href="//static.fsf.org/nosvn/enc-dev0/img/favicon.ico" />
</head>
-<body><iframe src="//static.fsf.org/nosvn/banners/2017fundraiser/" width="100%" height="100%" scrolling="no" style="overflow: hidden; border: 0 none; display: block;"></iframe>
+<body>
<!-- ~~~~~~~~~ GnuPG Header and introduction text ~~~~~~~~~ -->
<header class="row" id="header"><div>
<!-- Language list for browsers that do not have JS enabled -->
<ul id="languages" class="os">
<li><a class="current" href="/en">English - v4.0</a></li>
-<li><a href="/cs">Ä\8ceština - v4.0</a></li>
-<li><a href="/de">Deutsch - v3.0</a></li>
+<li><a href="/cs">Ä\8deština - v4.0</a></li>
+<li><a href="/de">Deutsch - v4.0</a></li>
<li><a href="/el">ελληνικά - v3.0</a></li>
<li><a href="/es">español - v4.0</a></li>
<li><a href="/fa">فارسی - v4.0</a></li>
<li><a href="/sq">Shqip - v4.0</a></li>
<li><a href="/sv">svenska - v4.0</a></li>
<li><a href="/tr">Türkçe - v4.0</a></li>
-<li><a
-href="https://libreplanet.org/wiki/GPG_guide/Translation_Guide"><strong><span
-style="color: #2F5FAA;">Translate!</span></strong></a></li>
+<li><a href="/zh-hans">简体中文 - v4.0</a></li>
+<li><a href="https://libreplanet.org/wiki/GPG_guide/Translation_Guide">
+<strong><span style="color: #2F5FAA;">Translate!</span></strong></a></li>
</ul>
<ul id="menu" class="os">
<li class="spacer"><a href="index.html">GNU/Linux</a></li>
<li><a href="mac.html">Mac OS</a></li>
<li><a href="windows.html" class="current">Windows</a></li>
-<li><a href="workshops.html">Teach your friends</a></li>
-<li><a href="https://fsf.org/share?u=https://u.fsf.org/zb&t=Email
-encryption for everyone via %40fsf">Share
-<img
-src="//static.fsf.org/nosvn/enc-dev0/img/gnu-social.png"
-class="share-logo"
+<li class="spacer"><a href="workshops.html">Teach your friends</a></li>
+<li class="spacer"><a
+href="https://fsf.org/share?u=https://u.fsf.org/zb&t=Email encryption for everyone via %40fsf">
+Share
+<img src="//static.fsf.org/nosvn/enc-dev0/img/gnu-social.png" class="share-logo"
alt="[GNU Social]" />
-<img
-src="//static.fsf.org/nosvn/enc-dev0/img/pump.io.png"
-class="share-logo"
-alt="[Pump.io]" />
-<img
-src="//static.fsf.org/nosvn/enc-dev0/img/reddit-alien.png"
-class="share-logo"
+<img src="//static.fsf.org/nosvn/enc-dev0/img/mastodon.png" class="share-logo"
+alt="[Mastodon]" />
+<img src="//static.fsf.org/nosvn/enc-dev0/img/reddit-alien.png" class="share-logo"
alt="[Reddit]" />
-<img
-src="//static.fsf.org/nosvn/enc-dev0/img/hacker-news.png"
-class="share-logo"
-alt="[Hacker News]" />
-</a></li>
+<img src="//static.fsf.org/nosvn/enc-dev0/img/hacker-news.png" class="share-logo"
+alt="[Hacker News]" /></a></li>
</ul>
<!-- ~~~~~~~~~ FSF Introduction ~~~~~~~~~ -->
<p class="notes">This guide relies on software which is <a
href="https://www.gnu.org/philosophy/free-sw.html">freely licensed</a>; it's
completely transparent and anyone can copy it or make their own version. This
-makes it safer from surveillance than proprietary software (like Windows). To
-defend your freedom as well as protect yourself from surveillance, we recommend
-you switch to a free software operating system like GNU/Linux. Learn more
-about free software at <a href="https://u.fsf.org/ys">fsf.org</a>.</p>
+makes it safer from surveillance than proprietary software (like Windows or Mac
+OS). To defend your freedom as well as protect yourself from surveillance, we
+recommend you switch to a free software operating system like GNU/Linux. Learn
+
more about free software at <a href="https://u.fsf.org/ys">fsf.org</a>.</p>
<p>To get started, you'll need the IceDove desktop email program installed
on your computer. For your system, IceDove may be known by the alternate name
<p>Open your email program and follow the wizard (step-by-step walkthrough)
that sets it up with your email account.</p>
+<p>Look for the letters SSL, TLS, or STARTTLS to the right of the servers
+when you're setting up your account. If you don't see them, you will still
+be able to use encryption, but this means that the people running your email
+system are running behind the industry standard in protecting your security
+and privacy. We recommend that you send them a friendly email asking them
+to enable SSL, TLS, or STARTTLS for your email server. They will know what
+you're talking about, so it's worth making the request even if you aren't
+an expert on these security systems.</p>
+
<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
<div class="troubleshooting">
<dl>
<dt>The wizard doesn't launch</dt>
<dd>You can launch the wizard yourself, but the menu option for doing so is
-named differently in each email programs. The button to launch it will be in
