diff --git a/doc/kleopatra/index.docbook b/doc/kleopatra/index.docbook index f06f12cfa..2ed912f3c 100644 --- a/doc/kleopatra/index.docbook +++ b/doc/kleopatra/index.docbook @@ -1,3472 +1,3472 @@ Kleopatra"> KWatchGnuPG"> GpgSM"> GnuPG"> GPG"> GpgME"> GpgConf"> GpgAgent"> DirMngr"> SCDaemon"> PinEntry"> LDAP"> LDAPS"> HTTP"> S/MIME"> OpenPGP"> ASCII"> DER"> SSL"> X.509"> CRL"> OCSP"> N/A"> DN"> CA"> ]> The &kleopatra; Handbook Marc Mutz
marc@kdab.net
 David Faure Developer Steffen Hansen
&Steffen.Hansen.mail;
 Developer Matthias Kalle Dalheimer Developer Jesper Pedersen
&Jesper.Pedersen.mail;
 Developer Daniel Molkentin
&Daniel.Molkentin.mail;
 Developer &GPLNotice; 2013-07-04 2.1.1 (&kde; 4.11) &kleopatra; is a tool for managing &x509; and &openpgp; certificates. KDE Kapp X509 OpenPGP PGP LDAP gpg gpgsm certificate Introduction &kleopatra; is the &kde; tool for managing &x509; and &openpgp; certificates in the &gpgsm; and &gpg; keyboxes and for retrieving certificates from &ldap; and other certificate servers. &kleopatra; can be started from &kmail;'s Tools Certificate Manager menu, as well as from the command line. The &kleopatra; executable is named kleopatra. This program is named after Cleopatra, a famous female Egyptian pharaoh that lived at the time of Julius Caesar, with whom she had a child, Caesarion, unacknowledged as his heir. The name was chosen since this program originates from the Ägypten Projects (Ägypten is German for Egypt). &kleopatra; is the German spelling of Cleopatra. Main Functions Viewing the Local Keybox &kleopatra;'s main function is to display and edit the contents of the local keybox, which is similar to &gpg;'s concept of keyrings, albeit one should not stretch this analogy too much. The main window is divided into the large key listing area consisting of several tabs, the menubar and the search bar on top, and a status bar at the bottom. Each line in the key list corresponds to one certificate, identified by the so-called Subject &dn;. &dn; is an acronym for Distinguished Name, a hierarchical identifier, much like a file system path with an unusual syntax, that is supposed to globally uniquely identify a given certificate. To be valid, and thus usable, (public) keys need to be signed by a &ca; (Certification Authority). These signatures are called certificates, but usually the terms certificate and (public) key are used interchangeably, and we will not distinguish between them in this manual either, except when explicitly noted. &ca;s must in turn be signed by other &ca;s to be valid. Of course, this must end somewhere, so the top-level &ca; (root-&ca;) signs its key with itself (this is called a self-signature). Root certificates thus need to be assigned validity (commonly called trust) manually, ⪚ after comparing the fingerprint with the one on the website of the &ca;. This is typically done by the system administrator or the vendor of a product using certificates, but can be done by the user via &gpgsm;'s command line interface. To see which of the certificates are root certificates, you switch to the hierarchical keylist mode with . You can see the details of any certificate by double-clicking it or using . This opens a dialog that shows the most common properties of the certificate, its certificate chain (&ie; the chain of issuers up to the root-&ca;), and a dump of all information the backend is able to extract from the certificate. If you change the keybox without using &kleopatra; (⪚ using &gpgsm;'s command line interface), you can refresh the view with . Searching and Importing Certificates Most of the time, you will acquire new certificates by verifying signatures in emails, since certificates are embedded in the signatures made using them most of the time. However, if you need to send a mail to someone you have not yet had contact with, you need to fetch the certificate from an &ldap; folder (although +url="https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPGSM.html#Invoking-GPGSM"> &gpgsm; can do this automatically), or from a file. You also need to import your own certificate after receiving the &ca; answer to your certification request. To search for a certificate in an &ldap; directory, select FileLookup Certificates on Server and enter some text (⪚ the name of the person you want the certificate for) into the line edit of the Keyserver Certificate Lookup dialog, then click on the Search button. The results will be displayed in the key list below the search bar, where you can select certificates to look at them by clicking the Details button or download them with Import into the local keybox. You can configure the list of &ldap; servers to search in the Directory Services page of &kleopatra;'s configure dialog. If you received the certificate as a file, try . &gpgsm; needs to understand the format of the certificate file; please refer to &gpgsm;'s manual for a list of supported file formats. If you did not create your keypair with &gpgsm;, you also need to manually import the public key (as well as the secret key) from the PKCS#12 file you got from the &ca;. You can do this on the command line with kleopatra filename or from within &kleopatra; with , just as you would to for normal certificates. Creating New Key Pairs The menu item starts the Key Pair Creation Wizard which will guide you through a number of steps to create a certificate request. Whenever you are done with a step in the wizard, press Next to go to the next step (or Back to review steps that are already completed). The certificate request creation can be canceled at any time by pressing the Cancel button. On the first page of the wizard choose which type of certificate you want to create: Create a personal OpenPGP key pair &openpgp; key pairs are created locally, and certified by your friends and acquaintances. There is no central certification authority; instead, every individual creates a personal Web Of Trust by certifying other user's key pairs with his own certificate. You have to enter a Name, EMail and optional a Comment. Create a personal X.509 key pair and certification request &x509; key pairs are created locally, but certified centrally by a certification authority (&ca;). &ca;s can certify other &ca;s, creating a central, hierarchical chain of trust. The next step in the wizard is to type in your personal data for the certificate. The fields to fill out are: Common Name (CN): Your name; Email address (EMAIL): Your email address; be sure to type this in correctly—this will be the address people will be sending mail to when they use your certificate. Location (L): The town or city in which you live; Organizational unit (OU): The organizational unit you are in (for example, "Logistics"); Organization (O): The organization you represent (for example, the company you work for); Country code (C): The two letter code for the country in which you are living (for example, "US"); The next step in the wizard is to select whether to store the certificate in a file or send it directly to a &ca;. You will have to specify the filename or email address to send the certificate request to. Revoking a key A key pair that has expired can be brought back into an operational state as long as you have access to the private key and the passphrase. To reliably render a key unusable you need to revoke it. Revoking is done by adding a special revocation signature to the key. This revocation signature is stored in a separate file. This file can later be imported into the keyring and is then attached to the key rendering it unusable. Please note that to import this signature to the key no password is required. Therefore you should store this revocation signature in a safe place, usually one that is different from you key pair. It is a good advise to use a place that is detached from your computer, either copy it to an external storage device like an USB stick or print it out. &kleopatra; does not provide a function to create such a revocation signature at any time, but you can do that with the &kde; application &kgpg; by choosing Keys Revoke key and optionally importing the revocation signature to your keyring immediately. An alternative way of generating a revocation certificate is to use &gpg; directly from the command line: gpg --output revocation_certificate.asc --gen-revoke your_key. The argument your_key must be a key specifier, either the key ID of your primary keypair or any part of a user ID that identifies your keypair. Menu Reference File Menu &Ctrl;N FileNew Certificate... Creates a new key pair (public and private) and allows to send the public part to a certification authority (&ca;) for signing. The resulting certificate is then sent back to you, or stored in an &ldap; server for you to download into your local keybox, where you can use it to sign and decrypt mails. This mode of operation is called decentralized key generation, since all keys are created locally. &kleopatra; (and &gpgsm;) do not support centralized key generation directly, but you can import the public/secret key bundle that you receive from the &ca; in PKCS#12 format via . &Ctrl;&Shift;I FileLookup Certificates on Server... Searches for, and imports, certificates from certificate servers into the local keybox. See for details. You need to have key servers configured for this to work. See for more details. &Ctrl;I FileImport Certificates... Imports certificates and/or secret keys from files into the local keybox. See for details. The format of the certificate file must be supported by &gpgsm;/&gpg;. Please refer to the &gpgsm; and &gpg; manuals for a list of supported formats. &Ctrl;E FileExport Certificates... Exports the selected certificates to a file. The filename extension you choose for the export file name determines the format of the export file: For &openpgp; certificates, gpg and pgp will result in a binary file, whereas asc will result in an &ascii;-armored file. For &smime; certificates, der will result in a binary, &der;-encoded file, whereas pem will result in an &ascii;-armored file. Unless multiple certificates are selected, &kleopatra; will propose fingerprint.