" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"When GnuPG creates a new keypair, it compartmentalizes the encryption " +"function from the signing function through <a " +"href=\"https://wiki.debian.org/Subkeys\">subkeys</a>. If you use subkeys " +"carefully, you can keep your GnuPG identity much more secure and recover " +"from a compromised key much more quickly. <a " +"href=\"https://alexcabal.com/creating-the-perfect-gpg-keypair/\">Alex " +"Cabal</a> and <a href=\"http://keyring.debian.org/creating-key.html\">the " +"Debian wiki</a> provide good guides for setting up a secure subkey " +"configuration." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 2.b</em> Upload your public key to a keyserver" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "In your email program's menu, select Enigmail → Key Management." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Right click on your key and select Upload Public Keys to Keyserver. You " +"don't have to use the default keyserver. If, after research, you would like " +"to change to a different default keyserver, you can change that setting " +"manually in the Enigmail preferences." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Now someone who wants to send you an encrypted message can download your " +"public key from the Internet. There are multiple keyservers that you can " +"select from the menu when you upload, but they are all copies of each other, " +"so it doesn't matter which one you use. However, it sometimes takes a few " +"hours for them to match each other when a new key is uploaded." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "The progress bar never finishes" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Close the upload popup, make sure you are connected to the Internet, and try " +"again. If that doesn't work, try again, selecting a different keyserver." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "My key doesn't appear in the list" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "Try checking \"Display All Keys by Default.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "More documentation" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"If you're having trouble with our instructions or just want to learn more, " +"check out <a " +"href=\"https://www.enigmail.net/documentation/Key_Management#Distributing_your_public_key\"> " +"Enigmail's documentation</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Uploading a key from the command line" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"You can also upload your keys to a keyserver through the <a " +"href=\"https://www.gnupg.org/gph/en/manual/x457.html\">command line</a>. <a " +"href=\"https://sks-keyservers.net/overview-of-pools.php\">The sks Web " +"site</a> maintains a list of highly interconnected keyservers. You can also " +"<a href=\"https://www.gnupg.org/gph/en/manual/x56.html#AEN64\">directly " +"export your key</a> as a file on your computer." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "GnuPG, OpenPGP, what?" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"In general, the terms GnuPG, GPG, GNU Privacy Guard, OpenPGP and PGP are " +"used interchangeably. Technically, OpenPGP (Pretty Good Privacy) is the " +"encryption standard, and GNU Privacy Guard (often shortened to GPG or GnuPG) " +"is the program that implements the standard. Enigmail is a plug-in program " +"for your email program that provides an interface for GnuPG." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#3</em> Try it out!" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Now you'll try a test correspondence with a computer program named Edward, " +"who knows how to use encryption. Except where noted, these are the same " +"steps you'd follow when corresponding with a real, live person." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 3.a</em> Send Edward your public key" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"This is a special step that you won't have to do when corresponding with " +"real people. In your email program's menu, go to Enigmail → Key " +"Management. You should see your key in the list that pops up. Right click on " +"your key and select Send Public Keys by Email. This will create a new draft " +"message, as if you had just hit the Write button." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Address the message to <a " +"href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Put at least one " +"word (whatever you want) in the subject and body of the email. Don't send " +"yet." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"The lock icon in the top left should be yellow, meaning encryption is turned " +"on. We want this first special message to be unencrypted, so click the icon " +"once to turn it off. The lock should become grey, with a blue dot on it (to " +"alert you that the setting has been changed from the default). Once " +"encryption is off, hit Send." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"It may take two or three minutes for Edward to respond. In the meantime, you " +"might want to skip ahead and check out the <a href=\"#section5\">Use it " +"Well</a> section of this guide. Once he's responded, head to the next " +"step. From here on, you'll be doing just the same thing as when " +"corresponding with a real person." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"When you open Edward's reply, GnuPG may prompt you for your password before " +"using your private key to decrypt it." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 3.b</em> Send a test encrypted email" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Write a new email in your email program, addressed to <a " +"href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Make the subject " +"\"Encryption test\" or something similar and write something in the body." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"The lock icon in the top left of the window should be yellow, meaning " +"encryption is on. This will be your default from now on." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Next to the lock, you'll notice an icon of a pencil. We'll get to this in a " +"moment." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Click Send. Enigmail will pop up a window that says \"Recipients not valid, " +"not trusted or not found.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"To encrypt an email to Edward, you need his public key, so now you'll have " +"Enigmail download it from a keyserver. Click Download Missing Keys and use " +"the default in the pop-up that asks you to choose a keyserver. Once it finds " +"keys, check the first one (Key ID starting with C), then select ok. Select " +"ok in the next pop-up." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Now you are back at the \"Recipients not valid, not trusted or not found\" " +"screen. Check the box in front of Edward's key and click Send." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Since you encrypted this email with Edward's public key, Edward's private " +"key is required to decrypt it. Edward is the only one with his private key, " +"so no one except him can decrypt it." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Enigmail can't find Edward's key" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Close the pop-ups that have appeared since you clicked Send. Make sure you " +"are connected to the Internet and try again. If that doesn't work, repeat " +"the process, choosing a different keyserver when it asks you to pick one." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Unscrambled messages in the Sent folder" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Even though you can't decrypt messages encrypted to someone else's key, your " +"email program will automatically save a copy encrypted to your public key, " +"which you'll be able to view from the Sent folder like a normal email. This " +"is normal, and it doesn't mean that your email was not sent encrypted." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"If you're still having trouble with our instructions or just want to learn " +"more, check out <a " +"href=\"https://www.enigmail.net/documentation/Signature_and_Encryption#Encrypting_a_message\"> " +"Enigmail's wiki</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Encrypt messages from the command line" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"You can also encrypt and decrypt messages and files from the <a " +"href=\"https://www.gnupg.org/gph/en/manual/x110.html\">command line</a>, if " +"that's your preference. The option --armor makes the encrypted output appear " +"in the regular character set." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Important:</em> Security tips" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Even if you encrypt your email, the subject line is not encrypted, so don't " +"put private information there. The sending and receiving addresses aren't " +"encrypted either, so a surveillance system can still figure out who you're " +"communicating with. Also, surveillance agents will know that you're using " +"GnuPG, even if they can't figure out what you're saying. When you send " +"attachments, Enigmail will give you the choice to encrypt them or not, " +"independent of the actual email." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"For greater security against potential attacks, you can turn off " +"HTML. Instead, you can render the message body as plain text. In order to do " +"this in Thunderbird, go to View > Message Body As > Plain Text." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 3.c</em> Receive a response" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"When Edward receives your email, he will use his private key to decrypt it, " +"then reply to you." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"It may take two or three minutes for Edward to respond. In the meantime, you " +"might want to skip ahead and check out the <a href=\"#section5\">Use it " +"Well</a> section of this guide." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 3.d</em> Send a test signed email" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"GnuPG includes a way for you to sign messages and files, verifying that they " +"came from you and that they weren't tampered with along the way. These " +"signatures are stronger than their pen-and-paper cousins -- they're " +"impossible to forge, because they're impossible to create without your " +"private key (another reason to keep your private key safe)." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"You can sign messages to anyone, so it's a great way to make people aware " +"that you use GnuPG and that they can communicate with you securely. If they " +"don't have GnuPG, they will be able to read your message and see your " +"signature. If they do have GnuPG, they'll also be able to verify that your " +"signature is authentic." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"To sign an email to Edward, compose any message to him and click the pencil " +"icon next to the lock icon so that it turns gold. If you sign a message, " +"GnuPG may ask you for your password before it sends the message, because it " +"needs to unlock your private key for signing." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"With the lock and pencil icons, you can choose whether each message will be " +"encrypted, signed, both, or neither." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 3.e</em> Receive a response" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"When Edward receives your email, he will use your public key (which you sent " +"him in <a href=\"#step-3a\">Step 3.A</a>) to verify the message you sent has " +"not been tampered with and to encrypt his reply to you." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Edward's reply will arrive encrypted, because he prefers to use encryption " +"whenever possible. If everything goes according to plan, it should say " +"\"Your signature was verified.\" If your test signed email was also " +"encrypted, he will mention that first." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"When you receive Edward's email and open it, Enigmail will automatically " +"detect that it is encrypted with your public key, and then it will use your " +"private key to decrypt it." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Notice the bar that Enigmail shows you above the message, with information " +"about the status of Edward's key." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#4</em> Learn the Web of Trust" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Email encryption is a powerful technology, but it has a weakness; it " +"requires a way to verify that a person's public key is actually " +"theirs. Otherwise, there would be no way to stop an attacker from making an " +"email address with your friend's name, creating keys to go with it and " +"impersonating your friend. That's why the free software programmers that " +"developed email encryption created keysigning and the Web of Trust." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"When you sign someone's key, you are publicly saying that you've verified " +"that it belongs to them and not someone else." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Signing keys and signing messages use the same type of mathematical " +"operation, but they carry very different implications. It's a good practice " +"to generally sign your email, but if you casually sign people's keys, you " +"may accidently end up vouching for the identity of an imposter." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"People who use your public key can see who has signed it. Once you've used " +"GnuPG for a long time, your key may have hundreds of signatures. You can " +"consider a key to be more trustworthy if it has many signatures from people " +"that you trust. The Web of Trust is a constellation of GnuPG users, " +"connected to each other by chains of trust expressed through signatures." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Section 4: Web of Trust" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 4.a</em> Sign a key" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "In your email program's menu, go to Enigmail → Key Management." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Right click on Edward's public key and select Sign Key from the context " +"menu." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "In the window that pops up, select \"I will not answer\" and click ok." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Now you should be back at the Key Management menu. Select Keyserver → " +"Upload Public Keys and hit ok." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"You've just effectively said \"I trust that Edward's public key actually " +"belongs to Edward.\" This doesn't mean much because Edward isn't a real " +"person, but it's good practice." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Identifying keys: Fingerprints and IDs" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"People's public keys are usually identified by their key fingerprint, which " +"is a string of digits like F357AA1A5B1FA42CFD9FE52A9FF2194CC09A61E8 (for " +"Edward's key). You can see the fingerprint for your public key, and other " +"public keys saved on your computer, by going to Enigmail → Key " +"Management in your email program's menu, then right clicking on the key and " +"choosing Key Properties. It's good practice to share your fingerprint " +"wherever you share your email address, so that people can double-check that " +"they have the correct public key when they download yours from a keyserver." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"You may also see public keys referred to by a shorter key ID. This key ID is " +"visible directly from the Key Management window. These eight character key " +"IDs were previously used for identification, which used to be safe, but is " +"no longer reliable. You need to check the full fingerprint as part of " +"verifying you have the correct key for the person you are trying to " +"contact. Spoofing, in which someone intentionally generates a key with a " +"fingerprint whose final eight characters are the same as another, is " +"unfortunately common." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Important:</em> What to consider when signing keys" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Before signing a person's key, you need to be confident that it actually " +"belongs to them, and that they are who they say they are. Ideally, this " +"confidence comes from having interactions and conversations with them over " +"time, and witnessing interactions between them and others. Whenever signing " +"a key, ask to see the full public key fingerprint, and not just the shorter " +"key ID. If you feel it's important to sign the key of someone you've just " +"met, also ask them to show you their government identification, and make " +"sure the name on the ID matches the name on the public key. In Enigmail, " +"answer honestly in the window that pops up and asks \"How carefully have you " +"verified that the key you are about to sign actually belongs to the " +"person(s) named above?\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Master the Web of Trust" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Unfortunately, trust does not spread between users the way <a " +"href=\"http://fennetic.net/irc/finney.org/~hal/web_of_trust.html\">many " +"people think</a>. One of best ways to strengthen the GnuPG community is to " +"deeply <a " +"href=\"https://www.gnupg.org/gph/en/manual/x334.html\">understand</a> the " +"Web of Trust and to carefully sign as many people's keys as circumstances " +"permit." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Set ownertrust" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"If you trust someone enough to validate other people's keys, you can assign " +"them an ownertrust level through Enigmails's key management window. Right " +"click on the other person's key, go to the \"Select Owner Trust\" menu " +"option, select the trustlevel and click OK. Only do this once you feel you " +"have a deep understanding of the Web of Trust." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#5</em> Use it well" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Everyone uses GnuPG a little differently, but it's important to follow some " +"basic practices to keep your email secure. Not following them, you risk the " +"privacy of the people you communicate with, as well as your own, and damage " +"the Web of Trust." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Section 5: Use it Well (1)" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "When should I encrypt? When should I sign?" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"The more you can encrypt your messages, the better. If you only encrypt " +"emails occasionally, each encrypted message could raise a red flag for " +"surveillance systems. If all or most of your email is encrypted, people " +"doing surveillance won't know where to start. That's not to say that only " +"encrypting some of your email isn't helpful -- it's a great start and it " +"makes bulk surveillance more difficult." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Unless you don't want to reveal your own identity (which requires other " +"protective measures), there's no reason not to sign every message, whether " +"or not you are encrypting. In addition to allowing those with GnuPG to " +"verify that the message came from you, signing is a non-intrusive way to " +"remind everyone that you use GnuPG and show support for secure " +"communication. If you often send signed messages to people that aren't " +"familiar with GnuPG, it's nice to also include a link to this guide in your " +"standard email signature (the text kind, not the cryptographic kind)." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Section 5: Use it Well (2)" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Be wary of invalid keys" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"GnuPG makes email safer, but it's still important to watch out for invalid " +"keys, which might have fallen into the wrong hands. Email encrypted with " +"invalid keys might be readable by surveillance programs." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"In your email program, go back to the first encrypted email that Edward sent " +"you. Because Edward encrypted it with your public key, it will have a " +"message from Enigmail at the top, which most likely says \"Enigmail: Part of " +"this message encrypted.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"<b>When using GnuPG, make a habit of glancing at that bar. The program will " +"warn you there if you get an email signed with a key that can't be " +"trusted.</b>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Copy your revocation certificate to somewhere safe" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Remember when you created your keys and saved the revocation certificate " +"that GnuPG made? It's time to copy that certificate onto the safest digital " +"storage that you have -- the ideal thing is a flash drive, disk, or hard " +"drive stored in a safe place in your home, not on a device you carry with " +"you regularly." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"If your private key ever gets lost or stolen, you'll need this certificate " +"file to let people know that you are no longer using that keypair." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Important:</em> act swiftly if someone gets your private key" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"If you lose your private key or someone else gets ahold of it (say, by " +"stealing or cracking your computer), it's important to revoke it immediately " +"before someone else uses it to read your encrypted email or forge your " +"signature. This guide doesn't cover how to revoke a key, but you can follow " +"these <a " +"href=\"https://www.hackdiary.com/2004/01/18/revoking-a-gpg-key/\">instructions</a>. " +"After you're done revoking, make a new key and send an email to everyone " +"with whom you usually use your key to make sure they know, including a copy " +"of your new key." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Webmail and GnuPG" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"When you use a web browser to access your email, you're using webmail, an " +"email program stored on a distant website. Unlike webmail, your desktop " +"email program runs on your own computer. Although webmail can't decrypt " +"encrypted email, it will still display it in its encrypted form. If you " +"primarily use webmail, you'll know to open your email client when you " +"receive a scrambled email." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<a href=\"next_steps.html\">Great job! Check out the next steps.</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><p> +msgid "← Read the <a href=\"index.html\">full guide</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><h3><a> +msgid "" +"<a " +"href=\"https://fsf.org/share?u=https://u.fsf.org/zc&t=How public-key " +"encryption works. Infographic via %40fsf\">" +msgstr "" + +#. type: Content of: <html><body><header><div><h3> +msgid "  Share our infographic </a> with the hashtag #EmailSelfDefense" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><header><div><p><img> +msgid "View & share our infographic" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"index.html\">GNU/Linux</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"mac.html\" class=\"current\">Mac OS</a>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"This guide relies on software which is <a " +"href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; " +"it's completely transparent and anyone can copy it or make their own " +"version. This makes it safer from surveillance than proprietary software " +"(like Windows or Mac OS). To defend your freedom as well as protect yourself " +"from surveillance, we recommend you switch to a free software operating " +"system like GNU/Linux. Learn more about free software at <a " +"href=\"https://u.fsf.org/ys\">fsf.org</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"To get started, you'll need the IceDove desktop email program installed on " +"your computer. For your system, IceDove may be known by the alternate name " +"\"Thunderbird.\" Email programs are another way to access the same email " +"accounts you can access in a browser (like Gmail), but provide extra " +"features." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 1.b</em> Get GnuPG by downloading GPGTools" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"GPGTools is a software package that includes GnuPG. <a " +"href=\"https://gpgtools.org/#gpgsuite\">Download</a> and install it, " +"choosing default options whenever asked. After it's installed, you can close " +"any windows that it creates." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"There are major security flaws in versions of GnuPG provided by GPGTools " +"prior to 2018.3. Make sure you have GPGTools 2018.3 or later." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img> +msgid "Step 1.C: Tools -> Add-ons" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img> +msgid "Step 1.C: Search Add-ons" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img> +msgid "Step 1.C: Install Add-ons" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 1.c</em> Install the Enigmail plugin for your email program" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"There are major security flaws in Enigmail prior to version 2.0.7. Make sure " +"you have Enigmail 2.0.7 or later." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"For greater security against potential attacks, you can turn off " +"HTML. Instead, you can render the message body as plain text." +msgstr "" + +#. type: Content of: <html><body><header><div><h1> +msgid "Great job!" +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#6</em> Next steps" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"You've now completed the basics of email encryption with GnuPG, taking " +"action against bulk surveillance. These next steps will help make the most " +"of the work you've done." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Join the movement" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"You've just taken a huge step towards protecting your privacy online. But " +"each of us acting alone isn't enough. To topple bulk surveillance, we need " +"to build a movement for the autonomy and freedom of all computer users. Join " +"the Free Software Foundation's community to meet like-minded people and work " +"together for change." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"<small>Read <a href=\"https://www.fsf.org/twitter\">why GNU Social and " +"Mastodon are better than Twitter</a>, and <a " +"href=\"http://www.fsf.org/facebook\">why we don't use Facebook</a>.</small>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><p> +msgid "Low-volume mailing list" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><form> +msgid "" +"<input type=\"text\" value=\"Type your email...\" name=\"email-Primary\" " +"id=\"frmEmail\" /> <input type=\"submit\" value=\"Add me\" " +"name=\"_qf_Edit_next\" /> <input type=\"hidden\" " +"value=\"https://emailselfdefense.fsf.org/en/confirmation.html\" " +"name=\"postURL\" /> <input type=\"hidden\" value=\"1\" name=\"group[25]\" /> " +"<input type=\"hidden\" " +"value=\"https://my.fsf.org/civicrm/profile?reset=1&gid=391\" " +"name=\"cancelURL\" /> <input type=\"hidden\" value=\"Edit:cancel\" " +"name=\"_qf_default\" />" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><p> +msgid "" +"<small>Read our <a " +"href=\"https://my.fsf.org/donate/privacypolicy.html\">privacy " +"policy</a>.</small>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Bring Email Self-Defense to new people" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Understanding and setting up email encryption is a daunting task for " +"many. To welcome them, make it easy to find your public key and offer to " +"help with encryption. Here are some suggestions:" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"Lead an Email Self-Defense workshop for your friends and community, using " +"our <a href=\"workshops.html\">teaching guide</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"Use <a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Encrypt " +"with me using Email Self-Defense %40fsf\">our sharing page</a> to compose a " +"message to a few friends and ask them to join you in using encrypted " +"email. Remember to include your GnuPG public key fingerprint so they can " +"easily download your key." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"Add your public key fingerprint anywhere that you normally display your " +"email address. Some good places are: your email signature (the text kind, " +"not the cryptographic kind), social media profiles, blogs, Websites, or " +"business cards. At the Free Software Foundation, we put ours on our <a " +"href=\"https://fsf.org/about/staff\">staff page</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Protect more of your digital life" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Learn surveillance-resistant technologies for instant messages, hard drive " +"storage, online sharing, and more at <a " +"href=\"https://directory.fsf.org/wiki/Collection:Privacy_pack\"> the Free " +"Software Directory's Privacy Pack</a> and <a " +"href=\"https://prism-break.org\">prism-break.org</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"If you are using Windows, Mac OS or any other proprietary operating system, " +"we recommend you switch to a free software operating system like " +"GNU/Linux. This will make it much harder for attackers to enter your " +"computer through hidden back doors. Check out the Free Software Foundation's " +"<a href=\"http://www.gnu.org/distros/free-distros.html\">endorsed versions " +"of GNU/Linux.</a>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Optional: Add more email protection with Tor" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"<a href=\"https://www.torproject.org/about/overview.html.en\">The Onion " +"Router (Tor) network</a> wraps Internet communication in multiple layers of " +"encryption and bounces it around the world several times. When used " +"properly, Tor confuses surveillance field agents and the global surveillance " +"apparatus alike. Using it simultaneously with GnuPG's encryption will give " +"you the best results." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"To have your email program send and receive email over Tor, install the <a " +"href=\"https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/\">Torbirdy " +"plugin</a> the same way you installed Enigmail, by searching for it through " +"Add-ons." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Before beginning to check your email over Tor, make sure you understand <a " +"href=\"https://www.torproject.org/docs/faq.html.en#WhatProtectionsDoesTorProvide\"> " +"the security tradeoffs involved</a>. This <a " +"href=\"https://www.eff.org/pages/tor-and-https\">infographic</a> from our " +"friends at the Electronic Frontier Foundation demonstrates how Tor keeps you " +"secure." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Section 6: Next Steps" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "← <a href=\"index.html\">Return to the guide</a>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Make Email Self-Defense tools even better" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"<a href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">Leave " +"feedback and suggest improvements to this guide</a>. We welcome " +"translations, but we ask that you contact us at <a " +"href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a> before you start, so " +"that we can connect you with other translators working in your language." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"If you like programming, you can contribute code to <a " +"href=\"https://www.gnupg.org/\">GnuPG</a> or <a " +"href=\"https://www.enigmail.net/home/index.php\">Enigmail</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"To go the extra mile, support the Free Software Foundation so we can keep " +"improving Email Self-Defense, and make more tools like it." +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"windows.html\" class=\"current\">Windows</a>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 1.b</em> Get GnuPG by downloading GPG4Win" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"GPG4Win is a software package that includes GnuPG. <a " +"href=\"https://www.gpg4win.org/\">Download</a> and install it, choosing " +"default options whenever asked. After it's installed, you can close any " +"windows that it creates." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"There are major security flaws in versions of GnuPG provided by GPG4Win " +"prior to 3.1.2. Make sure you have GPG4Win 3.1.2 or later." +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"workshops.html\" class=\"current\">Teach your friends</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li><a> +msgid "" +"<a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email " +"encryption for everyone via %40fsf\">Share " +msgstr "" + +#. type: Content of: <html><body><header><div><div><div><p> +msgid "" +"We want to translate this guide into more languages, and make a version for " +"encryption on mobile devices. Please donate, and help people around the " +"world take the first step towards protecting their privacy with free " +"software." +msgstr "" + +#. type: Content of: <html><body><header><div><div><p><a> +msgid "" +"<a id=\"infographic\" " +"href=\"https://emailselfdefense.fsf.org/en/infographic.html\">" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img> +msgid "View & share our infographic →" +msgstr "" + +#. type: Content of: <html><body><header><div><div><p> +msgid "" +"</a> Understanding and setting up email encryption sounds like a daunting " +"task to many people. That's why helping your friends with GnuPG plays such " +"an important role in helping spread encryption. Even if only one person " +"shows up, that's still one more person using encryption who wasn't " +"before. You have the power to help your friends keep their digital love " +"letters private, and teach them about the importance of free software. If " +"you use GnuPG to send and receive encrypted email, you're a perfect " +"candidate for leading a workshop!" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><p><img> +msgid "A small workshop among friends" +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#1</em> Get your friends or community interested" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"If you hear friends grumbling about their lack of privacy, ask them if " +"they're interested in attending a workshop on Email Self-Defense. If your " +"friends don't grumble about privacy, they may need some convincing. You " +"might even hear the classic \"if you've got nothing to hide, you've got " +"nothing to fear\" argument against using encryption." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Here are some talking points you can use to help explain why it's worth it " +"to learn GnuPG. Mix and match whichever you think will make sense to your " +"community:" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Strength in numbers" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Each person who chooses to resist mass surveillance with encryption makes it " +"easier for others to resist as well. People normalizing the use of strong " +"encryption has multiple powerful effects: it means those who need privacy " +"the most, like potential whistle-blowers and activists, are more likely to " +"learn about encryption. More people using encryption for more things also " +"makes it harder for surveillance systems to single out those that can't " +"afford to be found, and shows solidarity with those people." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "People you respect may already be using encryption" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Many journalists, whistleblowers, activists, and researchers use GnuPG, so " +"your friends might unknowingly have heard of a few people who use it " +"already. You can search for \"BEGIN PUBLIC KEY BLOCK\" + keyword to help " +"make a list of people and organizations who use GnuPG whom your community " +"will likely recognize." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Respect your friends' privacy" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"There's no objective way to judge what constitutes privacy-sensitive " +"correspondence. As such, it's better not to presume that just because you " +"find an email you sent to a friend innocuous, your friend (or a surveillance " +"agent, for that matter!) feels the same way. Show your friends respect by " +"encrypting your correspondence with them." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Privacy technology is normal in the physical world" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"In the physical realm, we take window blinds, envelopes, and closed doors " +"for granted as ways of protecting our privacy. Why should the digital realm " +"be any different?" