[git] gnupg-doc - branch, master, updated. 82517ff08eab28a37bf4d349edcefa7327dd5f34
by Robert J. Hansen
cvs at cvs.gnupg.org
Tue Dec 1 20:40:12 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via 82517ff08eab28a37bf4d349edcefa7327dd5f34 (commit)
from fa61217e26a97c4b9f3294746a581aee5eb47ad8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 82517ff08eab28a37bf4d349edcefa7327dd5f34
Author: Robert J. Hansen <rjh at sixdemonbag.org>
Date: Tue Dec 1 14:29:05 2015 -0500
Added two sections: forgotten passphrases and package verification.
diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org
index 6443972..fe08967 100644
--- a/web/faq/gnupg-faq.org
+++ b/web/faq/gnupg-faq.org
@@ -76,7 +76,37 @@ aren't, please feel free to email the FAQ maintainer (Rob Hansen,
[[mailto:rjh at sixdemonbag.org?subject=The%20GnuPG%20FAQ][rjh at sixdemonbag.org]])
or bring your suggestion up on GnuPG-Users.
-
+** How do I get help?
+ :PROPERTIES:
+ :CUSTOM ID: gethelp
+ :END
+
+First, please don’t send emails directly to people in GnuPG. While we will
+try to help to people who send email directly to us, those emails quickly
+accumulate. Helping just six people a day can take an hour of time, and that's
+an hour less we have to work on making GnuPG better. Please reach out to the
+GnuPG community via the
+[[http://lists.gnupg.org/mailman/listinfo/gnupg-users][GnuPG-Users mailing list]],
+not individual people within
+GnuPG.
+
+Second, tell us your operating environment. Be as specific as possible
+What operating system are you using? Which version of GnuPG are you using?
+Where did you get GnuPG from? If your problem is related to email, which email
+client are you using? Which version number? Is GnuPG supported natively, or
+is there a plugin? If so, what's the version number of that?
+
+Third, tell us your problem. Be as specific as possible.
+
+Do this, and you might be surprised at how quickly your problem is solved.
+An example of a good question would be, “I’m running GnuPG 1.4.14 on an
+Ubuntu 15.04 x64 box. I'm using Thunderbird with Enigmail. Everything was
+fine until I did a software update. Ever since then I can't use GnuPG with
+email. What happened?” This question gives us enough to work with, and in
+short order someone will have an answer for you.
+
+A bad question would be, “How do I uninstall GnuPG?” We can’t help you at all;
+you've not given us any of the information we need to answer your question.
** Who maintains this FAQ?
:PROPERTIES:
@@ -110,7 +140,7 @@ Yes.
:CUSTOM_ID: last_checked
:END:
-September 2015.
+December 2015.
* General questions
@@ -358,6 +388,20 @@ The following mailing lists and web pages are generally known for
having a strong signal-to-noise ratio. Nevertheless, we strongly urge
you to keep a skeptical mind at all times.
+** Help! I lost my passphrase.
+ :PROPERTIES:
+ :CUSTOM_ID: lost_passphrase
+ :END:
+
+Unfortunately, we can’t help you. If you lose your passphrase, you’ll be
+unable to use that certificate to sign any new documents or decrypt any
+existing documents. You can still use it to verify signatures, though.
+(Technically you could encrypt documents, too, but without the passphrase
+there’s really not much point: how would you ever decrypt them?)
+
+If you can’t remember your passphrase, the best thing to do is use your
+pre-made revocation certificate to revoke your old certificate, upload the
+revocation to the keyserver network, and start anew with a fresh certificate.
** How can I spot the charlatans?
:PROPERTIES:
@@ -1570,7 +1614,42 @@ the signed file:
=gpg signed_file.asc=
+** How can I use GnuPG to verify a file I've downloaded?
+ :PROPERTIES:
+ :CUSTOM_ID: how_do_i_verify_signed_packages
+ :END:
+
+1. Get a copy of the author’s public certificate and import it to your
+ keyring. It’s important to get the author’s certificate through a
+ trusted source. On the internet, anyone can be pretend to be anyone.
+ Particularly, be careful if the certificate you have doesn’t match the
+ one used for prior code releases.
+
+2. Once you're confident you have the correct certificate, give it a local
+ signature. Assuming you want to locally sign certificate
+ 1DCBDC01B44427C7, you’d type:
+
+ =gpg --edit-key 1DCBDC01B44427C7 lsign=
+
+3. Download the software package. Let’s assume it’s called “foo.zip”.
+
+4. Download the detached signature for the package. Let’s assume it’s
+ called “foo.zip.asc”.
+
+5. Run:
+
+ =gpg foo.zip.asc=
+
+ GnuPG will assume the original file is in foo.zip. (If GnuPG can’t find
+ foo.zip, GnuPG will prompt you for the name of the original package.) If
+ all goes well, GnuPG will report good signatures and you may be confident
+ you've received the package as the author intended.
+Please note that a good signature doesn’t mean a piece of software is
+trustworthy, reliable, or bug-free. It just means nobody tampered with it and
+you’re receiving it as the author intends. Keep a healthy dose of
+skepticism, and remember that cryptography cannot save us from
+our own foolishness.
** How can I use GnuPG in an automated environment?
:PROPERTIES:
-----------------------------------------------------------------------
Summary of changes:
web/faq/gnupg-faq.org | 83 +++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 81 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
More information about the Gnupg-commits
mailing list