{asc,pem} as the export file name. This function is only available when one or more certificates have been selected. This function exports only the public keys, even if the secret key is available. Use to export the secret keys into a file. FileExport Secret Keys... Exports the secret key to a file. In the dialog that opens, you can choose whether to create a binary or an &ascii;-armored export file (ASCII armor). Next click on the folder icon at the right hand side of the Output file text box and select folder and name of the export file. When exporting &smime; secret keys, you can also choose the Passphrase charset. See the discussion of the option in the &gpgsm; manual for more details. This function is only available when exactly one certificate has been selected, and the secret key for that certificate is available. It should rarely be necessary to use this function, and if it is, it should be carefully planned. Planning the migration of a secret key involves choice of transport media and secure deletion of the key data on the old machine, as well as on the transport medium, among other things. &Ctrl;&Shift;E FileExport Certificates to Server... Publish the selected certificates on a keyserver (&openpgp; only). The certificate is sent to the certificate server configured for &openpgp; (cf. ), if that is set, otherwise to keys.gnupg.net. This function is only available if at least one &openpgp; (and no &smime;) certificates have been selected. When &openpgp; certificates have been exported to a public directory server, it is nearly impossible to remove them again. Before exporting your certificate to a public directory server, make sure that you have created a revocation certificate so you can revoke the certificate if needed later. Most public &openpgp; certificate servers synchronize certificates amongst each other, so there is little point in sending to more than one. It can happen that a search on a certificate server turns up no results even though you just have sent your certificate there. This is because most public keyserver addresses use DNS round-robin to balance the load over multiple machines. These machines synchronize with each other, but usually only every 24 hours or so. FileDecrypt/Verify Files... Decrypts files and/or verifies signatures over files. FileSign/Encrypt Files... Signs and/or encrypts files. &Ctrl;W FileClose Closes &kleopatra;'s main window. You can restore it from the system tray icon at any time. &Ctrl;Q FileQuit Terminates &kleopatra;. View Menu F5 ViewRedisplay Refreshes the certificate list. Using this function is usually not necessary, as &kleopatra; monitors the file system for changes and automatically refreshes the certificate list when needed. &Esc; ViewStop Operation Stops (cancels) all pending operations, ⪚ a search, keylisting, or a download. This function is only available if at least one operation is active. Due to backend limitations, sometimes operations will hang in such a way that this function won't be able to cancel them, right away, or at all. In such cases, the only way to restore order is to kill &scdaemon;, &dirmngr;, &gpgsm; and &gpg; processes, in that order, via the operating system tools (top, Task-Manager, &etc;), until the operation get unblocked. ViewCertificate Details Shows the details of the currently selected certificate. This function is only available if exactly one certificate is selected. This function is also available by double-clicking the corresponding item in the list view directly. ViewHierarchical Certificate List Toggles between hierarchical and flat certificate list mode. In hierarchical mode, certificates are arranged in issuer/subject relation, so it is easy to see which certification hierarchy a given certificate belongs to, but a given certificate is harder to find initially (though you can of course use the search bar). In flat mode, all certificates are displayed in a flat list, sorted alphabetically. In this mode, a given certificate is easy to find, but it is not directly clear which root certificate it belongs to. This function toggles hierarchical mode per tab, &ie; each tab has its own hierarchy state. This is so that you can have both a flat and a hierarchical listing at hand, each in its own tab. Hierarchical display is currently only implemented for &smime; certificates. There is disagreement amongst the developers regarding the correct way to display &openpgp; certificates hierarchically (basically, parent = signer or parent = signee). &Ctrl;. ViewExpand All Expands all list items in the certificate list view, &ie; makes all items visible. This is the default when entering hierarchical keylist mode. You can still expand and collapse each individual item by itself, of course. This function is only available when is on. &Ctrl;, ViewCollapse All Collapses all list items in the certificate list view, &ie; hides all but the top-level items. You can still expand and collapse each individual item by itself, of course. This function is only available when is on. Certificates Menu CertificatesChange Owner Trust... Changes the Owner Trust of the selected &openpgp; certificate. This function is only available when exactly one &openpgp; certificate is selected. CertificatesTrust Root Certificate Marks this (&smime;) root certificate as trusted. In some ways, this is the equivalent of for &smime; root certificates. You can, however, only choose between—in &openpgp; terms—ultimate trust and never trust. The backend (by way of &gpgagent;) will ask at root certificate import time whether to trust the imported root certificate. However, that function must be explicitly enabled in the backend configuration ( in gpg-agent.conf, or either GnuPG System GPG Agent Allow clients to mark keys as "trusted" or S/MIME Validation Allow to mark root certificates as trusted under ). Enabling that functionality in the backend can lead to popups from &pinentry; at inopportune times (⪚ when verifying signatures), and can thus block unattended email processing. For that reason, and because it is desirable to be able to distrust a trusted root certificate again, &kleopatra; allows manual setting of trust. Due to lack of backend support for this function, &kleopatra; needs to work directly on the &gpgsm; trust database (trustlist.txt). When using this function, make sure no other crypto operations are in progress that could race with &kleopatra; for modifications to that database. This function is only available when exactly one &smime; root certificate is selected, and that certificate is not yet trusted. Use to undo this function. CertificatesDistrust Root Certificate Marks this (&smime;) root certificate as not trusted. This function is only available when exactly one &smime; root certificate is selected, and that certificate is currently trusted. Used to undo . See there for details. CertificatesCertify Certificate... Allows you to certify another &openpgp; certificate. This function is only available if exactly one &openpgp; certificate is selected. CertificatesChange Expiry Date... Allows to change the expiry date of your &openpgp; certificate. Use this function to extend the lifetime of your &openpgp; certificates as an alternative to either creating a new one, or using unlimited lifetime (never expires). This function is only available if exactly one &openpgp; certificate is selected, and the secret key is available for that certificate. CertificatesChange Passphrase... Allows to change the passphrase of your secret key. This function is only available if exactly one certificate is selected, and the secret key is available for that certificate. It requires a very recent backend, since we changed the implementation from direct calling of &gpg; and &gpgsm; to a &gpgme;-based one. For security reasons, both the old as well as the new passphrase is asked for by &pinentry;, a separate process. Depending on the platform you are running on and on the quality of the &pinentry; implementation on that platform, it may happen that the &pinentry; window comes up in the background. So, if you select this function and nothing happens, check the operating system's task bar in case a &pinentry; window is open in the background. CertificatesAdd User-ID... Allows to add a new User-ID to your &openpgp; certificate. Use this to add new identities to an existing certificate as an alternative to creating a new key pair. An &openpgp; user-ID has the following form: Real Name (Comment) <Email> In the dialog that comes up when you select this function, &kleopatra; will ask you for each of the three parameters (Real Name, Comment and Email) separately, and display the result in a preview. These parameters are subject to the same Administrator restrictions as in new certificates. See and for details. This function is only available when exactly one &openpgp; certificate is selected, and the secret key is available for that certificate. Del CertificatesDelete Deletes the selected certificates from the local keyring. Use this function to remove unused keys from your local keybox. However, since certificates are typically attached to signed emails, verifying an email might result in the key just removed to pop back into the local keybox. So it is probably best to avoid using this function as much as possible. When you are lost, use the search bar or the function to regain control over the lot of certificates. There is one exception to the above: When you delete one of your own certificates, you delete the secret key along with it. This implies that you will not be able to read past communication encrypted to you using this certificate, unless you have a backup somewhere. &kleopatra; will warn you when you attempt to delete a secret key. Due to the hierarchical nature of &smime; certificates, if you delete an &smime; issuer certificate (&ca; certificate), all subjects are deleted, too.This is the same as a filesystem: When you delete a folder, you delete all files and folders in it, too. Naturally, this function is only available if you selected at least one certificate. CertificatesDump Certificate Shows all information that &gpgsm; has about the selected (&smime;) certificate. See the discussion about in the &gpgsm; manual for details about the output. Tools Menu ToolsGnuPG Log Viewer... Starts &kwatchgnupg;, a tool to present the debug output of &gnupg; applications. If signing, encryption, or