1
<?xml version="1.0" encoding="utf-8"?>
2
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
3
<!ENTITY legal SYSTEM "legal.xml">
4
<!ENTITY appversion "2.28.x">
5
<!ENTITY manrevision "3.1">
6
<!ENTITY date "July 2005">
7
<!ENTITY app "Passwords and Keys">
8
<!ENTITY daemon "<application>seahorse-daemon</application>">
9
<!ENTITY project "Seahorse">
10
<!ENTITY key "<glossterm>key</glossterm>">
11
<!ENTITY website "http://www.gnome.org/projects/seahorse/">
13
<article id="index" lang="gl">
15
<title>Passwords and Keys Manual</title>
17
<year>2005, 2006, 2007, 2008, 2009</year>
18
<holder>Jacob Perkins and Adam Schreiber</holder>
20
<publisher role="maintainer">
21
<publishername>Seahorse Project</publishername>
23
<!-- link to document containig the legal notice of GNU FDL -->
24
<legalnotice id="legalnotice">
26
Permission is granted to copy, distribute and/or modify this
27
document under the terms of the GNU Free Documentation
28
License (GFDL), Version 1.1 or any later version published
29
by the Free Software Foundation with no Invariant Sections,
30
no Front-Cover Texts, and no Back-Cover Texts. You can find
31
a copy of the GFDL at this <ulink type="help" url="ghelp:fdl">link</ulink> or in the file COPYING-DOCS
32
distributed with this manual.
34
<para> This manual is part of a collection of GNOME manuals
35
distributed under the GFDL. If you want to distribute this
36
manual separately from the collection, you can do so by
37
adding a copy of the license to the manual, as described in
38
section 6 of the license.
42
Many of the names used by companies to distinguish their
43
products and services are claimed as trademarks. Where those
44
names appear in any GNOME documentation, and the members of
45
the GNOME Documentation Project are made aware of those
46
trademarks, then the names are in capital letters or initial
51
DOCUMENT AND MODIFIED VERSIONS OF THE DOCUMENT ARE PROVIDED
52
UNDER THE TERMS OF THE GNU FREE DOCUMENTATION LICENSE
53
WITH THE FURTHER UNDERSTANDING THAT:
57
<para>DOCUMENT IS PROVIDED ON AN "AS IS" BASIS,
58
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR
59
IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES
60
THAT THE DOCUMENT OR MODIFIED VERSION OF THE
61
DOCUMENT IS FREE OF DEFECTS MERCHANTABLE, FIT FOR
62
A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE
63
RISK AS TO THE QUALITY, ACCURACY, AND PERFORMANCE
64
OF THE DOCUMENT OR MODIFIED VERSION OF THE
65
DOCUMENT IS WITH YOU. SHOULD ANY DOCUMENT OR
66
MODIFIED VERSION PROVE DEFECTIVE IN ANY RESPECT,
67
YOU (NOT THE INITIAL WRITER, AUTHOR OR ANY
68
CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY
69
SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER
70
OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS
71
LICENSE. NO USE OF ANY DOCUMENT OR MODIFIED
72
VERSION OF THE DOCUMENT IS AUTHORIZED HEREUNDER
73
EXCEPT UNDER THIS DISCLAIMER; AND
77
<para>UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL
78
THEORY, WHETHER IN TORT (INCLUDING NEGLIGENCE),
79
CONTRACT, OR OTHERWISE, SHALL THE AUTHOR,
80
INITIAL WRITER, ANY CONTRIBUTOR, OR ANY
81
DISTRIBUTOR OF THE DOCUMENT OR MODIFIED VERSION
82
OF THE DOCUMENT, OR ANY SUPPLIER OF ANY OF SUCH
83
PARTIES, BE LIABLE TO ANY PERSON FOR ANY
84
DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR
85
CONSEQUENTIAL DAMAGES OF ANY CHARACTER
86
INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS
87
OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR
88
MALFUNCTION, OR ANY AND ALL OTHER DAMAGES OR
89
LOSSES ARISING OUT OF OR RELATING TO USE OF THE
90
DOCUMENT AND MODIFIED VERSIONS OF THE DOCUMENT,
91
EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF
92
THE POSSIBILITY OF SUCH DAMAGES.