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "We shouldn't have to trust our email providers with our privacy" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Some email providers are very trustworthy, but many have incentives not to " +"protect your privacy and security. To be empowered digital citizens, we need " +"to build our own security from the bottom up." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#2</em> Plan The Workshop" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Once you've got at least one interested friend, pick a date and start " +"planning out the workshop. Tell participants to bring their computer and ID " +"(for signing each other's keys). If you'd like to make it easy for the " +"participants to use Diceware for choosing passwords, get a pack of dice " +"beforehand. Make sure the location you select has an easily accessible " +"Internet connection, and make backup plans in case the connection stops " +"working on the day of the workshop. Libraries, coffee shops, and community " +"centers make great locations. Try to get all the participants to set up an " +"Enigmail-compatible email client before the event. Direct them to their " +"email provider's IT department or help page if they run into errors." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Estimate that the workshop will take at least forty minutes plus ten minutes " +"for each participant. Plan extra time for questions and technical glitches." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"The success of the workshop requires understanding and catering to the " +"unique backgrounds and needs of each group of participants. Workshops should " +"stay small, so that each participant receives more individualized " +"instruction. If more than a handful of people want to participate, keep the " +"facilitator to participant ratio high by recruiting more facilitators, or by " +"facilitating multiple workshops. Small workshops among friends work great!" +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#3</em> Follow the guide as a group" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Work through the Email Self-Defense guide a step at a time as a group. Talk " +"about the steps in detail, but make sure not to overload the participants " +"with minutia. Pitch the bulk of your instructions to the least tech-savvy " +"participants. Make sure all the participants complete each step before the " +"group moves on to the next one. Consider facilitating secondary workshops " +"afterwards for people that had trouble grasping the concepts, or those that " +"grasped them quickly and want to learn more." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"In <a href=\"index.html#section2\">Section 2</a> of the guide, make sure the " +"participants upload their keys to the same keyserver so that they can " +"immediately download each other's keys later (sometimes there is a delay in " +"synchronization between keyservers). During <a " +"href=\"index.html#section3\">Section 3</a>, give the participants the option " +"to send test messages to each other instead of or as well as " +"Edward. Similarly, in <a href=\"index.html#section4\">Section 4</a>, " +"encourage the participants to sign each other's keys. At the end, make sure " +"to remind people to safely back up their revocation certificates." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#4</em> Explain the pitfalls" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Remind participants that encryption works only when it's explicitly used; " +"they won't be able to send an encrypted email to someone who hasn't already " +"set up encryption. Also remind participants to double-check the encryption " +"icon before hitting send, and that subjects and timestamps are never " +"encrypted." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Explain the <a " +"href=\"https://www.gnu.org/proprietary/proprietary.html\">dangers of running " +"a proprietary system</a> and advocate for free software, because without it, " +"we can't <a " +"href=\"https://www.fsf.org/bulletin/2013/fall/how-can-free-software-protect-us-from-surveillance\">meaningfully " +"resist invasions of our digital privacy and autonomy</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#5</em> Share additional resources" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"GnuPG's advanced options are far too complex to teach in a single " +"workshop. If participants want to know more, point out the advanced " +"subsections in the guide and consider organizing another workshop. You can " +"also share <a " +"href=\"https://www.gnupg.org/documentation/index.html\">GnuPG's</a> and <a " +"href=\"https://www.enigmail.net/index.php/documentation\">Enigmail's</a> " +"official documentation and mailing lists. Many GNU/Linux distribution's Web " +"sites also contain a page explaining some of GnuPG's advanced features." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#6</em> Follow up" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Make sure everyone has shared email addresses and public key fingerprints " +"before they leave. Encourage the participants to continue to gain GnuPG " +"experience by emailing each other. Send them each an encrypted email one " +"week after the event, reminding them to try adding their public key ID to " +"places where they publicly list their email address." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"If you have any suggestions for improving this workshop guide, please let us " +"know at <a href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a>." +msgstr "" +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Free Software Foundation, Inc. +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: emailselfdefense 4.0\n" +"POT-Creation-Date: 2020-06-25 17:51+0200\n" +"PO-Revision-Date: 2020-12-14 23:22+0200\n" +"Last-Translator: Andrew V. Isakov <andrij.isakov@gmail.com>\n" +"Language-Team: \n" +"Language: ua\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. type: Attribute 'lang' of: <html> +msgid "en" +msgstr "en" + +#. type: Attribute 'content' of: <html><head><meta> +msgid "text/html; charset=utf-8" +msgstr "text/html; charset=utf-8" + +#. type: Content of: <html><head><title> +msgid "Email Self-Defense - a guide to fighting surveillance with GnuPG encryption" +msgstr "E-mail самозахист - довідник боротьби проти налгяду з допомогою GnuPG шифрування" + +#. type: Attribute 'content' of: <html><head><meta> +msgid "GnuPG, GPG, openpgp, surveillance, privacy, email, Enigmail" +msgstr "" + +# може краще "свободу самовираження"? +#. type: Attribute 'content' of: <html><head><meta> +msgid "" +"Email surveillance violates our fundamental rights and makes free speech " +"risky. This guide will teach you email self-defense in 40 minutes with " +"GnuPG." +msgstr "E-mail нагляд порушує наші найфундаментальніші права та робить свободу слова ризикованою. Цей довідник навчить вас e-mail самозахисту всього за 40 хвилин з GnuPG." + +#. type: Attribute 'content' of: <html><head><meta> +msgid "width=device-width, initial-scale=1" +msgstr "width=device-width, initial-scale=1" + +#. type: Content of: <html><body><header><div><p> +msgid "" +"<strong>Please check your email for a confirmation link now. Thanks for " +"joining our list!</strong>" +msgstr "<strong>Будь ласка перевірте чи прийшло на вашу електронну пошту посилання з підтвердженням. Щиро дякуємо, що долучаєтесь до розсилки!</strong>" + +#. type: Content of: <html><body><header><div><p> +msgid "" +"If you don't receive the confirmation link, send us an email at info@fsf.org " +"to be added manually." +msgstr "Якщо ви не отримаєте посилання з підтвердженням, надішліть нам листа на info@fsf.org аби ми вас додали вручну." + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Try it out." +msgstr "Спробуйте." + +#. type: Content of: <html><body><header><div><p> +msgid "Join us on microblogging services for day-to-day updates:" +msgstr "Приєднуйтесь до нас на сервісах мікроблоггінгу для щоденних оновлень:" + +#. type: Content of: <html><body><section><div><div><div><p><a> +msgid "<a href=\"https://status.fsf.org/fsf\">" +msgstr "<a href=\"https://status.fsf.org/fsf\">" + +#. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img> +msgid "[GNU Social]" +msgstr "[GNU Social]" + +#. type: Content of: <html><body><section><div><div><div><p><a> +msgid " GNU Social</a>  |  <a href=\"https://hostux.social/@fsf\">" +msgstr " GNU Social</a>  |  <a href=\"https://hostux.social/@fsf\">" + +#. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img> +msgid "[Mastodon]" +msgstr "[Mastodon]" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +" Mastodon</a>  |  <a " +"href=\"https://www.twitter.com/fsf\">Twitter</a>" +msgstr " Mastodon</a>  |  <a href=\"https://www.twitter.com/fsf\">Twitter</a>" + +#. type: Content of: <html><body><header><div><p> +msgid "" +"<small><a href=\"https://www.fsf.org/twitter\">Read why GNU Social and " +"Mastodon are better than Twitter.</a></small>" +msgstr "<small><a href=\"https://www.fsf.org/twitter\">Читайте чому GNU Social and Mastodon кращі за Twitter.</a></small>" + +#. type: Content of: <html><body><header><div><p> +msgid "← Return to <a href=\"index.html\">Email Self-Defense</a>" +msgstr "← Повернутися на <a href=\"index.html\">E-mail самозахист</a>" + +#. type: Content of: <html><body><footer><div><div><h4><a> +msgid "<a href=\"https://u.fsf.org/ys\">" +msgstr "<a href=\"https://u.fsf.org/ys\">" + +#. type: Attribute 'alt' of: <html><body><footer><div><div><h4><a><img> +msgid "Free Software Foundation" +msgstr "Free Software Foundation" + +#. type: Content of: <html><body><footer><div><p> +msgid "</a>" +msgstr "</a>" + +#. type: Content of: <html><body><footer><div><div><p> +msgid "" +"Copyright © 2014-2016 <a href=\"https://u.fsf.org/ys\">Free Software " +"Foundation</a>, Inc. <a " +"href=\"https://my.fsf.org/donate/privacypolicy.html\">Privacy " +"Policy</a>. Please support our work by <a " +"href=\"https://u.fsf.org/yr\">joining us as an associate member.</a>" +msgstr "Copyright © 2014-2016 <a href=\"https://u.fsf.org/ys\">Free Software Foundation</a>, Inc. <a href=\"https://my.fsf.org/donate/privacypolicy.html\">Політика конфіденційності</a>. Будь ласка підтримайте нашу роботу, <a href=\"https://u.fsf.org/yr\">долучаючись до нас як асоційований партнер.</a>" + +#. type: Content of: <html><body><footer><div><div><p> +msgid "" +"The images on this page are under a <a " +"href=\"https://creativecommons.org/licenses/by/4.0/\">Creative Commons " +"Attribution 4.0 license (or later version)</a>, and the rest of it is under " +"a <a href=\"https://creativecommons.org/licenses/by-sa/4.0\">Creative " +"Commons Attribution-ShareAlike 4.0 license (or later version)</a>. Download " +"the <a " +"href=\"http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz\"> " +"source code of Edward reply bot</a> by Andrew Engelbrecht " +"<andrew@engelbrecht.io> and Josh Drake <zamnedix@gnu.org>, " +"available under the GNU Affero General Public License. <a " +"href=\"http://www.gnu.org/licenses/license-list.html#OtherLicenses\">Why " +"these licenses?</a>" +msgstr "Зображення на цій сторінці ліцензуються <a href=\"https://creativecommons.org/licenses/by/4.0/\">Creative Commons Attribution 4.0 ліцензією (чи пізнішою версією)</a>, всі інші елементи ліцензуються <a href=\"https://creativecommons.org/licenses/by-sa/4.0\">Creative Commons Attribution-ShareAlike 4.0 ліцензією (чи пізнішою версією)</a>. Завантажити <a href=\"http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz\"> вихідний код Едварда, бота-відповідача,</a> створеного Андрієм Енгельбрехтом (Andrew Engelbrecht) <andrew@engelbrecht.io> та Джошем Дрейком (Josh Drake) <zamnedix@gnu.org>, доступним за ліцензією GNU Affero General Public License. <a href=\"http://www.gnu.org/licenses/license-list.html#OtherLicenses\">Чому ці ліцензії?</a>" + +#. type: Content of: <html><body><footer><div><div><p> +msgid "" +"Fonts used in the guide & infographic: <a " +"href=\"https://www.google.com/fonts/specimen/Dosis\">Dosis</a> by Pablo " +"Impallari, <a " +"href=\"http://www.google.com/fonts/specimen/Signika\">Signika</a> by Anna " +"Giedryś, <a " +"href=\"http://www.google.com/fonts/specimen/Archivo+Narrow\">Archivo " +"Narrow</a> by Omnibus-Type, <a " +"href=\"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls\">PXL-2000</a> " +"by Florian Cramer." +msgstr "Шрифти використані в цьому довіднику & інфографіка: <a href=\"https://www.google.com/fonts/specimen/Dosis\">Dosis</a> by Pablo Impallari, <a href=\"http://www.google.com/fonts/specimen/Signika\">Signika</a> by Anna Giedryś, <a href=\"http://www.google.com/fonts/specimen/Archivo+Narrow\">Archivo Narrow</a> by Omnibus-Type, <a href=\"https://libreplanet.org/wiki/GPG_guide/Graphics_Howto#Pitfalls\">PXL-2000</a> by Florian Cramer." + +#. type: Content of: <html><body><footer><div><div><p> +msgid "" +"Download the <a href=\"emailselfdefense_source.zip\">source package</a> for " +"this guide, including fonts, image source files and the text of Edward's " +"messages." +msgstr "Завантажити <a href=\"emailselfdefense_source.zip\">архів з вихідним кодом</a> для цього довідника, включно з шрифтами, вихідними зображеннями та текстом повідомлень Едварда." + +#. type: Content of: <html><body><footer><div><div><p> +msgid "" +"This site uses the Weblabels standard for labeling <a " +"href=\"https://www.fsf.org/campaigns/freejs\">free JavaScript</a>. View the " +"JavaScript <a href=\"//weblabels.fsf.org/emailselfdefense.fsf.org/\" " +"rel=\"jslicense\">source code and license information</a>." +msgstr "Цей сайт використовує Weblabels стандарт для маркування <a href=\"https://www.fsf.org/campaigns/freejs\">вільного JavaScript</a>. Переглянути вихідний код та інформацію про ліцензування <a href=\"//weblabels.fsf.org/emailselfdefense.fsf.org/\" rel=\"jslicense\">JavaScript</a>." + +#. type: Content of: <html><body><footer><div><p><a> +msgid "" +"Infographic and guide design by <a rel=\"external\" " +"href=\"http://jplusplus.org\"><strong>Journalism++</strong>" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><footer><div><p><a><img> +msgid "Journalism++" +msgstr "" + +#. type: Content of: <html><body><header><div><h1> +msgid "Email Self-Defense" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a class=\"current\" href=\"/en\">English - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/ar\">العربية <span class=\"tip\">tip</span></a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/cs\">čeÅ¡tina - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/de\">Deutsch - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/el\">ελληνικά - v3.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/es\">español - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/fa\">فارسی - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/fr\">français - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/it\">italiano - v3.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/ja\">日本語 - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/ko\">한국어 <span class=\"tip\">tip</span></a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/ml\">മലയാളം <span class=\"tip\">tip</span></a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/pt-br\">português do Brasil - v3.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/ro\">română - v3.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/ru\">русский - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/sq\">Shqip - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/sv\">svenska - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/tr\">Türkçe - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"/zh-hans\">简体中文 - v4.0</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "" +"<a href=\"https://libreplanet.org/wiki/GPG_guide/Translation_Guide\"> " +"<strong><span style=\"color: #2F5FAA;\">Translate!</span></strong></a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"index.html\" class=\"current\">GNU/Linux</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"mac.html\">Mac OS</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"windows.html\">Windows</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"workshops.html\">Teach your friends</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li><a> +msgid "" +"<a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email " +"encryption for everyone via %40fsf\"> Share " +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li><a> +msgid " " +msgstr "" + +#. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img> +msgid "[Reddit]" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><header><div><ul><li><a><img> +msgid "[Hacker News]" +msgstr "" + +#. type: Content of: <html><body><header><div><div><h3><a> +msgid "<a href=\"http://u.fsf.org/ys\">" +msgstr "" + +#. type: Content of: <html><body><header><div><div><div><p> +msgid "" +"We fight for computer users' rights, and promote the development of free (as " +"in freedom) software. Resisting bulk surveillance is very important to us." +msgstr "" + +#. type: Content of: <html><body><header><div><div><div><p> +msgid "" +"<strong>Please donate to support Email Self-Defense. We need to keep " +"improving it, and making more materials, for the benefit of people around " +"the world taking the first step towards protecting their privacy.</strong>" +msgstr "" + +#. type: Content of: <html><body><header><div><div><p><a> +msgid "" +"<a " +"href=\"https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=14&pk_campaign=email_self_defense&pk_kwd=guide_donate\">" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img> +msgid "Donate" +msgstr "" + +#. type: Content of: <html><body><header><div><div><p><a> +msgid "<a id=\"infographic\" href=\"infographic.html\">" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img> +msgid "View & share our infographic →" +msgstr "" + +#. type: Content of: <html><body><header><div><div><p> +msgid "" +"</a> Bulk surveillance violates our fundamental rights and makes free speech " +"risky. This guide will teach you a basic surveillance self-defense skill: " +"email encryption. Once you've finished, you'll be able to send and receive " +"emails that are scrambled to make sure a surveillance agent or thief " +"intercepting your email can't read them. All you need is a computer with an " +"Internet connection, an email account, and about forty minutes." +msgstr "" + +#. type: Content of: <html><body><header><div><div><p> +msgid "" +"Even if you have nothing to hide, using encryption helps protect the privacy " +"of people you communicate with, and makes life difficult for bulk " +"surveillance systems. If you do have something important to hide, you're in " +"good company; these are the same tools that whistleblowers use to protect " +"their identities while shining light on human rights abuses, corruption and " +"other crimes." +msgstr "" + +#. type: Content of: <html><body><header><div><div><p> +msgid "" +"In addition to using encryption, standing up to surveillance requires " +"fighting politically for a <a " +"href=\"http://gnu.org/philosophy/surveillance-vs-democracy.html\">reduction " +"in the amount of data collected on us</a>, but the essential first step is " +"to protect yourself and make surveillance of your communication as difficult " +"as possible. This guide helps you do that. It is designed for beginners, but " +"if you already know the basics of GnuPG or are an experienced free software " +"user, you'll enjoy the advanced tips and the <a " +"href=\"workshops.html\">guide to teaching your friends</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#1</em> Get the pieces" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"This guide relies on software which is <a " +"href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; " +"it's completely transparent and anyone can copy it or make their own " +"version. This makes it safer from surveillance than proprietary software " +"(like Windows). Learn more about free software at <a " +"href=\"https://u.fsf.org/ys\">fsf.org</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Most GNU/Linux operating systems come with GnuPG installed on them, so you " +"don't have to download it. Before configuring GnuPG though, you'll need the " +"IceDove desktop email program installed on your computer. Most GNU/Linux " +"distributions have IceDove installed already, though it may be under the " +"alternate name \"Thunderbird.\" Email programs are another way to access the " +"same email accounts you can access in a browser (like Gmail), but provide " +"extra features." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"If you already have an email program, you can skip to <a " +"href=\"#step-1b\">Step 1.b</a>." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Step 1.A: Install Wizard" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 1.a</em> Set up your email program with your email account" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Open your email program and follow the wizard (step-by-step walkthrough) " +"that sets it up with your email account." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Look for the letters SSL, TLS, or STARTTLS to the right of the servers when " +"you're setting up your account. If you don't see them, you will still be " +"able to use encryption, but this means that the people running your email " +"system are running behind the industry standard in protecting your security " +"and privacy. We recommend that you send them a friendly email asking them to " +"enable SSL, TLS, or STARTTLS for your email server. They will know what " +"you're talking about, so it's worth making the request even if you aren't an " +"expert on these security systems." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><h4> +msgid "Troubleshooting" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "The wizard doesn't launch" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"You can launch the wizard yourself, but the menu option for doing so is " +"named differently in each email program. The button to launch it will be in " +"the program's main menu, under \"New\" or something similar, titled " +"something like \"Add account\" or \"New/Existing email account.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "The wizard can't find my account or isn't downloading my mail" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Before searching the Web, we recommend you start by asking other people who " +"use your email system, to figure out the correct settings." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Don't see a solution to your problem?" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Please let us know on the <a " +"href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">feedback " +"page</a>." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img> +msgid "Step 1.B: Tools -> Add-ons" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img> +msgid "Step 1.B: Search Add-ons" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img> +msgid "Step 1.B: Install Add-ons" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 1.b</em> Install the Enigmail plugin for your email program" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"In your email program's menu, select Add-ons (it may be in the Tools " +"section). Make sure Extensions is selected on the left. Do you see Enigmail? " +"Make sure it's the latest version. If so, skip this step." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"If not, search \"Enigmail\" with the search bar in the upper right. You can " +"take it from here. Restart your email program when you're done." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"There are major security flaws in versions of GnuPG prior to 2.2.8, and " +"Enigmail prior to 2.0.7. Make sure you have GnuPG 2.2.8 and Enigmail 2.0.7, " +"or later versions." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "I can't find the menu." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"In many new email programs, the main menu is represented by an image of " +"three stacked horizontal bars." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "My email looks weird" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Enigmail doesn't tend to play nice with HTML, which is used to format " +"emails, so it may disable your HTML formatting automatically. To send an " +"HTML-formatted email without encryption or a signature, hold down the Shift " +"key when you select compose. You can then write an email as if Enigmail " +"wasn't there." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#2</em> Make your keys" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"To use the GnuPG system, you'll need a public key and a private key (known " +"together as a keypair). Each is a long string of randomly generated numbers " +"and letters that are unique to you. Your public and private keys are linked " +"together by a special mathematical function." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Your public key isn't like a physical key, because it's stored in the open " +"in an online directory called a keyserver. People download it and use it, " +"along with GnuPG, to encrypt emails they send to you. You can think of the " +"keyserver as a phonebook; people who want to send you encrypted email can " +"look up your public key." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Your private key is more like a physical key, because you keep it to " +"yourself (on your computer). You use GnuPG and your private key together to " +"descramble encrypted emails other people send to you. <span " +"style=\"font-weight: bold;\">You should never share your private key with " +"anyone, under any circumstances.</span>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"In addition to encryption and decryption, you can also use these keys to " +"sign messages and check the authenticity of other people's signatures. We'll " +"discuss this more in the next section." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Step 2.A: Make a Keypair" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 2.a</em> Make a keypair" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"The Enigmail Setup wizard may start automatically. If it doesn't, select " +"Enigmail → Setup Wizard from your email program's menu. You don't need " +"to read the text in the window that pops up unless you'd like to, but it's " +"good to read the text on the later screens of the wizard. Click Next with " +"the default options selected, except in these instances, which are listed in " +"the order they appear:" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"On the screen titled \"Encryption,\" select \"Encrypt all of my messages by " +"default, because privacy is critical to me.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"On the screen titled \"Signing,\" select \"Don't sign my messages by " +"default.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"On the screen titled \"Key Selection,\" select \"I want to create a new key " +"pair for signing and encrypting my email.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"On the screen titled \"Create Key,\" pick a strong password! You can do it " +"manually, or you can use the Diceware method. Doing it manually is faster " +"but not as secure. Using Diceware takes longer and requires dice, but " +"creates a password that is much harder for attackers to figure out. To use " +"it, read the section \"Make a secure passphrase with Diceware\" in <a " +"href=\"https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/\"> " +"this article</a> by Micah Lee." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"If you'd like to pick a password manually, come up with something you can " +"remember which is at least twelve characters long, and includes at least one " +"lower case and upper case letter and at least one number or punctuation " +"symbol. Never pick a password you've used elsewhere. Don't use any " +"recognizable patterns, such as birthdays, telephone numbers, pets' names, " +"song lyrics, quotes from books, and so on." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"The program will take a little while to finish the next step, the \"Key " +"Creation\" screen. While you wait, do something else with your computer, " +"like watching a movie or browsing the Web. The more you use the computer at " +"this point, the faster the key creation will go." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"<span style=\"font-weight: bold;\">When the \"Key Generation Completed\" " +"screen pops up, select Generate Certificate and choose to save it in a safe " +"place on your computer (we recommend making a folder called \"Revocation " +"Certificate\" in your home folder and keeping it there). This step is " +"essential for your email self-defense, as you'll learn more about in <a " +"href=\"#section5\">Section 5</a>.</span>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "I can't find the Enigmail menu." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"In many new email programs, the main menu is represented by an image of " +"three stacked horizontal bars. Enigmail may be inside a section called " +"Tools." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "The wizard says that it cannot find GnuPG." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Open whatever program you usually use for installing software, and search " +"for GnuPG, then install it. Then restart the Enigmail setup wizard by going " +"to Enigmail → Setup Wizard." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "More resources" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"If you're having trouble with our instructions or just want to learn more, " +"check out <a " +"href=\"https://www.enigmail.net/documentation/Key_Management#Generating_your_own_key_pair\"> " +"Enigmail's wiki instructions for key generation</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><h4> +msgid "Advanced" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Command line key generation" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"If you prefer using the command line for a higher degree of control, you can " +"follow the documentation from <a " +"href=\"https://www.gnupg.org/gph/en/manual/c14.html#AEN25\">The GNU Privacy " +"Handbook</a>. Make sure you stick with \"RSA and RSA\" (the default), " +"because it's newer and more secure than the algorithms the documentation " +"recommends. Also make sure your key is at least 2048 bits, or 4096 if you " +"want to be extra secure." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Advanced key pairs" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"When GnuPG creates a new keypair, it compartmentalizes the encryption " +"function from the signing function through <a " +"href=\"https://wiki.debian.org/Subkeys\">subkeys</a>. If you use subkeys " +"carefully, you can keep your GnuPG identity much more secure and recover " +"from a compromised key much more quickly. <a " +"href=\"https://alexcabal.com/creating-the-perfect-gpg-keypair/\">Alex " +"Cabal</a> and <a href=\"http://keyring.debian.org/creating-key.html\">the " +"Debian wiki</a> provide good guides for setting up a secure subkey " +"configuration." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 2.b</em> Upload your public key to a keyserver" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "In your email program's menu, select Enigmail → Key Management." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Right click on your key and select Upload Public Keys to Keyserver. You " +"don't have to use the default keyserver. If, after research, you would like " +"to change to a different default keyserver, you can change that setting " +"manually in the Enigmail preferences." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Now someone who wants to send you an encrypted message can download your " +"public key from the Internet. There are multiple keyservers that you can " +"select from the menu when you upload, but they are all copies of each other, " +"so it doesn't matter which one you use. However, it sometimes takes a few " +"hours for them to match each other when a new key is uploaded." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "The progress bar never finishes" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Close the upload popup, make sure you are connected to the Internet, and try " +"again. If that doesn't work, try again, selecting a different keyserver." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "My key doesn't appear in the list" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "Try checking \"Display All Keys by Default.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "More documentation" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"If you're having trouble with our instructions or just want to learn more, " +"check out <a " +"href=\"https://www.enigmail.net/documentation/Key_Management#Distributing_your_public_key\"> " +"Enigmail's documentation</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Uploading a key from the command line" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"You can also upload your keys to a keyserver through the <a " +"href=\"https://www.gnupg.org/gph/en/manual/x457.html\">command line</a>. <a " +"href=\"https://sks-keyservers.net/overview-of-pools.php\">The sks Web " +"site</a> maintains a list of highly interconnected keyservers. You can also " +"<a href=\"https://www.gnupg.org/gph/en/manual/x56.html#AEN64\">directly " +"export your key</a> as a file on your computer." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "GnuPG, OpenPGP, what?" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"In general, the terms GnuPG, GPG, GNU Privacy Guard, OpenPGP and PGP are " +"used interchangeably. Technically, OpenPGP (Pretty Good Privacy) is the " +"encryption standard, and GNU Privacy Guard (often shortened to GPG or GnuPG) " +"is the program that implements the standard. Enigmail is a plug-in program " +"for your email program that provides an interface for GnuPG." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#3</em> Try it out!" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Now you'll try a test correspondence with a computer program named Edward, " +"who knows how to use encryption. Except where noted, these are the same " +"steps you'd follow when corresponding with a real, live person." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 3.a</em> Send Edward your public key" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"This is a special step that you won't have to do when corresponding with " +"real people. In your email program's menu, go to Enigmail → Key " +"Management. You should see your key in the list that pops up. Right click on " +"your key and select Send Public Keys by Email. This will create a new draft " +"message, as if you had just hit the Write button." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Address the message to <a " +"href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Put at least one " +"word (whatever you want) in the subject and body of the email. Don't send " +"yet." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"The lock icon in the top left should be yellow, meaning encryption is turned " +"on. We want this first special message to be unencrypted, so click the icon " +"once to turn it off. The lock should become grey, with a blue dot on it (to " +"alert you that the setting has been changed from the default). Once " +"encryption is off, hit Send." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"It may take two or three minutes for Edward to respond. In the meantime, you " +"might want to skip ahead and check out the <a href=\"#section5\">Use it " +"Well</a> section of this guide. Once he's responded, head to the next " +"step. From here on, you'll be doing just the same thing as when " +"corresponding with a real person." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"When you open Edward's reply, GnuPG may prompt you for your password before " +"using your private key to decrypt it." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 3.b</em> Send a test encrypted email" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Write a new email in your email program, addressed to <a " +"href=\"mailto:edward-en@fsf.org\">edward-en@fsf.org</a>. Make the subject " +"\"Encryption test\" or something similar and write something in the body." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"The lock icon in the top left of the window should be yellow, meaning " +"encryption is on. This will be your default from now on." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Next to the lock, you'll notice an icon of a pencil. We'll get to this in a " +"moment." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Click Send. Enigmail will pop up a window that says \"Recipients not valid, " +"not trusted or not found.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"To encrypt an email to Edward, you need his public key, so now you'll have " +"Enigmail download it from a keyserver. Click Download Missing Keys and use " +"the default in the pop-up that asks you to choose a keyserver. Once it finds " +"keys, check the first one (Key ID starting with C), then select ok. Select " +"ok in the next pop-up." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Now you are back at the \"Recipients not valid, not trusted or not found\" " +"screen. Check the box in front of Edward's key and click Send." