summaryrefslogtreecommitdiffstats
path: root/wiki/src/doc/encryption_and_privacy/gpgapplet/decrypt_verify.mdwn
blob: 43ef1e38c6f72eba168ebdb64d5760ac155c6b6f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
[[!meta title="Decrypt or verify a text created using OpenPGP"]]

With <span class="application">Tails gpgApplet</span> you can **decrypt text
that is encrypted using OpenPGP** or **verify text that is signed using
OpenPGP**.

1. Select with the mouse the encrypted text that you want to decrypt or
the signed text that you want to verify. Include the lines “*-----BEGIN
PGP MESSAGE-----*“ and “*-----END PGP MESSAGE-----*”.

   To copy it into the [[!wikipedia Clipboard_(computing)
   desc="clipboard"]], right-click on the selected text and choose <span
   class="guimenuitem">Copy</span> from the menu.

2. If the text that you selected is encrypted, <span
class="application">Tails gpgApplet</span> now shows a padlock, meaning that
the clipboard contains encrypted text.

   [[!img gpgapplet_with_padlock.png link=no alt="Tails gpgApplet with a
   padlock"]]

   If the text that you selected is only signed, but not encrypted,
   <span class="application">Tails gpgApplet</span> now shows a seal, meaning
   that the clipboard contains signed text.

   [[!img gpgapplet_with_seal.png link=no alt="Tails gpgApplet with a seal"]]

3. Click on <span class="application">Tails gpgApplet</span> and select <span
class="guimenuitem">Decrypt/Verify Clipboard</span> from the menu.

4. If the text that you selected is only signed and the signature is
valid, the <span class="guilabel">GnuPG results</span> window described
in step 6 appears directly.

   If the text is signed and the signature is invalid, a <span
   class="guilabel">GnuPG error</span> message appears that mentions
   <span class="guilabel">BAD signature from…</span>.

   If the text is encrypted with a passphrase, the <span
   class="guilabel">Enter passphrase</span> dialog box appears.  Enter
   the passphrase that has been used to encrypt the text and click <span
   class="guilabel">OK</span>.

   If the text is encrypted using public-key cryptography, three different
   dialog boxes can appear.

   a. If the passphrase for the corresponding private key is not already cached
   in memory, a dialog box appears with the following message: <span
   class="guilabel">You need a passphrase to unlock the secret key for
   user</span>. Enter the passphrase for this secret key and click <span
   class="guilabel">OK</span>.

   b. If the passphrase for the corresponding secret key is already cached in
   memory, a dialog box appears with the following message: <span
   class="guilabel">The passphrase is cached in memory</span>. Click on the
   <span class="guilabel">Authorize</span> button to use the passphrase
   cached in memory.

   c. If no secret key for which the text is encrypted is available in
   your keyring, a GnuPG error message appears that mentions <span
   class="guilabel">decryption failed: secret key not available</span>.

5. If the passphrase provided in step 4 is incorrect, a <span
class="guilabel">GnuPG error</span> message appears that mentions <span
class="guilabel">decryption failed: bad key</span>.

6. If the passphrase provided in step 4 is correct, or if the signature
of the text is valid, or both, a <span class="guilabel">GnuPG
results</span> window appears.

   The decrypted text appears in the <span class="guilabel">Output of GnuPG</span> text box.

   In the <span class="guilabel">Other messages provided by GnuPG</span>
   text box, the message <span class="guilabel">Good signature
   from…</span>, which confirms that the signature of the text is valid.