verification mysteriously stop working, you might find out why by looking at the log. This function is not available on &Windows;, since the underlying mechanisms are not implemented in the backend on that platform. ToolsRefresh OpenPGP Certificates Refreshes all &openpgp; certificates by executing gpg  After successful completion of the command, your local keystore will reflect the latest changes with respect to validity of &openpgp; certificates. See note under for some caveats. ToolsRefresh X.509 Certificates Refreshes all &smime; certificates by executing gpgsm     After successful completion of the command, your local keystore will reflect the latest changes with respect to validity of &smime; certificates. Refreshing &x509; or &openpgp; certificates implies downloading all certificates and &crl;s, to check if any of them have been revoked in the meantime. This can put a severe strain on your own as well as other people's network connections, and can take up to an hour or more to complete, depending on your network connection, and the number of certificates to check. ToolsImport CRL From File... Lets you manually import &crl;s from files. Normally, Certificate Revocation Lists (&crl;s) are handled transparently by the backend, but it can sometimes be useful to import a &crl; manually into the local &crl; cache. For &crl; import to work, the &dirmngr; tool must be in the search PATH. If this menu item is disabled, you should contact the system administrator and ask them to install &dirmngr;. ToolsClear CRL Cache Clears the &gpgsm; &crl; cache. You probably never need this. You can force a refresh of the &crl; cache by selecting all certificates and using instead. ToolsDump CRL Cache Shows the detailed contents of the &gpgsm; &crl; cache. Settings Menu &kleopatra; has a default &kde; Settings menu as described in the &kde; Fundamentals with one additional entry: SettingsPerform Self-Test Performs a set of self-tests and presents their result. This is the same set of tests that is run at startup by default. If you disabled startup-time self-tests, you can re-enable them here. Window Menu The Window menu allows you to manage the tabs. Using the items in this menu you can rename a tab, add a new tab, duplicate the current tab, close the current tab, and move the current tab to the left or right. By clicking with the &RMB; click on a tab you open a context menu, where you can also select the same actions. Help Menu &kleopatra; has a default &kde; Help menu as described in the &kde; Fundamentals. Command Line Options Reference Only the options specific to &kleopatra; are listed here. As with all &kde; applications, you can get a complete list of options by issuing the command kleopatra . argument Location of the socket the ui server is listening on Run UI server only, hide main window Use &openpgp; for the following operation Use CMS (&x509;, S/&MIME;) for the following operation Specifies a file or &URL; from which to import certificates (or secret keys) from. This is the command line equivalent of . Encrypt file(s) Sign file(s) Encrypt and/or sign file(s). Same as , do not use Decrypt file(s) Verify file/signature Decrypt and/or verify file(s) Configuring &kleopatra; &kleopatra;'s configure dialog can be accessed via SettingsConfigure &kleopatra;... Each of its pages is described in the sections below. Configuring Directory Services On this page, you can configure which &ldap; servers to use for &smime; certificate searches, and which key servers to use for &openpgp; certificate searches. This is simply a more user-friendly version of the same settings you also find in . Everything you can configure here, you can configure there, too. A Note On Proxy Settings Proxy settings can be configured for &http; and &ldap; in , but only for &gpgsm;. For &gpg;, due to the complexity of keyserver options in &gpg; and lack of proper support for them in &gpgconf;, you currently need to modify the config file gpg.conf directly. Please refer to the &gpg; manual for details. &kleopatra; will preserve such settings, but does not yet allow to modify them in the &GUI;. The Directory services table shows which servers are currently configured. Double-click on a cell in the table to change parameters of existing server entries. The meaning of the columns in the table is as follows: Scheme Determines the network protocol which is used to access the server. Often-used schemes include ldap (and its &ssl;-secured sibling ldaps) for &ldap; servers (common protocol for &smime;; the only one supported by &gpgsm;), and hkp, the Horowitz Keyserver Protocol, nowadays usually &http; Keyserver Protocol, a &http;-based protocol that virtually all public &openpgp; keyservers support. Please refer to the &gpg; and &gpgsm; manuals for a list of supported schemes. Server Name The domain name of the server, ⪚ keys.gnupg.net. Server Port The network port the server is listening on. This changes automatically to the default port when you change the , unless it was set to some non-standard port to begin with. If you changed the default port and cannot get it back, try setting to http and to 80 (the default for &http;), then take it from there. Base DN The Base-&dn; (only for &ldap; and &ldaps;), &ie; the root of the &ldap; hierarchy to start from. This is often also called search root or search base. It usually looks like c=de,o=Foo, given as part of the &ldap; &URL;. User Name The user name, if any, to use for logging into the server. This column is only shown if the option Show user and password information (below the table) is checked. Password The password, if any, to use for logging into the server. This column is only shown if the option Show user and password information (below the table) is checked. X.509 Check this column if this entry should be used for &x509; (&smime;) certificate searches. Only &ldap; (and &ldaps;) servers are supported for &smime;. OpenPGP Check this column if this entry should be used for &openpgp; certificate searches. You can configure as many &smime; (&x509;) servers as you want, but only one &openpgp; server is allowed at any time. The &GUI; will enforce this. To add a new server, click on the New button. This duplicates the selected entry, if any, or else inserts a default &openpgp; server. Then you can set the , the , the , and the usual and , both of which are only needed if the server requires authentication. To directly insert an entry for &x509; certificates, use NewX.509; use NewOpenPGP for &openpgp;. To remove a server from the search list, select it in the list, then press the Delete button. To set the &ldap; timeout, &ie; the maximum time the backend will wait for a server to respond, simply use the corresponding input field labeled LDAP timeout (minutes:seconds). If one of your servers has a large database, so that even reasonable searches like Smith hit the maximum number of items returned by query, you might want to increase this limit. You can find out easily if you hit the limit during a search, since a dialog box will pop up in that case, telling you that the results have been truncated. Some servers may impose their own limits on the number of items returned from a query. In this case, increasing the limit here will not result in more returned items. Configuring Appearance Configuring <guilabel>Tooltips</guilabel> In the main certificate list, &kleopatra; can show details about a certificate in a tooltip. The information displayed is the same as in the Overview tab of the Certificate Details dialog. Tooltips, however, can be restricted to show only a subset of information for a less verbose experience. The Key-ID is always shown. This is to ensure that tooltips for different certificates do, in fact, differ (this is especially important if only has been selected). You can independently enable or disable the following information sets: Show validity Shows information about the validity of a certificate: its current status, issuer-&dn; (&smime; only), expiry dates (if any) and certificate usage flags. Example: This certificate is currently valid. Issuer: CN=Test-ZS 7,O=Intevation GmbH,C=DE Validity: from 25.08.2009 10:42 through 19.10.2010 10:42 Certificate usage: Signing EMails and Files, Encrypting EMails and Files Key-ID: DC9D9E43 Show owner information Shows information about the owner of the certificate: subject-&dn; (&smime; only), user-IDs (including emails addresses) and ownertrust (&openpgp; only). &openpgp; example: User-ID: Gpg4winUserA <gpg4winusera@test.hq> Key-ID: C6BF6664 Ownertrust: ultimate &smime; example: Subject: CN=Gpg4winTestuserA,OU=Testlab,O=Gpg4win Project,C=DE a.k.a.: Gpg4winUserA@test.hq Key-ID: DC9D9E43 Show technical details Shows technical information about the certificate: serial number (&smime; only), type, fingerprint and storage location. Example: Serial Number: 27 Certificate type: 1,024-bit RSA (secret certificate available) Key-ID: DC9D9E43 Fingerprint: 854F62EEEBB41BFDD3BE05D124971E09DC9D9E43 Stored: on this computer Configuring <guilabel>Certificate Categories</guilabel> &kleopatra; allows you to customize the appearance of certificates in the list view. This includes showing a small icon, but you can also influence the foreground (text) and background colors, as well as the font. Each certificate category in the list is assigned a set of colors, an icon (optional) and a font in which certificates from that category are displayed. The category list also acts as a preview of the settings. Categories can be freely defined by the administrator or the power user, see in . To set or change the icon of a category, select it in the list, and press the Set Icon... button. The standard &kde; icon selection dialog will appear where you can select an existing icon from the &kde; collection, or load a custom one. To remove an icon again, you need to press the Default Appearance button. To change the text (&ie; foreground) color of a category, select it in the list, and press the Set Text Color... button. The standard &kde; color selection dialog will appear where you can select an existing color or create a new one. Changing the background color is done in the same way, just press Set Background Color... instead. To change the font, you basically have