+named differently in each email program. The button to launch it will be in
the program's main menu, under "New" or something similar, titled something
like "Add account" or "New/Existing email account."</dd>
options whenever asked. After it's installed, you can close any windows that
it creates.</p>
+<p>There are major security flaws in versions of GnuPG provided by GPG4Win
+prior to 3.1.2. Make sure you have GPG4Win 3.1.2 or later.</p>
+
</div><!-- End .main -->
</div><!-- End #step1-b .step -->
<!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
<div id="step-1c" class="step">
<div class="sidebar">
-
<ul class="images">
-<li><img
-src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-01-tools-addons.png"
+<li><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-01-tools-addons.png"
alt="Step 1.C: Tools -> Add-ons" /></li>
-<li><img
-src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-02-search.png"
+<li><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-02-search.png"
alt="Step 1.C: Search Add-ons" /></li>
-<li><img
-src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-03-install.png"
+<li><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1b-03-install.png"
alt="Step 1.C: Install Add-ons" /></li>
</ul>
<h3><em>Step 1.c</em> Install the Enigmail plugin for your email program</h3>
<p>In your email program's menu, select Add-ons (it may be in the Tools
-section). Make sure Extensions is selected on the left. Do you see Enigmail? If
-so, skip this step.</p>
+section). Make sure Extensions is selected on the left. Do you see Enigmail?
+Make sure it's the latest version. If so, skip this step.</p>
<p>If not, search "Enigmail" with the search bar in the upper right. You
can take it from here. Restart your email program when you're done.</p>
+<p>There are major security flaws in Enigmail prior to version 2.0.7. Make
+sure you have Enigmail 2.0.7 or later.</p>
+
<!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
<div class="troubleshooting">
<dd>In many new email programs, the main menu is represented by an image of
three stacked horizontal bars.</dd>
+<dt>My email looks weird</dt>
+<dd>Enigmail doesn't tend to play nice with HTML, which is used to format
+emails, so it may disable your HTML formatting automatically. To send an
+HTML-formatted email without encryption or a signature, hold down the Shift
+key when you select compose. You can then write an email as if Enigmail
+wasn't there.</dd>
+
<dt class="feedback">Don't see a solution to your problem?</dt>
<dd class="feedback">Please let us know on the <a
href="https://libreplanet.org/wiki/GPG_guide/Public_Review">feedback
</div><!-- /.troubleshooting -->
</div><!-- End .main -->
-</div><!-- End #step-1c .step -->
+</div><!-- End #step-1b .step -->
</div></section><!-- End #section1 -->
<!-- ~~~~~~~~~ Section 2: Make your keys ~~~~~~~~~ -->
<p>Your private key is more like a physical key, because you keep it to
yourself (on your computer). You use GnuPG and your private key together to
descramble encrypted emails other people send to you. <span style="font-weight:
-bold;">You should never share you private key with anyone, under any
+bold;">You should never share your private key with anyone, under any
circumstances.</span></p>
<p>In addition to encryption and decryption, you can also use these keys to
<li>On the screen titled "Create Key," pick a strong password! You can
do it manually, or you can use the Diceware method. Doing it manually
is faster but not as secure. Using Diceware takes longer and requires
-dice, but creates a password that is much harder for attackers figure
+dice, but creates a password that is much harder for attackers to figure
out. To use it, read the section "Make a secure passphrase with Diceware" in <a
-href="https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/">this
-article</a> by Micah Lee.</li>
+href="https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/">
+this article</a> by Micah Lee.</li>
</ul>
<p>If you'd like to pick a password manually, come up with something
<dt>More resources</dt>
<dd>If you're having trouble with our
instructions or just want to learn more, check out <a
-href="https://enigmail.wiki/Key_Management#Generating_your_own_key_pair">Enigmail's
-wiki instructions for key generation</a>.</dd>
-
-<dt>My email looks weird</dt>
-<dd>Enigmail doesn't tend to play nice with HTML, which is used to format
-emails, so it may disable your HTML formatting automatically. To send an
-HTML-formatted email without encryption or a signature, hold down the Shift
-key when you select compose. You can then write an email as if Enigmail
