Aruna Sankaranarayanan/Seahorse Schedule

My schedule:

Done

Needs review

Concerns

Should this page be there in the help?

TODO

Introduction	Glossary. Should this be moved elsewhere, so this page can be kept simple with just a snapshot of the Main UI window? introduction.page
Learn about keys
What is RSA?	Initial draft is done. Simplify it by explaining how given the product of two numbers, you can't find the two numbers. TODO : Pictures. What about using shapes instead of the numbers? Is this page necessary? Instead of RSA vs DSA, can we have symmetric key encryption vs assymetric key encryption on one page and keys used for signing vs keys used for encryption vs both on another page? encryption-rsa.page
What is DSA?	Not sure how to explain this or how to explain RSA vs DSA. Is it necessary? We could explain the difference between keys used for encryption+signing and keys used just for signing instead. encryption-dsa.page
What is PGP key?	Public Key cryptography. What does the keypair contain? Encryption and signing using PGP keys. what-is-pgp-key.page
How is a Public key different from a Private key?	Done. what-diff-private-public.page
What is a Secure Shell key?	Done. what-is-ssh-key.page
What is a key fingerprint?	How to check the fingerprint of a key using Seahorse? https://en.wikipedia.org/wiki/Public_key_fingerprint key-fingerprint.page Update: needs rewording.
What is the GNOME keyring?	https://live.gnome.org/GnomeKeyring https://live.gnome.org/GnomeKeyring/StoringPasswords https://en.wikipedia.org/wiki/GNOME_Keyring May need additional help to understand. what-is-keyring.page
What are subkeys?	http://wiki.debian.org/subkeys http://www.gnupg.org/gph/en/manual.html#AEN526 http://www.hauke-laging.de/sicherheit/subkeys.en.html https://alexcabal.com/creating-the-perfect-gpg-keypair/ key-subkeys.page
What does key strength mean?	May need rewording. Rambles on, a little too much. Use “unique” instead of “uncommon”. The last paragraph seems too generic. key-strength-define.page
What is a certificate?	PKI, Web of trust etc. http://www.cgi.com/files/white-papers/cgi_whpr_35_pki_e.pdf http://searchsecurity.techtarget.com/definition/PKI What is SSL and what are Certificates? http://www.techrepublic.com/article/a-beginners-guide-to-public-key-infrastructure/5839988 what-is-certificate-key.page
Why do keys require a signature?	May require minor rewording. <gui> style may have to be changed. Is using <steps> okay? Or should it be a list, or something else? For edits, if any, and a brief on self signing : http://www.iusmentis.com/technology/remailers/selfsign.html key-signing.page
What are key servers?	Mostly decent. Some rewording may make it nicer. Should key server protocols be mentioned here? Replace “import” your PK with “access” your PK For edits, if any: http://www.rossde.com/PGP/pgp_keyserv.html key-servers-what-are-they.page
Create keys
Create a new PGP key	Mostly complete and finished. create-pgp-key.page
Create a new SSH Key	Look at the UI and finish this. Try to understand differences between a PGP key and an SSH key. http://budts.be/weblog/2012/08/ssh-authentication-with-your-pgp-key http://cyber-defense.sans.org/resources/papers/gsec/public-key-cryptography-pgp-ssl-ssh-103274 http://www.red-bean.com/~nemo/openssh-gpg/ create-ssh-key.page
Create a new key, keyring or password	Three sections. Use UI to explain steps of creation. Pre requisites to create any of this, for eg, key for a keyring, etc. create-key-or-password.page
Import and export keys	Importing and exporting keys. Should explain what happen when you copy/paste keys to/from text editors. Minor rewording. Is the paragraph about newly created keys being grouped according to type necessary? Why would new keys be imported? keys-import-export.page
Should I set my key to expire?	Factors to consider – Time, strength, chance of compromise. Revoking if key does not expire. key-expiration-setting.page Should this be a full page? Can it somehow be clubbed with key deletion/revocation? http://www.gnupg.org/gph/en/manual/c235.html http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/ https://www.rsa.com/rsalabs/node.asp?id=2272
Should I setup my key, or just create it?	This is to do with SSH keys. Just creating the key or also setting up the computer you are going to login to, with the SSH key? What is the difference? How to setup using Seahorse http://paulkeck.com/ssh/ http://inside.mines.edu/~gmurray/HowTo/sshNotes.html key-create-vs-setup.page Should this be written as a section in create-ssh-key.page?
Tips for creating a good password	Is this tips to create a good “passphrase”? Otherwise should be moved to the section about passwords. Even otherwise might be good to move it to the “Back up and secure your keys” section, or club with “Update keyring password” page. http://windows.microsoft.com/en-us/windows7/tips-for-creating-strong-passwords-and-passphrases http://news.consumerreports.org/electronics/2011/12/how-to-create-a-strong-password-and-remember-it.html passwords-passphrases.page
