ACC SHELL
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 8. Encryption with Passwords and Encryption Keys</title><link rel="stylesheet" href="susebooks.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Documentation"><link rel="up" href="part.management.html" title="Part II. Information Management"><link rel="prev" href="cha.crypto.html" title="Chapter 7. Encryption with KGpg"><link rel="next" href="cha.gnome.tomboy.html" title="Chapter 9. Taking Notes with Tomboy"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> > </span><a href="book.apps.html">Application Guide</a><span class="breadcrumbs-sep"> > </span><a href="part.management.html">Information Management</a><span class="breadcrumbs-sep"> > </span><strong><a accesskey="p" title="Chapter 7. Encryption with KGpg" href="cha.crypto.html"><span>◀</span></a> <a accesskey="n" title="Chapter 9. Taking Notes with Tomboy" href="cha.gnome.tomboy.html"><span>▶</span></a></strong></p></div></td></tr></table></div><div class="chapter" title="Chapter 8. Encryption with Passwords and Encryption Keys"><div class="titlepage"><div><div><h2 class="title"><a name="cha.gnome.crypto"></a>Chapter 8. Encryption with Passwords and Encryption Keys<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto">¶</a></span></h2></div></div></div><div class="toc"><p><b>Contents</b></p><dl><dt><span class="sect1"><a href="cha.gnome.crypto.html#sec.gnome.crypto.sign_encrypt">8.1. Signing and Encryption</a></span></dt><dt><span class="sect1"><a href="cha.gnome.crypto.html#cha.gnome.crypto.gen_key">8.2. Generating a New Key Pair</a></span></dt><dt><span class="sect1"><a href="cha.gnome.crypto.html#cha.gnome.crypto.modify_key">8.3. Modifying Key Properties</a></span></dt><dt><span class="sect1"><a href="cha.gnome.crypto.html#cha.gnome.crypto.import_key">8.4. Importing Keys</a></span></dt><dt><span class="sect1"><a href="cha.gnome.crypto.html#cha.gnome.crypto.export_key">8.5. Exporting Keys</a></span></dt><dt><span class="sect1"><a href="cha.gnome.crypto.html#cha.gnome.crypto.sign_key">8.6. Signing a Key</a></span></dt><dt><span class="sect1"><a href="cha.gnome.crypto.html#cha.gnome.crypto.nautilus">8.7. File Manager Integration</a></span></dt><dt><span class="sect1"><a href="cha.gnome.crypto.html#cha.gnome.crypto.gedit">8.8. Text Editor Integration</a></span></dt><dt><span class="sect1"><a href="cha.gnome.crypto.html#cha.gnome.crypto.applet">8.9. Clipboard Integration</a></span></dt><dt><span class="sect1"><a href="cha.gnome.crypto.html#cha.gnome.crypto.prefs">8.10. Encryption Preferences</a></span></dt></dl></div><p>
The GNOME Passwords and Encryption Keys program is an important component
of the encryption infrastructure on your system. With the help of this
program, you can create and manage PGP and SSH keys, import and export PGP
and SSH keys, share your keys with others, back up your keys and keyring,
cache your passphrase, and encrypt and decrypt the clipboard.
</p><div class="figure"><a name="id528778"></a><p class="title"><b>Figure 8.1. Passwords and Encryption Keys Main Window</b></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="73%"><tr><td><img src="images/seahorse_main.png" width="100%" alt="Passwords and Encryption Keys Main Window"></td></tr></table></div></div></div><br class="figure-break"><div class="sect1" title="8.1. Signing and Encryption"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.gnome.crypto.sign_encrypt"></a>8.1. Signing and Encryption<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.gnome.crypto.sign_encrypt">¶</a></span></h2></div></div></div><p>
<span class="emphasis"><em>Signing</em></span> means attaching electronic signatures to
email messages or even software to prove its origin. To keep someone else
from writing messages using your name, and to protect both you and the
people you send them to, you should sign your mails. Signatures help you
easily check the sender of the messages you receive and distinguish
authentic messages from malicious ones.
</p><p>
Software developers sign their software so that you can check the
integrity. Even if you get the software from an unofficial server, you
can verify the package with the signature.
</p><p>
You might also have sensitive information you want to protect from other
parties. <span class="emphasis"><em>Encryption</em></span> helps you transform data and
make it unreadable for others. This is important for companies so they
can protect internal information as well as their employees' privacy.
