[git] gnupg-doc - branch, preview, updated. c62cd8cf4a9967314e4167af7f8ff0a9be58d003
by Kai Michaelis
cvs at cvs.gnupg.org
Thu Aug 3 17:00:34 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, preview has been updated
via c62cd8cf4a9967314e4167af7f8ff0a9be58d003 (commit)
via 5fd2885035e2bff7994ffcfd62046c801b5e050a (commit)
from 541cbcfea631a722644d289dc701d235281e4b23 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c62cd8cf4a9967314e4167af7f8ff0a9be58d003
Author: Kai Michaelis <kai at gnupg.org>
Date: Thu Aug 3 17:00:54 2017 +0200
blog: add imgs & finish blog post
diff --git a/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
index a762c41..7cecf15 100644
--- a/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
+++ b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
@@ -5,47 +5,84 @@
** Using the Web Key Service with Enigmail
- Obtaining the public key of someone has always being a major pain point of using GnuPG. OpenPGP doesn't "outsource" trust management by using a PKI. Instead it allows each user to decide whom to trust. This has the downside that we need to evaluate whenever we can trust a new public key for each new communication partner. Until recently there wasn't an automatic way to get the public key of someone you never communicated with.
+Obtaining the public key of someone has always being a major pain point of
+using GnuPG. OpenPGP doesn't "outsource" trust management by using a PKI.
+Instead it allows each user to decide whom to trust. This has the downside
+that we need to evaluate whenever we can trust a new public key for each
+new communication partner. Until recently there wasn't an automatic way to
+get the public key of someone you never communicated with.
- The [[Web Key Service]](https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html) and the new ~--auto-key-retrieve~ & ~--auto-key-locate~ available in recent versions of GnuPG.
+The [[https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html][Web Key Service]]
+and the new ~--auto-key-retrieve~ & ~--auto-key-locate~ available in recent
+versions of GnuPG.
*** Web Key Service
- The Web Key Service is a protocol to publish public OpenPGP keys via mail and retrieve others public keys using HTTPS. The advantage over HKPS is that every email provider maintains its own key server (called Web Key Directory, WKD) that is authoritative for all its users. This means that,
+The Web Key Service is a protocol to publish public OpenPGP keys via email
+and retrieve others public keys using HTTPS. The advantage over HKPS is that
+every email provider maintains its own key server (called Web Key Directory,
+WKD) that is authoritative for all its users. This means that,
- 1. There exists only one key server for a given email address. No need to ask multiple servers as with HKPS.
+1. there exists only one key server for a given email address. No need to ask
+ multiple servers as with HKPS,
- 2. When publishing a public key using mail, WKD makes sure the sender is in possession of the secret key.
+2. when publishing a public key using mail, WKD makes sure the sender is in
+ possession of the secret key,
- 3. Mail providers can (and should) make sure that only the owner of the mail account is able to publish a public key for it.
+3. email providers can (and should) make sure that only the owner of the
+ email account is able to publish a public key for it.
- Point three helps us with trust management. In case we trust the email provider of our communication partner we can trust the key retrieved by WKD more than one from an HKPS based key server.
+Point three helps us with trust management. In case we trust the email
+provider of our communication partner we can trust the key retrieved by WKD
+more than one from an HKPS based key server.
- TODO: more detail & image
+#+CAPTION: Web key service protocol overview
+#+ATTR_HTML: :style max-width: 600px
+[[file:img/wks-schema.png]]
*** Publish your public key to a Web Key Directory
- In order to use WKS you need a provider who supports it. After you configured the email account in Thunderbird you need to enable OpenPGP for it and generate a key pair.
- TODO: image: enable opepgp & key gen
+In order to use WKS you need a provider who supports it. After you configured
+the email account in Thunderbird you need to enable OpenPGP for it and
+generate a key pair.
- Then, open the key management window and find your public key. Right clicking it opens the context menu. There, select the option to upload the public key to your providers WKD.
+#+CAPTION: Enable the OpenPGP checkbox in the account settings.
+#+ATTR_HTML: :style max-width: 600px
+[[file:img/wks-account-settings.png]]
- TODO: image: key management context menu
+Then, open the key management window and find your public key. Right clicking
+it opens the context menu. There, select the option to upload the public key
+to your providers WKD.