102
<firstname>Jacob</firstname>
103
<surname>Perkins</surname>
105
<orgname>Seahorse Project</orgname>
108
<email>jap1@users.sourceforge.net</email>
114
<firstname>Adam</firstname>
115
<surname>Schreiber</surname>
117
<orgname>Seahorse Project</orgname>
119
<email>sadam@clemson.edu</email>
124
<firstname>Paul</firstname>
125
<surname>Cutler</surname>
127
<orgname>GNOME Documentation Project</orgname>
129
<email>pcutler@foresightlinux.org</email>
134
<releaseinfo revision="2.28" role="draft">
136
<publisher role="maintainer">
137
<publishername>Seahorse Project</publishername>
139
<publisher role="maintainer">
140
<publishername>GNOME Documentation Project</publishername>
144
<revnumber>Passwords and Keys Manual V2.11.0</revnumber>
145
<date>May 2009</date>
149
<email>pcutler@foresightlinux.org</email>
154
<revnumber>Passwords and Keys Manual V0.10.1</revnumber>
155
<date>August 2008</date>
159
<email>sadam@clemson.edu</email>
164
<revnumber>Passwords and Keys Manual V0.9.1</revnumber>
165
<date>November 2006</date>
169
<email>milo_casagrande@yahoo.it</email>
174
<revnumber>Passwords and Keys Manual V0.9.0</revnumber>
175
<date>July 2005</date>
177
<para role="author">Adam Schreiber
178
<email>sadam@clemson.edu</email>
180
<para role="publisher">Seahorse Project</para>
184
<revnumber>Passwords and Keys Manual V0.7.0</revnumber>
185
<date>February 2003</date>
187
<para role="author">Jacob Perkins
190
<para role="publisher">Seahorse Project</para>
194
<releaseinfo>This manual describes version 2.28.x of Passwords and Keys</releaseinfo>
196
<title>Feedback</title>
197
<para>To report a bug or make a suggestion regarding the
198
<application>Passwords and Keys</application> application or this manual, follow the directions in the
199
<ulink url="ghelp:gnome-feedback" type="help">Gnome Feedback Page</ulink>.
203
<abstract role="description">
205
<application>Passwords and Keys</application> is the application for managing encryption keys for the GNOME Desktop
211
<indexterm zone="index">
212
<primary>Seahorse</primary>
215
<indexterm zone="index">
216
<primary>seahorse</primary>
219
<indexterm zone="index">
220
<primary>Encryption Keys</primary>
223
<!-- ============= Introduction ============================== -->
225
<sect1 id="introduction">
226
<title>Introduction</title>
228
You can use <application>Passwords and Keys</application> to create and manage <acronym>PGP</acronym> and <acronym>SSH</acronym> keys.
231
<application>Passwords and Keys</application> provides a front end to many of the features of
232
<ulink url="http://www.gnupg.org" type="http">Gnu Privacy Guard (GPG)</ulink> and
233
integrates with multiple components of the <ulink url="http://www.gnome.org">GNOME</ulink> desktop.
236
With <application>Passwords and Keys</application> you can:
240
<para>Create and manage PGP and SSH keys,</para>
243
<para>Export and import PGP and SSH keys,</para>
246
<para>Share your keys with others,</para>
252
<!-- ============= Getting Started ============================== -->
254
<sect1 id="seahorse-getting-started">
255
<title>Getting Started</title>
256
<sect2 id="seahorse-start">
257
<title>Starting <application>Passwords and Keys</application></title>
259
You can start <application>Passwords and Keys</application>
260
in the following ways:
264
<term><guimenu>Applications</guimenu> menu</term>
268
<guimenu>Accessories</guimenu>
269
<guimenuitem>Password and Keys</guimenuitem>
270
</menuchoice>.</para>
274
<term>Command Line</term>
277
Type <command>seahorse</command> then press <keycap>Return</keycap>.