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Since you encrypted this email with Edward's public key, Edward's private " +"key is required to decrypt it. Edward is the only one with his private key, " +"so no one except him can decrypt it." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Enigmail can't find Edward's key" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Close the pop-ups that have appeared since you clicked Send. Make sure you " +"are connected to the Internet and try again. If that doesn't work, repeat " +"the process, choosing a different keyserver when it asks you to pick one." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Unscrambled messages in the Sent folder" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Even though you can't decrypt messages encrypted to someone else's key, your " +"email program will automatically save a copy encrypted to your public key, " +"which you'll be able to view from the Sent folder like a normal email. This " +"is normal, and it doesn't mean that your email was not sent encrypted." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"If you're still having trouble with our instructions or just want to learn " +"more, check out <a " +"href=\"https://www.enigmail.net/documentation/Signature_and_Encryption#Encrypting_a_message\"> " +"Enigmail's wiki</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Encrypt messages from the command line" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"You can also encrypt and decrypt messages and files from the <a " +"href=\"https://www.gnupg.org/gph/en/manual/x110.html\">command line</a>, if " +"that's your preference. The option --armor makes the encrypted output appear " +"in the regular character set." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Important:</em> Security tips" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Even if you encrypt your email, the subject line is not encrypted, so don't " +"put private information there. The sending and receiving addresses aren't " +"encrypted either, so a surveillance system can still figure out who you're " +"communicating with. Also, surveillance agents will know that you're using " +"GnuPG, even if they can't figure out what you're saying. When you send " +"attachments, Enigmail will give you the choice to encrypt them or not, " +"independent of the actual email." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"For greater security against potential attacks, you can turn off " +"HTML. Instead, you can render the message body as plain text. In order to do " +"this in Thunderbird, go to View > Message Body As > Plain Text." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 3.c</em> Receive a response" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"When Edward receives your email, he will use his private key to decrypt it, " +"then reply to you." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"It may take two or three minutes for Edward to respond. In the meantime, you " +"might want to skip ahead and check out the <a href=\"#section5\">Use it " +"Well</a> section of this guide." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 3.d</em> Send a test signed email" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"GnuPG includes a way for you to sign messages and files, verifying that they " +"came from you and that they weren't tampered with along the way. These " +"signatures are stronger than their pen-and-paper cousins -- they're " +"impossible to forge, because they're impossible to create without your " +"private key (another reason to keep your private key safe)." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"You can sign messages to anyone, so it's a great way to make people aware " +"that you use GnuPG and that they can communicate with you securely. If they " +"don't have GnuPG, they will be able to read your message and see your " +"signature. If they do have GnuPG, they'll also be able to verify that your " +"signature is authentic." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"To sign an email to Edward, compose any message to him and click the pencil " +"icon next to the lock icon so that it turns gold. If you sign a message, " +"GnuPG may ask you for your password before it sends the message, because it " +"needs to unlock your private key for signing." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"With the lock and pencil icons, you can choose whether each message will be " +"encrypted, signed, both, or neither." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 3.e</em> Receive a response" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"When Edward receives your email, he will use your public key (which you sent " +"him in <a href=\"#step-3a\">Step 3.A</a>) to verify the message you sent has " +"not been tampered with and to encrypt his reply to you." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Edward's reply will arrive encrypted, because he prefers to use encryption " +"whenever possible. If everything goes according to plan, it should say " +"\"Your signature was verified.\" If your test signed email was also " +"encrypted, he will mention that first." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"When you receive Edward's email and open it, Enigmail will automatically " +"detect that it is encrypted with your public key, and then it will use your " +"private key to decrypt it." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Notice the bar that Enigmail shows you above the message, with information " +"about the status of Edward's key." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#4</em> Learn the Web of Trust" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Email encryption is a powerful technology, but it has a weakness; it " +"requires a way to verify that a person's public key is actually " +"theirs. Otherwise, there would be no way to stop an attacker from making an " +"email address with your friend's name, creating keys to go with it and " +"impersonating your friend. That's why the free software programmers that " +"developed email encryption created keysigning and the Web of Trust." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"When you sign someone's key, you are publicly saying that you've verified " +"that it belongs to them and not someone else." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Signing keys and signing messages use the same type of mathematical " +"operation, but they carry very different implications. It's a good practice " +"to generally sign your email, but if you casually sign people's keys, you " +"may accidently end up vouching for the identity of an imposter." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"People who use your public key can see who has signed it. Once you've used " +"GnuPG for a long time, your key may have hundreds of signatures. You can " +"consider a key to be more trustworthy if it has many signatures from people " +"that you trust. The Web of Trust is a constellation of GnuPG users, " +"connected to each other by chains of trust expressed through signatures." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Section 4: Web of Trust" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 4.a</em> Sign a key" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "In your email program's menu, go to Enigmail → Key Management." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Right click on Edward's public key and select Sign Key from the context " +"menu." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "In the window that pops up, select \"I will not answer\" and click ok." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Now you should be back at the Key Management menu. Select Keyserver → " +"Upload Public Keys and hit ok." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"You've just effectively said \"I trust that Edward's public key actually " +"belongs to Edward.\" This doesn't mean much because Edward isn't a real " +"person, but it's good practice." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Identifying keys: Fingerprints and IDs" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"People's public keys are usually identified by their key fingerprint, which " +"is a string of digits like F357AA1A5B1FA42CFD9FE52A9FF2194CC09A61E8 (for " +"Edward's key). You can see the fingerprint for your public key, and other " +"public keys saved on your computer, by going to Enigmail → Key " +"Management in your email program's menu, then right clicking on the key and " +"choosing Key Properties. It's good practice to share your fingerprint " +"wherever you share your email address, so that people can double-check that " +"they have the correct public key when they download yours from a keyserver." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"You may also see public keys referred to by a shorter key ID. This key ID is " +"visible directly from the Key Management window. These eight character key " +"IDs were previously used for identification, which used to be safe, but is " +"no longer reliable. You need to check the full fingerprint as part of " +"verifying you have the correct key for the person you are trying to " +"contact. Spoofing, in which someone intentionally generates a key with a " +"fingerprint whose final eight characters are the same as another, is " +"unfortunately common." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Important:</em> What to consider when signing keys" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Before signing a person's key, you need to be confident that it actually " +"belongs to them, and that they are who they say they are. Ideally, this " +"confidence comes from having interactions and conversations with them over " +"time, and witnessing interactions between them and others. Whenever signing " +"a key, ask to see the full public key fingerprint, and not just the shorter " +"key ID. If you feel it's important to sign the key of someone you've just " +"met, also ask them to show you their government identification, and make " +"sure the name on the ID matches the name on the public key. In Enigmail, " +"answer honestly in the window that pops up and asks \"How carefully have you " +"verified that the key you are about to sign actually belongs to the " +"person(s) named above?\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Master the Web of Trust" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"Unfortunately, trust does not spread between users the way <a " +"href=\"http://fennetic.net/irc/finney.org/~hal/web_of_trust.html\">many " +"people think</a>. One of best ways to strengthen the GnuPG community is to " +"deeply <a " +"href=\"https://www.gnupg.org/gph/en/manual/x334.html\">understand</a> the " +"Web of Trust and to carefully sign as many people's keys as circumstances " +"permit." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dt> +msgid "Set ownertrust" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><dl><dd> +msgid "" +"If you trust someone enough to validate other people's keys, you can assign " +"them an ownertrust level through Enigmails's key management window. Right " +"click on the other person's key, go to the \"Select Owner Trust\" menu " +"option, select the trustlevel and click OK. Only do this once you feel you " +"have a deep understanding of the Web of Trust." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#5</em> Use it well" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Everyone uses GnuPG a little differently, but it's important to follow some " +"basic practices to keep your email secure. Not following them, you risk the " +"privacy of the people you communicate with, as well as your own, and damage " +"the Web of Trust." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Section 5: Use it Well (1)" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "When should I encrypt? When should I sign?" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"The more you can encrypt your messages, the better. If you only encrypt " +"emails occasionally, each encrypted message could raise a red flag for " +"surveillance systems. If all or most of your email is encrypted, people " +"doing surveillance won't know where to start. That's not to say that only " +"encrypting some of your email isn't helpful -- it's a great start and it " +"makes bulk surveillance more difficult." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Unless you don't want to reveal your own identity (which requires other " +"protective measures), there's no reason not to sign every message, whether " +"or not you are encrypting. In addition to allowing those with GnuPG to " +"verify that the message came from you, signing is a non-intrusive way to " +"remind everyone that you use GnuPG and show support for secure " +"communication. If you often send signed messages to people that aren't " +"familiar with GnuPG, it's nice to also include a link to this guide in your " +"standard email signature (the text kind, not the cryptographic kind)." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Section 5: Use it Well (2)" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Be wary of invalid keys" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"GnuPG makes email safer, but it's still important to watch out for invalid " +"keys, which might have fallen into the wrong hands. Email encrypted with " +"invalid keys might be readable by surveillance programs." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"In your email program, go back to the first encrypted email that Edward sent " +"you. Because Edward encrypted it with your public key, it will have a " +"message from Enigmail at the top, which most likely says \"Enigmail: Part of " +"this message encrypted.\"" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"<b>When using GnuPG, make a habit of glancing at that bar. The program will " +"warn you there if you get an email signed with a key that can't be " +"trusted.</b>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Copy your revocation certificate to somewhere safe" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Remember when you created your keys and saved the revocation certificate " +"that GnuPG made? It's time to copy that certificate onto the safest digital " +"storage that you have -- the ideal thing is a flash drive, disk, or hard " +"drive stored in a safe place in your home, not on a device you carry with " +"you regularly." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"If your private key ever gets lost or stolen, you'll need this certificate " +"file to let people know that you are no longer using that keypair." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Important:</em> act swiftly if someone gets your private key" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"If you lose your private key or someone else gets ahold of it (say, by " +"stealing or cracking your computer), it's important to revoke it immediately " +"before someone else uses it to read your encrypted email or forge your " +"signature. This guide doesn't cover how to revoke a key, but you can follow " +"these <a " +"href=\"https://www.hackdiary.com/2004/01/18/revoking-a-gpg-key/\">instructions</a>. " +"After you're done revoking, make a new key and send an email to everyone " +"with whom you usually use your key to make sure they know, including a copy " +"of your new key." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Webmail and GnuPG" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"When you use a web browser to access your email, you're using webmail, an " +"email program stored on a distant website. Unlike webmail, your desktop " +"email program runs on your own computer. Although webmail can't decrypt " +"encrypted email, it will still display it in its encrypted form. If you " +"primarily use webmail, you'll know to open your email client when you " +"receive a scrambled email." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<a href=\"next_steps.html\">Great job! Check out the next steps.</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><p> +msgid "← Read the <a href=\"index.html\">full guide</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><h3><a> +msgid "" +"<a " +"href=\"https://fsf.org/share?u=https://u.fsf.org/zc&t=How public-key " +"encryption works. Infographic via %40fsf\">" +msgstr "" + +#. type: Content of: <html><body><header><div><h3> +msgid "  Share our infographic </a> with the hashtag #EmailSelfDefense" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><header><div><p><img> +msgid "View & share our infographic" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"index.html\">GNU/Linux</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"mac.html\" class=\"current\">Mac OS</a>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"This guide relies on software which is <a " +"href=\"https://www.gnu.org/philosophy/free-sw.html\">freely licensed</a>; " +"it's completely transparent and anyone can copy it or make their own " +"version. This makes it safer from surveillance than proprietary software " +"(like Windows or Mac OS). To defend your freedom as well as protect yourself " +"from surveillance, we recommend you switch to a free software operating " +"system like GNU/Linux. Learn more about free software at <a " +"href=\"https://u.fsf.org/ys\">fsf.org</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"To get started, you'll need the IceDove desktop email program installed on " +"your computer. For your system, IceDove may be known by the alternate name " +"\"Thunderbird.\" Email programs are another way to access the same email " +"accounts you can access in a browser (like Gmail), but provide extra " +"features." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 1.b</em> Get GnuPG by downloading GPGTools" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"GPGTools is a software package that includes GnuPG. <a " +"href=\"https://gpgtools.org/#gpgsuite\">Download</a> and install it, " +"choosing default options whenever asked. After it's installed, you can close " +"any windows that it creates." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"There are major security flaws in versions of GnuPG provided by GPGTools " +"prior to 2018.3. Make sure you have GPGTools 2018.3 or later." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img> +msgid "Step 1.C: Tools -> Add-ons" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img> +msgid "Step 1.C: Search Add-ons" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><ul><li><img> +msgid "Step 1.C: Install Add-ons" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 1.c</em> Install the Enigmail plugin for your email program" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"There are major security flaws in Enigmail prior to version 2.0.7. Make sure " +"you have Enigmail 2.0.7 or later." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"For greater security against potential attacks, you can turn off " +"HTML. Instead, you can render the message body as plain text." +msgstr "" + +#. type: Content of: <html><body><header><div><h1> +msgid "Great job!" +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#6</em> Next steps" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"You've now completed the basics of email encryption with GnuPG, taking " +"action against bulk surveillance. These next steps will help make the most " +"of the work you've done." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Join the movement" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"You've just taken a huge step towards protecting your privacy online. But " +"each of us acting alone isn't enough. To topple bulk surveillance, we need " +"to build a movement for the autonomy and freedom of all computer users. Join " +"the Free Software Foundation's community to meet like-minded people and work " +"together for change." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"<small>Read <a href=\"https://www.fsf.org/twitter\">why GNU Social and " +"Mastodon are better than Twitter</a>, and <a " +"href=\"http://www.fsf.org/facebook\">why we don't use Facebook</a>.</small>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><p> +msgid "Low-volume mailing list" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><form> +msgid "" +"<input type=\"text\" value=\"Type your email...\" name=\"email-Primary\" " +"id=\"frmEmail\" /> <input type=\"submit\" value=\"Add me\" " +"name=\"_qf_Edit_next\" /> <input type=\"hidden\" " +"value=\"https://emailselfdefense.fsf.org/en/confirmation.html\" " +"name=\"postURL\" /> <input type=\"hidden\" value=\"1\" name=\"group[25]\" /> " +"<input type=\"hidden\" " +"value=\"https://my.fsf.org/civicrm/profile?reset=1&gid=391\" " +"name=\"cancelURL\" /> <input type=\"hidden\" value=\"Edit:cancel\" " +"name=\"_qf_default\" />" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><div><p> +msgid "" +"<small>Read our <a " +"href=\"https://my.fsf.org/donate/privacypolicy.html\">privacy " +"policy</a>.</small>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Bring Email Self-Defense to new people" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Understanding and setting up email encryption is a daunting task for " +"many. To welcome them, make it easy to find your public key and offer to " +"help with encryption. Here are some suggestions:" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"Lead an Email Self-Defense workshop for your friends and community, using " +"our <a href=\"workshops.html\">teaching guide</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"Use <a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Encrypt " +"with me using Email Self-Defense %40fsf\">our sharing page</a> to compose a " +"message to a few friends and ask them to join you in using encrypted " +"email. Remember to include your GnuPG public key fingerprint so they can " +"easily download your key." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><ul><li> +msgid "" +"Add your public key fingerprint anywhere that you normally display your " +"email address. Some good places are: your email signature (the text kind, " +"not the cryptographic kind), social media profiles, blogs, Websites, or " +"business cards. At the Free Software Foundation, we put ours on our <a " +"href=\"https://fsf.org/about/staff\">staff page</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Protect more of your digital life" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Learn surveillance-resistant technologies for instant messages, hard drive " +"storage, online sharing, and more at <a " +"href=\"https://directory.fsf.org/wiki/Collection:Privacy_pack\"> the Free " +"Software Directory's Privacy Pack</a> and <a " +"href=\"https://prism-break.org\">prism-break.org</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"If you are using Windows, Mac OS or any other proprietary operating system, " +"we recommend you switch to a free software operating system like " +"GNU/Linux. This will make it much harder for attackers to enter your " +"computer through hidden back doors. Check out the Free Software Foundation's " +"<a href=\"http://www.gnu.org/distros/free-distros.html\">endorsed versions " +"of GNU/Linux.</a>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Optional: Add more email protection with Tor" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"<a href=\"https://www.torproject.org/about/overview.html.en\">The Onion " +"Router (Tor) network</a> wraps Internet communication in multiple layers of " +"encryption and bounces it around the world several times. When used " +"properly, Tor confuses surveillance field agents and the global surveillance " +"apparatus alike. Using it simultaneously with GnuPG's encryption will give " +"you the best results." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"To have your email program send and receive email over Tor, install the <a " +"href=\"https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/\">Torbirdy " +"plugin</a> the same way you installed Enigmail, by searching for it through " +"Add-ons." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Before beginning to check your email over Tor, make sure you understand <a " +"href=\"https://www.torproject.org/docs/faq.html.en#WhatProtectionsDoesTorProvide\"> " +"the security tradeoffs involved</a>. This <a " +"href=\"https://www.eff.org/pages/tor-and-https\">infographic</a> from our " +"friends at the Electronic Frontier Foundation demonstrates how Tor keeps you " +"secure." +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><div><p><img> +msgid "Section 6: Next Steps" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "← <a href=\"index.html\">Return to the guide</a>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Make Email Self-Defense tools even better" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"<a href=\"https://libreplanet.org/wiki/GPG_guide/Public_Review\">Leave " +"feedback and suggest improvements to this guide</a>. We welcome " +"translations, but we ask that you contact us at <a " +"href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a> before you start, so " +"that we can connect you with other translators working in your language." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"If you like programming, you can contribute code to <a " +"href=\"https://www.gnupg.org/\">GnuPG</a> or <a " +"href=\"https://www.enigmail.net/home/index.php\">Enigmail</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"To go the extra mile, support the Free Software Foundation so we can keep " +"improving Email Self-Defense, and make more tools like it." +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"windows.html\" class=\"current\">Windows</a>" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "<em>Step 1.b</em> Get GnuPG by downloading GPG4Win" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"GPG4Win is a software package that includes GnuPG. <a " +"href=\"https://www.gpg4win.org/\">Download</a> and install it, choosing " +"default options whenever asked. After it's installed, you can close any " +"windows that it creates." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"There are major security flaws in versions of GnuPG provided by GPG4Win " +"prior to 3.1.2. Make sure you have GPG4Win 3.1.2 or later." +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li> +msgid "<a href=\"workshops.html\" class=\"current\">Teach your friends</a>" +msgstr "" + +#. type: Content of: <html><body><header><div><ul><li><a> +msgid "" +"<a href=\"https://fsf.org/share?u=https://u.fsf.org/zb&t=Email " +"encryption for everyone via %40fsf\">Share " +msgstr "" + +#. type: Content of: <html><body><header><div><div><div><p> +msgid "" +"We want to translate this guide into more languages, and make a version for " +"encryption on mobile devices. Please donate, and help people around the " +"world take the first step towards protecting their privacy with free " +"software." +msgstr "" + +#. type: Content of: <html><body><header><div><div><p><a> +msgid "" +"<a id=\"infographic\" " +"href=\"https://emailselfdefense.fsf.org/en/infographic.html\">" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><header><div><div><p><a><img> +msgid "View & share our infographic →" +msgstr "" + +#. type: Content of: <html><body><header><div><div><p> +msgid "" +"</a> Understanding and setting up email encryption sounds like a daunting " +"task to many people. That's why helping your friends with GnuPG plays such " +"an important role in helping spread encryption. Even if only one person " +"shows up, that's still one more person using encryption who wasn't " +"before. You have the power to help your friends keep their digital love " +"letters private, and teach them about the importance of free software. If " +"you use GnuPG to send and receive encrypted email, you're a perfect " +"candidate for leading a workshop!" +msgstr "" + +#. type: Attribute 'alt' of: <html><body><section><div><div><p><img> +msgid "A small workshop among friends" +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#1</em> Get your friends or community interested" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"If you hear friends grumbling about their lack of privacy, ask them if " +"they're interested in attending a workshop on Email Self-Defense. If your " +"friends don't grumble about privacy, they may need some convincing. You " +"might even hear the classic \"if you've got nothing to hide, you've got " +"nothing to fear\" argument against using encryption." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Here are some talking points you can use to help explain why it's worth it " +"to learn GnuPG. Mix and match whichever you think will make sense to your " +"community:" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Strength in numbers" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Each person who chooses to resist mass surveillance with encryption makes it " +"easier for others to resist as well. People normalizing the use of strong " +"encryption has multiple powerful effects: it means those who need privacy " +"the most, like potential whistle-blowers and activists, are more likely to " +"learn about encryption. More people using encryption for more things also " +"makes it harder for surveillance systems to single out those that can't " +"afford to be found, and shows solidarity with those people." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "People you respect may already be using encryption" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Many journalists, whistleblowers, activists, and researchers use GnuPG, so " +"your friends might unknowingly have heard of a few people who use it " +"already. You can search for \"BEGIN PUBLIC KEY BLOCK\" + keyword to help " +"make a list of people and organizations who use GnuPG whom your community " +"will likely recognize." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Respect your friends' privacy" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"There's no objective way to judge what constitutes privacy-sensitive " +"correspondence. As such, it's better not to presume that just because you " +"find an email you sent to a friend innocuous, your friend (or a surveillance " +"agent, for that matter!) feels the same way. Show your friends respect by " +"encrypting your correspondence with them." +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "Privacy technology is normal in the physical world" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"In the physical realm, we take window blinds, envelopes, and closed doors " +"for granted as ways of protecting our privacy. Why should the digital realm " +"be any different?" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><h3> +msgid "We shouldn't have to trust our email providers with our privacy" +msgstr "" + +#. type: Content of: <html><body><section><div><div><div><p> +msgid "" +"Some email providers are very trustworthy, but many have incentives not to " +"protect your privacy and security. To be empowered digital citizens, we need " +"to build our own security from the bottom up." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#2</em> Plan The Workshop" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Once you've got at least one interested friend, pick a date and start " +"planning out the workshop. Tell participants to bring their computer and ID " +"(for signing each other's keys). If you'd like to make it easy for the " +"participants to use Diceware for choosing passwords, get a pack of dice " +"beforehand. Make sure the location you select has an easily accessible " +"Internet connection, and make backup plans in case the connection stops " +"working on the day of the workshop. Libraries, coffee shops, and community " +"centers make great locations. Try to get all the participants to set up an " +"Enigmail-compatible email client before the event. Direct them to their " +"email provider's IT department or help page if they run into errors." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Estimate that the workshop will take at least forty minutes plus ten minutes " +"for each participant. Plan extra time for questions and technical glitches." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"The success of the workshop requires understanding and catering to the " +"unique backgrounds and needs of each group of participants. Workshops should " +"stay small, so that each participant receives more individualized " +"instruction. If more than a handful of people want to participate, keep the " +"facilitator to participant ratio high by recruiting more facilitators, or by " +"facilitating multiple workshops. Small workshops among friends work great!" +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#3</em> Follow the guide as a group" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Work through the Email Self-Defense guide a step at a time as a group. Talk " +"about the steps in detail, but make sure not to overload the participants " +"with minutia. Pitch the bulk of your instructions to the least tech-savvy " +"participants. Make sure all the participants complete each step before the " +"group moves on to the next one. Consider facilitating secondary workshops " +"afterwards for people that had trouble grasping the concepts, or those that " +"grasped them quickly and want to learn more." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"In <a href=\"index.html#section2\">Section 2</a> of the guide, make sure the " +"participants upload their keys to the same keyserver so that they can " +"immediately download each other's keys later (sometimes there is a delay in " +"synchronization between keyservers). During <a " +"href=\"index.html#section3\">Section 3</a>, give the participants the option " +"to send test messages to each other instead of or as well as " +"Edward. Similarly, in <a href=\"index.html#section4\">Section 4</a>, " +"encourage the participants to sign each other's keys. At the end, make sure " +"to remind people to safely back up their revocation certificates." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#4</em> Explain the pitfalls" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Remind participants that encryption works only when it's explicitly used; " +"they won't be able to send an encrypted email to someone who hasn't already " +"set up encryption. Also remind participants to double-check the encryption " +"icon before hitting send, and that subjects and timestamps are never " +"encrypted." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Explain the <a " +"href=\"https://www.gnu.org/proprietary/proprietary.html\">dangers of running " +"a proprietary system</a> and advocate for free software, because without it, " +"we can't <a " +"href=\"https://www.fsf.org/bulletin/2013/fall/how-can-free-software-protect-us-from-surveillance\">meaningfully " +"resist invasions of our digital privacy and autonomy</a>." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#5</em> Share additional resources" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"GnuPG's advanced options are far too complex to teach in a single " +"workshop. If participants want to know more, point out the advanced " +"subsections in the guide and consider organizing another workshop. You can " +"also share <a " +"href=\"https://www.gnupg.org/documentation/index.html\">GnuPG's</a> and <a " +"href=\"https://www.enigmail.net/index.php/documentation\">Enigmail's</a> " +"official documentation and mailing lists. Many GNU/Linux distribution's Web " +"sites also contain a page explaining some of GnuPG's advanced features." +msgstr "" + +#. type: Content of: <html><body><section><div><div><h2> +msgid "<em>#6</em> Follow up" +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"Make sure everyone has shared email addresses and public key fingerprints " +"before they leave. Encourage the participants to continue to gain GnuPG " +"experience by emailing each other. Send them each an encrypted email one " +"week after the event, reminding them to try adding their public key ID to " +"places where they publicly list their email address." +msgstr "" + +#. type: Content of: <html><body><section><div><div><p> +msgid "" +"If you have any suggestions for improving this workshop guide, please let us " +"know at <a href=\"mailto:campaigns@fsf.org\">campaigns@fsf.org</a>." +msgstr "" diff --git a/ua/.directory b/ua/.directory new file mode 100644 index 00000000..2a036906 --- /dev/null +++ b/ua/.directory @@ -0,0 +1,3 @@ +[Dolphin] +Timestamp=2017,11,1,19,56,28 +Version=4 diff --git a/ua/confirmation.html b/ua/confirmation.html new file mode 100644 index 00000000..20130dc6 --- /dev/null +++ b/ua/confirmation.html @@ -0,0 +1,132 @@ +<!DOCTYPE html> +<html lang="en"> +<head> +<meta http-equiv="content-type" content="text/html; charset=utf-8" /> +<title>Email Self-Defense - a guide to fighting surveillance with GnuPG +encryption + + + + + + + + + + + + + + + + + + + + + + + diff --git a/ua/emailselfdefense_source.zip b/ua/emailselfdefense_source.zip new file mode 100644 index 00000000..f1fb156c Binary files /dev/null and b/ua/emailselfdefense_source.zip differ diff --git a/ua/index.html b/ua/index.html new file mode 100644 index 00000000..208712cc --- /dev/null +++ b/ua/index.html @@ -0,0 +1,1158 @@ + + + + +Email Self-Defense - a guide to fighting surveillance with GnuPG +encryption + + + + + + + + + + + + + +
+ + +
+ +