</p></div><div class="sect1" title="8.2. Generating a New Key Pair"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="cha.gnome.crypto.gen_key"></a>8.2. Generating a New Key Pair<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.gen_key">¶</a></span></h2></div></div></div><p>
To exchange encrypted messages with other users, you must first generate
your own key pair. One part of it—the <span class="emphasis"><em>public
key</em></span>—is distributed to your communication partners, who
can then use it to encrypt the files or email messages they send. The
other part of the key pair—the <span class="emphasis"><em>private
key</em></span>—is used to decrypt the encrypted contents.
</p><div class="important"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Important"><tr class="head"><td width="32"><img alt="[Important]" src="admon/important.png"></td><th align="left"></th></tr><tr><td colspan="2" align="left" valign="top"><p>
The public key is intended for the public and should be distributed to
all your communication partners. However, only you should have access to
the private key. Do not grant other users access to this data.
</p></td></tr></table></div><div class="sect2" title="8.2.1. Creating OpenPGP Keys"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.gen_key.openpgp"></a>8.2.1. Creating OpenPGP Keys<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.gen_key.openpgp">¶</a></span></h3></div></div></div><p>
OpenPGP is a non proprietary protocol for encrypting email with the use
of public key cryptography based on PGP. It defines standard formats for
encrypted messages, signatures, private keys, and certificates for
exchanging public keys.
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Click <span class="guimenu">File</span>+<span class="guimenu">New</span>+<span class="guimenu">PGP Key</span>.
</p></li><li><p>
Specify your full name, email address, and comment, if needed.
</p></li><li><p>
Click <span class="guimenu">Advanced key options</span> to specify the following
advanced options for the key.
</p><div class="variablelist"><dl><dt><span class="term">Encryption Type</span></dt><dd><p>
Specifies the encryption algorithms used to generate your keys.
<span class="guimenu">DSA ElGamal</span> is the recommended choice because it
lets you encrypt, decrypt, sign, and verify as needed. Both
<span class="guimenu">DSA (sign only)</span> and <span class="guimenu">RSA (sign
only)</span> allow only signing.
</p></dd><dt><span class="term">Key Strength</span></dt><dd><p>
Specifies the length of the key in bits. The longer the key, the
more secure it is (provided a strong passphrase is used), but keep
in mind that performing any operation with a longer key requires
more time than it does with a shorter key. Acceptable values are
between 1024 and 4096 bits. At least 2048 bits is recommended.
</p></dd><dt><span class="term">Expiration Date</span></dt><dd><p>
Specifies the date at which the key will cease to be usable for
performing encryption or signing operations. You will have to
either change the expiration date or generate a new key or subkey
after this amount of time passes. Sign your new key with your old
one before it expires to preserve your trust status.
</p></dd></dl></div></li><li><p>
Click <span class="guimenu">Create</span> to create the new key pair.
</p><p>
The <span class="guimenu">Passphrase for New PGP Key</span> dialog box opens.
</p></li><li><p>
Specify the passphrase twice for your new key, then click
<span class="guimenu">OK</span>.
</p><p>
When you specify a passphrase, use the same practices you use when you
create a strong password. The main difference between a password and a
passphrase is that spaces are valid characters in a passphrase.
</p></li></ol></div></div><div class="sect2" title="8.2.2. Creating Secure Shell Keys"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.gen_key.ssh"></a>8.2.2. Creating Secure Shell Keys<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.gen_key.ssh">¶</a></span></h3></div></div></div><p>
Secure Shell (SSH) is a method of logging into a remote computer to
execute commands on that machine. SSH keys are used in key-based
authentication system as an alternative to the default password
authentication system. With key-based authentication, there is no need
to manually type a password to authenticate.
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Click <span class="guimenu">File</span>+<span class="guimenu">New</span>+<span class="guimenu">Secure Shell Key</span>.
</p></li><li><p>
Select <span class="guimenu">Secure Shell Key</span>, then click
<span class="guimenu">Continue</span>.
</p></li><li><p>
Specify a description of what the key is to be used for.
</p><p>
You can use your email address or any other reminder.
</p></li><li><p>
Optionally, click <span class="guimenu">Advanced key options</span> to specify
the following advanced options for the key.
</p><p title="Encryption Type"><b>Encryption Type. </b>
Specifies the encryption algorithms used to generate your keys.
Select <span class="guimenu">RSA</span> to use the Rivest-Shamir-Adleman (RSA)
algorithm to create the SSH key. This is the preferred and more
secure choice. Select <span class="guimenu">DSA</span> to use the Digital
Signature Algorithm (DSA) to create the SSH key.
</p><p title="Key Strength"><b>Key Strength. </b>
Specifies the length of the key in bits. The longer the key, the more
secure it is (provided a strong passphrase is used), but keep in mind
that performing any operation with a longer key requires more time
than it does with a shorter key. Acceptable values are between 1024
and 4096 bits. At least 2048 bits is recommended.