284
<sect2 id="seahorse-when-start">
285
<title>When You Start <application>Passwords and Keys</application></title>
287
When you start <application>Passwords and Keys</application>, the <guilabel>Password and Keys</guilabel>
291
<figure id="seahorse-window">
292
<title>The <application>Passwords and Keys</application> Window</title>
296
<imagedata fileref="figures/seahorse-window.png" format="PNG"/>
300
Show the <application>Passwords and Keys</application> window.
308
The <application>Passwords and Keys</application> window contains the following elements:
312
<varlistentry><term>Menubar</term>
314
<para>The menus on the menubar contain all of the commands that you need to perform tasks in <application>Passwords and Keys</application>.</para>
317
<varlistentry><term>Toolbar</term>
319
<para>Use the toolbar to quickly access commonly-used commands.</para>
322
<varlistentry><term>Keys and Passwords Tabs</term>
324
<para>Provides access to the keys and passwords in the keyring.</para>
327
<varlistentry><term>First time options</term>
329
<para>Provides fast access to useful actions for first time users. From here you can:</para>
332
<para>Browse the help system,</para>
335
<para>Import keys in the keyring,</para>
338
<para>Create new keys.</para>
347
<!-- ============= Creating OpenPGP Keys ============================== -->
349
<sect1 id="pgp-generate">
350
<title>Creating OpenPGP Keys</title>
352
OpenPGP is a non proprietary protocol for encrypting e-mail with the use of public key
353
cryptography based on <acronym>PGP</acronym>. It defines standard formats for encrypted messages, signatures, private keys
354
and certificates for exchanging public keys.
357
Public key cryptography is a concept which involves the use of two keys:
358
a <emphasis>public key</emphasis>, that you can give to anyone with whom
359
you would like to communicate, and a <emphasis>private key</emphasis> which is
360
private and must be kept secret.
363
To create OpenPGP keys:
367
Choose <menuchoice><guimenu>File</guimenu><guimenuitem>New...</guimenuitem></menuchoice>
372
Select <guilabel>PGP Key</guilabel> and click <guibutton>Continue</guibutton>
377
Enter your full name (first - last), your e-mail address and any additional information.
378
You can also specify advanced options for the key: see below.
383
Click <guibutton>Create</guibutton> to create the new key pair.
388
The <guilabel>Passphrase for New PGP Key</guilabel> dialog will open.
389
Enter the passphrase twice for your new key.
396
Use similar practices to generating a strong password when choosing a
397
passphrase. The main difference between a password and a passphrase is that,
398
in a passphrase, spaces are valid characters.
402
<sect2 id="seahorse-pgp-advanced-mode">
403
<title>Advanced options</title>
405
Expand the <guibutton>Advanced key options</guibutton>
406
section to specify the following options for a new key:
410
<term><guilabel>Encryption Type</guilabel></term>
413
This field specifies the encryption algorithms used
414
to generate your keys.
418
<term><acronym>DSA</acronym> ElGamal</term>
421
This is the suggested choice as it will allow
422
you to encrypt, decrypt, sign and verify as needed.
427
<term><acronym>DSA</acronym></term>
430
Will allow signing only.
435
<term><acronym>RSA</acronym></term>
438
Will allow signing only.
446
<term><guilabel>Key Strength (bits)</guilabel></term>
449
This is the length of the key in bits. The longer the key,
450
the more secure it will be, provided a strong passphrase is
451
used. Conversely, performing any operation with a longer key
452
will require more time than it would with a shorter key. Acceptable
453
values are between 1024 and 4096 bits. At least 2048 bits is recommended.
458
<term><guilabel>Expiration Date</guilabel></term>
461
This is the date at which the key will cease to be usable for
462
performing encryption or signing operations. 6 months is a reasonable time
463
to set it to. You will have to either change the
464
expiration date or generate a new key or subkey after this amount
468
Sign your new key with your old one before it expires
469
to preserve your trust status.
