diff options
Diffstat (limited to 'OpenKeychain/src/main/res/raw')
-rw-r--r-- | OpenKeychain/src/main/res/raw/help_about.html | 53 | ||||
-rw-r--r-- | OpenKeychain/src/main/res/raw/help_about.md | 46 | ||||
-rw-r--r-- | OpenKeychain/src/main/res/raw/help_certification.html | 32 | ||||
-rw-r--r-- | OpenKeychain/src/main/res/raw/help_certification.md | 28 | ||||
-rw-r--r-- | OpenKeychain/src/main/res/raw/help_changelog.html | 278 | ||||
-rw-r--r-- | OpenKeychain/src/main/res/raw/help_changelog.md | 269 | ||||
-rw-r--r-- | OpenKeychain/src/main/res/raw/help_faq.md | 126 | ||||
-rw-r--r-- | OpenKeychain/src/main/res/raw/help_start.html | 27 | ||||
-rw-r--r-- | OpenKeychain/src/main/res/raw/help_start.md | 16 |
9 files changed, 485 insertions, 390 deletions
diff --git a/OpenKeychain/src/main/res/raw/help_about.html b/OpenKeychain/src/main/res/raw/help_about.html deleted file mode 100644 index 6c034cc21..000000000 --- a/OpenKeychain/src/main/res/raw/help_about.html +++ /dev/null @@ -1,53 +0,0 @@ -<!-- Maintain structure with headings with h2 tags and content with p tags. -This makes it easy to translate the values with transifex! -And don't add newlines before or after p tags because of transifex --> -<html> -<head> -</head> -<body> -<p><a href="http://www.openkeychain.org">http://www.openkeychain.org</a></p> -<p><a href="http://www.openkeychain.org">OpenKeychain</a> is an OpenPGP implementation for Android.</p> -<p>License: GPLv3+</p> - -<h2>Developers</h2> -<ul> -<li>Dominik Schürmann (Maintainer)</li> -<li>Art O Cathain</li> -<li>Ash Hughes</li> -<li>Brian C. Barnes</li> -<li>Bahtiar 'kalkin' Gadimov</li> -<li>Daniel Albert -<li>Daniel Hammann</li> -<li>Daniel Haß</li> -<li>Greg Witczak</li> -<li>'mar-v-in'</li> -<li>Markus Doits</li> -<li>Miroojin Bakshi</li> -<li>Nikhil Peter Raj</li> -<li>Paul Sarbinowski</li> -<li>'Senecaso'</li> -<li>Signe Rüsch</li> -<li>Sreeram Boyapati</li> -<li>Thialfihar (APG 1.x)</li> -<li>Tim Bray</li> -<li>Vincent Breitmoser</li> -</ul> - -<h2>Libraries</h2> -<ul> -<li><a href="http://rtyley.github.com/spongycastle/">SpongyCastle</a> (MIT X11 License)</li> -<li><a href="https://github.com/SafeSlingerProject/exchange-android">SafeSlinger Exchange library</a> (MIT License)</li> -<li><a href="http://developer.android.com/tools/support-library/index.html">Android Support Libraries</a> (Apache License v2)</li> -<li><a href="https://github.com/timbray/KeybaseLib">KeybaseLib</a> (Apache License v2)</li> -<li><a href="https://github.com/splitwise/TokenAutoComplete">TokenAutoComplete</a> (Apache License v2)</li> -<li><a href="https://github.com/rtreffer/minidns">MiniDNS</a> (Apache License v2)</li> -<li><a href="https://github.com/emilsjolander/StickyListHeaders">StickyListHeaders</a> (Apache License v2)</li> -<li><a href="https://github.com/zxing/zxing">ZXing</a> (Apache License v2)</li> -<li><a href="https://github.com/journeyapps/zxing-android-embedded">ZXing Android Minimal</a> (Apache License v2)</li> -<li><a href="https://github.com/jpardogo/PagerSlidingTabStrip">PagerSlidingTabStrip (Material Design)</a> (Apache License v2)</li> -<li><a href="https://github.com/neokree/MaterialNavigationDrawer">MaterialNavigationDrawer</a> (Apache License v2)</li> -<li><a href="https://github.com/nispok/snackbar">Snackbar</a> (MIT License)</li> -<li><a href="https://github.com/futuresimple/android-floating-action-button">FloatingActionButton</a> (Apache License v2)</li> -</ul> -</body> -</html> diff --git