From: zoe1 Date: Tue, 13 Jul 2021 18:31:02 +0000 (+0200) Subject: changes dana comments X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=b7f7b4a2cff8c7d7ab2d01005079e2886d0ba653;p=enc-live.git changes dana comments --- diff --git a/en/index.html b/en/index.html index 1f69a28..6cba481 100644 --- a/en/index.html +++ b/en/index.html @@ -553,8 +553,7 @@ own version. This makes it safer from surveillance than proprietary software (like Windows or macOS). Learn more about free software at fsf.org.

-

Most GNU/Linux operating systems come with GnuPG installed on them, -so you don't have to download it. Before configuring your encryption setup with this guide, though, you'll need a desktop email program based on Thunderbird installed on your computer. Many GNU/Linux distributions have Thunderbird installed already. If you're using a fully free distribution of GNU/Linux, we recommend installing "Icedove" instead. Programs like these are another way to access the same email accounts you can access in a browser (like Gmail), but provide extra features.

+

Most GNU/Linux operating systems come with GnuPG installed on them, so if you're running one of these systems, you don't have to download it. If you're running macOS or Windows, steps to download GnuPG are below. Before configuring your encryption setup with this guide, though, you'll need a desktop email program based on Thunderbird installed on your computer. Many GNU/Linux distributions have Thunderbird installed already. If you're using a fully free distribution of GNU/Linux, we recommend installing "Icedove" instead. Programs like these are another way to access the same email accounts you can access in a browser (like Gmail), but provide extra features.

If you already have an email program, you can skip to Step 2.

@@ -594,7 +593,7 @@ like "Add account" or "New/Existing email account."
Before searching the Web, we recommend you start by asking other people who use your email system, to figure out the correct settings.
-
I can't find the menu.
+
I can't find the menu
In many new email programs, the main menu is represented by an image of three stacked horizontal bars.
@@ -624,9 +623,9 @@ page.
Use a third-party package manager to install GnuPG
-
Your macOS comes with a terminal pre-installed, which we'll use to setup your encryption with GnuPG. However, the default macOS package manager makes it difficult to install GnuPG and other pieces of free software (like Emacs, GIMP, or Inkscape).

-To make things easier, we recommend setting up the third-party package manager "Homebrew" to install GnuPG. Copy the link on the home page of Homebrew and paste it in your terminal. Click "Enter" and wait for it to finalize.

-When it is done, install the program by entering the following code:

+
Your macOS comes with a program called Terminal pre-installed, which we'll use to set up your encryption with GnuPG, using the command line. However, the default macOS package manager makes it difficult to install GnuPG and other pieces of free software (like Emacs, GIMP, or Inkscape).

+To make things easier, we recommend setting up the third-party package manager "Homebrew" to install GnuPG. Copy the link on the home page of Homebrew and paste it in Terminal. Click "Enter" and wait for it to finalize.

+When it is done, install the program by entering the following code in Terminal:

brew install gnupg gnupg2. After installation is done, you can follow the steps of the rest of this guide.
@@ -640,9 +639,9 @@ When it is done, install the program by entering the following code:

Get GnuPG by downloading GPG4Win
GPG4Win is a email and file encryption software package that includes GnuPG. Download and install the latest version, choosing default options whenever asked. After it's installed, you can close any windows that it creates.

-Open the "Powershell" and follow the steps of the rest of this guide. -

We use the word "terminal" in the rest of this guide, but on your Windows machine, that program will be called "PowerShell."

+ +

To follow the rest of the steps in this guide, you'll use the program called "PowerShell", which is a program you'll see elsewhere referred to as a "terminal." This allows you to operate your computer using the command line.

@@ -715,8 +714,9 @@ alt="Step 2.A: Set your passphrase" />

Step 2.a Make a keypair

Make your keypair
-

We will use the command line to create a keypair using the gnupg program. This should be installed on your GNU/Linux operating system. -Open a terminal using ctrl + alt + t, or find it in your applications, and use the following code to create your keypair:

+

Open a terminal using ctrl + alt + t (on GNU/linux), or find it in your applications, and use the following code to create your keypair:

+ +

We will use the command line in a terminal to create a keypair using the GnuPG program. A terminal should be installed on your GNU/Linux operating system, if you are using a macOS or Windows OS system, use the programs "Terminal" (macOS) or "PowerShell" (Windows) that were also used in section 1.

# gpg --full-generate-key to start the process.

# To answer what kind of key you would like to create, select the default option 1 RSA and RSA.

@@ -751,17 +751,17 @@ song lyrics, quotes from books, and so on.