479
<!-- ============= Creating SSH Keys ============================== -->
481
<sect1 id="ssh-generate">
482
<title>Creating Secure Shell Keys</title>
484
Secure Shell (<acronym>SSH</acronym>) is a way of logging into a remote computer to execute commands
486
SSH keys are used in key-based authentication system, as an alternative to the default password
487
authentication system.
488
With key-based authentication there is no need to manually type a password to authenticate.
491
Secure Shell keys are made of two keys: a <emphasis>private key</emphasis>, that must be kept secret,
492
and a <emphasis>public key</emphasis> which can be uploaded to any computer you need to access.
495
To create a Secure Shell key:
499
<para>Choose <menuchoice><guimenu>File</guimenu><guimenuitem>New...</guimenuitem></menuchoice></para>
502
<para>Select <guilabel>Secure Shell Key</guilabel> and click <guibutton>Continue</guibutton></para>
505
<para>Enter a description of what the key is to be used for. You can use your e-mail address or any other reminder. You can also specify advanced options for the key: see below.</para>
508
<para>Click <guibutton>Just Create Key</guibutton> to
509
create the new key, or <guibutton>Create and Set Up</guibutton>
510
to create the key and set up another computer to use it for authentication.</para>
513
<para>The <guilabel>Passphrase for New Secure Shell Key</guilabel>
515
Enter the passphrase twice for your new key.
519
Use similar practices to generating a
520
strong password when choosing a
521
passphrase. The main difference between a
522
password and a passphrase is that, in a
523
passphrase, spaces are valid characters.
531
<sect2 id="seahorse-ssh-advanced-options">
532
<title>Advanced options</title>
534
Expand the <guilabel>Advanced key options</guilabel> section to specify the following options for a new key:
539
<term><guilabel>Encryption Type</guilabel></term>
542
This field specifies the encryption
543
algorithms used to generate your key.
547
<term><acronym>RSA</acronym></term>
550
Use the <emphasis>Rivest-ShamirAdleman</emphasis>
551
(<acronym>RSA</acronym>) algorithm to create the SSH key.
552
This is the preferred and more secure choice.
557
<term><acronym>DSA</acronym></term>
560
Use the <emphasis>Digital Signature Algorithm</emphasis>
561
(<acronym>DSA</acronym>) to create the SSH key.
569
<term><guilabel>Key Strength (bits)</guilabel></term>
572
This is the length of the key in bits.
573
The longer the key, the more secure it
574
will be, provided a strong passphrase is
575
used. Conversely, performing any
576
operation with a longer key will require
577
more time than it would with a shorter
578
key. Acceptable values are between 1024
579
and 4096 bits. At least 2048 bits is recommended.
587
<!-- ============= OpenPGP Key Properties ============================== -->
589
<sect1 id="seahorse-key-properties">
590
<title>OpenPGP Key Properties</title>
592
The descriptions in this section apply to all OpenPGP keys.
596
To view properties of a <acronym>PGP</acronym> key:
600
Select the <acronym>PGP</acronym> key
601
from the main window,
606
Double click on it or choose <guilabel>Properties</guilabel>
612
Select the <guilabel>Details</guilabel> tab.
618
<sect2 id="pgp-public-key-properties">
619
<title id="pgp-private-key-properties">Properties</title>
623
<term><guilabel>Fingerprint</guilabel></term>
625
<para>The fingerprint is a unique string of characters that exactly identifies a key.</para>
629
<term><guilabel>KeyID</guilabel></term>
632
The KeyID is similar to the Fingerprint. However the KeyID only contains the last 8
633
characters of the fingerprint. Most of the time it is possible to identify a key with
634
only the KeyID, but occasionally two keys may have the same ID.
639
<term><guilabel>Type</guilabel></term>
642
Specifies the encryption algorithm used to generate a key. DSA keys can only sign.
643
ElGamal keys are used to encrypt.
648
<term><guilabel>Created</guilabel></term>
651
Indicates the date the key was created.
