[seahorse/wip/userdocs: 224/416] help: reword, cleanup key-signing.page
- From: Aruna Sankaranarayanan <arunasank src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [seahorse/wip/userdocs: 224/416] help: reword, cleanup key-signing.page
- Date: Sun, 16 Mar 2014 20:48:17 +0000 (UTC)
commit e10d4b98207b9a1ae665c75c8f139982a5abc649
Author: Aruna Sankaranarayanan <arunasank src gnome org>
Date: Wed Jul 3 00:32:18 2013 +0530
help: reword, cleanup key-signing.page
help/C/key-signing.page | 100 +++++++++++++++++++----------------------------
1 files changed, 40 insertions(+), 60 deletions(-)
---
diff --git a/help/C/key-signing.page b/help/C/key-signing.page
index 102d537..e3bfc4e 100644
--- a/help/C/key-signing.page
+++ b/help/C/key-signing.page
@@ -19,84 +19,64 @@
<title>Why do keys require a signature?</title>
- <p><em>Public keys</em> are so popular because they are known to everyone
- once they have been <link xref="keys-sync-publish">published</link>. However
- it is essential to verify if a <em>Public key</em> belongs to the rightful
- owner or if it is an imitation key.</p>
+ <p>Public keys that are published on
+ <link xref="key-servers-what-are-they">key servers</link> contain the
+ <link xref="key-userid">user ID</link> of the key owner. It is quite easy for
+ someone to create a fake key with a user ID obtained from a key server. To
+ help people in verifying that your key is indeed genuinely yours, you can
+ sign your key and also ask people you know to sign your key.</p>
- <steps>
- <title>A possible scenario:</title>
- <item>
- <p>A and B want to communicate with each other. C wants to stop all
- communication between them, but A and B do not know this.</p>
- </item>
- <item>
- <p> A creates their <em>Public key</em> and publishes it on a
- <link xref="key-servers-what-are-they">key server</link>.</p>
- </item>
- <item>
- <p>C <link xref="keys-retrieve-remote">imports</link> A's key and
- using the information in it, creates a new imitation key. This
- imitation key will have the same details as A's key but will have a
- different <link xref="key-fingerprint">fingerprint</link>.</p>
- </item>
- <item>
- <p>C publishes the imitation key on a key server.</p>
- </item>
- <item>
- <p>B imports the key submitted by C, believing that it is A's key.</p>
- </item>
- <item>
- <p>A and B cannot communicate till they realise that the key has been
- compromised.</p>
- </item>
- </steps>
-
-<!--Should the above be described using pictures in a sequence?-aruna-->
+ <p>A <em>web of trust</em> on the Internet is a group of people who have
+ verified and signed each other's public keys. You can also establish a web of
+ trust among the people you want to communicate with by mutually signing each
+ other's keys. In this way, only keys signed by persons in the web of trust
+ are trusted by the other communicating members.</p>
-<section id="verify">
- <title>How can <em>Public keys</em> be verified?</title>
+<section id="my-sign">
+ <title>How do I sign keys?</title>
- <p>Usually, if you know the person you are communicating with, you can
- verify the <link xref="key-fingerprint">fingerprint</link> on their key, by
- asking them in person. In the cases when this is not possible, there is a
- provision to digitally <em>sign</em> someone's keys if you trust them. You
- may also sign your own key.</p>
+ <p> When you generate a new key, it is automatically signed by you. Any new
+ <link xref="key-subkeys">subkeys</link> that you generate are signed
+ automatically too. You can sign a key that you have
+ <link xref="keys-retrieve-remote">retrieved</link> from a key server or
+ <link xref="keys-import-export#import">imported</link> into
+ <app>Passwords and Keys</app>. When you sign a key you are vouching for the
+ it, so carefully verify the details of a key before signing it.</p>
<steps>
- <title>How does signing work?</title>
+ <title>To sign an imported key:</title>
<item>
- <p>A and B want to communicate. C wants to stop all communication
- between them.</p>
+ <p>Select the key.</p>
</item>
<item>
- <p>A creates a public key and requests common friends between her and
- B to sign the key. She may also choose to sign the key herself. Keys
- are signed using the <em>Private key</em>.</p>
+ <p>Right click the key and select
+ <guiseq><gui>Properties</gui><gui>Trust</gui></guiseq>.</p>
</item>
<item>
- <p>A publishes the signed key on a key server.</p>
+ <p>Click the <gui style="button">Sign this Key</gui> button.</p>
</item>
<item>
- <p>C publishes an imitation key, after retrieving A's information, but
- obviously this key will not have any signatures.</p>
+ <p>Depending on how carefully you have checked the key choose one out
+ of <gui style="radiobutton">Not at all</gui>,
+ <gui style="radiobutton">Casually</gui> or
+ <gui style="radiobutton">Very carefully</gui>.</p>
</item>
<item>
- <p>When B sees two keys in A's name, the signed key will be given more
- preference and imported, rather than the unsigned key uploaded by C.
- Signatures can be verified by decrypting the <em>Private keys</em> used
- to sign, with the <em>Public keys</em> on a key server.</p>
+ <p>You can also select if you want to revoke the signature at a later
+ date by checking the <gui style="checkbox">I can revoke this signature
+ at a later date</gui> checkbox and choose to keep your signature only
+ in the local copy of the key by selecting the
+ <gui style="checkbox">Others may not see this signature</gui>
+ checkbox.</p>
</item>
<item>
- <p>A and B can communicate.</p>
+ <p>When you own more than one PGP key, select the key you want to sign
+ with from the list next to <gui>Signer</gui>.</p>
+ </item>
+ <item>
+ <p>Click the <gui style="button">Sign</gui> button to finish.</p>
</item>
</steps>
- <p>You can establish a <em>web of trust</em> among the people you want to
- communicate with by mutually signing each other's keys. In this way, only
- keys signed by persons in the <em>web of trust</em> are trusted by the
- communicating members.</p>
-
</section>
-
</page>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]