two options: Modify the standard font, used for all list views in &kde;. Use a custom font. The first option has the advantage that the font will follow whichever style you choose &kde;-wide, whereas the latter gives you full control over the font to use. The choice is yours. To use the modified standard font, select the category in the list, and check or uncheck the font modifiers Italic, Bold, and/or Strikeout. You can immediately see the effect on the font in the category list. To use a custom font, press the Set Font... button. The standard &kde; font selection dialog will appear where you can select the new font. You can still use the font modifiers to change the custom font, just as for modifying the standard font. To switch back to the standard font, you need to press the Default Appearance button. Configuring <guilabel>DN-Attribute Order</guilabel> Although &dn;s are hierarchical, the order of the individual components (called relative &dn;s (RDNs), or &dn; attributes) is not defined. The order in which the attributes are shown is thus a matter of personal taste or company policy, which is why it is configurable in &kleopatra;. This setting does not only apply to &kleopatra;, but to all applications using &kleopatra; Technology. At the time of this writing, these include &kmail;, &kaddressbook;, as well as &kleopatra; itself, of course. This configuration page basically consists of two lists, one for the known attributes (Available attributes), and one describing the Current attribute order. Both lists contain entries described by the short form of the attribute (⪚ CN) as well as the spelled-out form (Common Name). The Available attributes list is always sorted alphabetically, while the Current attribute order list's order reflects the configured &dn; attribute order: the first attribute in the list is also the one displayed first. Only attributes explicitly listed in the Current attribute order list are displayed at all. The rest is hidden by default. However, if the placeholder entry _X_ (All others) is in the current list, all unlisted attributes (whether known or not), are inserted at the point of _X_, in their original relative order. A small example will help to make this more clear: Given the &dn;
O=&kde;, C=US, CN=Dave Devel, X-BAR=foo, OU=&kleopatra;, X-FOO=bar,
the default attribute order of CN, L, _X_, OU, O, C will produce the following formatted &dn;:
CN=Dave Devel, X-BAR=foo, X-FOO=bar, OU=&kleopatra;, O=&kde;, C=US
while CN, L, OU, O, C will produce
CN=Dave Devel, OU=&kleopatra;, O=&kde;, C=US
To add an attribute to the display order list, select it in the Available attributes list, and press the Add to current attribute order button. To remove an attribute from the display order list, select it in the Current attribute order list, and press the Remove from current attribute order button. To move an attribute to the beginning (end), select it in the Current attribute order list, and press the Move to top (Move to bottom) button. To move an attribute up (down) one slot only, select it in the Current attribute order list, and press the Move one up (Move one down) button. Configuring Crypto Operations Configuring <guilabel>EMail Operations</guilabel> Here you can configure some aspects of the email operations of &kleopatra;'s &uiserver;. Currently, you can only configure whether or not to use Quick Mode for signing and encrypting emails, individually. When Quick Mode is enabled, no dialog is shown when signing (encrypting) emails, respectively, unless there is a conflict that needs manual resolution. Configuring <guilabel>File Operations</guilabel> Here you can configure some aspects of the file operations of &kleopatra;'s &uiserver;. Currently, you can only choose the checksum program to use for CHECKSUM_CREATE_FILES. Use Checksum program to use to choose which of the configured checksum programs should be used when creating checksum files. When verifying checksums, the program to use is automatically found, based on the names of the checksum files found. The administrator and power user can completely define which checksum programs to make available to &kleopatra; through so-called Checksum Definitions in the config file. See in for details. Configuring aspects of S/&MIME; Validation On this page, you can configure certain aspects of the validation of &smime; certificates. For the most part, this is simply a more user-friendly version of the same settings you also find in . Everything you can configure here, you can configure there, too, with the exception of , which is &kleopatra;-specific. The meaning of the options is as follows: Configuring interval certificate checking Check certificate validity every N hours This option enables interval checking of certificate validity. You can also choose the checking interval (in hours). The effect of interval checking is the same as ; there is no provision for interval scheduling of or . Validation is performed implicitly whenever significant files in ~/.gnupg change. This option, just like and , therefore only affects external factors of certificate validity. Configuring validation method Validate certificates using CRLs If this option is selected, &smime; certificates are validated using Certificate Revocation Lists (&crl;s). See for alternative method of certificate validity checking. Validate certificates online (OCSP) If this option is selected, &smime; certificates are validated online using the Online Certificates Status Protocol (&ocsp;). When choosing this method, a request is sent to the server of the &ca; more or less each time you send or receive a cryptographic message, thus theoretically allowing the certificate issuing agency to track whom you exchange (⪚) mails with. To use this method, you need to enter the &URL; of the &ocsp; responder into . See for a more traditional method of certificate validity checking that does not leak information about whom you exchange messages with. OCSP responder URL Enter here the address of the server for online validation of certificates (&ocsp; responder). The &URL; usually starts with http://. OCSP responder signature Choose here the certificate with which the &ocsp; server signs its replies. Ignore service URL of certificates Each &smime; certificate usually contains the &URL; of its issuer's &ocsp; responder ( will reveal whether a given certificate contains it). Checking this option makes &gpgsm; ignore those &URL;s and only use the one configured above. Use this to ⪚ enforce use of a company-wide &ocsp; proxy. Configuring validation options Do not check certificate policies By default, &gpgsm; uses the file ~/.gnupg/policies.txt to check if a certificate policy is allowed. If this option is selected, policies are not checked. Never consult a CRL If this option is checked, Certificate Revocation Lists are never used to validate &smime; certificates. Allow to mark root certificates as trusted If this option is checked while a root &ca; certificate is being imported, you will be asked to confirm its fingerprint and to state whether or not you consider this root certificate to be trusted. A root certificate needs to be trusted before the certificates it certified become trusted, but lightly allowing trusted root certificates into your certificate store will undermine the security of the system. Enabling this functionality in the backend can lead to popups from &pinentry; at inopportune times (⪚ when verifying signatures), and can thus block unattended email processing. For that reason, and because it is desirable to be able to distrust a trusted root certificate again, &kleopatra; allows manual setting of trust using and . This setting here does not influence the &kleopatra; function. Fetch missing issuer certificates If this option is checked, missing issuer certificates are fetched when necessary (this applies to both validation methods, &crl;s and &ocsp;). Configuring &http; request options Do not perform any HTTP requests Entirely disables the use of &http; for &smime;. Ignore HTTP CRL distribution point of certificates When looking for the location of a &crl;, the to-be-tested certificate usually contains what are known as &crl; Distribution Point (DP) entries, which are &URL;s describing the way to access the &crl;. The first-found DP entry is used. With this option, all entries using the &http; scheme are ignored when looking for a suitable DP. Use system HTTP proxy If this option is selected, the value of the &http; proxy shown on the right (which comes from the environment variable http_proxy) will be used for any &http; request. Use this proxy for HTTP requests If no system proxy is set, or you need to use a different proxy for &gpgsm;, you can enter its location here. It will be used for all &HTTP; requests relating to S/&MIME;. The syntax is host:port, ⪚ myproxy.nowhere.com:3128. Configuring &ldap; request options Do not perform any LDAP requests Entirely disables the use of &ldap; for &smime;. Ignore LDAP CRL distribution point of certificates When looking for the location of a &crl;, the to-be-tested certificate usually contains what are known as "&crl; Distribution Point" (DP) entries, which are &URL;s describing the way to access the &crl;. The first found DP entry is used. With this option, all entries using the &ldap; scheme are ignored when looking for a suitable DP. Primary host for LDAP requests Entering an &ldap; server here will make all &ldap; requests go to that server first. More precisely, this setting overrides any specified host and port part in an &ldap; &URL; and will also be used if host and port have been omitted from the &URL;. Other &ldap; servers will be used only if the connection to the proxy failed. The syntax is host or host:port. If port is omitted, port 389 (standard &ldap; port) is used. Configuring the &gnupg; System This part of the dialog is auto-generated from the output of gpgconf and, for each component that the above command returns, the output of gpgconf component. The most useful of these options have been duplicated as separate pages in the &kleopatra; config dialog. See and for the two dialog pages which contain selected options from this part of the dialog. The exact content of this part of the dialog depends on the version of the &gnupg; backend you have installed and, potentially, the platform you run on. Thus, we will only discuss the general layout of the dialog, including the mapping from &gpgconf; option to &kleopatra; &GUI; control. &gpgconf; returns configuration information for multiple components. Inside each component, individual options are combined into groups. &kleopatra; displays one tab per component reported by &gpgconf;; groups are headed by a horizontal line displaying the group name as returned from &gpgconf;. Each &gpgconf; option has a type. Except for certain well-known options which &kleopatra; backs with specialised controls for a better user experience, the mapping between &gpgconf; types and &kleopatra; controls is as follows: Mapping From &gpgconf; Types To &GUI; Controls &gpgconf; type &kleopatra; control for lists for non-lists none Spinbox (count-semantics) Checkbox string &NA; Lineedit int32 Lineedit (unformatted) Spinbox uint32 pathname &NA; specialised control ldap server specialised control &NA; key fingerprint &NA; pub key sec key alias list