What key strength should I use?	Is this page necessary? The best suggestion would be to use the longest keys available, since in Seahorse the longest key is 2048 bits and there is not much difference time wise between using keys that are 2048 bits long and keys that are 1024 bits long. If page needs to be there : https://www.rsa.com/rsalabs/node.asp?id=2218 key-strength-select.page
What should I use for the key description?	Not sure if this page is necessary. A note can be added in the key creation pages that the description should be relevant to the main purpose of key creation. Also, cannot write a whole page about this unless a lot of examples need to be provided. key-recommend-description.page
Use keys
Associate a new UserID with an existing key	Why would the user want to do this? How to do this? http://email.about.com/library/weekly/aa072197.htm Created a landing page. Are the topic pages too repetitive. Can this be concised to just one page? key-new-userid.page
Attach an photo to an existing key	Why would the user want to do this? How to do this? How's it useful? http://www.enigmail.net/forum/viewtopic.php?f=10&t=40 http://www.queen.clara.net/pgp/art4.html key-photoid.page
How to retrieve remote keys?	Importing remote keys, or keys from key servers. Minor rewording. keys-retrieve-remote.page
How to sync and publish keys?	Edit on what changes can be made effected on syncing. keys-sync-publish.page
Update the keyring password	Again, change it to passphrase. (Add tips for good passwords as a section in this page). Page can be called Passwords/Pass phrases. Explain difference between the two and explain how to update the passphrase. passwords-update-keyring-password.page
Use SSH keys to connect to another computer without entering a password	Is this covered in key create vs setup? Or should that page just explain the difference between the two(Which doesn't require a full page) and this page explain the actual steps required? connect-other-computer.page
Use an SSH key to login to another computer without a password	Is this the same as above? ssh-login.page
Use your encryption keys to digitally sign email	Seahorse cannot be used for email encryption/signing, so is this necessary? http://forums.mozillazine.org/viewtopic.php?t=504492 https://www.youtube.com/watch?v=Pm_079B4d6s Native email clients allowing signature and encryption: http://wri-irg.org/node/10780 https://office.microsoft.com/en-us/outlook-help/secure-email-messages-by-using-a-digital-signature-HP010355563.aspx https://www.riseup.net/en/evolution http://www.makeuseof.com/tag/send-signed-encrypted-email-evolution-linux/ http://howto.cnet.com/8301-11310_39-10434684-285/want-really-secure-gmail-try-gpg-encryption/ How to bring in the picture of mail clients here? Writing a generic page for all mail clients seems to be a little impossible. Bit about retrieving and using certificates and keys for other applications : https://live.gnome.org/GnomeKeyring email-digitally-sign.page
Use your encryption keys to encrypt your email messages	Seahorse cannot be used for email encryption/signing, so is this necessary? Same links as above. http://dev.mutt.org/trac/wiki/MuttGuide/UseGPG http://www.enigmail.net/documentation/quickstart-ch3.php https://support.mozillamessaging.com/en-US/kb/digitally-signing-and-encrypting-messages http://www.makeuseof.com/tag/do-encryption-decryption-signing-easily-with-seahorse-linux/ http://www.identrust.com/support/howto/ht_sign-encrypt.html email-encrypt.page
View passwords that are stored by Seahorse	How to? What passwords are stored? https://www.linux.com/learn/tutorials/456149-manage-passwords-encryption-keys-and-more-with-seahorse passwords-view.page
What happens when my key expires?	Describe how the key cannot be used. Is this page necessary? Can it be clubbed with key-expiration-setting.page key-expired.page
Back up and secure your keys
Control which applications can store and access your passwords	Don't understand what this page wants. Does it intend to say that Seahorse only stores passwords from selected applications? passwords-control-access.page
Keep your SSH and PGP keys secure	https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet http://www.gnupg.org/gph/en/manual/c481.html https://www.linux.com/learn/tutorials/456149-manage-passwords-encryption-keys-and-more-with-seahorse keys-keep-secure.page
Securely back-up your keys	Why to backup? http://gatanova.com/?p=15 Any other ways, besides copying the directories onto an external disk? backup-keys.page
Revoke your keys
Delete an existing key	When can you delete a key? How to delete? key-delete.page
Disable a key that you no longer wish to use	When is this applicable? How to do it? (Check that youtube video on encryption, it mentions revocation) key-disabling.page*
Other links that might be useful http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-keys.html#key-id-selection http://www.rossde.com/PGP/ http://www.gnupg.org/gph/en/manual.html http://www.gnupg.org/documentation/manuals/gnupg/

Aruna Sankaranarayanan/Seahorse Schedule (last edited 2013-07-03 17:14:50 by Aruna Sankaranarayanan)