</p></li><li><p>
Click <span class="guimenu">Just Create Key</span> to create the new key, or
click <span class="guimenu">Create and Set Up</span> to create the key and set
up another computer to use for authentication.
</p></li><li><p>
Specify the passphrase for your new key, click <span class="guimenu">OK</span>,
then repeat.
</p><p>
When you specify a passphrase, use the same practices you use when you
create a strong password. The main difference between a password and a
passphrase is that spaces are valid characters in a passphrase.
</p></li></ol></div></div></div><div class="sect1" title="8.3. Modifying Key Properties"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="cha.gnome.crypto.modify_key"></a>8.3. Modifying Key Properties<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.modify_key">¶</a></span></h2></div></div></div><p>
You can modify properties of existing OpenPGP or SSH keys.
</p><div class="sect2" title="8.3.1. Editing OpenPGP Key Properties"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.modify_key.openpgp"></a>8.3.1. Editing OpenPGP Key Properties<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.modify_key.openpgp">¶</a></span></h3></div></div></div><p>
The descriptions in this section apply to all OpenPGP keys.
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Double-click the PGP key you want to view or edit. (or select the key,
then click on <span class="guimenu">Properties</span> in toolbar).
</p></li><li><p>
Use the options on the <span class="guimenu">Owner</span> tab to add a photo to
the key or to change the passphrase associated with the key.
</p><p>
Photo IDs allow a key owner to embed one or more pictures of
themselves in a key. These identities can be signed just like normal
user IDs. A photo ID must be in JPEG format. The recommended size is
120×150 pixels.
</p><p>
If the chosen image does not meet the required file type or size,
Passwords and Encryption Keys can resize and convert it on the fly
from any image format supported by the GDK library.
</p></li><li><p>
Click the <span class="guimenu">Names and Signatures</span> tab to add a user ID
to a key.
</p><p>
See
<a class="xref" href="cha.gnome.crypto.html#cha.gnome.crypto.modify_key.openpgp.add_user" title="8.3.1.1. Adding a User ID">Section 8.3.1.1, “Adding a User ID”</a>
for more information.
</p></li><li><p>
Click the <span class="guimenu">Details</span> tab, which contains the following
properties:
</p><p title="Key ID:"><b>Key ID: </b>
The Key ID is similar to the Fingerprint, but the Key ID contains
only the last eight characters of the fingerprint. It is generally
possible to identify a key with only the Key ID, but sometimes two
keys might have the same Key ID.
</p><p title="Type:"><b>Type: </b>
Specifies the encryption algorithm used to generate a key. DSA keys
can only sign. ElGamal keys are used to encrypt.
</p><p title="Strength:"><b>Strength: </b>
Specifies the length, in bits, of the key. The longer the key, the
more security it provides. However, a long key will not compensate
for the use of a weak passphrase.
</p><p title="Fingerprint:"><b>Fingerprint: </b>
A unique string of characters that exactly identifies a key.
</p><p title="Created:"><b>Created: </b>
The date the key was created.
</p><p title="Expires:"><b>Expires: </b>
The date the key can no longer be used (a key can no longer be used
to perform key operations after it has expired). Changing a key's
expiration date to a point in the future re-enables it. A good
general practice is to have a master key that never expires and
multiple subkeys that do expire and are signed by the master key.
</p><p title="Override Owner Trust:"><b>Override Owner Trust: </b>
Here you can set the level of trust in the owner of the key. Trust is
an indication of how sure you are of a person's ability to correctly
extend the web of trust. When you are faced with a key you have not
signed, the validity of that person's key will be determined based on
the signatures they have collected and how well or not you trust the
people who have made those signatures.
</p><p title="Export Complete Key:"><b>Export Complete Key: </b>
Exports the key to a file.
</p><p title="Subkeys:"><b>Subkeys: </b>
See
<a class="xref" href="cha.gnome.crypto.html#cha.gnome.crypto.modify_key.openpgp.edit_subkey" title="8.3.1.2. Editing OpenPGP Subkey Properties">Section 8.3.1.2, “Editing OpenPGP Subkey Properties”</a>
for more information.
</p><div class="informalfigure"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="56%"><tr><td><img src="images/seahorse_editpgpkey.png" width="100%"></td></tr></table></div></div></li><li><p>
Click <span class="guimenu">Close</span>.