See the &gpgconf; manual for more information about what you can configure here, and how. Administrator's Guide This Administrator's Guide describes ways to customize &kleopatra; that are not accessible via the &GUI;, but only via config files. It is assumed that the reader is familiar with the technology used for &kde; application configuration, including layout, file system location and cascading of &kde; config files, as well as the KIOSK framework. Customization of the Certificate-Creation Wizard Customizing the &dn; fields &kleopatra; allows you to customize the fields that the user is allowed to enter in order to create their certificate. Create a group called CertificateCreationWizard in the system-wide kleopatrarc. If you want a custom order of attributes or if you only want certain items to appear, create a key called DNAttributeOrder. The argument is one or more of CN,SN,GN,L,T,OU,O,PC,C,SP,DC,BC,EMAIL If you want to initialize fields with a certain value, write something like Attribute=value. If you want the attribute to be treated as a required one, append an exclamation mark (e.g. CN!,L,OU,O!,C!,EMAIL!, which happens to be the default configuration). Using the KIOSK mode modifier $e allows to retrieve the values from environment variables or from an evaluated script or binary. If you want to disallow editing of the respective field in addition, use the modifier $i. If you want to disallow the use Insert My Address button, set ShowSetWhoAmI to false. Due to the nature of the &kde; KIOSK framework, using the immutable flag ($i) makes it impossible for the user to override the flag. This is intended behavior. $i and $e can be used with all other config keys in &kde; applications as well. The following example outlines possible customizations: [CertificateCreationWizard] ;Disallow to copy personal data from the addressbook, do not allow local override ShowSetWhoAmI[$i]=false ;sets the user name to $USER CN[$e]=$USER ;sets the company name to "My Company", disallows editing O[$i]=My Company ;sets the department name to a value returned by a script OU[$ei]=$(lookup_dept_from_ip) ; sets country to DE, but allows for changes by the user C=DE Restricting the Types of Keys a User is Allowed to Create &kleopatra; also allows to restrict which type of certificates a user is allowed to create. Note, however, that an easy way around these restrictions is to just create one on the command line. Public Key Algorithms To restrict the public key algorithm to use, add the config key PGPKeyType (and CMSKeyType, but only RSA is supported for CMS anyway) to the CertificateCreationWizard section of kleopatrarc. The allowed values are RSA for RSA keys, DAS for DSA (sign-only) keys, and DSA+ELG for a DSA (sign-only) key with an Elgamal subkey for encryption. The default is read from &gpgconf; or else RSA if &gpgconf; doesn't provide a default. Public Key Size To restrict the available keys sizes for a public algorithm, add the config key <ALG>KeySizes (where ALG may be RSA, DSA or ELG) to the CertificateCreationWizard section of kleopatrarc, containing a comma-separated list of keysizes (in bits). A default may be indicated by prefixing the keysize with a hyphen (-). RSAKeySizes = 1536,-2048,3072 The above would restrict allowed RSA key sizes to 1536, 2048 and 3072, with 2048 the default. In addition to the sizes themselves, you may also specify labels for each of the sizes. Simply set the config key ALGKeySizeLabels to a comma-separated list of labels. RSAKeySizeLabels = weak,normal,strong The above, in connection with the previous example, would print something like the following options for selection: weak (1536 bits) normal (2048 bits) strong (3072 bits) The defaults are as if the following was in effect: RSAKeySizes = 1536,-2048,3072,4096 RSAKeySizeLabels = DSAKeySizes = -1024,2048 DSAKeySizeLabels = v1,v2 ELGKeySizes = 1536,-2048,3072,4096 Creating and Editing Key Categories &kleopatra; allows the user to configure the visual appearance of keys based on a concept called Key Categories. Key Categories are also used to filter the list of certificates. This section describes how you can edit the available categories and add new ones. When trying to find the category a key belongs to, &kleopatra; tries to match the key to a sequence of key filters, configured in the libkleopatrarc. The first one to match defines the category, based on a concept of specificity, explained further below. Each key filter is defined in a config group named Key Filter #n, where n is a number, starting from 0. The only mandatory keys in a Key Filter #n group are Name, containing the name of the category as displayed in the config dialog, and id, which is used as a reference for the filter in other configuration sections (such as View #n). lists all keys that define the display properties of keys belonging to that category (&ie; those keys that can be adjusted in the config dialog), whereas lists all keys that define the criteria the filter matches keys against. Key-Filter Configuration Keys Defining Display Properties Config Key Type Description background-color color The background color to use. If missing, defaults to whichever background color is defined globally for list views. foreground-color color The foreground color to use. If missing, defaults to whichever foreground color is defined globally for list views. font font The custom font to use. The font will be scaled to the size configured for list views, and any font attributes (see below) will be applied. font-bold boolean If set to true and font is not set, uses the default list view font with bold font style added (if available). Ignored if font is also present. font-italic boolean Analogous to font-bold, but for italic font style instead of bold. font-strikeout boolean If true, draws a centered line over the font. Applied even if font is set. icon text The name of an icon to show in the first column. Not yet implemented.
Key-Filter Configuration Keys Defining Filter Criteria Config Key Type If specified, filter matches when... is-revoked boolean the key has been revoked. match-context context Context is an enumeration with the following allowed values: appearance, filtering and any. the context in which this filter matches. is-expired boolean the key is expired. is-disabled boolean the key has been disabled (marked for not using) by the user. Ignored for &smime; keys. is-root-certificate boolean the key is a root certificate. Ignored for &openpgp; keys. can-encrypt boolean the key can be used for encryption. can-sign boolean the key can be used for signing. can-certify boolean the key can be used for signing (certifying) other keys. can-authenticate boolean the key can be used for authentication (⪚ as an TLS client certificate). is-qualified boolean the key can be used to make Qualified Signatures (as defined by the German Digital Signature Law). is-cardkey boolean the key material is stored on a smartcard (instead of on the computer). has-secret-key boolean the secret key for this key pair is available. is-openpgp-key boolean the key is an &openpgp; key (true), or an &smime; key (false). was-validated boolean the key has been validated. prefix-ownertrust validity Validity is an (ordered) enumeration with the following allowed values: unknown, undefined, never, marginal, full, ultimate. See the &gpg; and &gpgsm; manuals for a detailed explanation. the key has exactly (prefix = is), has anything but (prefix = is-not), has at least (prefix = is-at-least), or has at most (prefix = is-at-most) the ownertrust given as the value of the config key. If more than one prefix-ownertrust keys (with different prefix values) are present in a single group, the behavior is undefined. prefix-validity validity Analogous to prefix-ownertrust, but for key validity instead of ownertrust.