656
<term><guilabel>Expires</guilabel></term>
659
Indicates the date the key can no longer be used.
664
<term><guilabel>Strength</guilabel></term>
667
Indicates the length in bits of a key. In general the longer the key, the more security it
671
A long key is not enough to make up for the use of a weak passphrase.
681
<sect2 id="change-owner-trust">
684
Trust is an indication of how sure you are of a person's ability to correctly extend
685
the web of trust. When you are faced with a key you have not signed, the validity of
686
that person's key will be determined based on the signatures they have collected and
687
how well or not you trust the people who have made those signatures. By default, an
688
unknown key will require 3 signatures with marginal trust value or 1 fully trusted signature.
692
<guilabel>Unknown</guilabel>: You are not familiar with the person's ability to sign keys correctly.
695
<guilabel>Never</guilabel>: This person cannot correctly sign keys.
698
<guilabel>Marginal</guilabel>: This person checks for photo ID before signing a key, but
699
does not necessarily scrutinize the IDs.
702
<guilabel>Full</guilabel>: This person scrutinizes each and every person's photo IDs before
703
signing them (e.g. they only sign keys that truely belong to the person asking for the signature).
706
<guilabel>Ultimate</guilabel>: This level of trust should only be assigned to your own keys.
711
<sect2 id="disable-key">
712
<title>Enabling and Disabling Keys</title>
714
When a key is enabled, it can be used to perform encryption operations.
715
When a key is disabled, it cannot be used to encrypt to or verify signatures made by it.
719
<sect2 id="change-expires">
720
<title>Expiration Date</title>
722
A key can no longer be used to perform key operations after it has expired. Changing a
723
key's expiration date to a point in the future re-enables it. A good general practice
724
would be to have a master key that never expires and multiple subkeys that do and are
725
signed by the master key.
729
<sect2 id="userid-properties">
730
<title>User IDs</title>
732
User IDs allow multiple identities and email addresses to
733
be used with the same key.
736
They usually take the form of:
737
<programlisting>Name (comment) <email address></programlisting>
741
<title>Adding a User ID</title>
743
Adding a user ID is useful when you want to have
744
an identity for your job and one for your friends.
747
To add a user ID to a key:
751
Select the key from the main window,
756
Double click on it or choose <guibutton>Properties</guibutton> from the toolbar,
761
Select the <guilabel>Names and Signatures</guilabel> tab,
766
Click on <guibutton>Add Name</guibutton>.
772
After following the instructions above, you will be presented with a
773
dialog to fill in. The fields are detailed below.
777
<term><guilabel>Full Name</guilabel></term>
780
Enter your full name in the form
781
<programlisting><first> <last></programlisting>
782
A middle name or initial is optional.
787
You must enter at least 5 characters in this field.
794
<term><guilabel>Email Address</guilabel></term>
797
Your email address is how most
798
people will locate your key on a
799
key server or other key provider.
800
Make sure it is correct before
806
It should be of the form
807
<programlisting><replaceable><username></replaceable>@<replaceable><domainname></replaceable></programlisting>
814
<term><guilabel>Key Comment</guilabel></term>
817
The comment field can be used to
818
place any additional information
819
into the displayed name of your new
820
ID. This information can be
821
searched for on key servers.
829
<sect2 id="photoid-properties">
830
<title>Photo IDs</title>
832
Photo IDs allow a key owner to embed one or more pictures of themselves in a key.
833
These identities can be signed just like normal user IDs. A photo ID must be in JPEG
834
format and is recommended to be no larger than 240x288 pixels.</para>
836
If the chosen image is not of the required file type or size <application>Passwords and Keys</application>
837
can resize and convert it on the fly from
838
any image format supported by the <acronym>GDK</acronym> library.
842
<sect2 id="change-passphrase">
843
<title>Changing the Passphrase</title>
845
To change the passphrase assigned to a key:
849
Select the key from the main window,
854
Double click on it or choose <guilabel>Properties</guilabel> from the toolbar,
859
Click on <guibutton>Change Passphrase</guibutton>.