a/OpenKeychain/src/main/res/raw/help_about.md b/OpenKeychain/src/main/res/raw/help_about.md new file mode 100644 index 000000000..4b51c1695 --- /dev/null +++ b/OpenKeychain/src/main/res/raw/help_about.md @@ -0,0 +1,46 @@ +[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!) + +[http://www.openkeychain.org](http://www.openkeychain.org) + +[OpenKeychain](http://www.openkeychain.org) is an OpenPGP implementation for Android. + +License: GPLv3+ + +## Developers + * Dominik Schürmann (Maintainer) + * Art O Cathain + * Ash Hughes + * Brian C. Barnes + * Bahtiar 'kalkin' Gadimov + * Daniel Albert + * Daniel Hammann + * Daniel Haß + * Greg Witczak + * 'mar-v-in' + * Markus Doits + * Miroojin Bakshi + * Nikhil Peter Raj + * Paul Sarbinowski + * 'Senecaso' + * Signe Rüsch + * Sreeram Boyapati + * Thialfihar (APG 1.x) + * Tim Bray + * Vincent Breitmoser + +## Libraries + * [SpongyCastle](http://rtyley.github.com/spongycastle/) (MIT X11 License) + * [SafeSlinger Exchange library](https://github.com/SafeSlingerProject/exchange-android) (MIT License) + * [Android Support Libraries](http://developer.android.com/tools/support-library/index.html) (Apache License v2) + * [KeybaseLib](https://github.com/timbray/KeybaseLib) (Apache License v2) + * [TokenAutoComplete](https://github.com/splitwise/TokenAutoComplete) (Apache License v2) + * [MiniDNS](https://github.com/rtreffer/minidns) (Apache License v2) + * [StickyListHeaders](https://github.com/emilsjolander/StickyListHeaders) (Apache License v2) + * [ZXing](https://github.com/zxing/zxing) (Apache License v2) + * [ZXing Android Minimal](https://github.com/journeyapps/zxing-android-embedded) (Apache License v2) + * [PagerSlidingTabStrip](https://github.com/jpardogo/PagerSlidingTabStrip) (Material Design)</a> (Apache License v2) + * [MaterialNavigationDrawer](https://github.com/neokree/MaterialNavigationDrawer) (Apache License v2) + * [Snackbar](https://github.com/nispok/snackbar) (MIT License) + * [FloatingActionButton](https://github.com/futuresimple/android-floating-action-button) (Apache License v2) + * [HtmlTextView](https://github.com/dschuermann/html-textview) (Apache License v2) + * [Markdown4J](https://github.com/jdcasey/markdown4j) (Apache License v2) diff --git a/OpenKeychain/src/main/res/raw/help_certification.html b/OpenKeychain/src/main/res/raw/help_certification.html deleted file mode 100644 index d4aff1ad7..000000000 --- a/OpenKeychain/src/main/res/raw/help_certification.html +++ /dev/null @@ -1,32 +0,0 @@ -<!-- Maintain structure with headings with h2 tags and content with p tags. -This makes it easy to translate the values with transifex! -And don't add newlines before or after p tags because of transifex --> -<html> -<head> -</head> -<body> - -<h2>Key Confirmation</h2> -Without confirmation, you cannot be sure if a key really corresponds to a specific person. -The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC. -To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys. - -<h2>Key Status</h2> -<p><img src="status_signature_verified_cutout_24dp"/><br/>Confirmed: You have already confirmed this key, e.g., by scanning the QR Code. -<br/><img src="status_signature_unverified_cutout_24dp"/><br/>Unconfirmed: This key has not been confirmed yet. You cannot be sure if the key really corresponds to a specific person. -<br/><img src="status_signature_expired_cutout_24dp"/><br/>Expired: This key is no longer valid. Only the owner can extend its validity. -<br/><img src="status_signature_revoked_cutout_24dp"/><br/>Revoked: This key is no longer valid. It has been revoked by its owner.