- After submission the WKD will send a mail to you asking to confirm the publication request. The subject line and body copy can be defined by the WKD but Enigmail will display a yellow bar above the message announcing it is a confirmation request. Clicking the button on the right will send to confirmation mail to WKD.
+#+CAPTION: Context menu of the key management dialog.
+#+ATTR_HTML: :style max-width: 600px
+[[file:img/wks-key-mng.png]]
- TODO: image: confirmation req.
+After submission the WKD will send a email to you asking to confirm the
+publication request. The subject line and body copy can be defined by the WKD
+but Enigmail will display a yellow bar above the message announcing it is a
+confirmation request. Clicking the button on the right will send to
+confirmation email to WKD.
- After the mail has been sent, your public key will be accessible to everybody.
+#+CAPTION: Enigmail adds a yellow bar to the confirmation request.
+#+ATTR_HTML: :style max-width: 600px
+[[file:img/wks-confirm-req.png]]
+
+After the email has been sent, your public key will be accessible to
+everybody.
*** Receive others public key from a Web Key Directory
- Recent version of Enigmail receive missing public keys automatically form multiple sources, including WKD. Everybody who wants to send you an encrypted mail will be able to do so without finding you public key first.
+Recent version of Enigmail receive missing public keys automatically form
+multiple sources, including WKD. Everybody who wants to send you an encrypted
+email will be able to do so without finding you public key first.
- Because this is a bit anticlimactic but you can use the ~--auto-key-locate~ option to retrieve your own public key from the WKD to see whenever it worked.
+Because this is a bit anticlimactic but you can use the ~--auto-key-locate~
+option to retrieve your own public key from the WKD to see whenever it worked.
- ~HOME=`mktemp -d` gpg2 --auto-key-locate wkd -e -r <your email address>~
+~HOME=`mktemp -d` gpg2 --auto-key-locate wkd -e -r <your email address>~
- If GnuPG is able to retrieve the public key you will see a line that looks like that:
+If GnuPG is able to retrieve the public key you will see a line that looks
+like that:
- ~gpg: automatically retrieved '<your email address>' via WKD~
+~gpg: automatically retrieved '<your email address>' via WKD~
diff --git a/misc/blog.gnupg.org/img/wks-account-settings.png b/misc/blog.gnupg.org/img/wks-account-settings.png
new file mode 100644
index 0000000..4a6d47f
Binary files /dev/null and b/misc/blog.gnupg.org/img/wks-account-settings.png differ
diff --git a/misc/blog.gnupg.org/img/wks-confirm-req.png b/misc/blog.gnupg.org/img/wks-confirm-req.png
new file mode 100644
index 0000000..248a856
Binary files /dev/null and b/misc/blog.gnupg.org/img/wks-confirm-req.png differ
diff --git a/misc/blog.gnupg.org/img/wks-schema.png b/misc/blog.gnupg.org/img/wks-schema.png
new file mode 100644
index 0000000..b344903
Binary files /dev/null and b/misc/blog.gnupg.org/img/wks-schema.png differ
commit 5fd2885035e2bff7994ffcfd62046c801b5e050a
Author: Kai Michaelis <kai at gnupg.org>
Date: Tue Aug 1 17:37:40 2017 +0200
blog: WKS w/ Enigmail, 1st ver
diff --git a/misc/blog.gnupg.org/20170807-web-key-in-engimail.org b/misc/blog.gnupg.org/20170807-web-key-in-engimail.org
deleted file mode 100644
index 7c9c3ba..0000000
--- a/misc/blog.gnupg.org/20170807-web-key-in-engimail.org
+++ /dev/null
@@ -1,20 +0,0 @@
-# Using the Web Key Service with Enigmail
-#+STARTUP: showall
-#+AUTHOR: Kai
-#+DATE: August 7, 2017
-
-** Using the Web Key Service with Enigmail
-
- Obtaining the key of someone has always being a major pain point of using GnuPG. OpenPGP doesn't "outsource" trust management by using a PKI. Instead it allows each user to decide whom to trust. This has the downside that we need to evaluate whenever we can trust a new key for each novel communication partner. Until recently there wasn't an automatic way to get the key of someone you never communicated with.
-
- The [[Web Key Service]](https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html) and the new ~--auto-key-retrieve~ & ~--auto-key-locate~ available in recent versions of GnuPG.