#1 Get the pieces

+ +

This guide relies on software which is freely licensed; +it's completely transparent and anyone can copy it or make their +own version. This makes it safer from surveillance than proprietary +software (like Windows). Learn more about free software at fsf.org.

+ +

Most GNU/Linux operating systems come with GnuPG installed on them, +so you don't have to download it. Before configuring GnuPG though, you'll +need the IceDove desktop email program installed on your computer. Most +GNU/Linux distributions have IceDove installed already, though it may be +under the alternate name "Thunderbird." Email programs are another way to +access the same email accounts you can access in a browser (like Gmail), +but provide extra features.

+ +

If you already have an email program, you can skip to Step 1.b.

+ +
+ + +
+ +
+ +

Step 1.a Set up your email program with your email account

+ +

Open your email program and follow the wizard (step-by-step walkthrough) +that sets it up with your email account.

+ +

Look for the letters SSL, TLS, or STARTTLS to the right of the servers +when you're setting up your account. If you don't see them, you will still +be able to use encryption, but this means that the people running your email +system are running behind the industry standard in protecting your security +and privacy. We recommend that you send them a friendly email asking them +to enable SSL, TLS, or STARTTLS for your email server. They will know what +you're talking about, so it's worth making the request even if you aren't +an expert on these security systems.

+ + +
+ +

Troubleshooting

+ +
+
The wizard doesn't launch
+
You can launch the wizard yourself, but the menu option for doing so is +named differently in each email program. The button to launch it will be in +the program's main menu, under "New" or something similar, titled something +like "Add account" or "New/Existing email account."
+ +
The wizard can't find my account or isn't downloading my mail
+
Before searching the Web, we recommend you start by asking other people +who use your email system, to figure out the correct settings.
+ + + +
+ +
+
+
+ + +
+ +
+ +

Step 1.b Install the Enigmail plugin for your email program

+ +

In your email program's menu, select Add-ons (it may be in the Tools +section). Make sure Extensions is selected on the left. Do you see Enigmail? +Make sure it's the latest version. If so, skip this step.