</p> - -<h2>Advanced Information</h2> -<p>A "key confirmation" in OpenKeychain is implemented by creating a certification according to the OpenPGP standard. -This certification is a <a href="http://tools.ietf.org/html/rfc4880#section-5.2.1">"generic certification (0x10)"</a> described in the standard by: -"The issuer of this certification does not make any particular assertion as to how well the certifier has checked that the owner of the key is in fact the person described by the User ID."</p> - -<p>Traditionally, certifications (also with higher certification levels, such as "positive certifications" (0x13)) are organized in OpenPGP's Web of Trust. -Our model of key confirmation is a much simpler concept to avoid common usability problems related to this Web of Trust. -We assume that keys are verified only to a certain degree that is still usable enough to be executed "on the go". -We also do not implement (potentially transitive) trust signatures or an ownertrust database like in GnuPG. -Furthermore, keys which contain at least one user ID certified by a trusted key will be marked as "confirmed" in the key listings.</p> - -</body> -</html> diff --git a/OpenKeychain/src/main/res/raw/help_certification.md b/OpenKeychain/src/main/res/raw/help_certification.md new file mode 100644 index 000000000..3518adf73 --- /dev/null +++ b/OpenKeychain/src/main/res/raw/help_certification.md @@ -0,0 +1,28 @@ +[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!) + +## Key Confirmation +Without confirmation, you cannot be sure if a key really corresponds to a specific person. +The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC. +To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys. + +## Key Status + +<img src="status_signature_verified_cutout_24dp"/> +Confirmed: You have already confirmed this key, e.g., by scanning the QR Code. +<img src="status_signature_unverified_cutout_24dp"/> +Unconfirmed: This key has not been confirmed yet. You cannot be sure if the key really corresponds to a specific person. +<img src="status_signature_expired_cutout_24dp"/> +Expired: This key is no longer valid. Only the owner can extend its validity. +<img src="status_signature_revoked_cutout_24dp"/> +Revoked: This key is no longer valid. It has been revoked by its owner. + +## Advanced Information +A "key confirmation" in OpenKeychain is implemented by creating a certification according to the OpenPGP standard. +This certification is a ["generic certification (0x10)"](http://tools.ietf.org/html/rfc4880#section-5.2.1) described in the standard by: +"The issuer of this certification does not make any particular assertion as to how well the certifier has checked that the owner of the key is in fact the person described by the User ID." + +Traditionally, certifications (also with higher certification levels, such as "positive certifications" (0x13)) are organized in OpenPGP's Web of Trust. +Our model of key confirmation is a much simpler concept to avoid common usability problems related to this Web of Trust. +We assume that keys are verified only to a certain degree that is still usable enough to be executed "on the go". +We also do not implement (potentially transitive) trust signatures or an ownertrust database like in GnuPG. +Furthermore, keys which contain at least one user ID certified by a trusted key will be marked as "confirmed" in the key listings.
