KGpg(签名、加密)

From KDE UserBase Wiki
Revision as of 06:00, 1 March 2019 by FuzzyBot (talk | contribs) (Updating to match new version of source page)
  KGpg 为gpg命令提供了图形界面


GnuPG加密和解密你的邮件和选定的文件。完成这样的操作需要很多的命令选项。有了 KGpg 忧虑就可以消除了 - 你不再需要记住任何命令。KGpg帮你建立和管理你密钥,导入和导出密钥,查看密钥签名,信任等级和有效期。实际上差不多所有你需要做的事情KGpg都覆盖到了。同时也提供向导帮助你建立你的密钥。

KGpg 集成KonquerorDolphin里, 这2个程序的右键关联菜单允许你选择签名和不签名情况下加密文件。
查看一个密钥的属性
 
右击密钥查看选项

Extending the life of your keys

As you can see in the image above, you can extend the life of your keys using the Change Expiration button. Simply choose the new date from the popup calendar. To do this, however, you must have access to the private key and its pass-phrase. Without them you can do nothing.

Change your passphrase

Should you suspect your passphrase is compromised, you can change this also from the Key Properties dialogue. The Change Passphrase button is below Change Expiration.

Revoking a key

If you lose your private key or think it has been compromised in some way you need to revoke it. To reliably render a key unusable you need to revoke it. Revoking is done by adding a special revocation signature to the key.

The revocation signature can be created together with the key. In this case it is stored in a separate file. This file can later be imported into the keyring and is then attached to the key rendering it unusable.

Warning

Please note that to import this signature to the key no password is required. Therefore you should store this revokation signature in a safe place, usually one that is different from you key pair. It is a good advise to use a place that is detached from your computer, either copy it to an external storage device like an USB stick or print it out.


If you have not created such a detached revocation on key creation you can create such a revocation signature at any time choosing Your Key -> Revoke key, optionally importing it to your keyring immediately.

Note

The option to revoke a key has only been available in the context menu until KDE SC 4.7.1. Since then it has been moved to the key menu.


Tip

When you start KGpg with default settings it will hide in the system tray. If you started KGpg and do not see it anywhere you can probably reach it when you expand the Plasma system tray widget.


Tip

If a contact has more than one key - perhaps some old keys in addition to the current one - and the wrong key is being used for encryption, find the old keys and reduced their Trust status to Not Trusted. They will remain available for decrypting old messages, but not used for new ones.


A full illustrated manual helps you through some details.

If you are not in a position to physically verify the identity of your contacts you should especially read the key-signing section which explains the benefits of local-signing.

More Information