GnuPG is not installed
-GPG is not installed. You can check if this is the case with the command gpg --version +GPG is not installed. You can check if this is the case with the command gpg --version. If GnuPG is not installed, it would bring up the following result on most GNU/Linux operating systems, or something like it: Command 'gpg' not found, but can be installed with: sudo apt install gnupg. Follow that command and install the program.
I took too long to create my passphrase
-
That's okay. It's important to think about your passphrase, when you're ready, just follow the steps to create your key again.
+
That's okay. It's important to think about your passphrase. When you're ready, just follow the steps from the beginning again to create your key.
-
How can i see my key?
+
How can I see my key?
-Use the following command to see all keys gpg --list-keys. Yours should be listed in there, and later, so will Edward's (section 3). If you want to see only your key, you can use gpg --list-key [your@email] +Use the following command to see all keys gpg --list-keys. Yours should be listed in there, and later, so will Edward's (section 3). If you want to see only your key, you can use gpg --list-key [your@email]. You can also use gpg --list-secret-key to see your own private key.
More resources
@@ -832,8 +832,8 @@ takes a few hours for them to match each other when a new key is uploaded.


Generate a revocation certificate
-

Just in case you lose your key, or it gets compromised, you want to generate a certificate and choose to save it in a safe place on your computer for now (please refer to step 6.C for how to best store your revocation cerficate safely). This step is essential for your email self-defense, as you'll learn more about in Section -5.

+

Just in case you lose your key, or it gets compromised, you want to generate a certificate and choose to save it in a safe place on your computer for now (please refer to step 6.C for how to best store your revocation cerficate safely). This step is essential for your email self-defense, as you'll learn more about in Section 5.

+

# Copy your keyID gnupg --list-key [your@email] will list your public ("pub") key information, including your keyID, which is a unique list of numbers and letters. Copy this keyID, so you can use it in the following command.

# Upload your key to a server: gpg --output revoke.asc [keyID]

# It will prompt you to give a reason for revocation, we recommend to use 1 "key has been compromised"

@@ -847,13 +847,13 @@ takes a few hours for them to match each other when a new key is uploaded.

Troubleshooting

-
My key doesn't seem to be working or I get a "permission denied".
+
My key doesn't seem to be working or I get a "permission denied."
Like every other file or folder, gpg keys are subject to permissions. If these are not set correctly, your system may not be accepting your keys. You can follow the next steps to check, and update to the right permissions.

# Check your permissions: ls -l ~/.gnupg/*

-# Set permissions to read, write, execute for only yourself, no others. This is the recommended permission for your folder, you can use the code +# Set permissions to read, write, execute for only yourself, no others. This is the recommended permission for your folder. You can use the code chmod 700 ~/.gnupg.

-# Set permissions to read, write for only yourself, no others. This is the recommended permission for the keys inside your folder, you can use the code: chmod 600 ~/.gnupg/*.

+# Set permissions to read and write for yourself only, no others. This is the recommended permission for the keys inside your folder. You can use the code: chmod 600 ~/.gnupg/*.

If you have (for any reason) created your own folders inside ~/.gnupg, you must also additionally apply execute permissions to that folder. Folders require execution privileges to be opened. For more information on permissions, you can check out this detailed information guide.

@@ -956,7 +956,7 @@ Once you have set up your email with encryption, you can start contributing to e
I'm not sure the import worked correctly
-Under "Edit" (in Icedove) or "Tools" (in Thunderbird) look for "Account settings" → "End-To-End Encryption" you can see if your personal key associated with this email is found. If it is not, you can try again via the Add key option. Make sure you have the correct, active, secret key file. +Look for "Account settings" → "End-To-End Encryption" (Under "Edit" (in Icedove) or "Tools" (in Thunderbird)). Here you can see if your personal key associated with this email is found. If it is not, you can try again via the Add key option. Make sure you have the correct, active, secret key file.
@@ -1014,7 +1014,7 @@ href="mailto:edward-en@fsf.org">edward-en@fsf.org. Put at least one word

It may take two or three minutes for Edward to respond. In the meantime, you might want to skip ahead and check out the Use it Well section of this guide. Once you received a response, +href="#section6">Use it Well section of this guide. Once you have received a response, head to the next step. From here on, you'll be doing just the same thing as when corresponding with a real person.

@@ -1044,13 +1044,13 @@ alt="Step 4.B Option 2. Import key" />

Get Edward's key

To encrypt an email to Edward, you need its public key, so now you'll have to download it from a keyserver. You can do this in two different ways:

-

Option 1. In the email answer you received from Edward as a response to your first email, Edward's public key was included. On the right of the email, just above the writing area, you will find an "OpenPGP" button that has a lock and a little wheel next to it. Click that, and select Discover next to the text: "This message was sent with a key that you don't have yet." A popup with Edward's key details will follow. +

Option 1. In the email answer you received from Edward as a response to your first email, Edward's public key was included. On the right of the email, just above the writing area, you will find an "OpenPGP" button that has a lock and a little wheel next to it. Click that, and select Discover next to the text: "This message was sent with a key that you don't have yet." A popup with Edward's key details will follow. -

Option 2. Open your OpenPGP manager and under "Keyserver" choose Discover Keys Online. Here, fill in Edward's email address, and import Edward's key. +

Option 2. Open your OpenPGP manager and under "Keyserver" choose Discover Keys Online. Here, fill in Edward's email address, and import Edward's key.