\ No newline at end of file diff --git a/OpenKeychain/src/main/res/raw/help_changelog.html b/OpenKeychain/src/main/res/raw/help_changelog.html deleted file mode 100644 index dcc626feb..000000000 --- a/OpenKeychain/src/main/res/raw/help_changelog.html +++ /dev/null @@ -1,278 +0,0 @@ -<!-- Maintain structure with headings with h2 tags and content with p tags. -This makes it easy to translate the values with transifex! -And don't add newlines before or after p tags because of transifex --> -<html> -<head> -</head> -<body> - -<h2>3.2beta2</h2> -<ul> -<li>Material design</li> -<li>Integration of QR Scanner (New permissions required)</li> -<li>Improved key creation wizard</li> -<li>Fix missing contacts after sync</li> -<li>Requires Android 4</li> -<li>Redesigned key screen</li> -<li>Simplify crypto preferences, better selection of secure ciphers</li> -<li>API: Detached signatures, free selection of signing key,...</li> -<li>Fix: Some valid keys were shown revoked or expired</li> -<li>Don't accept signatures by expired or revoked subkeys</li> -<li>Keybase.io support in advanced view</li> -</ul> - -<h2>3.1.2</h2> -<ul> -<li>Fix key export to files (now for real)</li> -</ul> - -<h2>3.1.1</h2> -<ul> -<li>Fix key export to files (they were written partially)</li> -<li>Fix crash on Android 2.3</li> -</ul> - -<h2>3.1</h2> -<ul> -<li>Fix crash on Android 5</li> -<li>New certify screen</li> -<li>Secure Exchange directly from key list (SafeSlinger library)</li> -<li>New QR Code program flow</li> -<li>Redesigned decrypt screen</li> -<li>New icon usage and colors</li> -<li>Fix import of secret keys from Symantec Encryption Desktop</li> -<li>Subkey IDs on Yubikeys are now checked correctly</li> -</ul> - -<h2>3.0.1</h2> -<ul> -<li>Better handling of large key imports</li> -<li>Improved subkey selection</li> -</ul> - -<h2>3.0</h2> -<ul> -<li>Full support for Yubikey signature generation and decryption!</li> -<li>Propose installable compatible apps in apps list</li> -<li>New design for decryption screens</li> -<li>Many fixes for key import, also fixes stripped keys</li> -<li>Honor and display key authenticate flags</li> -<li>User interface to generate custom keys</li> -<li>Fixing user id revocation certificates</li> -<li>New cloud search (searches over traditional keyservers and keybase.io)</li> -<li>Support for stripping keys inside OpenKeychain</li> -</ul> - -<h2>2.9.2</h2> -<ul> -<li>Fix keys broken in 2.9.1</li> -<li>Yubikey decryption now working via API</li> -</ul> - -<h2>2.9.1</h2> -<ul> -<li>Split encrypt screen into two</li> -<li>Fix key flags handling (now supporting Mailvelope 0.7 keys)</li> -<li>Improved passphrase handling</li> -<li>Key sharing via SafeSlinger</li> -<li>Yubikey: preference to allow other PINs, currently only signing via the OpenPGP API works, not inside of OpenKeychain</li> -<li>Fix usage of stripped keys</li> -<li>SHA256 as default for compatibility</li> -<li>Intent API has changed, see https://github.com/open-keychain/open-keychain/wiki/Intent-API</li> -<li>OpenPGP API now handles revoked/expired keys and returns all user ids</li> -</ul> - -<h2>2.9</h2> -<ul> -<li>Fixing crashes introduced in v2.8</li> -<li>Experimental ECC support</li> -<li>Experimental Yubikey support (signing-only with imported keys)</li> -</ul> - -<h2>2.8</h2> -<ul> -<li>So many bugs have been fixed in this release that we focus on the main new features</li> -<li>Key edit: awesome new design, key revocation</li> -<li>Key import: awesome new design, secure keyserver connections via hkps, keyserver resolving via DNS SRV records</li> -<li>New first time screen</li> -<li>New key creation screen: autocompletion of name and email based on your personal Android accounts</li> -<li>File encryption: awesome new design, support for encrypting multiple files</li> -<li>New icons to show status of key (by Brennan Novak)</li> -<li>Important bug fix: Importing of large key collections from a file is