</p></li></ol></div><div class="sect3" title="8.3.1.1. Adding a User ID"><div class="titlepage"><div><div><h4 class="title"><a name="cha.gnome.crypto.modify_key.openpgp.add_user"></a>8.3.1.1. Adding a User ID<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.modify_key.openpgp.add_user">¶</a></span></h4></div></div></div><p>
User IDs allow multiple identities and email addresses to be used with
the same key. Adding a user ID is useful, for example, when you want to
have an identity for your job and one for your friends. They take the
following form:
</p><pre class="screen">
Name (<em class="replaceable"><code>comment</code></em>) <<em class="replaceable"><code>e-mail address</code></em>>
</pre><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Double-click the PGP key you want to view or edit (or select the key,
then click <span class="guimenu">Properties</span> in the toolbar).
</p></li><li><p>
Click the <span class="guimenu">Names and Signatures</span> tab, then click
<span class="guimenu">Add Name</span>.
</p></li><li><p>
Specify a name in the <span class="guimenu">Full Name</span> field.
</p><p>
You must enter at least five characters in this field.
</p></li><li><p>
Specify an email address in the <span class="guimenu">Email Address</span>
field.
</p><p>
Your email address is how most people will locate your key on a key
server or other key provider. Make sure it is correct before
continuing.
</p></li><li><p>
In the <span class="guimenu">Key Comment</span> field, specify additional
information that will display in the name of your new ID
</p><p>
This information can be searched for on key servers.
</p></li><li><p>
Click <span class="guimenu">Close</span>.
</p></li></ol></div></div><div class="sect3" title="8.3.1.2. Editing OpenPGP Subkey Properties"><div class="titlepage"><div><div><h4 class="title"><a name="cha.gnome.crypto.modify_key.openpgp.edit_subkey"></a>8.3.1.2. Editing OpenPGP Subkey Properties<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.modify_key.openpgp.edit_subkey">¶</a></span></h4></div></div></div><p>
Each OpenPGP key has a single master key used to sign only. Subkeys are
used to encrypt and to sign as well. In this way, if your sub key is
compromised, you don't need to revoke your master key.
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Double-click the PGP key you want to edit (or select the key, then
click <span class="guimenu">Properties</span> in the toolbar).
</p></li><li><p>
Click the <span class="guimenu">Details</span> tab, then click
<span class="guimenu">Subkeys</span>.
</p></li><li><p>
Use the button on the left of the dialog box to add, delete,
expire, or revoke subkeys.
</p><div class="informalfigure"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="53%"><tr><td><img src="images/seahorse_subkeys.png" width="100%"></td></tr></table></div></div><p>
Each subkey has the following information:
</p><p title="ID:"><b>ID: </b>
The identifier of the subkey.
</p><p title="Type:"><b>Type: </b>
Specifies the encryption algorithm used to generate a subkey. DSA
keys can only sign, ElGamal keys are used to encrypt, and RSA keys
are used to sign or to encrypt.
</p><p title="Created:"><b>Created: </b>
Specifies the date the key was created.
</p><p title="Expires:"><b>Expires: </b>
Specifies the date the key can no longer be used.
</p><p title="Status:"><b>Status: </b>
Specifies the status of the key.
</p><p title="Strength:"><b>Strength: </b>
Specifies the length, in bits, of the key. The longer the key, the
more security it provides. However, a long key will not compensate
for the use of a weak passphrase.
</p></li><li><p>
Click <span class="guimenu">Close</span>.
</p></li></ol></div></div></div><div class="sect2" title="8.3.2. Editing Secure Shell Key Properties"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.modify_key.ssh"></a>8.3.2. Editing Secure Shell Key Properties<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.modify_key.ssh">¶</a></span></h3></div></div></div><p>
The descriptions in this section apply to all SSH keys.
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Double-click the Secure Shell key you want to view or edit (or select
the key, then click <span class="guimenu">Properties</span> in the toolbar).
</p></li><li><p>
Use the options on the <span class="guimenu">Key</span> tab to change the name
of the key or the passphrase associated with the key.
</p></li><li><p>
Click the <span class="guimenu">Details</span> tab, which contains the following
properties:
</p><p title="Algorithm:"><b>Algorithm: </b>
Specifies the encryption algorithm used to generate a key.
</p><p title="Strength:"><b>Strength: </b>
Indicates the length in bits of a key. The longer the key, the more
security it provides. However, a long key does not make up for the
use of a weak passphrase.
</p><p title="Location:"><b>Location: </b>
The location where the private key has been stored.
</p><p title="Fingerprint:"><b>Fingerprint: </b>
A unique string of characters that exactly identifies a key.
</p><p title="Export Complete Key:"><b>Export Complete Key: </b>
Exports the key to a file.