+ +

If not, search "Enigmail" with the search bar in the upper right. You +can take it from here. Restart your email program when you're done.

+ +

There are major security flaws in versions of GnuPG prior to 2.2.8, and +Enigmail prior to 2.0.7. Make sure you have GnuPG 2.2.8 and Enigmail 2.0.7, +or later versions.

+ + +
+ +

Troubleshooting

+ +
+
I can't find the menu.
+
In many new email programs, the main menu is represented by an image of +three stacked horizontal bars.
+ +
My email looks weird
+
Enigmail doesn't tend to play nice with HTML, which is used to format +emails, so it may disable your HTML formatting automatically. To send an +HTML-formatted email without encryption or a signature, hold down the Shift +key when you select compose. You can then write an email as if Enigmail +wasn't there.
+ + + +
+ +
+
+
+
+ + +
+ + +
+ +

#2 Make your keys

+ +

To use the GnuPG system, you'll need a public key and a private key (known +together as a keypair). Each is a long string of randomly generated numbers +and letters that are unique to you. Your public and private keys are linked +together by a special mathematical function.

+ +

Your public key isn't like a physical key, because it's stored in the open +in an online directory called a keyserver. People download it and use it, +along with GnuPG, to encrypt emails they send to you. You can think of the +keyserver as a phonebook; people who want to send you encrypted email can +look up your public key.

+ +

Your private key is more like a physical key, because you keep it to +yourself (on your computer). You use GnuPG and your private key together to +descramble encrypted emails other people send to you. You should never share your private key with anyone, under any +circumstances.

+ +

In addition to encryption and decryption, you can also use these keys to +sign messages and check the authenticity of other people's signatures. We'll +discuss this more in the next section.

+ +
+ + +
+ +
+ +

Step 2.a Make a keypair

+ +

The Enigmail Setup wizard may start automatically. If it doesn't, select +Enigmail → Setup Wizard from your email program's menu. You don't need +to read the text in the window that pops up unless you'd like to, but it's +good to read the text on the later screens of the wizard. Click Next with +the default options selected, except in these instances, which are listed +in the order they appear:

+ +
    +
  • On the screen titled "Encryption," select "Encrypt all of my messages +by default, because privacy is critical to me."
  • + +
  • On the screen titled "Signing," select "Don't sign my messages by +default."
  • + +
  • On the screen titled "Key Selection," select "I want to create a new +key pair for signing and encrypting my email."
  • + +
  • On the screen titled "Create Key," pick a strong password! You can +do it manually, or you can use the Diceware method. Doing it manually +is faster but not as secure. Using Diceware takes longer and requires +dice, but creates a password that is much harder for attackers to figure +out. To use it, read the section "Make a secure passphrase with Diceware" in +this article by Micah Lee.
  • +
+ +

If you'd like to pick a password manually, come up with something +you can remember which is at least twelve characters long, and includes +at least one lower case and upper case letter and at least one number or +punctuation symbol. Never pick a password you've used elsewhere. Don't use +any recognizable patterns, such as birthdays, telephone numbers, pets' names, +song lyrics, quotes from books, and so on.

+ +

The program will take a little while to finish the next +step, the "Key Creation" screen. While you wait, do something else with your +computer, like watching a movie or browsing the Web. The more you use the +computer at this point, the faster the key creation will go.

+ +

When the "Key Generation Completed" screen +pops up, select Generate Certificate and choose to save it in a safe place on +your computer (we recommend making a folder called "Revocation Certificate" +in your home folder and keeping it there). This step is essential for your +email self-defense, as you'll learn more about in Section +5.

+ + +
+ +

Troubleshooting

+ +
+
I can't find the Enigmail menu.
+
In many new email programs, the main menu is represented by an image +of three stacked horizontal bars. Enigmail may be inside a section called +Tools.
+ +
The wizard says that it cannot find GnuPG.
+
Open whatever program you usually use for installing software, and search +for GnuPG, then install it. Then restart the Enigmail setup wizard by going +to Enigmail → Setup Wizard.
+ +
More resources
+
If you're having trouble with our +instructions or just want to learn more, check out +Enigmail's wiki instructions for key generation.
+ + + +
+ +
+ + +
+ +

Advanced

+ +
+
Command line key generation
+
If you prefer using the command line for a higher +degree of control, you can follow the documentation from The GNU Privacy +Handbook. Make sure you stick with "RSA and RSA" (the default), +because it's newer and more secure than the algorithms the documentation +recommends. Also make sure your key is at least 2048 bits, or 4096 if you +want to be extra secure.
+ +
Advanced key pairs
+
When GnuPG creates a new keypair, it compartmentalizes +the encryption function from the signing function through subkeys. If you use +subkeys carefully, you can keep your GnuPG identity much more +secure and recover from a compromised key much more quickly. Alex Cabal +and the Debian wiki +provide good guides for setting up a secure subkey configuration.
+
+ +
+
+
+ + +
+
+ +

Step 2.b Upload your public key to a keyserver

+ +

In your email program's menu, select Enigmail → Key Management.

+ +

Right click on your key and select Upload Public Keys to Keyserver. You +don't have to use the default keyserver. If, after research, you would like +to change to a different default keyserver, you can change that setting +manually in the Enigmail preferences.

+ +

Now someone who wants to send you an encrypted message can +download your public key from the Internet. There are multiple keyservers +that you can select from the menu when you upload, but they are all copies +of each other, so it doesn't matter which one you use. However, it sometimes +takes a few hours for them to match each other when a new key is uploaded.

+ + +
+ +

Troubleshooting

+ +
+
The progress bar never finishes
+
Close the upload popup, make sure you are connected to the Internet, +and try again. If that doesn't work, try again, selecting a different +keyserver.
+ +
My key doesn't appear in the list
+
Try checking "Display All Keys by Default."
+ +
More documentation
+
If you're having trouble with our +instructions or just want to learn more, check out +Enigmail's documentation.
+ + + +
+ +
+ + +
+ +

Advanced

+ +
+
Uploading a key from the command line
+
You can also upload your keys to a keyserver through the command line. The sks Web site +maintains a list of highly interconnected keyservers. You can also directly export +your key as a file on your computer.
+
+ +
+
+
+ + +
+
+ +

GnuPG, OpenPGP, what?

+ +

In general, the terms GnuPG, GPG, GNU Privacy Guard, OpenPGP and PGP +are used interchangeably. Technically, OpenPGP (Pretty Good Privacy) is the +encryption standard, and GNU Privacy Guard (often shortened to GPG or GnuPG) +is the program that implements the standard. Enigmail is a plug-in program +for your email program that provides an interface for GnuPG.

+ +
+
+
+ + +
+ + +
+ +

#3 Try it out!

+ +

Now you'll try a test correspondence with a computer program named Edward, +who knows how to use encryption. Except where noted, these are the same +steps you'd follow when corresponding with a real, live person.

+ + +
+ + +
+ +
+ +

Step 3.a Send Edward your public key

+ +

This is a special step that you won't have to do when corresponding +with real people. In your email program's menu, go to Enigmail → Key +Management. You should see your key in the list that pops up. Right click +on your key and select Send Public Keys by Email. This will create a new +draft message, as if you had just hit the Write button.

+ +

Address the message to edward-en@fsf.org. Put at least one word +(whatever you want) in the subject and body of the email. Don't send yet.

+ +

The lock icon in the top left should be yellow, meaning encryption is +turned on. We want this first special message to be unencrypted, so +click the icon once to turn it off. The lock should become grey, with a +blue dot on it (to alert you that the setting has been changed from the +default). Once encryption is off, hit Send.

+ +

It may take two or three minutes for Edward to +respond. In the meantime, you might want to skip ahead and check out the Use it Well section of this guide. Once he's responded, +head to the next step. From here on, you'll be doing just the same thing as +when corresponding with a real person.

+ +

When you open Edward's reply, GnuPG may prompt you for your password +before using your private key to decrypt it.

+ +
+
+ + +
+
+ +

Step 3.b Send a test encrypted email

+ +

Write a new email in your email program, addressed to edward-en@fsf.org. Make the subject +"Encryption test" or something similar and write something in the body.

+ +

The lock icon in the top left of the window should be yellow, meaning +encryption is on. This will be your default from now on.

+ +

Next to the lock, you'll notice an icon of a pencil. We'll +get to this in a moment.

+ +

Click Send. Enigmail will pop up a window that says "Recipients not valid, +not trusted or not found."

+ +

To encrypt an email to Edward, you need his public key, so now you'll have +Enigmail download it from a keyserver. Click Download Missing Keys and use +the default in the pop-up that asks you to choose a keyserver. Once it finds +keys, check the first one (Key ID starting with C), then select ok. Select +ok in the next pop-up.

+ +

Now you are back at the "Recipients not valid, not trusted or not found" +screen. Check the box in front of Edward's key and click Send.

+ +

Since you encrypted this email with Edward's public key, +Edward's private key is required to decrypt it. Edward is the only one with +his private key, so no one except him can decrypt it.

+ + +
+ +

Troubleshooting

+ +
+
Enigmail can't find Edward's key
+
Close the pop-ups that have appeared since you clicked Send. Make sure +you are connected to the Internet and try again. If that doesn't work, repeat +the process, choosing a different keyserver when it asks you to pick one.
+ +
Unscrambled messages in the Sent folder
+
Even though you can't decrypt messages encrypted to someone else's key, +your email program will automatically save a copy encrypted to your public key, +which you'll be able to view from the Sent folder like a normal email. This +is normal, and it doesn't mean that your email was not sent encrypted.
+ +
More resources
+
If you're still having trouble with our +instructions or just want to learn more, check out +Enigmail's wiki.
+ + + +
+ +
+ + +
+ +

Advanced

+ +
+
Encrypt messages from the command line
+
You can also encrypt and decrypt messages and files from the command line, +if that's your preference. The option --armor makes the encrypted output +appear in the regular character set.
+
+ +
+
+
+ + +
+
+ +

Important: Security tips

+ +

Even if you encrypt your email, the subject line is not encrypted, so +don't put private information there. The sending and receiving addresses +aren't encrypted either, so a surveillance system can still figure out who +you're communicating with. Also, surveillance agents will know that you're +using GnuPG, even if they can't figure out what you're saying. When you +send attachments, Enigmail will give you the choice to encrypt them or not, +independent of the actual email.

+ +

For greater security against potential attacks, you can turn off +HTML. Instead, you can render the message body as plain text. In order +to do this in Thunderbird, go to View > Message Body As > Plain +Text.

+ +
+
+ + +
+
+ +

Step 3.c Receive a response

+ +

When Edward receives your email, he will use his private key to decrypt +it, then reply to you.

+ +

It may take two or three minutes for Edward to +respond. In the meantime, you might want to skip ahead and check out the Use it Well section of this guide.

+ +
+
+ + +
+
+ +

Step 3.d Send a test signed email

+ +

GnuPG includes a way for you to sign messages and files, verifying that +they came from you and that they weren't tampered with along the way. These +signatures are stronger than their pen-and-paper cousins -- they're impossible +to forge, because they're impossible to create without your private key +(another reason to keep your private key safe).

+ +

You can sign messages to anyone, so it's a great way to make people +aware that you use GnuPG and that they can communicate with you securely. If +they don't have GnuPG, they will be able to read your message and see your +signature. If they do have GnuPG, they'll also be able to verify that your +signature is authentic.

+ +

To sign an email to Edward, compose any message to him and click the +pencil icon next to the lock icon so that it turns gold. If you sign a +message, GnuPG may ask you for your password before it sends the message, +because it needs to unlock your private key for signing.

+ +

With the lock and pencil icons, you can choose whether each message will +be encrypted, signed, both, or neither.

+ +
+
+ + +
+
+ +

Step 3.e Receive a response

+ +

When Edward receives your email, he will use your public key (which +you sent him in Step 3.A) to verify the message +you sent has not been tampered with and to encrypt his reply to you.

+ +

It may take two or three minutes for Edward to +respond. In the meantime, you might want to skip ahead and check out the Use it Well section of this guide.

+ +

Edward's reply will arrive encrypted, because he prefers to use encryption +whenever possible. If everything goes according to plan, it should say +"Your signature was verified." If your test signed email was also encrypted, +he will mention that first.

+ +

When you receive Edward's email and open it, Enigmail will +automatically detect that it is encrypted with your public key, and +then it will use your private key to decrypt it.

+ +

Notice the bar that Enigmail shows you above the message, with +information about the status of Edward's key.

+ +
+
+
+ + +
+ + +
+ +

#4 Learn the Web of Trust

+ +

Email encryption is a powerful technology, but it has a weakness; +it requires a way to verify that a person's public key is actually +theirs. Otherwise, there would be no way to stop an attacker from making +an email address with your friend's name, creating keys to go with it and +impersonating your friend. That's why the free software programmers that +developed email encryption created keysigning and the Web of Trust.

+ +

When you sign someone's key, you are publicly saying that you've verified +that it belongs to them and not someone else.

+ +

Signing keys and signing messages use the same type of mathematical +operation, but they carry very different implications. It's a good practice +to generally sign your email, but if you casually sign people's keys, you +may accidently end up vouching for the identity of an imposter.

+ +

People who use your public key can see who has signed it. Once you've +used GnuPG for a long time, your key may have hundreds of signatures. You +can consider a key to be more trustworthy if it has many signatures from +people that you trust. The Web of Trust is a constellation of GnuPG users, +connected to each other by chains of trust expressed through signatures.

+ +
+ + +
+ +
+ +

Step 4.a Sign a key

+ +

In your email program's menu, go to Enigmail → Key Management.

+ +

Right click on Edward's public key and select Sign Key from the context +menu.

+ +

In the window that pops up, select "I will not answer" and click ok.

+ +

Now you should be back at the Key Management menu. Select Keyserver → +Upload Public Keys and hit ok.

+ +

You've just effectively said "I trust that Edward's public +key actually belongs to Edward." This doesn't mean much because Edward isn't +a real person, but it's good practice.

+ + +
+
+ + +
+
+ +

Identifying keys: Fingerprints and IDs

+ +

People's public keys are usually identified by their key fingerprint, +which is a string of digits like F357AA1A5B1FA42CFD9FE52A9FF2194CC09A61E8 +(for Edward's key). You can see the fingerprint for your public key, and +other public keys saved on your computer, by going to Enigmail → Key +Management in your email program's menu, then right clicking on the key +and choosing Key Properties. It's good practice to share your fingerprint +wherever you share your email address, so that people can double-check that +they have the correct public key when they download yours from a keyserver.

+ +

You may also see public keys referred to by a shorter +key ID. This key ID is visible directly from the Key Management +window. These eight character key IDs were previously used for +identification, which used to be safe, but is no longer reliable. You +need to check the full fingerprint as part of verifying you have the +correct key for the person you are trying to contact. Spoofing, in +which someone intentionally generates a key with a fingerprint whose +final eight characters are the same as another, is unfortunately +common.

+ +
+
+ + +
+
+ +

Important: What to consider when signing keys

+ +

Before signing a person's key, you need to be confident that it actually +belongs to them, and that they are who they say they are. Ideally, this +confidence comes from having interactions and conversations with them over +time, and witnessing interactions between them and others. Whenever signing +a key, ask to see the full public key fingerprint, and not just the shorter +key ID. If you feel it's important to sign the key of someone you've just +met, also ask them to show you their government identification, and make +sure the name on the ID matches the name on the public key. In Enigmail, +answer honestly in the window that pops up and asks "How carefully have you +verified that the key you are about to sign actually belongs to the person(s) +named above?"

+ + +
+ +

Advanced

+ +
+
Master the Web of Trust
+
Unfortunately, trust does not spread between users the way many people +think. One of best ways to strengthen the GnuPG community is to deeply understand the Web of +Trust and to carefully sign as many people's keys as circumstances permit.
+ +
Set ownertrust
+
If you trust someone enough to validate other people's keys, you can assign +them an ownertrust level through Enigmails's key management window. Right +click on the other person's key, go to the "Select Owner Trust" menu option, +select the trustlevel and click OK. Only do this once you feel you have a +deep understanding of the Web of Trust.
+
+ +
+
+
+
+ + +
+ + +
+ +

#5 Use it well

+ +

Everyone uses GnuPG a little differently, but it's important to follow +some basic practices to keep your email secure. Not following them, you +risk the privacy of the people you communicate with, as well as your own, +and damage the Web of Trust.

+ +
+ + +
+ +
+ +

When should I encrypt? When should I sign?

+ +

The more you can encrypt your messages, the better. If you only encrypt +emails occasionally, each encrypted message could raise a red flag for +surveillance systems. If all or most of your email is encrypted, people +doing surveillance won't know where to start. That's not to say that only +encrypting some of your email isn't helpful -- it's a great start and it +makes bulk surveillance more difficult.

+ +

Unless you don't want to reveal your own identity (which requires other +protective measures), there's no reason not to sign every message, whether or +not you are encrypting. In addition to allowing those with GnuPG to verify +that the message came from you, signing is a non-intrusive way to remind +everyone that you use GnuPG and show support for secure communication. If you +often send signed messages to people that aren't familiar with GnuPG, it's +nice to also include a link to this guide in your standard email signature +(the text kind, not the cryptographic kind).

+ +
+
+ + +
+ +
+ +

Be wary of invalid keys

+ +

GnuPG makes email safer, but it's still important to watch out for invalid +keys, which might have fallen into the wrong hands. Email encrypted with +invalid keys might be readable by surveillance programs.

+ +

In your email program, go back to the first encrypted email that Edward +sent you. Because Edward encrypted it with your public key, it will have a +message from Enigmail at the top, which most likely says "Enigmail: Part of +this message encrypted."

+ +

When using GnuPG, make a habit of glancing at that bar. The program +will warn you there if you get an email signed with a key that can't +be trusted.

+ +
+
+ + +
+
+ +

Copy your revocation certificate to somewhere safe

+ +

Remember when you created your keys and saved the revocation certificate +that GnuPG made? It's time to copy that certificate onto the safest digital +storage that you have -- the ideal thing is a flash drive, disk, or hard +drive stored in a safe place in your home, not on a device you carry with +you regularly.

+ +

If your private key ever gets lost or stolen, you'll need this certificate +file to let people know that you are no longer using that keypair.

+ +
+
+ + +
+
+ +

Important: act swiftly if someone gets your private key

+ +

If you lose your private key or someone else gets ahold +of it (say, by stealing or cracking your computer), it's +important to revoke it immediately before someone else uses +it to read your encrypted email or forge your signature. This +guide doesn't cover how to revoke a key, but you can follow these instructions. +After you're done revoking, make a new key and send an email to everyone +with whom you usually use your key to make sure they know, including a copy +of your new key.

+ +
+
+ + + + + +
+
+ +

Webmail and GnuPG

+ +

When you use a web browser to access your email, you're using webmail, +an email program stored on a distant website. Unlike webmail, your desktop +email program runs on your own computer. Although webmail can't decrypt +encrypted email, it will still display it in its encrypted form. If you +primarily use webmail, you'll know to open your email client when you receive +a scrambled email.