865
Enter the new passphrase and click <guibutton>OK</guibutton>.
870
<title>Deleting a Key</title>
872
To delete a key from your keyring:
876
Select the key from the main window,
881
Right click on it and choose <guilabel>Delete Key</guilabel>
884
<guimenu>Edit</guimenu>
885
<guimenuitem>Delete Key</guimenuitem>
893
You can delete your keys, trusted keys and collected keys.
899
<!-- ============= OpenPGP Properties ============================== -->
901
<sect1 id="subkey-properties">
902
<title>OpenPGP Subkey Properties</title>
904
Each OpenPGP key has a single master key used
905
to sign only. Subkeys are used to encrypt and
906
to sign as well. In this way, if your sub key is
907
compromised, you don't need to revoke your master key.
911
<term><guilabel>ID</guilabel></term>
914
This is the identifier of the subkey.
919
<term><guilabel>Type</guilabel></term>
922
Specifies the encryption algorithm used to generate a subkey.
923
<acronym>DSA</acronym> keys can only sign, ElGamal
924
keys are used to encrypt while <acronym>RSA</acronym> keys are
925
used to sign or to encrypt.
930
<term><guilabel>Created</guilabel></term>
933
Indicates the date the key was created.
938
<term><guilabel>Expires</guilabel></term>
941
Indicates the date the key can no longer be used.
946
<term><guilabel>Status</guilabel></term>
949
Indicates the status of the key.
954
<term><guilabel>Strength</guilabel></term>
957
Indicates the length in bits of the key. In general the longer the key, the more security it
961
A long key is not enough to make up for the use of a weak passphrase.
969
<sect2 id="add-subkey">
970
<title>Adding a Subkey</title>
972
To add a subkey to a key, from the <guilabel>Subkeys</guilabel>
973
section click on <guibutton>Add</guibutton> button.
976
After following the instructions above, you will be presented with a
977
dialog to fill in. The fields are detailed below.
981
<term>Key Type</term>
984
Specifies the encryption algorithm used to generate a subkey.
988
<term><acronym>DSA</acronym></term>
991
Use the <emphasis>Digital Signature Algorithm</emphasis>
992
(<acronym>DSA</acronym>) to create the subkey.
993
This subkey can sign only.
1001
Use the <emphasis>ElGamal</emphasis> algorithm to create the subkey.
1002
This subkey can encrypt only.
1010
Use the <emphasis>Rivest-Shamir Adleman</emphasis> (<acronym>RSA</acronym>)
1011
algorithm to create the subkey. This subkey can be used to sign or encrypt,
1012
but you have to create two different subkeys.
1020
<term>Key Length</term>
1023
Indicates the length in bits of the subkey.
1024
In general the longer the key, the more security it provides.
1029
<term>Expiration Date</term>
1032
Indicates the date the subkey can no longer be used.
1039
<sect2 id="change-subkey-expires">
1040
<title>Changing a Subkey Expiration Date</title>
1042
To change a subkey expiration date, select
1043
the subkey from the <guilabel>Subkeys</guilabel>
1048
Click on the <guibutton>Expire</guibutton> button on the left,
1053
From the date dialog choose the new expiration date or select
1054
<guilabel>Never expires</guilabel> for no expiration date.
1061
<sect2 id="revoke-subkey">
1062
<title>Revoking a Subkey</title>
1064
To revoke a subkey, select the subkey from the <guilabel>Subkeys</guilabel>
1069
Click on the <guibutton>Revoke</guibutton> button on the left,
1074
Choose a reason why to revoke the subkey:
1079
<term>No Reason</term>
1082
There isn't a specific reason to revoke the key.
1087
<term>Compromised</term>
1090
The key has been compromised.
1095
<term>Superseded</term>
1098
The key has been superseded by another one.
1103
<term>Not Used</term>
1106
The key is not used anymore.
1115
Enter a description of why you are revoking the key,
1120
Click on <guibutton>Revoke</guibutton>.
1127
The effect of revoking a subkey is immediate.