</p><div class="informalfigure"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="56%"><tr><td><img src="images/seahorse_editsshkey.png" width="100%"></td></tr></table></div></div></li><li><p>
Click <span class="guimenu">Close</span>.
</p></li></ol></div></div></div><div class="sect1" title="8.4. Importing Keys"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="cha.gnome.crypto.import_key"></a>8.4. Importing Keys<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.import_key">¶</a></span></h2></div></div></div><p>
To import keys:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Click <span class="guimenu">File</span>+<span class="guimenu">Import</span>.
</p></li><li><p>
Select a file containing at least one ASCII armored public key.
</p></li><li><p>
Click <span class="guimenu">Open</span> to import the key.
</p></li></ol></div><p>
You can also paste keys inside Passwords and Encryption Keys:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Select an ASCII armored public block of text, then copy it to the
clipboard.
</p></li><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Click <span class="guimenu">Edit</span>+<span class="guimenu">Paste</span>
</p></li></ol></div></div><div class="sect1" title="8.5. Exporting Keys"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="cha.gnome.crypto.export_key"></a>8.5. Exporting Keys<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.export_key">¶</a></span></h2></div></div></div><p>
To export keys:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Select the keys you want to export.
</p></li><li><p>
Click <span class="guimenu">File</span>+<span class="guimenu">Export</span>.
</p></li><li><p>
Specify a filename and location for the exported key.
</p></li><li><p>
Click <span class="guimenu">Save</span> to export the key.
</p></li></ol></div><p>
You can also export keys to the clipboard in an ASCII armored block of
text:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Select the keys you want to export.
</p></li><li><p>
Click <span class="guimenu">Edit</span>+<span class="guimenu">Copy</span>.
</p></li></ol></div></div><div class="sect1" title="8.6. Signing a Key"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="cha.gnome.crypto.sign_key"></a>8.6. Signing a Key<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.sign_key">¶</a></span></h2></div></div></div><p>
Signing another person's key means that you are giving trust to that
person. Before signing a key, carefully check the key's fingerprint to
ensure that the key really belongs to that person.
</p><p>
Trust is an indication of how sure you are of a person's ability to
correctly extend the web of trust. When you are faced with a key you have
not signed, the validity of that person's key will be determined based on
the signatures they have collected and how well or not you trust the
people who have made those signatures. By default, an unknown key will
require three signatures with marginal trust value or one fully trusted
signature.
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Select the key you want to sign from the <span class="guimenu">My Personal
Keys</span> or <span class="guimenu">Other Keys</span> tabs.
</p></li><li><p>
Click <span class="guimenu">File</span>+<span class="guimenu">Sign</span>.
</p></li><li><p>
Select how carefully the key has been checked, then indicate if the
signature should be local to your keyring, and if your signature can be
revoked
</p><div class="informalfigure"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="55%"><tr><td><img src="images/seahorse_signkey.png" width="100%"></td></tr></table></div></div></li><li><p>
Click <span class="guimenu">Sign</span>.
</p></li></ol></div></div><div class="sect1" title="8.7. File Manager Integration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="cha.gnome.crypto.nautilus"></a>8.7. File Manager Integration<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.nautilus">¶</a></span></h2></div></div></div><p>
Passwords and Encryption Keys integrates with the Nautilus file manager.
You can encrypt, decrypt, sign, and verify files, as well as import
public keys from the file manager window without launching Passwords and
Encryption Keys.
</p><div class="note"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Note: Enabling File Manager Integration"><tr class="head"><td width="32"><img alt="[Note]" src="admon/note.png"></td><th align="left">Enabling File Manager Integration</th></tr><tr><td colspan="2" align="left" valign="top"><p>
The package <code class="systemitem">seahorse-plugins-nautilus</code> has to be
installed to enable file manager integration.
</p></td></tr></table></div><div class="sect2" title="8.7.1. Encrypting Files From Nautilus"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.nautilus.encrypt"></a>8.7.1. Encrypting Files From Nautilus<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.nautilus.encrypt">¶</a></span></h3></div></div></div><div class="procedure"><ol class="procedure" type="1"><li><p>
In Nautilus, right-click the files you want to encrypt.
</p></li><li><p>
Select <span class="guimenu">Encrypt</span>.
</p></li><li><p>
Select the people (recipients) you want to encrypt the file to, then
click <span class="guimenu">OK</span>.
</p></li></ol></div></div><div class="sect2" title="8.7.2. Signing Files From Nautilus"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.nautilus.sign"></a>8.7.2. Signing Files From Nautilus<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.nautilus.sign">¶</a></span></h3></div></div></div><div class="procedure"><ol class="procedure" type="1"><li><p>
In Nautilus, right-click the files you want to sign.