-
-*** Web Key Service
-
- The Web Key Service is a protocol to publish OpenPGP keys via mail and retrieve others keys using HTTPS. The advatage over HKPS is that every email provider maintains its own key server (called Web Key Directory, WKD) that is authorative for all its users. This means that,
-
- 1. There exists only one key server for a given email address. No need to ask multiple servers as with HKPS.
-
- 2. When publishing a key using mail, WKD makes sure the sender is in possesion of the secret key.
-
- 3. Mail providers can (and should) make sure
diff --git a/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
new file mode 100644
index 0000000..a762c41
--- /dev/null
+++ b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
@@ -0,0 +1,51 @@
+# Using the Web Key Service with Enigmail
+#+STARTUP: showall
+#+AUTHOR: Kai
+#+DATE: August 7, 2017
+
+** Using the Web Key Service with Enigmail
+
+ Obtaining the public key of someone has always being a major pain point of using GnuPG. OpenPGP doesn't "outsource" trust management by using a PKI. Instead it allows each user to decide whom to trust. This has the downside that we need to evaluate whenever we can trust a new public key for each new communication partner. Until recently there wasn't an automatic way to get the public key of someone you never communicated with.
+
+ The [[Web Key Service]](https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html) and the new ~--auto-key-retrieve~ & ~--auto-key-locate~ available in recent versions of GnuPG.
+
+*** Web Key Service
+
+ The Web Key Service is a protocol to publish public OpenPGP keys via mail and retrieve others public keys using HTTPS. The advantage over HKPS is that every email provider maintains its own key server (called Web Key Directory, WKD) that is authoritative for all its users. This means that,
+
+ 1. There exists only one key server for a given email address. No need to ask multiple servers as with HKPS.
+
+ 2. When publishing a public key using mail, WKD makes sure the sender is in possession of the secret key.
+
+ 3. Mail providers can (and should) make sure that only the owner of the mail account is able to publish a public key for it.
+
+ Point three helps us with trust management. In case we trust the email provider of our communication partner we can trust the key retrieved by WKD more than one from an HKPS based key server.
+
+ TODO: more detail & image
+
+*** Publish your public key to a Web Key Directory
+
+ In order to use WKS you need a provider who supports it. After you configured the email account in Thunderbird you need to enable OpenPGP for it and generate a key pair.
+ TODO: image: enable opepgp & key gen
+
+ Then, open the key management window and find your public key. Right clicking it opens the context menu. There, select the option to upload the public key to your providers WKD.
+
+ TODO: image: key management context menu
+
+ After submission the WKD will send a mail to you asking to confirm the publication request. The subject line and body copy can be defined by the WKD but Enigmail will display a yellow bar above the message announcing it is a confirmation request. Clicking the button on the right will send to confirmation mail to WKD.
+
+ TODO: image: confirmation req.
+
+ After the mail has been sent, your public key will be accessible to everybody.
+
+*** Receive others public key from a Web Key Directory
+
+ Recent version of Enigmail receive missing public keys automatically form multiple sources, including WKD. Everybody who wants to send you an encrypted mail will be able to do so without finding you public key first.
+
+ Because this is a bit anticlimactic but you can use the ~--auto-key-locate~ option to retrieve your own public key from the WKD to see whenever it worked.
+
+ ~HOME=`mktemp -d` gpg2 --auto-key-locate wkd -e -r <your email address>~
+
+ If GnuPG is able to retrieve the public key you will see a line that looks like that:
+
+ ~gpg: automatically retrieved '<your email address>' via WKD~
-----------------------------------------------------------------------
Summary of changes:
.../20170807-web-key-in-engimail.org | 20 -----
.../20170807-web-key-in-enigmail.org | 88 +++++++++++++++++++++
misc/blog.gnupg.org/img/wks-account-settings.png | Bin 0 -> 39786 bytes
misc/blog.gnupg.org/img/wks-confirm-req.png | Bin 0 -> 25065 bytes
misc/blog.gnupg.org/img/wks-schema.png | Bin 0 -> 28318 bytes
5 files changed, 88 insertions(+), 20 deletions(-)
delete mode 100644 misc/blog.gnupg.org/20170807-web-key-in-engimail.org
create mode 100644 misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
create mode 100644 misc/blog.gnupg.org/img/wks-account-settings.png
create mode 100644 misc/blog.gnupg.org/img/wks-confirm-req.png
create mode 100644 misc/blog.gnupg.org/img/wks-schema.png
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
More information about the Gnupg-commits
mailing list