Some of the more interesting criteria, such as is-revoked or is-expired will only work on validated keys, which is why, by default, only validated keys are checked for revocation and expiration, although you are free to remove these extra checks. In addition to the config keys listed above, a key filter may also have an id and match-contexts. Using the filter's id, which defaults to the filter's config group name if not given or empty, you can reference the key filter elsewhere in the configuration, ⪚ in &kleopatra;'s View configurations. The id is not interpreted by &kleopatra;, so you can use any string you like, as long as it's unique. The match-contexts limits the applicability of the filter. Two contexts are currently defined: The appearance context is used when defining coloring and font properties for the views. The filtering context is used to selectively include (and exclude) certificate from views. any can be used to signify all currently defined contexts, and is the default if match-contexts is not given, or otherwise produces no contexts. This ensures that no key filter can end up dead, &ie; with no contexts to apply it in. The format of the entry is a list of tokens, separated by non-word characters. Each of the tokens is optionally prefixed by an exclamation point (!), indicating negation. The tokens act in order on an internal list of contexts, which starts out empty. This is best explained by an example: any !appearance is the same as filtering, and appearance !appearance is producing the empty set, as is !any. However, the last two will be internally replaced by any, since they produce no contexts at all. In general, criteria not specified (&ie; the config entry is not set) are not checked for. If a criterion is given, it is checked for and must match for the filter as a whole to match, &ie; the criteria are AND'ed together. Each filter has an implied specificity that is used to rank all matching filters. The more specific filter wins over less specific ones. If two filters have the same specificity, the one that comes first in the config file wins. A filter's specificity is proportional to the number of criteria it contains. Examples of key filters To check for all expired, but non-revoked root certificates, you would use a key filter defined as follows: [Key Filter #n] Name=expired, but not revoked was-validated=true is-expired=true is-revoked=false is-root-certificate=true ; ( specificity 4 ) To check for all disabled &openpgp; keys (not yet supported by &kleopatra;) with ownertrust of at least marginal, you would use: [Key Filter #n] Name=disabled OpenPGP keys with marginal or better ownertrust is-openpgp=true is-disabled=true is-at-least-ownertrust=marginal ; ( specificity 3 ) Configuring Archivers for Use with Sign/Encrypt Files &kleopatra; allows the administrator (and power-user) to configure the list of archivers that are presented in the Sign/Encrypt Files dialog. Each archiver is defined in libkleopatrarc as a separate Archive Definition #n group, with the following mandatory keys: extensions A comma-separated list of filename extensions that usually indicate this archive format. id A unique ID used to identify this archiver internally. If in doubt, use the name of the command. Name (translated) The user-visible name of this archiver, as shown in the corresponding drop-down menu of the Sign/Encrypt Files dialog. pack-command The actual command to archive files. You can use any command, as long as no shell is required to execute it. The program file is looked up using the PATH environment variable, unless you use an absolute file path. Quoting is supported as if a shell was used: pack-command="/opt/ZIP v2.32/bin/zip" -r - Since backslash (\) is an escape character in &kde; config files, you need to double them when they appear in path names: pack-command=C:\\Programs\\GNU\\tar\\gtar.exe ... However, for the command itself (as opposed to its arguments), you may just use forward slashes (/) as path separators on all platforms: pack-command=C:/Programs/GNU/tar/gtar.exe ... This is not supported in arguments, as most &Windows; programs use the forward slash for options. For example, the following will not work, since C:/myarchivescript.bat is an argument to cmd.exe, and / is not converted to \ in arguments, only commands: pack-command=cmd.exe C:/myarchivescript.bat This needs, instead, to be written as: pack-command=cmd.exe C:\\myarchivescript.bat Input Filename Passing for <literal>pack-command</literal> There are three ways to pass filenames to the pack command. For each of these, pack-command provides a particular syntax: As command-line arguments. Example (tar): pack-command=tar cf - Example (zip): pack-command=zip -r - %f In this case, filenames are passed on the command line, just like you would when using the command prompt. &kleopatra; does not use a shell to execute the command. Therefore, this is a safe way of passing filenames, but it might run into command line length restrictions on some platforms. A literal %f, if present, is replaced by the names of the files to archive. Otherwise, filenames are appended to the command line. Thus, the zip Example above could equivalently be written like this: pack-command=zip -r - Via standard-in, separated by newlines: prepend |. Example (&GNU;-tar): pack-command=|gtar cf - -T- Example (ZIP): pack-command=|zip -@ - In this case, filenames are passed to the archiver on stdin, one per line. This avoids problems on platforms which place a low limit on the number of command line arguments that are allowed, but fails when filenames, in fact, contain newlines. &kleopatra; currently only supports LF as a newline separator, not CRLF. This might change in future versions, based on user feedback. Via standard-in, separated by NUL-bytes: prepend 0|. Example (&GNU;-tar): pack-command=0|gtar cf - -T- --null This is the same as above, except that NUL bytes are used to separate filenames. Since NUL bytes are forbidden in filenames, this is the most robust way of passing filenames, but not all archivers support it. Configuring Checksum Programs for Use with Create/Verify Checksums &kleopatra; allows the administrator (and power-user) to configure the list of checksum programs that the user can choose from in the config dialog and that &kleopatra; is able to auto-detect when asked to verify a given file's checksum. To be usable by &kleopatra;, output of checksum programs (both the written checksum file, as well as the output on stdout when verifying checksums) needs to be compatible with &GNU; md5sum and sha1sum. Specifically, the checksum file needs to be line-based with each line having the following format: CHECKSUM ' ' ( ' ' | '*' ) FILENAME where CHECKSUM consists of hex-characters only. If FILENAME contains a newline character, the line must instead read: \CHECKSUM ' ' ( ' ' | '*' ) ESCAPED-FILENAME where ESCAPED-FILENAME is the filename with newlines replaced by \ns, and backslashes doubled (\\\). Similarly, the output of must be of the form FILENAME ( ': OK' | ': FAILED' ) separated by newlines. Newlines and other characters are not escaped in the output. Yes, these programs were not written with graphical frontends in mind, and &kleopatra; will fail to correctly parse pathological filenames that contain ": OK" plus newline in them. Each checksum program is defined in libkleopatrarc as a separate Checksum Definition #n group, with the following mandatory keys: file-patterns A list of regular expressions that describe which files should be considered checksum files for this checksum program. The syntax is the one used for string lists in &kde; config files. Since regular expressions usually contain backslashes, care must be taken to properly escape them in the config file. The use of a config file editing tool is recommended. The platform defines whether the patterns are treated case-sensitive or case-insensitive. output-file The typical output filename for this checksum program (should match one of the , of course). This is what &kleopatra; will use as the output filename when creating checksum files of this type. id A unique ID used to identify this checksum program internally. If in doubt, use the name of the command. Name (translated) The user-visible name of this checksum program, as shown in the drop-down menu in &kleopatra;'s config dialog. create-command The actual command with which to create checksum files. The syntax, restrictions and argument passing options are the same as described for in . verify-command Same as , but for checksum verification. Here is a complete example: [Checksum Definition #1] file-patterns=sha1sum.txt output-file=sha1sum.txt id=sha1sum-gnu Name=sha1sum (GNU) Name[de]=sha1sum (GNU) ... create-command=sha1sum -- %f verify-command=sha1sum -c -- %f Credits and License &kleopatra; copyright 2002 &Steffen.Hansen;, &Matthias.Kalle.Dalheimer; and &Jesper.Pedersen;., copyright 2004 &Daniel.Molkentin;, copyright 2004, 2007, 2008, 2009, 2010 Klarälvdalens Datakonsult AB Documentation copyright 2002 &Steffen.Hansen;, copyright 2004 &Daniel.Molkentin;, copyright 2004, 2010 Klarälvdalens Datakonsult AB Contributors &Marc.Mutz; &Marc.Mutz.mail; &David.Faure; &David.Faure.mail; &Steffen.Hansen; hansen@kde.org &Matthias.Kalle.Dalheimer; &Matthias.Kalle.Dalheimer.mail; &Jesper.Pedersen; &Jesper.Pedersen.mail; &Daniel.Molkentin; &Daniel.Molkentin.mail; &underFDL; &underGPL; &documentation.index; diff --git a/src/data/org.kde.kleopatra.appdata.xml b/src/data/org.kde.kleopatra.appdata.xml index 52d6ff4ae..0d064fd19 100644 --- a/src/data/org.kde.kleopatra.appdata.xml +++ b/src/data/org.kde.kleopatra.appdata.xml @@ -1,132 +1,132 @@ org.kde.kleopatra.desktop CC0-1.0 GPL-2.0+ Kleopatra كليوپترا Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra Kleopatra xxKleopatraxx Kleopatra Kleopatra Certificate Manager and Unified Crypto GUI مدير شهادات وواجهة رسوميّة موحّدة للتّعمية Upravitelj certifikata i grafičko okruženje za Unified Crypto Gestor de certificats i interfície gràfica d'usuari de criptografia unificada Gestor de certificats i interfície gràfica d'usuari de criptografia unificada Správce certifikátů a rozhraní pro šifrování Certifikathåndtering og forenet krypterings-GUI Zertifikatsverwaltung und einheitliche Oberfläche für Kryptografie Certificate Manager and Unified Crypto GUI Gestor de certificados e interfaz gráfica unificada de cifrado Sertifikaadihaldur ja ühtne krüptimise graafiline kasutajaliides Varmenteiden hallinta ja yhtenäinen salauskäyttöliittymä Gestionnaire de certificats et interface utilisateur unifiée pour le chiffrement Xestor de certificados e interface gráfica unificada de criptografía Tanúsítványkezelő és egységes kriptográfiai kezelőfelület Gerente de certificatos e interfacie unificate de Crypto Gestore di certificati e interfaccia grafica unificata di crittografia 인증서 관리자와 통합된 암호화 GUI Sertifikatbehandler og forent krypto-GUI Zertifikatenpleger un eenheitlich Verslötel-Böversiet Certificaatbeheerder en Unified Crypto GUI Zarządzanie certyfikatami i kryptografią Gestor de Certificados e GUI Unificada de Criptografia Gerenciador de certificados e interface gráfica de criptografia unificada Управление сертификатами и криптографией Správca certifikátov a unifikované šifrovacie grafické rozhranie Upravljalnik potrdil in enoten šifrirni vmesnik Certifikathanterare och enhetligt grafiskt användargränssnitt för krypto Sertifika Yöneticisi ve Birleşik Şifreleme Arayüzü Графічний інтерфейс до засобів керування сертифікатами та універсальних можливостей з шифрування xxCertificate Manager and Unified Crypto GUIxx 证书管理器和统一的密钥操作界面 憑證管理與統一加密介面