</p></li><li><p>
Select <span class="guimenu">Sign</span>.
</p></li><li><p>
Select a signer, then click <span class="guimenu">OK</span>.
</p></li><li><p>
If prompted, specify the passphrase of your private key, then click
<span class="guimenu">OK</span>.
</p></li></ol></div></div><div class="sect2" title="8.7.3. Decrypting Files From Nautilus"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.nautilus.decrypt"></a>8.7.3. Decrypting Files From Nautilus<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.nautilus.decrypt">¶</a></span></h3></div></div></div><p>
To decrypt an encrypted file in Nautilus, simply double-click the file
you want to decrypt.
</p><p>
If prompted, specify the passphrase of your private key.
</p></div><div class="sect2" title="8.7.4. Verifying Signatures From Nautilus"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.nautilus.verify"></a>8.7.4. Verifying Signatures From Nautilus<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.nautilus.verify">¶</a></span></h3></div></div></div><p>
To verify files, simply double-click the detached signature file.
Detached signature file names often have a <code class="filename">.sig</code>
extension.
</p></div></div><div class="sect1" title="8.8. Text Editor Integration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="cha.gnome.crypto.gedit"></a>8.8. Text Editor Integration<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.gedit">¶</a></span></h2></div></div></div><p>
Passwords and Encryption Keys integrates with the gedit text editor. You
can quickly encrypt, decrypt, sign, and verify text directly in the text
editor.
</p><div class="note"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Note: Enabling Text Editor Integration"><tr class="head"><td width="32"><img alt="[Note]" src="admon/note.png"></td><th align="left">Enabling Text Editor Integration</th></tr><tr><td colspan="2" align="left" valign="top"><p>
The package <code class="systemitem">seahorse-plugins-gedit</code> has to be
installed to enable text editor integration. The plugin has to be
enabled in gedit by choosing <span class="guimenu">Edit</span>+<span class="guimenu">Preferences</span>+<span class="guimenu">Plugins</span>
and checking <span class="guimenu">Text Encryption</span>.
</p></td></tr></table></div><div class="sect2" title="8.8.1. Encrypting Text in gedit"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.gedit.encrypt"></a>8.8.1. Encrypting Text in gedit<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.gedit.encrypt">¶</a></span></h3></div></div></div><div class="procedure"><ol class="procedure" type="1"><li><p>
In gedit, select the text you want to encrypt.
</p></li><li><p>
From menu, select <span class="guimenu">Edit</span>+<span class="guimenu">Encrypt</span>.
</p></li><li><p>
Select the people (recipients) you want to encrypt the file to, then
click <span class="guimenu">OK</span>.
</p></li></ol></div></div><div class="sect2" title="8.8.2. Signing Text in gedit"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.gedit.sign"></a>8.8.2. Signing Text in gedit<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.gedit.sign">¶</a></span></h3></div></div></div><div class="procedure"><ol class="procedure" type="1"><li><p>
In gedit, select the text you want to sign.
</p></li><li><p>
From menu, select <span class="guimenu">Edit</span>+<span class="guimenu">Sign</span>.
</p></li><li><p>
Select a signer, then click <span class="guimenu">OK</span>.
</p></li><li><p>
If prompted, specify the passphrase of your private key, then click
<span class="guimenu">OK</span>.
</p></li></ol></div></div><div class="sect2" title="8.8.3. Decrypting Text and Verifying Its Signatures"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.gedit.decrypt"></a>8.8.3. Decrypting Text and Verifying Its Signatures<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.gedit.decrypt">¶</a></span></h3></div></div></div><div class="procedure"><ol class="procedure" type="1"><li><p>
In gedit, select the text you want to decrypt or the text which
signature you want to verify.
</p></li><li><p>
From menu, select <span class="guimenu">Edit</span>+<span class="guimenu">Decrypt/Verify</span>.
</p></li></ol></div></div></div><div class="sect1" title="8.9. Clipboard Integration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="cha.gnome.crypto.applet"></a>8.9. Clipboard Integration<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.applet">¶</a></span></h2></div></div></div><p>
Passwords and Encryption Keys integrates with the clipboard in GNOME
desktop. You can quickly encrypt, decrypt, sign, and verify text in the
clipboard.