1132
<sect2 id="delete-subkey">
1133
<title>Deleting a Subkey</title>
1135
To delete a subkey, select the subkey from the <guilabel>Subkeys</guilabel>
1140
Click on the <guibutton>Delete</guibutton> button on the left.
1148
<!-- ============= SSH Key Properties ============================== -->
1150
<sect1 id="ssh-key-properties">
1151
<title>Secure Shell Key Properties</title>
1153
The descriptions in this section apply to all <acronym>SSH</acronym> keys.
1156
To view properties of a <acronym>SSH</acronym> key:
1160
Select the Secure Shell key
1161
from the main window,
1166
Double click on it or choose <guilabel>Properties</guilabel>
1172
Select the <guilabel>Details</guilabel> tab.
1178
<sect2 id="properties">
1179
<title>Properties</title>
1183
<term><guilabel>Fingerprint</guilabel></term>
1186
The fingerprint is a unique string of
1187
characters that exactly identifies a key.
1192
<term><guilabel>Algorithm</guilabel></term>
1195
Specifies the encryption algorithm used to
1201
<term><guilabel>Location</guilabel></term>
1204
This is the location where the
1205
<emphasis>private key</emphasis>
1211
<term><guilabel>Strength</guilabel></term>
1214
Indicates the length in bits of a key.
1215
In general the longer the key, the more
1216
security it provides.
1219
A long key is not enough to make up
1220
for the use of a weak passphrase.
1230
<sect2 id="delete-ssh-key">
1231
<title>Deleting a Secure Shell Key</title>
1233
To delete a Secure Shell key:
1237
Select the <acronym>SSH</acronym> key from the main window,
1242
Right click on it and choose <guilabel>Delete key</guilabel> or choose
1244
<guimenu>Edit</guimenu>
1245
<guimenuitem>Delete Key</guimenuitem>
1254
<!-- ============= Importing Keys ============================== -->
1257
<title>Importing Keys</title>
1259
To import keys choose
1261
<guimenu>File</guimenu>
1262
<guimenuitem>Import</guimenuitem>
1263
</menuchoice> and select, from the file chooser, a file containing at least one ASCII armored public key.
1266
Importing can also be performed by pasting the keys inside <application>Passwords and Keys</application>:
1270
Select an ASCII armored public block of text,
1275
Copy it to the clipboard,
1282
<guimenu>Edit</guimenu>
1283
<guimenuitem>Paste Keys</guimenuitem>
1291
<!-- ============= Exporting Keys ============================== -->
1294
<title>Exporting Keys</title>
1296
To export keys, select the keys in the main window
1299
<guimenu>File</guimenu>
1300
<guimenuitem>Export</guimenuitem>
1304
You can also export keys to the clipboard in an
1305
ASCII armored block of text:
1309
Select the keys in the main window,
1316
<guimenu>Edit</guimenu>
1317
<guimenuitem>Copy Keys</guimenuitem>
1326
<!-- ============= Signing a Key ============================== -->
1329
<title>Signing a Key</title>
1331
Signing another person's key means you are giving trust to that person.
1332
Before signing a key, you have to carefully check the key's fingerprint
1333
to be sure that the key really belongs to that person.
1336
To sign a key in your keyring:
1340
Select the key you want to sign from the
1341
<guilabel>Trusted Keys</guilabel> or
1342
<guilabel>Other Collected Keys</guilabel> tabs,
1347
Choose <guibutton>Sign</guibutton> from the toolbar
1349
<guimenu>File</guimenu>
1350
<guimenuitem>Sign</guimenuitem>
1356
Select how carefully the key has been checked,
1361
Indicate if the signature should be local to your keyring,
1362
and if your signature can be revoked,
1367
Click on <guibutton>Sign</guibutton>.
1374
<!-- ============= Preferences ============================== -->
1377
<title>Preferences</title>
1379
This section describes the preferences settable in <application>Passwords and Keys</application> by choosing
1381
<guimenu>Edit</guimenu>
1382
<guimenuitem>Preferences</guimenuitem>
1383
</menuchoice> from within <application>Passwords and Keys</application>.