Kleopatra is a certificate manager and a universal crypto GUI. It supports managing X.509 and OpenPGP certificates in the GpgSM keybox and retrieving certificates from LDAP servers.

«كليوپترا» هي برمجيّة لإدارة شهادات وواجهة رسوميّة موحّدة للتّعمية. تدعم «كليوپترا» إدارة شهادات X.509 وOpenPGP في صندوق مفاتيح GpgSM، كما وجلب الشّهادات من خواديم LDAP.

El Kleopatra és un gestor de certificats i interfície gràfica d'usuari de criptografia universal. Permet la gestió dels certificats X.509 i OpenPGP a l'anell de claus GpgSM i recupera certificats des de servidors LDAP.

El Kleopatra és un gestor de certificats i interfície gràfica d'usuari de criptografia universal. Permet la gestió dels certificats X.509 i OpenPGP a l'anell de claus GpgSM i recupera certificats des de servidors LDAP.

Kleopatra ist eine Zertifikatsverwaltung und eine universelle Krypto-Oberfläche. Es unterstützt die Verwaltung von X.509- und OpenPGP-Zertifikate im GPGSM-Hilfsprogramm und das Abholen von Zertifikaten von LDAP-Servern.

Kleopatra is a certificate manager and a universal crypto GUI. It supports managing X.509 and OpenPGP certificates in the GpgSM keybox and retrieving certificates from LDAP servers.