</p><div class="note"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Note: Enabling Clipboard Integration"><tr class="head"><td width="32"><img alt="[Note]" src="admon/note.png"></td><th align="left">Enabling Clipboard Integration</th></tr><tr><td colspan="2" align="left" valign="top"><p>
The package <code class="systemitem">seahorse-plugins-applet</code> has to be
installed to enable clipboard integration. If it is installed, the
<span class="guimenu">Clipboard Text Encryption</span> applet can be added to the
GNOME panel. To add the applet, right-click an empty space on your panel
and select <span class="guimenu">Add to Panel</span>+<span class="guimenu">Clipboard Text Encryption</span>.
</p></td></tr></table></div><p>
To encrypt, decrypt, sign, or verify text using the encryption applet,
follow these steps:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Copy the text to be encrypted, signed, decrypted, or verified to the
clipboard.
</p></li><li><p>
Left-click the encryption applet icon in the panel and choose the
appropriate action from the menu.
</p></li><li><p>
If you are encrypting, select recipients. If you are signing, select a
signer. You may need to enter a passphrase.
</p></li><li><p>
You can paste encrypted, decrypted, signed, or verified text where
needed.
</p></li></ol></div></div><div class="sect1" title="8.10. Encryption Preferences"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="cha.gnome.crypto.prefs"></a>8.10. Encryption Preferences<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.prefs">¶</a></span></h2></div></div></div><p>
Functionality of the Password and Encryption Keys tool can be customized.
Possible options are described in this section.
</p><div class="sect2" title="8.10.1. Encryption Settings"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.prefs.encrypt"></a>8.10.1. Encryption Settings<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.prefs.encrypt">¶</a></span></h3></div></div></div><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">Control
Center</span>+<span class="guimenu">Personal</span>+<span class="guimenu">Encryption and
Keyrings</span>.
</p></li><li><p>
Click <span class="guimenu">Encryption</span> tab.
</p><div class="informalfigure"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="66%"><tr><td><img src="images/seahorse_encryptionsettings.png" width="100%"></td></tr></table></div></div></li><li><p>
Choose from the following options:
</p><p title="Default Key:"><b>Default Key: </b>
Specifies the key you want to use to sign files. Files will be
encrypted to this key if the <span class="guimenu">When encrypting, always include
myself as a recipient</span> option is selected.
</p><p title="When encrypting, always include myself as a recipient:"><b>When encrypting, always include myself as a recipient: </b>
Select this option to add yourself to the recipients list for all
files encrypted by Passwords and Encryption Keys. If you do not
select this option, and you do not select yourself as a recipient,
you cannot decrypt any files you encrypt.
</p></li><li><p>
Click <span class="guimenu">Close</span>.
</p></li></ol></div></div><div class="sect2" title="8.10.2. Passphrase Cache"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.prefs.cache"></a>8.10.2. Passphrase Cache<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.prefs.cache">¶</a></span></h3></div></div></div><p>
Enabling Passwords and Encryption Keys's passphrase caching ability
allows you to perform many operations that require entering your
passphrase without reentering it every time
<code class="systemitem">seahorse-daemon</code> takes the place of
<code class="systemitem">gpg-agent</code>. Letting the cached passphrases
expire is usually a good idea. This will then require reentering your
passphrase, but adds security.
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">Control
Center</span>+<span class="guimenu">Personal</span>+<span class="guimenu">Encryption and
Keyrings</span>.
</p></li><li><p>
Click the <span class="guimenu">PGP Passphrases</span> tab.
</p><div class="informalfigure"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="66%"><tr><td><img src="images/seahorse_passphrasecache.png" width="100%"></td></tr></table></div></div></li><li><p>
Choose from the following options:
</p><p title="Never remember passphrases"><b>Never remember passphrases. </b>
Select this option to not remember any passphrase.
</p><p title="Remember passphrases for ... minutes"><b>Remember passphrases for ... minutes. </b>
Specifies the amount of time, in minutes, for storing passphrases.
</p><p title="Always remember passphrases whenever logged in"><b>Always remember passphrases whenever logged in. </b>
Select this option to remember any passphrases whenever you are
logged in to the session.
</p><p title="Ask me before using a cached passphrase"><b>Ask me before using a cached passphrase. </b>
Select this option to ask you before a stored passphrase is used.
</p><p title="Show icon in status area when passphrases are in memory"><b>Show icon in status area when passphrases are in memory. </b>
Select this option to show a warning icon when passphrases are in
memory.
</p></li><li><p>
Click <span class="guimenu">Close</span>.
