Add link to page about the web of trust
add link to spoofing email signatrues writeup
|Deletions are marked like this.||Additions are marked like this.|
|Line 4:||Line 4:|
|This is the official Wiki for [[http://gnupg.org|GnuPG]], the GNU Privacy Guard, and all ~GnuPG related Free Software initiatives, e.g., [[http://gpg4win.org|Gpg4win]] (~GnuPG for windows).
The aim of this Wiki is to help users and contributors by providing a central place for [[documentation]], links to references and planning.
We welcome your contribution!
|//([[about|About this wiki]])//|
|Line 8:||Line 6:|
|Line 10:||Line 8:|
|* enables end-to-end security without **the user having to trust a third party server or transport system.**
* uses openly researched crypto algorithms.
* is Free Software and, as such, the implementation can be independently audited.
|**[[WKD| -> Web Key Directory and Service]]**, which makes exchanging crypto mails much easier.|
|Line 14:||Line 10:|
|The next big user experience boost for email security would be the adoption of the [[https://g10code.com/steed.html|STEED]] concept. Help us make it happen.||== Notable Events
* 2019-04-30: [[https://www.gpg4win.org/statement-spoofing.html|About detecting spoofed email signatures]] a writeup by Gnu~PG/Gpg4win
* 2018-05-17: [[https://www.gpg4win.de/statement-efail.html|Gpg4win statement on the Efail research]]
* 2018-02: Project [[https://github.com/mailvelope/mailvelope/wiki/mw2018|mw2018]] to improve Mailvelope by adding a native Gnu~PG option, better crypto library and webforms.
* 2017-12-31: End of Life for ~GnuPG 2.0.x. (So you really want to use ~GnuPG 2.2 or Gpg4win 3.0 .)
* 2017-09-21: [[https://www.gpg4win.org/version3.html|Gpg4win 3.0 released]], includes MIME capable
Outlook-Add-in, GnuPG 2.2, [[WKD]]-requests and update notifications.
* 2017-08-28: [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000413.html|GnuPG 2.2 released]],
comes with ECC and does "web key directory" requests by default.
|Line 16:||Line 20:|
|= For Users|
|Line 18:||Line 21:|
|== GnuPG for Users
* [[documentation|Documentation Overview]]
|Line 21:||Line 27:|
|* TroubleShooting: What to do when something doesn't work.||* TroubleShooting: What to do when something doesn't work (mainly on Windows for Gpg4win)|
|Line 27:||Line 33:|
|* [[Tools]] that may help running or administrating GnuPG or Gpg4win|
|Line 29:||Line 36:|
| * Hints for use with [[NFS]]
* [[AgentForwarding|How to use local secrets on a remote machine]]
|Line 30:||Line 39:|
|= For Developers||== GnuPG for Developers|
|Line 32:||Line 41:|
|* How to [[APIs|use GnuPG from your application]].|| * [[BestUxPractices|Suggestions for common UX practices]]
* How to [[APIs|use GnuPG from your application]] (~GnuPG's API)
|Line 49:||Line 59:|
* Future Development means for [[Gpg4win/ImprovingSecurity|ImprovingSecurity]]
* Project [[Informsec2013]] funded Gpg4win improvements from April 2013 - September 2013 (from 2.1.1-beta1 to 2.2.1).
* [[press|Gpg4win in the press]]
* Building the installer [[Gpg4win/build|Build]]
| * DevelopingKleopatra
* NTBTLS (Not too bad TLS) client library
|Line 69:||Line 72:|
|* [[GnuPGSummit]]|| * [[OpenPGPEmailSummits]]
* [[https://gnupg.org/conf|OpenPGP.conf]], last conf was 8+9th of Sept, 2016.
-> Web Key Directory and Service, which makes exchanging crypto mails much easier.
- 2019-04-30: About detecting spoofed email signatures a writeup by GnuPG/Gpg4win
- 2018-05-17: Gpg4win statement on the Efail research
- 2018-02: Project mw2018 to improve Mailvelope by adding a native GnuPG option, better crypto library and webforms.
- 2017-12-31: End of Life for GnuPG 2.0.x. (So you really want to use GnuPG 2.2 or Gpg4win 3.0 .)
- 2017-09-21: Gpg4win 3.0 released, includes MIME capable Outlook-Add-in, GnuPG 2.2, WKD-requests and update notifications.
- 2017-08-28: GnuPG 2.2 released, comes with ECC and does "web key directory" requests by default.
GnuPG for Users
- Documentation Overview
- LargeKeys: How many bits are enough?
- WebOfTrust: Understanding the web of trust
- GnomeKeyring: What to do when Gnome Keyring Hijacks your GPG Agent
- TroubleShooting: What to do when something doesn't work (mainly on Windows for Gpg4win)
- PlatformNotes - what to be aware of when using or administrating GnuPG on different platforms.
- X.509 hints (needed for S/MIME and trusted root certs)
- SmartCard hints
- Wishlist Where to submit feature requests
- Applications using GnuPG
- Tools that may help running or administrating GnuPG or Gpg4win
- LDAPKeyserver: How to configure OpenLDAP as a keyserver.
- Hints for use with NFS
- How to use local secrets on a remote machine
GnuPG for Developers
- Suggestions for common UX practices
- How to use GnuPG from your application (GnuPG's API)
- Building GnuPG 2.1: GnuPG 2.1 is the latest GnuPG version but as with all 2.x versions it has several dependencies, which make building it a bit more difficult. Here are some notes.
- API checker: Upstream-Tracker.org checks ABI/API changes for some libraries like gpgme, libgpg-error, libgcrypt.
Note that the tools can't necessary decide whether something is an ABI or API change. The output should be used as a hint to look for whether there might be a problem. We are not aware of any broken API or ABI contracts for the listed libraries.