From 2f5e1cdd2d92955800b2d0c479eee9515de1daf4 Mon Sep 17 00:00:00 2001 From: TLINDEN Date: Mon, 4 Nov 2013 13:47:08 +0100 Subject: [PATCH] updated manpage+readme --- README.pod | 7 +++++-- README.txt | 7 +++++-- man/Makefile.in | 2 +- man/details.pod | 14 ++++++++++++++ man/pcp.pod | 7 +++++-- man/pcp1.1 | 22 +++++++++++++++++++--- man/pcp1.pod | 21 +++++++++++++++++++-- 7 files changed, 68 insertions(+), 12 deletions(-) diff --git a/README.pod b/README.pod index 5924ef2..99a3389 100644 --- a/README.pod +++ b/README.pod @@ -26,10 +26,13 @@ First, both have create a secret key: After entering their name, email address and a passphrase to protect the key, it will be stored in their B (by default ~/.pcpvault). -Now, both of them have to export the public key part of their key: +Now, both of them have to export the public key, which has to be +imported by the other one. With B you can export the public +part of your primary key, but the better solution is to export +a derived public key especially for the recipient: Alicia Bobby - pcp1 -p -O alicia.pub pcp1 -p -O bobby.pub + pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub They've to exchange the public key somehow (which is not my problem at the moment, use ssh, encrypted mail, whatever). Once exchanged, diff --git a/README.txt b/README.txt index 41eac40..6a1f606 100644 --- a/README.txt +++ b/README.txt @@ -24,10 +24,13 @@ QUICKSTART After entering their name, email address and a passphrase to protect the key, it will be stored in their vault file (by default ~/.pcpvault). - Now, both of them have to export the public key part of their key: + Now, both of them have to export the public key, which has to be + imported by the other one. With pcp you can export the public part of + your primary key, but the better solution is to export a derived public + key especially for the recipient: Alicia Bobby - pcp1 -p -O alicia.pub pcp1 -p -O bobby.pub + pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub They've to exchange the public key somehow (which is not my problem at the moment, use ssh, encrypted mail, whatever). Once exchanged, they diff --git a/man/Makefile.in b/man/Makefile.in index 95e07f7..7824e6e 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.12.6 from Makefile.am. +# Makefile.in generated by automake 1.12.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2012 Free Software Foundation, Inc. diff --git a/man/details.pod b/man/details.pod index a3bc2c4..43e807f 100644 --- a/man/details.pod +++ b/man/details.pod @@ -28,6 +28,20 @@ this writing I'm not sure if this was a good idea>). If you just want to know details about a key or the vault, use the B<-t> option. +=head2 Derived Public Keys + +In the real world you would not use your primary key to encrypt +messages, because this would require to send the public key part +to your recipient in one way or another. The much better and more +secure way is to use a B: + +Such a key will be dynamically generated from a hash of your +primary secret key and the recipient (an email address, name or key id). +The public part of this dynamic key will be exported and sent to +the recipient. A public key generated this way will only be usable +by the recipient (and yourself) and each recipient will have a different +public key from you (and vice versa). + =head1 INTERNALS FIXME. diff --git a/man/pcp.pod b/man/pcp.pod index 8940bad..0b85699 100644 --- a/man/pcp.pod +++ b/man/pcp.pod @@ -26,10 +26,13 @@ First, both have create a secret key: After entering their name, email address and a passphrase to protect the key, it will be stored in their B (by default ~/.pcpvault). -Now, both of them have to export the public key part of their key: +Now, both of them have to export the public key, which has to be +imported by the other one. With B you can export the public +part of your primary key, but the better solution is to export +a derived public key especially for the recipient: Alicia Bobby - pcp1 -p -O alicia.pub pcp1 -p -O bobby.pub + pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub They've to exchange the public key somehow (which is not my problem at the moment, use ssh, encrypted mail, whatever). Once exchanged, diff --git a/man/pcp1.1 b/man/pcp1.1 index 7871ab2..74d24d6 100644 --- a/man/pcp1.1 +++ b/man/pcp1.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== @@ -233,11 +233,14 @@ First, both have create a secret key: After entering their name, email address and a passphrase to protect the key, it will be stored in their \fBvault file\fR (by default ~/.pcpvault). .PP -Now, both of them have to export the public key part of their key: +Now, both of them have to export the public key, which has to be +imported by the other one. With \fBpcp\fR you can export the public +part of your primary key, but the better solution is to export +a derived public key especially for the recipient: .PP .Vb 2 \& Alicia Bobby -\& pcp1 \-p \-O alicia.pub pcp1 \-p \-O bobby.pub +\& pcp1 \-p \-r Bobby \-O alicia.pub pcp1 \-p \-r Alicia \-O bobby.pub .Ve .PP They've to exchange the public key somehow (which is not my @@ -309,6 +312,19 @@ this writing I'm not sure if this was a good idea\fR). .PP If you just want to know details about a key or the vault, use the \&\fB\-t\fR option. +.SS "Derived Public Keys" +.IX Subsection "Derived Public Keys" +In the real world you would not use your primary key to encrypt +messages, because this would require to send the public key part +to your recipient in one way or another. The much better and more +secure way is to use a \fBDerived Public Key\fR: +.PP +Such a key will be dynamically generated from a hash of your +primary secret key and the recipient (an email address, name or key id). +The public part of this dynamic key will be exported and sent to +the recipient. A public key generated this way will only be usable +by the recipient (and yourself) and each recipient will have a different +public key from you (and vice versa). .SH "INTERNALS" .IX Header "INTERNALS" \&\s-1FIXME\s0. diff --git a/man/pcp1.pod b/man/pcp1.pod index 9c39423..df330a1 100644 --- a/man/pcp1.pod +++ b/man/pcp1.pod @@ -105,10 +105,13 @@ First, both have create a secret key: After entering their name, email address and a passphrase to protect the key, it will be stored in their B (by default ~/.pcpvault). -Now, both of them have to export the public key part of their key: +Now, both of them have to export the public key, which has to be +imported by the other one. With B you can export the public +part of your primary key, but the better solution is to export +a derived public key especially for the recipient: Alicia Bobby - pcp1 -p -O alicia.pub pcp1 -p -O bobby.pub + pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub They've to exchange the public key somehow (which is not my problem at the moment, use ssh, encrypted mail, whatever). Once exchanged, @@ -175,6 +178,20 @@ this writing I'm not sure if this was a good idea>). If you just want to know details about a key or the vault, use the B<-t> option. +=head2 Derived Public Keys + +In the real world you would not use your primary key to encrypt +messages, because this would require to send the public key part +to your recipient in one way or another. The much better and more +secure way is to use a B: + +Such a key will be dynamically generated from a hash of your +primary secret key and the recipient (an email address, name or key id). +The public part of this dynamic key will be exported and sent to +the recipient. A public key generated this way will only be usable +by the recipient (and yourself) and each recipient will have a different +public key from you (and vice versa). + =head1 INTERNALS FIXME.