</p></li></ol></div></div><div class="sect2" title="8.10.3. Password Keyrings"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.prefs.keyrings"></a>8.10.3. Password Keyrings<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.prefs.keyrings">¶</a></span></h3></div></div></div><p>
You can use password keyring preferences to create or remove keyrings,
to set the default keyring for application passwords or to change the unlock
password of a keyring. To create a new keyring, follow these steps:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Click <span class="guimenu">File</span>+<span class="guimenu">New</span>+<span class="guimenu">Password Keyring</span>, then click
<span class="guimenu">Continue</span>.
</p></li><li><p>
Enter new keyring's name and press <span class="guimenu">Add</span>.
</p></li><li><p>
Set and confirm new keyring's <span class="guimenu">Password</span> and click
<span class="guimenu">Create</span>.
</p></li></ol></div><p>
To change the unlock password of an existing keyring, click on the keyring
in the <span class="guimenu">Passwords</span> tab and press <span class="guimenu">Change
Password</span>. You have to provide the old password to be able to
change it.
</p><p>
To change the default keyring for application passwords, click on the
keyring in the <span class="guimenu">Passwords</span> tab and press <span class="guimenu">Set
as Default</span>.
</p></div><div class="sect2" title="8.10.4. Key Servers"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.prefs.servers"></a>8.10.4. Key Servers<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.prefs.servers">¶</a></span></h3></div></div></div><p>
You can keep your keys up-to-date by syncing keys periodically with
remote keyservers. Syncing will ensure that you have the latest
signatures made on all of your keys, so that the web of trust will be
effective.
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Click <span class="guimenu">Edit</span>+<span class="guimenu">Preferences</span>, then click the
<span class="guimenu">Key Servers</span> tab.
</p><div class="informalfigure"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="66%"><tr><td><img src="images/seahorse_keyservers.png" width="100%"></td></tr></table></div></div><p>
Passwords and Encryption Keys provides support for HKP and LDAP
keyservers.
</p><p title="HKP Servers:"><b>HKP Servers: </b>
HKP keyservers are ordinary Web-based keyservers such as the popular
hkp://pgp.mit.edu:11371, also accessible at
<a class="ulink" href="http://pgp.mit.edu" target="_top">http://pgp.mit.edu</a>.
</p><p title="LDAP Keyservers:"><b>LDAP Keyservers: </b>
LDAP keyservers are less common, but use the standard LDAP protocol
to serve keys. ldap://keyserver.pgp.com is a good LDAP server.
</p><p>
You can <span class="guimenu">Add</span> or <span class="guimenu">Remove</span> keyservers
to be used using the buttons on the left. To add a new keyserver, set
its type, host and port, if necessary.
</p></li><li><p>
Set whether you want to automatically publish your public keys and
which keyserver to use. Set whether you want to automatically
retrieve keys from keyservers and whether to synchronize modified keys
with keyservers.
</p></li><li><p>
Click <span class="guimenu">Close</span>.
</p></li></ol></div></div><div class="sect2" title="8.10.5. Key Sharing"><div class="titlepage"><div><div><h3 class="title"><a name="cha.gnome.crypto.prefs.sharing"></a>8.10.5. Key Sharing<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.gnome.crypto.prefs.sharing">¶</a></span></h3></div></div></div><p>
Key Sharing is provided by DNS-SD, also known as Bonjour or Rendevous.
Enabling key sharing adds the local Passwords and Encryption Keys users'
public key rings to the remote search dialog box. Using these local key
servers is generally faster than accessing remote servers.
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Click <span class="guimenu">Computer</span>+<span class="guimenu">More
Applications</span>+<span class="guimenu">Utilities</span>+<span class="guimenu">Passwords and Encryption Keys</span>.
</p></li><li><p>
Click <span class="guimenu">Edit</span>+<span class="guimenu">Preferences</span>, then click the
<span class="guimenu">Key Sharing</span> tab.
</p><div class="informalfigure"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="50%"><tr><td><img src="images/seahorse_keysharing.png" width="100%"></td></tr></table></div></div></li><li><p>
Select <span class="guimenu">Share my keys with others on my network</span>.
</p></li><li><p>
Click <span class="guimenu">Close</span>.
</p></li></ol></div></div></div></div><div class="navfooter"><table width="100%" summary="Navigation footer" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> > </span><a href="book.apps.html">Application Guide</a><span class="breadcrumbs-sep"> > </span><a href="part.management.html">Information Management</a><span class="breadcrumbs-sep"> > </span><strong><a accesskey="p" title="Chapter 7. Encryption with KGpg" href="cha.crypto.html"><span>◀</span></a> <a accesskey="n" title="Chapter 9. Taking Notes with Tomboy" href="cha.gnome.tomboy.html"><span>▶</span></a></strong></p></div></td></tr></table></div></body></html>
ACC SHELL 2018