-wasn't there.</dd>
+href="https://www.enigmail.net/documentation/Key_Management#Generating_your_own_key_pair">
+Enigmail's wiki instructions for key generation</a>.</dd>
<dt class="feedback">Don't see a solution to your problem?</dt>
<dd class="feedback">Please let us know on the <a
<p>In your email program's menu, select Enigmail → Key Management.</p>
-<p>Right click on your key and select Upload Public Keys to Keyserver. Use
-the default keyserver in the popup.</p>
+<p>Right click on your key and select Upload Public Keys to Keyserver. You
+don't have to use the default keyserver. If, after research, you would like
+to change to a different default keyserver, you can change that setting
+manually in the Enigmail preferences.</p>
<p class="notes">Now someone who wants to send you an encrypted message can
download your public key from the Internet. There are multiple keyservers
<dt>More documentation</dt>
<dd>If you're having trouble with our
instructions or just want to learn more, check out <a
-href="https://www.enigmail.net/documentation/quickstart-ch2.php#id2533620">Enigmail's
-documentation</a>.</dd>
+href="https://www.enigmail.net/documentation/Key_Management#Distributing_your_public_key">
+Enigmail's documentation</a>.</dd>
<dt class="feedback">Don't see a solution to your problem?</dt>
<dd class="feedback">Please let us know on the <a
<dt>More resources</dt>
<dd>If you're still having trouble with our
instructions or just want to learn more, check out <a
-href="https://enigmail.wiki/Signature_and_Encryption#Encrypting_a_message">Enigmail's
-wiki</a>.</dd>
+href="https://www.enigmail.net/documentation/Signature_and_Encryption#Encrypting_a_message">
+Enigmail's wiki</a>.</dd>
<dt class="feedback">Don't see a solution to your problem?</dt>
<dd class="feedback">Please let us know on the <a
send attachments, Enigmail will give you the choice to encrypt them or not,
independent of the actual email.</p>
+<p>For greater security against potential attacks, you can turn off
+HTML. Instead, you can render the message body as plain text.</p>
+
</div><!-- End .main -->
</div><!-- End #step-headers_unencrypted .step-->
<h3><em>Step 3.c</em> Receive a response</h3>
<p>When Edward receives your email, he will use his private key to decrypt
-it, then use your public key (which you sent him in <a href="#step-3a">Step
-3.A</a>) to encrypt his reply to you.</p>
+it, then reply to you. </p>
<p class="notes">It may take two or three minutes for Edward to
respond. In the meantime, you might want to skip ahead and check out the <a
href="#section5">Use it Well</a> section of this guide.</p>
-<p>When you receive Edward's email and open it, Enigmail will automatically
-detect that it is encrypted with your public key, and then it will use your
-private key to decrypt it.</p>
-
-<p>Notice the bar that Enigmail shows you above the message, with information
-about the status of Edward's key.</p>
-
</div><!-- End .main -->
</div><!-- End #step-3c .step -->
<h3><em>Step 3.e</em> Receive a response</h3>
-<p>When Edward receives your email, he will use your public key (which you
-sent him in <a href="#step-3a">Step 3.A</a>) to verify that your signature
-is authentic and the message you sent has not been tampered with.</p>
+<p>When Edward receives your email, he will use your public key (which
+you sent him in <a href="#step-3a">Step 3.A</a>) to verify the message
+you sent has not been tampered with and to encrypt his reply to you.</p>
<p class="notes">It may take two or three minutes for Edward to
respond. In the meantime, you might want to skip ahead and check out the <a
"Your signature was verified." If your test signed email was also encrypted,
he will mention that first.</p>
+<p>When you receive Edward's email and open it, Enigmail will
+automatically detect that it is encrypted with your public key, and
+then it will use your private key to decrypt it.</p>
+
+<p>Notice the bar that Enigmail shows you above the message, with
+information about the status of Edward's key.</p>
+
</div><!-- End .main -->
</div><!-- End #step-3e .step -->
</div></section>
<form enctype="application/x-www-form-urlencoded" action="/mk_path.cgi"
method="get">
-<p><strong>From:</strong><input type="text" placeholder="xD41A008"
+<p><strong>From:</strong><input type="text" value="xD41A008"
name="FROM"></p>
-<p><strong>To:</strong><input type="text" placeholder="50BD01x4" name="TO"></p>
+<p><strong>To:</strong><input type="text" value="50BD01x4" name="TO"></p>
<p class="buttons"><input type="submit" value="trust paths" name="PATHS"><input
type="reset" value="reset" name=".reset"></p>