1386
<sect2 id="keyring">
1387
<title>Password Keyrings</title>
1389
<title>Creating Keyrings</title>
1391
To create a new keyring, from the menu choose <menuchoice><guimenu>File</guimenu><guimenuitem>New</guimenuitem></menuchoice> and choose <guibutton>Password Keyring</guibutton>. Enter a name for the new keyring, and press enter.
1395
<title>Changing Keyring Passwords</title>
1397
To change the unlock password of the keyring, first select the appropriate keyring and then
1398
press <guibutton>Change Unlock Password</guibutton> button. You will then be prompted to
1399
type the old password in the <guilabel>Old password</guilabel> text box, the new password in the
1400
<guilabel>New password</guilabel> text box and
1401
confirm it in the <guilabel>Confirm password</guilabel> text box.
1402
To apply the settings, press <guibutton>Change</guibutton>.
1403
If the old password is correct, you will get a status
1404
message indicating the success of the operation. If the
1405
old password is not correct you will be asked to check
1410
<title>Removing Keyrings</title>
1412
To remove a keyring, first select the appropriate keyring and then
1413
from the menu choose <menuchoice><guimenu>Edit</guimenu> <guimenuitem>Delete</guimenuitem></menuchoice>.
1418
<sect2 id="key-servers">
1419
<title>Key Servers</title>
1421
Keep your and other's keys up to date by syncing keys periodically with
1422
remote keyservers. Syncing will make sure that you have the latest
1423
signatures made on all of your keys so that the web of trust will be the
1427
<application>Passwords and Keys</application> provides support for HKP and LDAP keyservers.
1431
<term><emphasis>HKP Servers</emphasis></term>
1434
HKP keyservers are ordinary web based keyservers such as the
1435
popular <ulink url="hkp://pool.sks-keyservers.net" type="hkp">hkp://pool.sks-keyservers.net</ulink>, also accessible at
1436
<ulink url="http://sks-keyservers.net" type="http">http://sks-keyservers.net</ulink>.
1441
<term><emphasis><acronym>LDAP</acronym> Keyservers</emphasis></term>
1444
<acronym>LDAP</acronym> keyservers are less common, but use the standard LDAP
1445
protocol to serve keys.
1446
<ulink url="ldap://keyserver.pgp.com" type="ldap">ldap://keyserver.pgp.com</ulink> is a good LDAP
1454
<sect2 id="key-sharing">
1455
<title>Key Sharing</title>
1457
Key Sharing is provided by DNS-SD, also known as Bonjour or Rendevous.
1458
Enabling key sharing will add the local <application>Passwords and Keys</application> users' public key rings
1459
to the remote search dialog. Using these local "key servers" will most
1460
likely be faster than accessing remote servers.
1465
<!-- ============= About ============================== -->
1468
<title>About Passwords and Keys</title>
1470
<application>Passwords and Keys</application>, its associated plugins, the preferences applet and the panel
1471
applet are known collectively as Seahorse. Seahorse was written by Jacob Perkins. The current
1472
maintainers are Stef Walter and Adam Schreiber. This manual is by Adam Schreiber. The project's web
1473
site was designed by Jim Pharis. To find more information about Seahorse, the project , please visit
1474
the <ulink url="http://www.gnome.org/projects/seahorse/" type="http">Seahorse web page</ulink>.
1477
To report a bug or make a suggestion regarding this application or
1478
this manual, follow the directions in the
1479
<ulink url="ghelp:user-guide?feedback-bugs" type="help">Feedback section of the GNOME User Guide</ulink>.
1482
This program is distributed under the terms of the GNU
1483
General Public license as published by the Free Software
1484
Foundation; either version 2 of the License, or (at your option)
1485
any later version. A
1486
<ulink url="ghelp:gpl" type="help">copy of this license</ulink>
1487
is included with this documentation; another can be found in the file
1488
COPYING included with the source code of this program.