+ +
+
+ + +
+ + +
+ +
+ + + + + + + + + + + + + + + + diff --git a/ua/infographic.html b/ua/infographic.html new file mode 100644 index 00000000..77f937b4 --- /dev/null +++ b/ua/infographic.html @@ -0,0 +1,129 @@ + + + + +Email Self-Defense - a guide to fighting surveillance with GnuPG +encryption + + + + + + + + + + + + + + + + + + + + + + + diff --git a/ua/kitchen/assemble-all-pages b/ua/kitchen/assemble-all-pages new file mode 100755 index 00000000..1862e28f --- /dev/null +++ b/ua/kitchen/assemble-all-pages @@ -0,0 +1,115 @@ +#!/bin/bash + +## assemble-all-pages -- generate a set of HTML pages with variable parts +# for emailselfdefense.fsf.org + +## Synopsis: assemble-all-pages + +## Description + +# Each page is built from a template and one or several includes, as usual; +# in addition, several versions of a page can be built from a single +# template which contains all the variable parts, by deleting irrelevant +# text. + +# The templates have inclusion markers (similar to SSI directives, except +# for the lack of "#") to indicate where the constant parts are to be +# inserted, and deletion markers to identify the borders of each deletion +# and indicate which page(s) the text between those borders belongs to. + +# The script processes all the templates in the working directory and the +# pages are created in the parent directory. + +# Ideally, any modifications should be done to the templates or includes, +# not to the final pages. + +# Templates: confirmation.t.html +# index.t.html (contains variable parts for mac and windows) +# infographic.t.html +# next_steps.t.html + +# Includes: footer.html +# head.html +# javascript.html +# translist.html + +## Graphic-user-interface howto + +# - Place the script in the same directory as the templates. +# - Display this directory in the file browser (do not just unfold the parent +# directory) and double-click on the script. + +# And if anything goes wrong, you can do a git reset, right? ;-) + +# =========================================================================== + +set -e +set -o pipefail + +function close_term () { + exit $1 +} + +# Create temporary files. +names=$(mktemp -t aap.XXXXXX) || close_term 1 +list=$(mktemp -t aap.XXXXXX) || close_term 1 +before=$(mktemp -t aap.XXXXXX) || close_term 1 +after=$(mktemp -t aap.XXXXXX) || close_term 1 +trap 'rm -f "$names" "$list" "$before" "$after"' EXIT + +# List all the templates in the working directory. +if ls *.t.html > $names 2>/dev/null; then + sed -i 's,\.t\.html$,,' $names +else + echo "*** There is no template in this directory." && close_term 1 +fi + +## Add the includes to the templates. + +while read name; do + # Make sure there is a blank line before the first include, otherwise + # it will not be added properly. + sed '1i\\n' $name.t.html > ../$name.html + # List the includes. + grep '^ + + + +${diff_file##*\/} + +
+EOF
+
+# Run wdiff with options to add the proper markup at the beginning and end of
+# deletions and insertions.
+wdiff --start-delete '' \
+      --end-delete '' \
+      --start-insert '' \
+      --end-insert '' \
+      ${f[0]} ${f[1]} >> $diff_file || true
+
+# Add the closing tags.
+echo '
' >> ${diff_file} + +echo -e "\n The diff file is $diff_file." +close_term 0 diff --git a/ua/kitchen/confirmation.t.html b/ua/kitchen/confirmation.t.html new file mode 100644 index 00000000..4b854bd3 --- /dev/null +++ b/ua/kitchen/confirmation.t.html @@ -0,0 +1,43 @@ + + + + + + + diff --git a/ua/kitchen/footer.html b/ua/kitchen/footer.html new file mode 100644 index 00000000..b6f0afb6 --- /dev/null +++ b/ua/kitchen/footer.html @@ -0,0 +1,52 @@ + + + diff --git a/ua/kitchen/head.html b/ua/kitchen/head.html new file mode 100644 index 00000000..9bf94dd3 --- /dev/null +++ b/ua/kitchen/head.html @@ -0,0 +1,18 @@ + + + + +Email Self-Defense - a guide to fighting surveillance with GnuPG +encryption + + + + + + + + diff --git a/ua/kitchen/index.t.html b/ua/kitchen/index.t.html new file mode 100644 index 00000000..b64c586c --- /dev/null +++ b/ua/kitchen/index.t.html @@ -0,0 +1,1152 @@ + + + + + + +
+ + +
+ +

#1 Get the pieces

+ + +

This guide relies on software which is freely licensed; +it's completely transparent and anyone can copy it or make their +own version. This makes it safer from surveillance than proprietary +software (like Windows). Learn more about free software at fsf.org.

+ +

Most GNU/Linux operating systems come with GnuPG installed on them, +so you don't have to download it. Before configuring GnuPG though, you'll +need the IceDove desktop email program installed on your computer. Most +GNU/Linux distributions have IceDove installed already, though it may be +under the alternate name "Thunderbird." Email programs are another way to +access the same email accounts you can access in a browser (like Gmail), +but provide extra features.

+ + +

This guide relies on software which is freely licensed; it's +completely transparent and anyone can copy it or make their own version. This +makes it safer from surveillance than proprietary software (like Windows or Mac +OS). To defend your freedom as well as protect yourself from surveillance, we +recommend you switch to a free software operating system like GNU/Linux. Learn +more about free software at fsf.org.

+ +

To get started, you'll need the IceDove desktop email program installed +on your computer. For your system, IceDove may be known by the alternate name +"Thunderbird." Email programs are another way to access the same email accounts +you can access in a browser (like Gmail), but provide extra features.

+ + +

If you already have an email program, you can skip to Step 1.b.

+ +
+ + +
+ +
+ +

Step 1.a Set up your email program with your email account

+ +

Open your email program and follow the wizard (step-by-step walkthrough) +that sets it up with your email account.

+ +

Look for the letters SSL, TLS, or STARTTLS to the right of the servers +when you're setting up your account. If you don't see them, you will still +be able to use encryption, but this means that the people running your email +system are running behind the industry standard in protecting your security +and privacy. We recommend that you send them a friendly email asking them +to enable SSL, TLS, or STARTTLS for your email server. They will know what +you're talking about, so it's worth making the request even if you aren't +an expert on these security systems.

+ + +
+ +

Troubleshooting

+ +
+
The wizard doesn't launch
+
You can launch the wizard yourself, but the menu option for doing so is +named differently in each email program. The button to launch it will be in +the program's main menu, under "New" or something similar, titled something +like "Add account" or "New/Existing email account."
+ +
The wizard can't find my account or isn't downloading my mail
+
Before searching the Web, we recommend you start by asking other people +who use your email system, to figure out the correct settings.
+ + + +
+ +
+
+
+ + + +
+
+ +

Step 1.b Get GnuPG by downloading GPGTools

+ +

GPGTools is a software package that includes GnuPG. Download and install it, choosing +default options whenever asked. After it's installed, you can close any +windows that it creates.

+ +

There are major security flaws in versions of GnuPG provided by GPGTools +prior to 2018.3. Make sure you have GPGTools 2018.3 or later.

+ +
+
+ + + +
+
+ +

Step 1.b Get GnuPG by downloading GPG4Win

+ +

GPG4Win is a software package that includes GnuPG. Download and install it, choosing default +options whenever asked. After it's installed, you can close any windows that +it creates.

+ +

There are major security flaws in versions of GnuPG provided by GPG4Win +prior to 3.1.2. Make sure you have GPG4Win 3.1.2 or later.

+ +
+
+ + + +
+ +
+ +

Step 1.b Install the Enigmail plugin for your email program

+ +

In your email program's menu, select Add-ons (it may be in the Tools +section). Make sure Extensions is selected on the left. Do you see Enigmail? +Make sure it's the latest version. If so, skip this step.

+ +

If not, search "Enigmail" with the search bar in the upper right. You +can take it from here. Restart your email program when you're done.

+ +

There are major security flaws in versions of GnuPG prior to 2.2.8, and +Enigmail prior to 2.0.7. Make sure you have GnuPG 2.2.8 and Enigmail 2.0.7, +or later versions.

+ + + + + +
+ +
+ +

Step 1.c Install the Enigmail plugin for your email program

+ +

In your email program's menu, select Add-ons (it may be in the Tools +section). Make sure Extensions is selected on the left. Do you see Enigmail? +Make sure it's the latest version. If so, skip this step.

+ +

If not, search "Enigmail" with the search bar in the upper right. You +can take it from here. Restart your email program when you're done.

+ +

There are major security flaws in Enigmail prior to version 2.0.7. Make +sure you have Enigmail 2.0.7 or later.

+ + + +
+ +

Troubleshooting

+ +
+
I can't find the menu.
+
In many new email programs, the main menu is represented by an image of +three stacked horizontal bars.
+ +
My email looks weird
+
Enigmail doesn't tend to play nice with HTML, which is used to format +emails, so it may disable your HTML formatting automatically. To send an +HTML-formatted email without encryption or a signature, hold down the Shift +key when you select compose. You can then write an email as if Enigmail +wasn't there.
+ + + +
+ +
+
+
+
+ + +
+ + +
+ +

#2 Make your keys

+ +

To use the GnuPG system, you'll need a public key and a private key (known +together as a keypair). Each is a long string of randomly generated numbers +and letters that are unique to you. Your public and private keys are linked +together by a special mathematical function.

+ +

Your public key isn't like a physical key, because it's stored in the open +in an online directory called a keyserver. People download it and use it, +along with GnuPG, to encrypt emails they send to you. You can think of the +keyserver as a phonebook; people who want to send you encrypted email can +look up your public key.

+ +

Your private key is more like a physical key, because you keep it to +yourself (on your computer). You use GnuPG and your private key together to +descramble encrypted emails other people send to you. You should never share your private key with anyone, under any +circumstances.

+ +

In addition to encryption and decryption, you can also use these keys to +sign messages and check the authenticity of other people's signatures. We'll +discuss this more in the next section.

+ +
+ + +
+ +
+ +

Step 2.a Make a keypair

+ +

The Enigmail Setup wizard may start automatically. If it doesn't, select +Enigmail → Setup Wizard from your email program's menu. You don't need +to read the text in the window that pops up unless you'd like to, but it's +good to read the text on the later screens of the wizard. Click Next with +the default options selected, except in these instances, which are listed +in the order they appear:

+ +
    +
  • On the screen titled "Encryption," select "Encrypt all of my messages +by default, because privacy is critical to me."
  • + +
  • On the screen titled "Signing," select "Don't sign my messages by +default."
  • + +
  • On the screen titled "Key Selection," select "I want to create a new +key pair for signing and encrypting my email."
  • + +
  • On the screen titled "Create Key," pick a strong password! You can +do it manually, or you can use the Diceware method. Doing it manually +is faster but not as secure. Using Diceware takes longer and requires +dice, but creates a password that is much harder for attackers to figure +out. To use it, read the section "Make a secure passphrase with Diceware" in +this article by Micah Lee.
  • +
+ +

If you'd like to pick a password manually, come up with something +you can remember which is at least twelve characters long, and includes +at least one lower case and upper case letter and at least one number or +punctuation symbol. Never pick a password you've used elsewhere. Don't use +any recognizable patterns, such as birthdays, telephone numbers, pets' names, +song lyrics, quotes from books, and so on.

+ +

The program will take a little while to finish the next +step, the "Key Creation" screen. While you wait, do something else with your +computer, like watching a movie or browsing the Web. The more you use the +computer at this point, the faster the key creation will go.

+ +

When the "Key Generation Completed" screen +pops up, select Generate Certificate and choose to save it in a safe place on +your computer (we recommend making a folder called "Revocation Certificate" +in your home folder and keeping it there). This step is essential for your +email self-defense, as you'll learn more about in Section +5.

+ + +
+ +

Troubleshooting

+ +
+
I can't find the Enigmail menu.
+
In many new email programs, the main menu is represented by an image +of three stacked horizontal bars. Enigmail may be inside a section called +Tools.
+ + +
The wizard says that it cannot find GnuPG.
+
Open whatever program you usually use for installing software, and search +for GnuPG, then install it. Then restart the Enigmail setup wizard by going +to Enigmail → Setup Wizard.
+ + +
More resources
+
If you're having trouble with our +instructions or just want to learn more, check out +Enigmail's wiki instructions for key generation.
+ + + +
+ +
+ + +
+ +

Advanced

+ +
+
Command line key generation
+
If you prefer using the command line for a higher +degree of control, you can follow the documentation from The GNU Privacy +Handbook. Make sure you stick with "RSA and RSA" (the default), +because it's newer and more secure than the algorithms the documentation +recommends. Also make sure your key is at least 2048 bits, or 4096 if you +want to be extra secure.
+ +
Advanced key pairs
+
When GnuPG creates a new keypair, it compartmentalizes +the encryption function from the signing function through subkeys. If you use +subkeys carefully, you can keep your GnuPG identity much more +secure and recover from a compromised key much more quickly. Alex Cabal +and the Debian wiki +provide good guides for setting up a secure subkey configuration.
+
+ +
+
+
+ + +
+
+ +

Step 2.b Upload your public key to a keyserver

+ +

In your email program's menu, select Enigmail → Key Management.

+ +

Right click on your key and select Upload Public Keys to Keyserver. You +don't have to use the default keyserver. If, after research, you would like +to change to a different default keyserver, you can change that setting +manually in the Enigmail preferences.

+ +

Now someone who wants to send you an encrypted message can +download your public key from the Internet. There are multiple keyservers +that you can select from the menu when you upload, but they are all copies +of each other, so it doesn't matter which one you use. However, it sometimes +takes a few hours for them to match each other when a new key is uploaded.

+ + +
+ +

Troubleshooting

+ +
+
The progress bar never finishes
+
Close the upload popup, make sure you are connected to the Internet, +and try again. If that doesn't work, try again, selecting a different +keyserver.
+ +
My key doesn't appear in the list
+
Try checking "Display All Keys by Default."
+ +
More documentation
+
If you're having trouble with our +instructions or just want to learn more, check out +Enigmail's documentation.
+ + + +
+ +
+ + +
+ +

Advanced

+ +
+
Uploading a key from the command line
+
You can also upload your keys to a keyserver through the command line. The sks Web site +maintains a list of highly interconnected keyservers. You can also directly export +your key as a file on your computer.
+
+ +
+
+
+ + +
+
+ +

GnuPG, OpenPGP, what?

+ +

In general, the terms GnuPG, GPG, GNU Privacy Guard, OpenPGP and PGP +are used interchangeably. Technically, OpenPGP (Pretty Good Privacy) is the +encryption standard, and GNU Privacy Guard (often shortened to GPG or GnuPG) +is the program that implements the standard. Enigmail is a plug-in program +for your email program that provides an interface for GnuPG.

+ +
+
+
+ + +
+ + +
+ +

#3 Try it out!

+ +

Now you'll try a test correspondence with a computer program named Edward, +who knows how to use encryption. Except where noted, these are the same +steps you'd follow when corresponding with a real, live person.

+ + +
+ + +
+ +
+ +

Step 3.a Send Edward your public key

+ +

This is a special step that you won't have to do when corresponding +with real people. In your email program's menu, go to Enigmail → Key +Management. You should see your key in the list that pops up. Right click +on your key and select Send Public Keys by Email. This will create a new +draft message, as if you had just hit the Write button.

+ +

Address the message to edward-en@fsf.org. Put at least one word +(whatever you want) in the subject and body of the email. Don't send yet.

+ +

The lock icon in the top left should be yellow, meaning encryption is +turned on. We want this first special message to be unencrypted, so +click the icon once to turn it off. The lock should become grey, with a +blue dot on it (to alert you that the setting has been changed from the +default). Once encryption is off, hit Send.

+ +

It may take two or three minutes for Edward to +respond. In the meantime, you might want to skip ahead and check out the Use it Well section of this guide. Once he's responded, +head to the next step. From here on, you'll be doing just the same thing as +when corresponding with a real person.

+ +

When you open Edward's reply, GnuPG may prompt you for your password +before using your private key to decrypt it.

+ +
+
+ + +
+
+ +

Step 3.b Send a test encrypted email

+ +

Write a new email in your email program, addressed to edward-en@fsf.org. Make the subject +"Encryption test" or something similar and write something in the body.

+ +

The lock icon in the top left of the window should be yellow, meaning +encryption is on. This will be your default from now on.

+ +

Next to the lock, you'll notice an icon of a pencil. We'll +get to this in a moment.

+ +

Click Send. Enigmail will pop up a window that says "Recipients not valid, +not trusted or not found."

+ +

To encrypt an email to Edward, you need his public key, so now you'll have +Enigmail download it from a keyserver. Click Download Missing Keys and use +the default in the pop-up that asks you to choose a keyserver. Once it finds +keys, check the first one (Key ID starting with C), then select ok. Select +ok in the next pop-up.

+ +

Now you are back at the "Recipients not valid, not trusted or not found" +screen. Check the box in front of Edward's key and click Send.

+ +

Since you encrypted this email with Edward's public key, +Edward's private key is required to decrypt it. Edward is the only one with +his private key, so no one except him can decrypt it.

+ + +
+ +

Troubleshooting

+ +
+
Enigmail can't find Edward's key
+
Close the pop-ups that have appeared since you clicked Send. Make sure +you are connected to the Internet and try again. If that doesn't work, repeat +the process, choosing a different keyserver when it asks you to pick one.
+ +
Unscrambled messages in the Sent folder
+
Even though you can't decrypt messages encrypted to someone else's key, +your email program will automatically save a copy encrypted to your public key, +which you'll be able to view from the Sent folder like a normal email. This +is normal, and it doesn't mean that your email was not sent encrypted.
+ +
More resources
+
If you're still having trouble with our +instructions or just want to learn more, check out +Enigmail's wiki.
+ + + +
+ +
+ + +
+ +

Advanced

+ +
+
Encrypt messages from the command line
+
You can also encrypt and decrypt messages and files from the command line, +if that's your preference. The option --armor makes the encrypted output +appear in the regular character set.
+
+ +
+
+
+ + +
+
+ +

Important: Security tips

+ +

Even if you encrypt your email, the subject line is not encrypted, so +don't put private information there. The sending and receiving addresses +aren't encrypted either, so a surveillance system can still figure out who +you're communicating with. Also, surveillance agents will know that you're +using GnuPG, even if they can't figure out what you're saying. When you +send attachments, Enigmail will give you the choice to encrypt them or not, +independent of the actual email.

+ + +

For greater security against potential attacks, you can turn off +HTML. Instead, you can render the message body as plain text. In order +to do this in Thunderbird, go to View > Message Body As > Plain +Text.

+ + +

For greater security against potential attacks, you can turn off +HTML. Instead, you can render the message body as plain text.

+ + +
+
+ + +
+
+ +

Step 3.c Receive a response

+ +

When Edward receives your email, he will use his private key to decrypt +it, then reply to you.

+ +

It may take two or three minutes for Edward to +respond. In the meantime, you might want to skip ahead and check out the Use it Well section of this guide.

+ +
+
+ + +
+
+ +

Step 3.d Send a test signed email

+ +

GnuPG includes a way for you to sign messages and files, verifying that +they came from you and that they weren't tampered with along the way. These +signatures are stronger than their pen-and-paper cousins -- they're impossible +to forge, because they're impossible to create without your private key +(another reason to keep your private key safe).

+ +

You can sign messages to anyone, so it's a great way to make people +aware that you use GnuPG and that they can communicate with you securely. If +they don't have GnuPG, they will be able to read your message and see your +signature. If they do have GnuPG, they'll also be able to verify that your +signature is authentic.

+ +

To sign an email to Edward, compose any message to him and click the +pencil icon next to the lock icon so that it turns gold. If you sign a +message, GnuPG may ask you for your password before it sends the message, +because it needs to unlock your private key for signing.

+ +

With the lock and pencil icons, you can choose whether each message will +be encrypted, signed, both, or neither.

+ +
+
+ + +
+
+ +

Step 3.e Receive a response

+ +

When Edward receives your email, he will use your public key (which +you sent him in Step 3.A) to verify the message +you sent has not been tampered with and to encrypt his reply to you.

+ +

It may take two or three minutes for Edward to +respond. In the meantime, you might want to skip ahead and check out the Use it Well section of this guide.

+ +

Edward's reply will arrive encrypted, because he prefers to use encryption +whenever possible. If everything goes according to plan, it should say +"Your signature was verified." If your test signed email was also encrypted, +he will mention that first.

+ +

When you receive Edward's email and open it, Enigmail will +automatically detect that it is encrypted with your public key, and +then it will use your private key to decrypt it.

+ +

Notice the bar that Enigmail shows you above the message, with +information about the status of Edward's key.

+ +
+
+
+ + +
+ + +
+ +

#4 Learn the Web of Trust

+ +

Email encryption is a powerful technology, but it has a weakness; +it requires a way to verify that a person's public key is actually +theirs. Otherwise, there would be no way to stop an attacker from making +an email address with your friend's name, creating keys to go with it and +impersonating your friend. That's why the free software programmers that +developed email encryption created keysigning and the Web of Trust.

+ +

When you sign someone's key, you are publicly saying that you've verified +that it belongs to them and not someone else.

+ +

Signing keys and signing messages use the same type of mathematical +operation, but they carry very different implications. It's a good practice +to generally sign your email, but if you casually sign people's keys, you +may accidently end up vouching for the identity of an imposter.

+ +

People who use your public key can see who has signed it. Once you've +used GnuPG for a long time, your key may have hundreds of signatures. You +can consider a key to be more trustworthy if it has many signatures from +people that you trust. The Web of Trust is a constellation of GnuPG users, +connected to each other by chains of trust expressed through signatures.

+ +
+ + +
+ +
+ +

Step 4.a Sign a key

+ +

In your email program's menu, go to Enigmail → Key Management.

+ +

Right click on Edward's public key and select Sign Key from the context +menu.

+ +

In the window that pops up, select "I will not answer" and click ok.

+ +

Now you should be back at the Key Management menu. Select Keyserver → +Upload Public Keys and hit ok.

+ +

You've just effectively said "I trust that Edward's public +key actually belongs to Edward." This doesn't mean much because Edward isn't +a real person, but it's good practice.