wherever you share your email address, so that people can double-check that
they have the correct public key when they download yours from a keyserver.</p>
-<p class="notes">You may also see public keys referred to by their key ID,
-which is simply the last eight digits of the fingerprint, like C09A61E8 for
-Edward. The key ID is visible directly from the Key Management window. This
-key ID is like a person's first name (it is a useful shorthand but may not be
-unique to a given key), whereas the fingerprint actually identifies the key
-uniquely without the possibility of confusion. If you only have the key ID,
-you can still look up the key (as well as its fingerprint), like you did in
-Step 3, but if multiple options appear, you'll need the fingerprint of the
-person to whom you are trying to communicate to verify which one to use.</p>
+<p class="notes">You may also see public keys referred to by a shorter
+key ID. This key ID is visible directly from the Key Management
+window. These eight character key IDs were previously used for
+identification, which used to be safe, but is no longer reliable. You
+need to check the full fingerprint as part of verifying you have the
+correct key for the person you are trying to contact. Spoofing, in
+which someone intentionally generates a key with a fingerprint whose
+final eight characters are the same as another, is unfortunately
+common.</p>
</div><!-- End .main -->
</div><!-- End #step-identify_keys .step-->
<h3>Transferring you key</h3>
<p>You can use Enigmail's <a
-href="https://www.enigmail.net/documentation/keyman.php">key management
+href="https://www.enigmail.net/documentation/Key_Management">key management
window</a> to import and export keys. If you want to be able to read
your encrypted email on a different computer, you will need to export
your secret key from here. Be warned, if you transfer the key without <a
Attribution 4.0 license (or later version)</a>, and the rest of it is under
a <a href="https://creativecommons.org/licenses/by-sa/4.0">Creative Commons
Attribution-ShareAlike 4.0 license (or later version)</a>. Download the <a
-href="http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz">source
-code of Edward reply bot</a> by Andrew Engelbrecht
-<sudoman@ninthfloor.org> and Josh Drake <zamnedix@gnu.org>,
+href="http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz">
+source code of Edward reply bot</a> by Andrew Engelbrecht
+<andrew@engelbrecht.io> and Josh Drake <zamnedix@gnu.org>,
available under the GNU Affero General Public License. <a
href="http://www.gnu.org/licenses/license-list.html#OtherLicenses">Why these
licenses?</a></p>
alt="Journalism++" /></a></p><!-- /.credits -->
</div></footer><!-- End #footer -->
-<script src="//static.fsf.org/nosvn/enc-dev0/js/jquery-1.11.0.min.js"></script>
-<script src="//static.fsf.org/nosvn/enc-dev0/js/scripts.js"></script>
+<script type="text/javascript"
+src="//static.fsf.org/nosvn/enc-dev0/js/jquery-1.11.0.min.js"></script>
+<script type="text/javascript"
+src="//static.fsf.org/nosvn/enc-dev0/js/scripts.js"></script>
<!-- Piwik -->
-<script type="text/javascript" >
-// @license magnet:?xt=urn:btih:1f739d935676111cfff4b4693e3816e664797050&dn=gpl-3.0.txt GPL-v3-or-Later
-var pkBaseURL = (("https:" == document.location.protocol) ? "https://piwik.fsf.org/" : "http://piwik.fsf.org/");
-document.write(unescape("%3Cscript src='" + pkBaseURL + "piwik.js' type='text/javascript'%3E%3C/script%3E"));
-try {
- var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 13);
- piwikTracker.trackPageView();
- piwikTracker.enableLinkTracking();
-} catch( err ) {}
-// @license-end
-</script><noscript><p><img src="//piwik.fsf.org/piwik.php?idsite=13" style="border:0" alt="" /></p></noscript>
-<!-- End Piwik Tracking Code -->
-
+<script type="text/javascript">
+ // @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-2.0-or-later
+ var _paq = _paq || [];
+ _paq.push(["trackPageView"]);
+ _paq.push(["enableLinkTracking"]);
+
+ (function() {
+ var u = (("https:" == document.location.protocol) ? "https" : "http") + "://"+"piwik.fsf.org//";
+ _paq.push(["setTrackerUrl", u+"piwik.php"]);
+ _paq.push(["setSiteId", "13"]);
+ var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0]; g.type="text/javascript";
+ g.defer=true; g.async=true; g.src=u+"piwik.js"; s.parentNode.insertBefore(g,s);
+ })();
+ // @license-end
+</script>
+<!-- End Piwik Code -->
+<!-- Piwik Image Tracker -->
+<noscript><img src="https://piwik.fsf.org//piwik.php?idsite=13&rec=1" style="border:0" alt="" /></noscript>
+<!-- End Piwik -->
</body>
</html>
projects / enc-live.git / blobdiff