Kleopatra es un gestor de certificados e interfaz gráfica universal de cifrado. Reconoce certificados X.509 y OpenPGP en el llavero GpgSM y la recuperación de certificados desde servidores LDAP.

Kleopatra on sertifikaadihaldur ja universaalne krüptimise kasutajaliides. See toetab X.509 ja OpenPGP sertifikaatide haldamist GpgSM võtmekastis ning sertifikaatide hankimist LDAP serveritest.

Kleopatra on varmenteiden hallinta ja yhtenäinen salauskäyttöliittymä. Se tukee X.509- ja OpenPGP-varmenteiden hallintaa GpgSM-avainlaatikossa ja varmenteiden noutoa LDAP-palvelimilta.

Kleopatra est un gestionnaire de certificats et une interface graphique universelle pour les opérations de chiffrement. Il prend en charge la gestion des certificats X.509 et OpenPGP dans le trousseau GpgSM et la réception de certificats depuis des serveurs « LDAP ».

Kleopatra é un xestor de certificados e unha interface gráfica universal de criptografía. Permite xestionar certificados X.509 e OpenPGP na caixa de chaves GpgSM e obter certificados de servidores LDAP.

A Kleopatra egy tanúsítványkezelő és egységes kriptográfiai kezelőfelület. Támogatja az X.509-es és OpenPGP tanúsítványok kezelését a GpgSM kulcsdobozban és tanúsítványok letöltését LDAP kiszolgálókról.

Kleopatra è un gestore di certificati ed un'interfaccia grafica universale per la cifratura. Supporta la gestione di certificati X.509 e OpenPGP nella cassetta delle chiavi di GpgSM ed il recupero di certificati da server LDAP.

Kleopatra는 인증서 관리자와 통합된 범용 암호화 GUI입니다. GpgSM 키 상자에 저장된 X.509 및 OpenPGP 인증서를 관리하고, LDAP 서버에서 인증서를 가져올 수 있습니다.

Kleopatra er en sertifikatbehandler og en universal krypto-brukerflate. Den har støtte for å behandle X.509 og OpenPGP-sertifikater i nøkkelboksen CpgSM, og henter sertifikater fra LDP-tjenere.

Kleopatra is en Zertifikatenpleger un en Böversiet för Verslötelakschonen. Du kannst dor X.509- un OpenPGP-Zertifikaten mit binnen de GpgSM-Slötelkist plegen un Zertifikaten mit vun LDAP-Servers halen.

Kleopatra is een certificaatbeheerder en een universele crypto GUI. Deze ondersteunt het beheer van X.509 en OpenPGP certificaten in de GpgSM sleutelkast en haalt certificaten op van LDAP-servers.

Kleopatra jest programem do zarządzania certyfikatami i uniwersalnym układem sterowania kryptografią. Obsługuje zarządzanie certyfikatami X.509 oraz OpenPGP w skrzynce na klucze GpgSM oraz pobieranie certyfikatów z serwerów LDAP.

O Kleopatra é um gestor de certificados e uma interface de cifra universal. Suporta a gestão de certificados X.509 e do OpenPGP no porta-chaves do GpgSM e a obtenção dos certificados a partir de servidores de LDAP.

Kleopatra é um gerenciador de certificados e uma interface de criptografia universal. Tem suporte a gerenciamento de certificados X.509 e OpenPGP no porta-chaves do GpgSM e obtenção de certificados a partir de servidores LDAP.

Kleopatra — диспетчер сертификатов и универсальный графический интерфейс к криптографическим алгоритмам. Она позволяет управлять сертификатами X.509 и OpenPGP в хранилище ключей GpgSM и получать сертификаты с серверов LDAP.

Kleopatra je správca certifikátov a univerzálne šifrovacie GUI. Podporuje správu X.509 a OpenPGP certifikátov v keyboxe GpgSM a získavanie certifikátov z LDAP serverov.

Kleopatra je upravljalnik potrdil in enoten šifrirni vmesnik. Podpira rokovanje s potrdili X.509 in OpenPGP v zbirki ključev GpgSM in omogoča pridobivanje potrdil iz strežnikov LDAP.

Kleopatra är en certifikathanterare och ett universellt grafiskt användargränssnitt för krypto. Den stöder hantering av X.509- och OpenPGP-certifikat i GpgSM-nyckellådan och att hämta certifikat från LDAP-servrar.

Kleopatra bir sertifika yöneticisi ve birleşik şifreleme arayüzüdür. X.509 ve OpenPGP sertifikalarını GpgSM anahtar kutusunda yönetmeyi ve LDAP sunucularından sertifika getirmeyi destekler.

Kleopatra — графічний інтерфейс засобів керування сертифікатами та шифрування. У програмі передбачено можливості з керування сертифікатами X.509 та OpenPGP у сховищі ключів GpgSM та отримання сертифікатів з серверів LDAP.

xxKleopatra is a certificate manager and a universal crypto GUI. It supports managing X.509 and OpenPGP certificates in the GpgSM keybox and retrieving certificates from LDAP servers.xx

Kleopatra 是一个证书管理器和统一加密图形界面。它可以管理 GpgSM 密钥箱中的 X.509 和 OpenPGP 证书,以及从 LDAP 服务器获取证书。

Kleopatra 是一套憑證管理與通用加密介面。它可以管理 GpgSM keybox 裡的 X.509 與 OpenPGP 憑證,並從 LDAP 伺服器取得憑證。

 https://bugs.kde.org/enter_bug.cgi?format=guided&product=kleopatra - http://docs.kde.org/stable/en/kdepim/kleopatra/index.html + https://docs.kde.org/stable5/en/pim/kleopatra/index.html Certificate overview in Kleopatra Resum del certificat al Kleopatra Resum del certificat al Kleopatra Zertifikats-Übersicht in Kleopatra Certificate overview in Kleopatra Visión general de certificados en Kleopatra Varmenteen yleiskuva Kleopatrassa Resumo de certificado en Kleopatra Panoramica dei certificati in Kleopatra Overzicht van certificaten in Kleopatra Visão geral dos certificados no Kleopatra Certifikatöversikt i Kleopatra Огляд сертифіката у Kleopatra xxCertificate overview in Kleopatraxx http://kde.org/images/screenshots/kleopatra.png KDE kleopatra