+ + +
+
+ + +
+
+ +

Identifying keys: Fingerprints and IDs

+ +

People's public keys are usually identified by their key fingerprint, +which is a string of digits like F357AA1A5B1FA42CFD9FE52A9FF2194CC09A61E8 +(for Edward's key). You can see the fingerprint for your public key, and +other public keys saved on your computer, by going to Enigmail → Key +Management in your email program's menu, then right clicking on the key +and choosing Key Properties. It's good practice to share your fingerprint +wherever you share your email address, so that people can double-check that +they have the correct public key when they download yours from a keyserver.

+ +

You may also see public keys referred to by a shorter +key ID. This key ID is visible directly from the Key Management +window. These eight character key IDs were previously used for +identification, which used to be safe, but is no longer reliable. You +need to check the full fingerprint as part of verifying you have the +correct key for the person you are trying to contact. Spoofing, in +which someone intentionally generates a key with a fingerprint whose +final eight characters are the same as another, is unfortunately +common.

+ +
+
+ + +
+
+ +

Important: What to consider when signing keys

+ +

Before signing a person's key, you need to be confident that it actually +belongs to them, and that they are who they say they are. Ideally, this +confidence comes from having interactions and conversations with them over +time, and witnessing interactions between them and others. Whenever signing +a key, ask to see the full public key fingerprint, and not just the shorter +key ID. If you feel it's important to sign the key of someone you've just +met, also ask them to show you their government identification, and make +sure the name on the ID matches the name on the public key. In Enigmail, +answer honestly in the window that pops up and asks "How carefully have you +verified that the key you are about to sign actually belongs to the person(s) +named above?"

+ + +
+ +

Advanced

+ +
+
Master the Web of Trust
+
Unfortunately, trust does not spread between users the way many people +think. One of best ways to strengthen the GnuPG community is to deeply understand the Web of +Trust and to carefully sign as many people's keys as circumstances permit.
+ +
Set ownertrust
+
If you trust someone enough to validate other people's keys, you can assign +them an ownertrust level through Enigmails's key management window. Right +click on the other person's key, go to the "Select Owner Trust" menu option, +select the trustlevel and click OK. Only do this once you feel you have a +deep understanding of the Web of Trust.
+
+ +
+
+
+
+ + +
+ + +
+ +

#5 Use it well

+ +

Everyone uses GnuPG a little differently, but it's important to follow +some basic practices to keep your email secure. Not following them, you +risk the privacy of the people you communicate with, as well as your own, +and damage the Web of Trust.

+ +
+ + +
+ +
+ +

When should I encrypt? When should I sign?

+ +

The more you can encrypt your messages, the better. If you only encrypt +emails occasionally, each encrypted message could raise a red flag for +surveillance systems. If all or most of your email is encrypted, people +doing surveillance won't know where to start. That's not to say that only +encrypting some of your email isn't helpful -- it's a great start and it +makes bulk surveillance more difficult.

+ +

Unless you don't want to reveal your own identity (which requires other +protective measures), there's no reason not to sign every message, whether or +not you are encrypting. In addition to allowing those with GnuPG to verify +that the message came from you, signing is a non-intrusive way to remind +everyone that you use GnuPG and show support for secure communication. If you +often send signed messages to people that aren't familiar with GnuPG, it's +nice to also include a link to this guide in your standard email signature +(the text kind, not the cryptographic kind).

+ +
+
+ + +
+ +
+ +

Be wary of invalid keys

+ +

GnuPG makes email safer, but it's still important to watch out for invalid +keys, which might have fallen into the wrong hands. Email encrypted with +invalid keys might be readable by surveillance programs.

+ +

In your email program, go back to the first encrypted email that Edward +sent you. Because Edward encrypted it with your public key, it will have a +message from Enigmail at the top, which most likely says "Enigmail: Part of +this message encrypted."

+ +

When using GnuPG, make a habit of glancing at that bar. The program +will warn you there if you get an email signed with a key that can't +be trusted.

+ +
+
+ + +
+
+ +

Copy your revocation certificate to somewhere safe

+ +

Remember when you created your keys and saved the revocation certificate +that GnuPG made? It's time to copy that certificate onto the safest digital +storage that you have -- the ideal thing is a flash drive, disk, or hard +drive stored in a safe place in your home, not on a device you carry with +you regularly.

+ +

If your private key ever gets lost or stolen, you'll need this certificate +file to let people know that you are no longer using that keypair.

+ +
+
+ + +
+
+ +

Important: act swiftly if someone gets your private key

+ +

If you lose your private key or someone else gets ahold +of it (say, by stealing or cracking your computer), it's +important to revoke it immediately before someone else uses +it to read your encrypted email or forge your signature. This +guide doesn't cover how to revoke a key, but you can follow these instructions. +After you're done revoking, make a new key and send an email to everyone +with whom you usually use your key to make sure they know, including a copy +of your new key.

+ +
+
+ + + + + +
+
+ +

Webmail and GnuPG

+ +

When you use a web browser to access your email, you're using webmail, +an email program stored on a distant website. Unlike webmail, your desktop +email program runs on your own computer. Although webmail can't decrypt +encrypted email, it will still display it in its encrypted form. If you +primarily use webmail, you'll know to open your email client when you receive +a scrambled email.

+ +
+
+ + +
+ + +
+ +
+ + + + + + + diff --git a/ua/kitchen/infographic.t.html b/ua/kitchen/infographic.t.html new file mode 100644 index 00000000..8929d0cd --- /dev/null +++ b/ua/kitchen/infographic.t.html @@ -0,0 +1,40 @@ + + + + + + + diff --git a/ua/kitchen/javascript.html b/ua/kitchen/javascript.html new file mode 100644 index 00000000..ed1475b3 --- /dev/null +++ b/ua/kitchen/javascript.html @@ -0,0 +1,22 @@ + + + + + + + + diff --git a/ua/kitchen/next_steps.t.html b/ua/kitchen/next_steps.t.html new file mode 100644 index 00000000..e500e9a0 --- /dev/null +++ b/ua/kitchen/next_steps.t.html @@ -0,0 +1,247 @@ + + + + + + +
+ + +
+ +

#6 Next steps

+ +

You've now completed the basics of email encryption with GnuPG, taking +action against bulk surveillance. These next steps will help make the most +of the work you've done.

+ +
+ + +
+ +
+ +

Join the movement

+ +

You've just taken a huge step towards protecting your privacy online. But +each of us acting alone isn't enough. To topple bulk surveillance, we need +to build a movement for the autonomy and freedom of all computer users. Join +the Free Software Foundation's community to meet like-minded people and work +together for change.

+ +

+ GNU Social  |  + + Mastodon  |  +Twitter

+ +

Read why GNU Social and Mastodon +are better than Twitter, and why +we don't use Facebook.

+ +
+ +
+
+ + +
+
+ +

Bring Email Self-Defense to new people

+ +

Understanding and setting up email encryption is a daunting task for +many. To welcome them, make it easy to find your public key and offer to +help with encryption. Here are some suggestions:

+ +
    +
  • Lead an Email Self-Defense workshop for your friends and community, +using our teaching guide.
  • + +
  • Use our sharing page to compose +a message to a few friends and ask them to join you in using encrypted +email. Remember to include your GnuPG public key fingerprint so they can +easily download your key.
  • + +
  • Add your public key fingerprint anywhere that you normally display +your email address. Some good places are: your email signature (the text +kind, not the cryptographic kind), social media profiles, blogs, Websites, +or business cards. At the Free Software Foundation, we put ours on our staff page.
  • +
+ +
+
+ + +
+
+ +

Protect more of your digital life

+ +

Learn surveillance-resistant technologies for instant +messages, hard drive storage, online sharing, and more at +the Free Software Directory's Privacy Pack and prism-break.org.

+ +

If you are using Windows, Mac OS or any other proprietary operating +system, we recommend you switch to a free software operating system like +GNU/Linux. This will make it much harder for attackers to enter your computer +through hidden back doors. Check out the Free Software Foundation's endorsed versions of +GNU/Linux.

+ +
+
+ + +
+
+ +

Optional: Add more email protection with Tor

+ +

The Onion Router +(Tor) network wraps Internet communication in multiple layers of encryption +and bounces it around the world several times. When used properly, Tor confuses +surveillance field agents and the global surveillance apparatus alike. Using +it simultaneously with GnuPG's encryption will give you the best results.

+ +

To have your email program send and receive email over Tor, install the Torbirdy +plugin the same way you installed Enigmail, by searching for it through +Add-ons.

+ +

Before beginning to check your email over Tor, make sure you understand +the security tradeoffs involved. This infographic from our +friends at the Electronic Frontier Foundation demonstrates how Tor keeps +you secure.

+ +
+
+ + +
+ +
+ +

Make Email Self-Defense tools even better

+ +

Leave +feedback and suggest improvements to this guide. We +welcome translations, but we ask that you contact us at campaigns@fsf.org before you start, +so that we can connect you with other translators working in your language.

+ +

If you like programming, you can contribute code +to GnuPG or Enigmail.

+ +

To go the extra mile, support the Free Software Foundation so we can keep +improving Email Self-Defense, and make more tools like it.

+ +

+ +
+
+
+ + + +
+ + + + + + + diff --git a/ua/kitchen/reformat-html.1 b/ua/kitchen/reformat-html.1 new file mode 100755 index 00000000..5a307af4 --- /dev/null +++ b/ua/kitchen/reformat-html.1 @@ -0,0 +1,139 @@ +#!/bin/bash + +# NAME +# reformat-html - reformat HTML files from emailselfdefense.fsf.org + +# SYNOPSIS +# reformat-html /PATH/TO/NAME.html + +# GRAPHIC INTERFACE HOWTO +# * Launch the script by double-clicking on it; a terminal will open. +# * At the prompt, drag and drop the input file into the terminal. +# +# Alternatively (in Gnome, KDE, XFCE, etc.) +# * create a launcher for the application menu; +# * launch the script from the contextual menu of the HTML file. +# +# The reformatted file is created in the directory where the input file +# resides, and its name is NAME-r.html. + +#============================================================================== + +set -e + +# Test whether the script is called from color-wdiff +p=$(pidof -x color-wdiff) || true +test "$p" == "$PPID" && called_from_color_wdiff=1 + +function sleep_or_exit () { +# turns off interactivity and lets the terminal close normally if the script +# is called from color-wdiff. + +if test "$called_from_color_wdiff" == "1"; then + exit $1 +else + if test "$1" == "1"; then + echo -e 1>&2 "\n!!! $input doesn't exist or is not HTML." + sleep 3 + fi + exit $1 +fi +} + +# Get a valid HTML as input. +input=$1 +if test ! -f "$input" -o ! -s "$input"; then + echo -e "\n*** reformat-html - Please enter the HTML file." + read input + input=${input%\'}; input=${input#\'} +fi +test -f "$input" -a "${input%.html}" != "$input" || sleep_or_exit 1 + +# Define the output file. +if test "$called_from_color_wdiff" == "1"; then + output=$2 +else + output=${input%.html}-r.html +fi + +tmp=$(mktemp -t ref.XXXXXX) || exit 1 +tmp1=$(mktemp -t ref.XXXXXX) || exit 1 +tmp2=$(mktemp -t ref.XXXXXX) || exit 1 +trap 'rm -f "$tmp" "$tmp1" "$tmp2"' EXIT + +# Don't touch the scripts. +sed -n '/ + + + + + + + diff --git a/ua/next_steps.html b/ua/next_steps.html new file mode 100644 index 00000000..b77220ee --- /dev/null +++ b/ua/next_steps.html @@ -0,0 +1,336 @@ + + + + +Email Self-Defense - a guide to fighting surveillance with GnuPG +encryption + + + + + + + + + + + + + +
+ + +
+ +

#6 Next steps

+ +

You've now completed the basics of email encryption with GnuPG, taking +action against bulk surveillance. These next steps will help make the most +of the work you've done.

+ +
+ + +
+ +
+ +

Join the movement

+ +

You've just taken a huge step towards protecting your privacy online. But +each of us acting alone isn't enough. To topple bulk surveillance, we need +to build a movement for the autonomy and freedom of all computer users. Join +the Free Software Foundation's community to meet like-minded people and work +together for change.

+ +

+ GNU Social  |  + + Mastodon  |  +Twitter

+ +

Read why GNU Social and Mastodon +are better than Twitter, and why +we don't use Facebook.

+ +
+ +
+
+ + +
+
+ +

Bring Email Self-Defense to new people

+ +

Understanding and setting up email encryption is a daunting task for +many. To welcome them, make it easy to find your public key and offer to +help with encryption. Here are some suggestions:

+ +
    +
  • Lead an Email Self-Defense workshop for your friends and community, +using our teaching guide.
  • + +
  • Use our sharing page to compose +a message to a few friends and ask them to join you in using encrypted +email. Remember to include your GnuPG public key fingerprint so they can +easily download your key.
  • + +
  • Add your public key fingerprint anywhere that you normally display +your email address. Some good places are: your email signature (the text +kind, not the cryptographic kind), social media profiles, blogs, Websites, +or business cards. At the Free Software Foundation, we put ours on our staff page.
  • +
+ +
+
+ + +
+
+ +

Protect more of your digital life

+ +

Learn surveillance-resistant technologies for instant +messages, hard drive storage, online sharing, and more at +the Free Software Directory's Privacy Pack and prism-break.org.

+ +

If you are using Windows, Mac OS or any other proprietary operating +system, we recommend you switch to a free software operating system like +GNU/Linux. This will make it much harder for attackers to enter your computer +through hidden back doors. Check out the Free Software Foundation's endorsed versions of +GNU/Linux.

+ +
+
+ + +
+
+ +

Optional: Add more email protection with Tor

+ +

The Onion Router +(Tor) network wraps Internet communication in multiple layers of encryption +and bounces it around the world several times. When used properly, Tor confuses +surveillance field agents and the global surveillance apparatus alike. Using +it simultaneously with GnuPG's encryption will give you the best results.

+ +

To have your email program send and receive email over Tor, install the Torbirdy +plugin the same way you installed Enigmail, by searching for it through +Add-ons.

+ +

Before beginning to check your email over Tor, make sure you understand +the security tradeoffs involved. This infographic from our +friends at the Electronic Frontier Foundation demonstrates how Tor keeps +you secure.

+ +
+
+ + +
+ +
+ +

Make Email Self-Defense tools even better

+ +

Leave +feedback and suggest improvements to this guide. We +welcome translations, but we ask that you contact us at campaigns@fsf.org before you start, +so that we can connect you with other translators working in your language.

+ +

If you like programming, you can contribute code +to GnuPG or Enigmail.

+ +

To go the extra mile, support the Free Software Foundation so we can keep +improving Email Self-Defense, and make more tools like it.

+ +

+ +
+
+
+ + + +
+ + + + + + + + + + + + + + + + diff --git a/ua/windows.html b/ua/windows.html new file mode 100644 index 00000000..d3c4c2dd --- /dev/null +++ b/ua/windows.html @@ -0,0 +1,1165 @@ + + + + +Email Self-Defense - a guide to fighting surveillance with GnuPG +encryption + + + + + + + + + + + + + +
+ + +
+ +

#1 Get the pieces

+ +

This guide relies on software which is freely licensed; it's +completely transparent and anyone can copy it or make their own version. This +makes it safer from surveillance than proprietary software (like Windows or Mac +OS). To defend your freedom as well as protect yourself from surveillance, we +recommend you switch to a free software operating system like GNU/Linux. Learn +more about free software at fsf.org.

+ +

To get started, you'll need the IceDove desktop email program installed +on your computer. For your system, IceDove may be known by the alternate name +"Thunderbird." Email programs are another way to access the same email accounts +you can access in a browser (like Gmail), but provide extra features.

+ +

If you already have an email program, you can skip to Step 1.b.

+ +
+ + +
+ +
+ +

Step 1.a Set up your email program with your email account

+ +

Open your email program and follow the wizard (step-by-step walkthrough) +that sets it up with your email account.

+ +

Look for the letters SSL, TLS, or STARTTLS to the right of the servers +when you're setting up your account. If you don't see them, you will still +be able to use encryption, but this means that the people running your email +system are running behind the industry standard in protecting your security +and privacy. We recommend that you send them a friendly email asking them +to enable SSL, TLS, or STARTTLS for your email server. They will know what +you're talking about, so it's worth making the request even if you aren't +an expert on these security systems.

+ + +
+ +

Troubleshooting

+ +
+
The wizard doesn't launch
+
You can launch the wizard yourself, but the menu option for doing so is +named differently in each email program. The button to launch it will be in +the program's main menu, under "New" or something similar, titled something +like "Add account" or "New/Existing email account."
+ +
The wizard can't find my account or isn't downloading my mail
+
Before searching the Web, we recommend you start by asking other people +who use your email system, to figure out the correct settings.
+ + + +
+ +
+
+
+ + +
+
+ +

Step 1.b Get GnuPG by downloading GPG4Win

+ +

GPG4Win is a software package that includes GnuPG. Download and install it, choosing default +options whenever asked. After it's installed, you can close any windows that +it creates.

+ +

There are major security flaws in versions of GnuPG provided by GPG4Win +prior to 3.1.2. Make sure you have GPG4Win 3.1.2 or later.

+ +
+
+ + +
+ +
+ +

Step 1.c Install the Enigmail plugin for your email program

+ +

In your email program's menu, select Add-ons (it may be in the Tools +section). Make sure Extensions is selected on the left. Do you see Enigmail? +Make sure it's the latest version. If so, skip this step.

+ +

If not, search "Enigmail" with the search bar in the upper right. You +can take it from here. Restart your email program when you're done.

+ +

There are major security flaws in Enigmail prior to version 2.0.7. Make +sure you have Enigmail 2.0.7 or later.

+ + +
+ +

Troubleshooting

+ +
+
I can't find the menu.
+
In many new email programs, the main menu is represented by an image of +three stacked horizontal bars.
+ +
My email looks weird
+
Enigmail doesn't tend to play nice with HTML, which is used to format +emails, so it may disable your HTML formatting automatically. To send an +HTML-formatted email without encryption or a signature, hold down the Shift +key when you select compose. You can then write an email as if Enigmail +wasn't there.
+ + + +
+ +
+
+
+
+ + +
+ + +
+ +

#2 Make your keys

+ +

To use the GnuPG system, you'll need a public key and a private key (known +together as a keypair). Each is a long string of randomly generated numbers +and letters that are unique to you. Your public and private keys are linked +together by a special mathematical function.

+ +

Your public key isn't like a physical key, because it's stored in the open +in an online directory called a keyserver. People download it and use it, +along with GnuPG, to encrypt emails they send to you. You can think of the +keyserver as a phonebook; people who want to send you encrypted email can +look up your public key.

+ +

Your private key is more like a physical key, because you keep it to +yourself (on your computer). You use GnuPG and your private key together to +descramble encrypted emails other people send to you. You should never share your private key with anyone, under any +circumstances.

+ +

In addition to encryption and decryption, you can also use these keys to +sign messages and check the authenticity of other people's signatures. We'll +discuss this more in the next section.

+ +
+ + +
+ +
+ +

Step 2.a Make a keypair

+ +

The Enigmail Setup wizard may start automatically. If it doesn't, select +Enigmail → Setup Wizard from your email program's menu. You don't need +to read the text in the window that pops up unless you'd like to, but it's +good to read the text on the later screens of the wizard. Click Next with +the default options selected, except in these instances, which are listed +in the order they appear:

+ +
    +
  • On the screen titled "Encryption," select "Encrypt all of my messages +by default, because privacy is critical to me."
  • + +
  • On the screen titled "Signing," select "Don't sign my messages by +default."
  • + +
  • On the screen titled "Key Selection," select "I want to create a new +key pair for signing and encrypting my email."
  • + +
  • On the screen titled "Create Key," pick a strong password! You can +do it manually, or you can use the Diceware method. Doing it manually +is faster but not as secure. Using Diceware takes longer and requires +dice, but creates a password that is much harder for attackers to figure +out. To use it, read the section "Make a secure passphrase with Diceware" in +this article by Micah Lee.
  • +
+ +

If you'd like to pick a password manually, come up with something +you can remember which is at least twelve characters long, and includes +at least one lower case and upper case letter and at least one number or +punctuation symbol. Never pick a password you've used elsewhere. Don't use +any recognizable patterns, such as birthdays, telephone numbers, pets' names, +song lyrics, quotes from books, and so on.

+ +

The program will take a little while to finish the next +step, the "Key Creation" screen. While you wait, do something else with your +computer, like watching a movie or browsing the Web. The more you use the +computer at this point, the faster the key creation will go.

+ +

When the "Key Generation Completed" screen +pops up, select Generate Certificate and choose to save it in a safe place on +your computer (we recommend making a folder called "Revocation Certificate" +in your home folder and keeping it there). This step is essential for your +email self-defense, as you'll learn more about in Section +5.