The option Accepted (unverified) will add this key to your key manager, and now it can be used to send encrypted emails and to verify digital signatures from Edward.

-

Edward has many different emails associated with its key, you can safely import the key.

+

In the popup window confirming if you want to import Edward's key, you'll see many different emails that are all associated with its key. This is correct; you can safely import the key.

Since you encrypted this email with Edward's public key, Edward's private key is required to decrypt it. Edward is the only one with @@ -1063,7 +1063,7 @@ its private key, so no one except Edward can decrypt it.

href="mailto:edward-en@fsf.org">edward-en@fsf.org. Make the subject "Encryption test" or something similar and write something in the body.

-

This time, make sure encryption is turned on by using the drowpdown menu "Security" and select Require Encryption. Once encryption is on, hit Send.

+

This time, make sure encryption is turned on by using the dropdown menu "Security" and select Require Encryption. Once encryption is on, hit Send.


@@ -1077,7 +1077,7 @@ href="mailto:edward-en@fsf.org">edward-en@fsf.org. Make the subject
You may be trying to send an encrypted email to someone when you do not have their public key yet. Make sure you follow the steps above to import the key to your key manager. Open OpenPGP Key Manager to make sure the recipient is listed there.
Unable to send message
-
You could get the following message when trying to send your encrypted email: "Unable to send this message with end-to-end encryption, because there are problems with the keys of the following recipients: edward-en@fsf.org." This usually means you imported the key with the "unaccepted (unverified) option," if you go to the "key properties" of this key by right clicking on the key in the OpenPGP Key Manager, you can select the option Yes, but I have not verified that this is the correct key. in the "Acceptance" option at the bottom of this window. Resend the email.
+
You could get the following message when trying to send your encrypted email: "Unable to send this message with end-to-end encryption, because there are problems with the keys of the following recipients: edward-en@fsf.org." This usually means you imported the key with the "unaccepted (unverified) option." Go to the "key properties" of this key by right clicking on the key in the OpenPGP Key Manager, and select the option Yes, but I have not verified that this is the correct key in the "Acceptance" option at the bottom of this window. Resend the email.
I can't find Edward's key
Close the pop-ups that have appeared since you clicked Send. Make sure @@ -1226,13 +1226,13 @@ then it will use your private key to decrypt it.

-

#5 Learn the Web of Trust

+

#5 Learn about the Web of Trust

Illustration of keys all interconnected with a web of lines

-

Email encryption is a powerful technology, but it has a weakness; +

Email encryption is a powerful technology, but it has a weakness: it requires a way to verify that a person's public key is actually theirs. Otherwise, there would be no way to stop an attacker from making -an email address with your friend's name, creating keys to go with it and +an email address with your friend's name, creating keys to go with it, and impersonating your friend. That's why the free software programmers that developed email encryption created keysigning and the Web of Trust.

@@ -1267,11 +1267,11 @@ alt="Section 5: trusting a key" />

In your email program's menu, go to OpenPGP Key Manager and select Key properties by right clicking on Edward's key.

-

Under "Your Acceptance," you can select Yes, I've verified in person this key has the correct fingerprint"

+

Under "Your Acceptance," you can select Yes, I've verified in person this key has the correct fingerprint".

You've just effectively said "I trust that Edward's public key actually belongs to Edward." This doesn't mean much because Edward isn't -a real person, but it's good practice, and for real people it is important. You can read more about signing a person's key in the check IDs before signing section

+a real person, but it's good practice, and for real people it is important. You can read more about signing a person's key in the check IDs before signing section.

+
-
+
diff --git a/en/next_steps.html b/en/next_steps.html index 091e4f8..41cda8b 100644 --- a/en/next_steps.html +++ b/en/next_steps.html @@ -24,13 +24,13 @@ href="../static/img/favicon.ico" />
- -
+ +
-

#6 Next steps

+

#7 Next steps

You've now completed the basics of email encryption with GnuPG, taking action against bulk surveillance. These next steps will help make the most @@ -111,18 +111,18 @@ many. To welcome them, make it easy to find your public key and offer to help with encryption. Here are some suggestions:

    -
  • Lead an Email Self-Defense workshop for your friends and community, +
  • # Lead an Email Self-Defense workshop for your friends and community, using our teaching guide.
  • -
  • Use our sharing page to compose a message to a few friends and ask them to join you in using encrypted email. Remember to include your GnuPG public key fingerprint so they can easily download your key.
  • -
  • Add your public key fingerprint anywhere that you normally display +
  • # Add your public key fingerprint anywhere that you normally display your email address. Some good places are: your email signature (the text -kind, not the cryptographic kind), social media profiles, blogs, Websites, +kind, not the cryptographic kind), social media profiles, blogs, Web sites, or business cards. At the Free Software Foundation, we put ours on our staff page.
@@ -183,8 +183,8 @@ you secure.

--> -
+