+ + +
+ +

Troubleshooting

+ +
+
I can't find the Enigmail menu.
+
In many new email programs, the main menu is represented by an image +of three stacked horizontal bars. Enigmail may be inside a section called +Tools.
+ +
More resources
+
If you're having trouble with our +instructions or just want to learn more, check out +Enigmail's wiki instructions for key generation.
+ + + +
+ +
+ + +
+ +

Advanced

+ +
+
Command line key generation
+
If you prefer using the command line for a higher +degree of control, you can follow the documentation from The GNU Privacy +Handbook. Make sure you stick with "RSA and RSA" (the default), +because it's newer and more secure than the algorithms the documentation +recommends. Also make sure your key is at least 2048 bits, or 4096 if you +want to be extra secure.
+ +
Advanced key pairs
+
When GnuPG creates a new keypair, it compartmentalizes +the encryption function from the signing function through subkeys. If you use +subkeys carefully, you can keep your GnuPG identity much more +secure and recover from a compromised key much more quickly. Alex Cabal +and the Debian wiki +provide good guides for setting up a secure subkey configuration.
+
+ +
+
+
+ + +
+
+ +

Step 2.b Upload your public key to a keyserver

+ +

In your email program's menu, select Enigmail → Key Management.

+ +

Right click on your key and select Upload Public Keys to Keyserver. You +don't have to use the default keyserver. If, after research, you would like +to change to a different default keyserver, you can change that setting +manually in the Enigmail preferences.

+ +

Now someone who wants to send you an encrypted message can +download your public key from the Internet. There are multiple keyservers +that you can select from the menu when you upload, but they are all copies +of each other, so it doesn't matter which one you use. However, it sometimes +takes a few hours for them to match each other when a new key is uploaded.

+ + +
+ +

Troubleshooting

+ +
+
The progress bar never finishes
+
Close the upload popup, make sure you are connected to the Internet, +and try again. If that doesn't work, try again, selecting a different +keyserver.
+ +
My key doesn't appear in the list
+
Try checking "Display All Keys by Default."
+ +
More documentation
+
If you're having trouble with our +instructions or just want to learn more, check out +Enigmail's documentation.
+ + + +
+ +
+ + +
+ +

Advanced

+ +
+
Uploading a key from the command line
+
You can also upload your keys to a keyserver through the command line. The sks Web site +maintains a list of highly interconnected keyservers. You can also directly export +your key as a file on your computer.
+
+ +
+
+
+ + +
+
+ +

GnuPG, OpenPGP, what?

+ +

In general, the terms GnuPG, GPG, GNU Privacy Guard, OpenPGP and PGP +are used interchangeably. Technically, OpenPGP (Pretty Good Privacy) is the +encryption standard, and GNU Privacy Guard (often shortened to GPG or GnuPG) +is the program that implements the standard. Enigmail is a plug-in program +for your email program that provides an interface for GnuPG.

+ +
+
+
+ + +
+ + +
+ +

#3 Try it out!

+ +

Now you'll try a test correspondence with a computer program named Edward, +who knows how to use encryption. Except where noted, these are the same +steps you'd follow when corresponding with a real, live person.

+ + +
+ + +
+ +
+ +

Step 3.a Send Edward your public key

+ +

This is a special step that you won't have to do when corresponding +with real people. In your email program's menu, go to Enigmail → Key +Management. You should see your key in the list that pops up. Right click +on your key and select Send Public Keys by Email. This will create a new +draft message, as if you had just hit the Write button.

+ +

Address the message to edward-en@fsf.org. Put at least one word +(whatever you want) in the subject and body of the email. Don't send yet.

+ +

The lock icon in the top left should be yellow, meaning encryption is +turned on. We want this first special message to be unencrypted, so +click the icon once to turn it off. The lock should become grey, with a +blue dot on it (to alert you that the setting has been changed from the +default). Once encryption is off, hit Send.

+ +

It may take two or three minutes for Edward to +respond. In the meantime, you might want to skip ahead and check out the Use it Well section of this guide. Once he's responded, +head to the next step. From here on, you'll be doing just the same thing as +when corresponding with a real person.

+ +

When you open Edward's reply, GnuPG may prompt you for your password +before using your private key to decrypt it.

+ +
+
+ + +
+
+ +

Step 3.b Send a test encrypted email

+ +

Write a new email in your email program, addressed to edward-en@fsf.org. Make the subject +"Encryption test" or something similar and write something in the body.

+ +

The lock icon in the top left of the window should be yellow, meaning +encryption is on. This will be your default from now on.

+ +

Next to the lock, you'll notice an icon of a pencil. We'll +get to this in a moment.

+ +

Click Send. Enigmail will pop up a window that says "Recipients not valid, +not trusted or not found."

+ +

To encrypt an email to Edward, you need his public key, so now you'll have +Enigmail download it from a keyserver. Click Download Missing Keys and use +the default in the pop-up that asks you to choose a keyserver. Once it finds +keys, check the first one (Key ID starting with C), then select ok. Select +ok in the next pop-up.

+ +

Now you are back at the "Recipients not valid, not trusted or not found" +screen. Check the box in front of Edward's key and click Send.

+ +

Since you encrypted this email with Edward's public key, +Edward's private key is required to decrypt it. Edward is the only one with +his private key, so no one except him can decrypt it.

+ + +
+ +

Troubleshooting

+ +
+
Enigmail can't find Edward's key
+
Close the pop-ups that have appeared since you clicked Send. Make sure +you are connected to the Internet and try again. If that doesn't work, repeat +the process, choosing a different keyserver when it asks you to pick one.
+ +
Unscrambled messages in the Sent folder
+
Even though you can't decrypt messages encrypted to someone else's key, +your email program will automatically save a copy encrypted to your public key, +which you'll be able to view from the Sent folder like a normal email. This +is normal, and it doesn't mean that your email was not sent encrypted.
+ +
More resources
+
If you're still having trouble with our +instructions or just want to learn more, check out +Enigmail's wiki.
+ + + +
+ +
+ + +
+ +

Advanced

+ +
+
Encrypt messages from the command line
+
You can also encrypt and decrypt messages and files from the command line, +if that's your preference. The option --armor makes the encrypted output +appear in the regular character set.
+
+ +
+
+
+ + +
+
+ +

Important: Security tips

+ +

Even if you encrypt your email, the subject line is not encrypted, so +don't put private information there. The sending and receiving addresses +aren't encrypted either, so a surveillance system can still figure out who +you're communicating with. Also, surveillance agents will know that you're +using GnuPG, even if they can't figure out what you're saying. When you +send attachments, Enigmail will give you the choice to encrypt them or not, +independent of the actual email.

+ +

For greater security against potential attacks, you can turn off +HTML. Instead, you can render the message body as plain text.

+ +
+
+ + +
+
+ +

Step 3.c Receive a response

+ +

When Edward receives your email, he will use his private key to decrypt +it, then reply to you.

+ +

It may take two or three minutes for Edward to +respond. In the meantime, you might want to skip ahead and check out the Use it Well section of this guide.

+ +
+
+ + +
+
+ +

Step 3.d Send a test signed email

+ +

GnuPG includes a way for you to sign messages and files, verifying that +they came from you and that they weren't tampered with along the way. These +signatures are stronger than their pen-and-paper cousins -- they're impossible +to forge, because they're impossible to create without your private key +(another reason to keep your private key safe).

+ +

You can sign messages to anyone, so it's a great way to make people +aware that you use GnuPG and that they can communicate with you securely. If +they don't have GnuPG, they will be able to read your message and see your +signature. If they do have GnuPG, they'll also be able to verify that your +signature is authentic.

+ +

To sign an email to Edward, compose any message to him and click the +pencil icon next to the lock icon so that it turns gold. If you sign a +message, GnuPG may ask you for your password before it sends the message, +because it needs to unlock your private key for signing.

+ +

With the lock and pencil icons, you can choose whether each message will +be encrypted, signed, both, or neither.

+ +
+
+ + +
+
+ +

Step 3.e Receive a response

+ +

When Edward receives your email, he will use your public key (which +you sent him in Step 3.A) to verify the message +you sent has not been tampered with and to encrypt his reply to you.

+ +

It may take two or three minutes for Edward to +respond. In the meantime, you might want to skip ahead and check out the Use it Well section of this guide.

+ +

Edward's reply will arrive encrypted, because he prefers to use encryption +whenever possible. If everything goes according to plan, it should say +"Your signature was verified." If your test signed email was also encrypted, +he will mention that first.

+ +

When you receive Edward's email and open it, Enigmail will +automatically detect that it is encrypted with your public key, and +then it will use your private key to decrypt it.

+ +

Notice the bar that Enigmail shows you above the message, with +information about the status of Edward's key.

+ +
+
+
+ + +
+ + +
+ +

#4 Learn the Web of Trust

+ +

Email encryption is a powerful technology, but it has a weakness; +it requires a way to verify that a person's public key is actually +theirs. Otherwise, there would be no way to stop an attacker from making +an email address with your friend's name, creating keys to go with it and +impersonating your friend. That's why the free software programmers that +developed email encryption created keysigning and the Web of Trust.

+ +

When you sign someone's key, you are publicly saying that you've verified +that it belongs to them and not someone else.

+ +

Signing keys and signing messages use the same type of mathematical +operation, but they carry very different implications. It's a good practice +to generally sign your email, but if you casually sign people's keys, you +may accidently end up vouching for the identity of an imposter.

+ +

People who use your public key can see who has signed it. Once you've +used GnuPG for a long time, your key may have hundreds of signatures. You +can consider a key to be more trustworthy if it has many signatures from +people that you trust. The Web of Trust is a constellation of GnuPG users, +connected to each other by chains of trust expressed through signatures.

+ +
+ + +
+ +
+ +

Step 4.a Sign a key

+ +

In your email program's menu, go to Enigmail → Key Management.

+ +

Right click on Edward's public key and select Sign Key from the context +menu.

+ +

In the window that pops up, select "I will not answer" and click ok.

+ +

Now you should be back at the Key Management menu. Select Keyserver → +Upload Public Keys and hit ok.

+ +

You've just effectively said "I trust that Edward's public +key actually belongs to Edward." This doesn't mean much because Edward isn't +a real person, but it's good practice.

+ + +
+
+ + +
+
+ +

Identifying keys: Fingerprints and IDs

+ +

People's public keys are usually identified by their key fingerprint, +which is a string of digits like F357AA1A5B1FA42CFD9FE52A9FF2194CC09A61E8 +(for Edward's key). You can see the fingerprint for your public key, and +other public keys saved on your computer, by going to Enigmail → Key +Management in your email program's menu, then right clicking on the key +and choosing Key Properties. It's good practice to share your fingerprint +wherever you share your email address, so that people can double-check that +they have the correct public key when they download yours from a keyserver.

+ +

You may also see public keys referred to by a shorter +key ID. This key ID is visible directly from the Key Management +window. These eight character key IDs were previously used for +identification, which used to be safe, but is no longer reliable. You +need to check the full fingerprint as part of verifying you have the +correct key for the person you are trying to contact. Spoofing, in +which someone intentionally generates a key with a fingerprint whose +final eight characters are the same as another, is unfortunately +common.

+ +
+
+ + +
+
+ +

Important: What to consider when signing keys

+ +

Before signing a person's key, you need to be confident that it actually +belongs to them, and that they are who they say they are. Ideally, this +confidence comes from having interactions and conversations with them over +time, and witnessing interactions between them and others. Whenever signing +a key, ask to see the full public key fingerprint, and not just the shorter +key ID. If you feel it's important to sign the key of someone you've just +met, also ask them to show you their government identification, and make +sure the name on the ID matches the name on the public key. In Enigmail, +answer honestly in the window that pops up and asks "How carefully have you +verified that the key you are about to sign actually belongs to the person(s) +named above?"

+ + +
+ +

Advanced

+ +
+
Master the Web of Trust
+
Unfortunately, trust does not spread between users the way many people +think. One of best ways to strengthen the GnuPG community is to deeply understand the Web of +Trust and to carefully sign as many people's keys as circumstances permit.
+ +
Set ownertrust
+
If you trust someone enough to validate other people's keys, you can assign +them an ownertrust level through Enigmails's key management window. Right +click on the other person's key, go to the "Select Owner Trust" menu option, +select the trustlevel and click OK. Only do this once you feel you have a +deep understanding of the Web of Trust.
+
+ +
+
+
+
+ + +
+ + +
+ +

#5 Use it well

+ +

Everyone uses GnuPG a little differently, but it's important to follow +some basic practices to keep your email secure. Not following them, you +risk the privacy of the people you communicate with, as well as your own, +and damage the Web of Trust.

+ +
+ + +
+ +
+ +

When should I encrypt? When should I sign?

+ +

The more you can encrypt your messages, the better. If you only encrypt +emails occasionally, each encrypted message could raise a red flag for +surveillance systems. If all or most of your email is encrypted, people +doing surveillance won't know where to start. That's not to say that only +encrypting some of your email isn't helpful -- it's a great start and it +makes bulk surveillance more difficult.

+ +

Unless you don't want to reveal your own identity (which requires other +protective measures), there's no reason not to sign every message, whether or +not you are encrypting. In addition to allowing those with GnuPG to verify +that the message came from you, signing is a non-intrusive way to remind +everyone that you use GnuPG and show support for secure communication. If you +often send signed messages to people that aren't familiar with GnuPG, it's +nice to also include a link to this guide in your standard email signature +(the text kind, not the cryptographic kind).

+ +
+
+ + +
+ +
+ +

Be wary of invalid keys

+ +

GnuPG makes email safer, but it's still important to watch out for invalid +keys, which might have fallen into the wrong hands. Email encrypted with +invalid keys might be readable by surveillance programs.

+ +

In your email program, go back to the first encrypted email that Edward +sent you. Because Edward encrypted it with your public key, it will have a +message from Enigmail at the top, which most likely says "Enigmail: Part of +this message encrypted."

+ +

When using GnuPG, make a habit of glancing at that bar. The program +will warn you there if you get an email signed with a key that can't +be trusted.

+ +
+
+ + +
+
+ +

Copy your revocation certificate to somewhere safe

+ +

Remember when you created your keys and saved the revocation certificate +that GnuPG made? It's time to copy that certificate onto the safest digital +storage that you have -- the ideal thing is a flash drive, disk, or hard +drive stored in a safe place in your home, not on a device you carry with +you regularly.

+ +

If your private key ever gets lost or stolen, you'll need this certificate +file to let people know that you are no longer using that keypair.

+ +
+
+ + +
+
+ +

Important: act swiftly if someone gets your private key

+ +

If you lose your private key or someone else gets ahold +of it (say, by stealing or cracking your computer), it's +important to revoke it immediately before someone else uses +it to read your encrypted email or forge your signature. This +guide doesn't cover how to revoke a key, but you can follow these instructions. +After you're done revoking, make a new key and send an email to everyone +with whom you usually use your key to make sure they know, including a copy +of your new key.

+ +
+
+ + + + + +
+
+ +

Webmail and GnuPG

+ +

When you use a web browser to access your email, you're using webmail, +an email program stored on a distant website. Unlike webmail, your desktop +email program runs on your own computer. Although webmail can't decrypt +encrypted email, it will still display it in its encrypted form. If you +primarily use webmail, you'll know to open your email client when you receive +a scrambled email.

+ +
+
+ + +
+ + +
+ +
+ + + + + + + + + + + + + + + + diff --git a/ua/workshops.html b/ua/workshops.html new file mode 100644 index 00000000..30ce3481 --- /dev/null +++ b/ua/workshops.html @@ -0,0 +1,403 @@ + + + + +Email Self-Defense - a guide to fighting surveillance with GnuPG +encryption + + + + + + + + + + + + + +
+
+ + +
+ +

+ +

#1 Get your friends or community interested

+ +

If you hear friends grumbling about their lack of privacy, ask them if +they're interested in attending a workshop on Email Self-Defense. If your +friends don't grumble about privacy, they may need some convincing. You might +even hear the classic "if you've got nothing to hide, you've got nothing to +fear" argument against using encryption.

+ +

Here are some talking points you can use to help explain why it's worth +it to learn GnuPG. Mix and match whichever you think will make sense to +your community:

+ +
+
+ +
+ +

Strength in numbers

+ +

Each person who chooses to resist mass surveillance with encryption makes +it easier for others to resist as well. People normalizing the use of strong +encryption has multiple powerful effects: it means those who need privacy +the most, like potential whistle-blowers and activists, are more likely to +learn about encryption. More people using encryption for more things also +makes it harder for surveillance systems to single out those that can't +afford to be found, and shows solidarity with those people.

+ +
+
+ +

People you respect may already be using encryption

+ +

Many journalists, whistleblowers, activists, and researchers use GnuPG, +so your friends might unknowingly have heard of a few people who use it +already. You can search for "BEGIN PUBLIC KEY BLOCK" + keyword to help make +a list of people and organizations who use GnuPG whom your community will +likely recognize.

+ +
+
+ +

Respect your friends' privacy

+ +

There's no objective way to judge what constitutes privacy-sensitive +correspondence. As such, it's better not to presume that just because you +find an email you sent to a friend innocuous, your friend (or a surveillance +agent, for that matter!) feels the same way. Show your friends respect by +encrypting your correspondence with them.

+ +
+
+ +

Privacy technology is normal in the physical world

+ +

In the physical realm, we take window blinds, envelopes, and closed doors +for granted as ways of protecting our privacy. Why should the digital realm +be any different?

+ +
+
+ +

We shouldn't have to trust our email providers with our privacy

+ +

Some email providers are very trustworthy, but many have incentives not +to protect your privacy and security. To be empowered digital citizens, +we need to build our own security from the bottom up.

+ +
+
+
+ + +
+ + +
+ +

#2 Plan The Workshop

+ +

Once you've got at least one interested friend, pick a date and start +planning out the workshop. Tell participants to bring their computer and +ID (for signing each other's keys). If you'd like to make it easy for the +participants to use Diceware for choosing passwords, get a pack of dice +beforehand. Make sure the location you select has an easily accessible +Internet connection, and make backup plans in case the connection stops +working on the day of the workshop. Libraries, coffee shops, and community +centers make great locations. Try to get all the participants to set up +an Enigmail-compatible email client before the event. Direct them to their +email provider's IT department or help page if they run into errors.

+ +

Estimate that the workshop will take at least forty minutes plus ten minutes +for each participant. Plan extra time for questions and technical glitches.

+ +

The success of the workshop requires understanding and catering to +the unique backgrounds and needs of each group of participants. Workshops +should stay small, so that each participant receives more individualized +instruction. If more than a handful of people want to participate, keep the +facilitator to participant ratio high by recruiting more facilitators, or by +facilitating multiple workshops. Small workshops among friends work great!

+ +
+
+ + +
+ + +
+ +

#3 Follow the guide as a group

+ +

Work through the Email Self-Defense guide a step at a time as a group. Talk +about the steps in detail, but make sure not to overload the participants +with minutia. Pitch the bulk of your instructions to the least tech-savvy +participants. Make sure all the participants complete each step before the +group moves on to the next one. Consider facilitating secondary workshops +afterwards for people that had trouble grasping the concepts, or those that +grasped them quickly and want to learn more.

+ +

In Section 2 of the guide, make +sure the participants upload their keys to the same keyserver so that +they can immediately download each other's keys later (sometimes +there is a delay in synchronization between keyservers). During Section 3, give the participants the option to +send test messages to each other instead of or as well as Edward. Similarly, +in Section 4, encourage the participants +to sign each other's keys. At the end, make sure to remind people to safely +back up their revocation certificates.

+ +
+
+ + +
+ + +
+ +

#4 Explain the pitfalls

+ +

Remind participants that encryption works only when it's explicitly used; +they won't be able to send an encrypted email to someone who hasn't already +set up encryption. Also remind participants to double-check the encryption icon +before hitting send, and that subjects and timestamps are never encrypted.

+ +

Explain the dangers +of running a proprietary system and +advocate for free software, because without it, we can't meaningfully +resist invasions of our digital privacy and autonomy.

+ +
+
+ + +
+ + +
+ +

#5 Share additional resources

+ +

GnuPG's advanced options are far too complex to teach in a single +workshop. If participants want to know more, point out the advanced subsections +in the guide and consider organizing another workshop. You can also share +GnuPG's and +Enigmail's +official documentation and mailing lists. Many GNU/Linux distribution's Web +sites also contain a page explaining some of GnuPG's advanced features.

+ +
+
+ + +
+ + +
+ +

#6 Follow up

+ +

Make sure everyone has shared email addresses and public key fingerprints +before they leave. Encourage the participants to continue to gain GnuPG +experience by emailing each other. Send them each an encrypted email one +week after the event, reminding them to try adding their public key ID to +places where they publicly list their email address.

+ +

If you have any suggestions for improving this workshop guide, please +let us know at campaigns@fsf.org.

+ +
+
+ + + + + + + + + + +