now possible</li> -<li>Notification showing cached passphrases</li> -<li>Keys are connected to Android's contacts</li> -</ul> -<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p> - -<h2>2.7</h2> -<ul> -<li>Purple! (Dominik, Vincent)</li> -<li>New key view design (Dominik, Vincent)</li> -<li>New flat Android buttons (Dominik, Vincent)</li> -<li>API fixes (Dominik)</li> -<li>Keybase.io import (Tim Bray)</li> -</ul> - -<h2>2.6.1</h2> -<ul> -<li>Some fixes for regression bugs</li> -</ul> - -<h2>2.6</h2> -<ul> -<li>Key certifications (thanks to Vincent Breitmoser)</li> -<li>Support for GnuPG partial secret keys (thanks to Vincent Breitmoser)</li> -<li>New design for signature verification</li> -<li>Custom key length (thanks to Greg Witczak)</li> -<li>Fix share-functionality from other apps</li> -</ul> - -<h2>2.5</h2> -<ul> -<li>Fix decryption of symmetric OpenPGP messages/files</li> -<li>Refactored key edit screen (thanks to Ash Hughes)</li> -<li>New modern design for encrypt/decrypt screens</li> -<li>OpenPGP API version 3 (multiple api accounts, internal fixes, key lookup)</li> -</ul> - -<h2>2.4</h2> -<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free! -Besides several small patches, a notable number of patches are made by the following people (in alphabetical order): -Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p> -<ul> -<li>New unified key list</li> -<li>Colorized key fingerprint</li> -<li>Support for keyserver ports</li> -<li>Deactivate possibility to generate weak keys</li> -<li>Much more internal work on the API</li> -<li>Certify user ids</li> -<li>Keyserver query based on machine-readable output</li> -<li>Lock navigation drawer on tablets</li> -<li>Suggestions for emails on creation of keys</li> -<li>Search in public key lists</li> -<li>And much more improvements and fixes…</li> -</ul> - -<h2>2.3.1</h2> -<ul> -<li>Hotfix for crash when upgrading from old versions</li> -</ul> - -<h2>2.3</h2> -<ul> -<li>Remove unnecessary export of public keys when exporting secret key (thanks to Ash Hughes)</li> -<li>Fix setting expiry dates on keys (thanks to Ash Hughes)</li> -<li>More internal fixes when editing keys (thanks to Ash Hughes)</li> -<li>Querying keyservers directly from the import screen</li> -<li>Fix layout and dialog style on Android 2.2-3.0</li> -<li>Fix crash on keys with empty user ids</li> -<li>Fix crash and empty lists when coming back from signing screen</li> -<li>Bouncy Castle (cryptography library) updated from 1.47 to 1.50 and build from source</li> -<li>Fix upload of key from signing screen</li> -</ul> - -<h2>2.2</h2> -<ul> -<li>New design with navigation drawer</li> -<li>New public key list design</li> -<li>New public key view</li> -<li>Bug fixes for importing of keys</li> -<li>Key cross-certification (thanks to Ash Hughes)</li> -<li>Handle UTF-8 passwords properly (thanks to Ash Hughes)</li> -<li>First version with new languages (thanks to the contributors on Transifex)</li> -<li>Sharing of keys via QR Codes fixed and improved</li> -<li>Package signature verification for API</li> -</ul> - -<h2>2.1.1</h2> -<ul> -<li>API Updates, preparation for K-9 Mail integration</li> -</ul> - -<h2>2.1</h2> -<ul> -<li>Lots of bug fixes</li> -<li>New API for developers</li> -<li>PRNG bug fix by Google</li> -</ul> - -<h2>2.0</h2> -<ul> -<li>Complete redesign</li> -<li>Share public keys via QR codes, NFC beam</li> -<li>Sign keys</li> -<li>Upload keys to server</li> -<li>Fixes import issues</li> -<li>New AIDL API</li> -</ul> - -<h2>1.0.8</h2> -<ul> -<li>Basic keyserver support</li> -<li>App2sd</li> -<li>More choices for passphrase cache: 1, 2, 4, 8, hours</li> -<li>Translations: Norwegian (thanks, Sander Danielsen), Chinese (thanks, Zhang Fredrick)</li> -<li>Bugfixes</li> -<li>Optimizations</li> -</ul> - -<h2>1.0.7</h2> -<ul> -<li>Fixed problem with signature verification of texts with trailing newline</li> -<li>More options for passphrase cache time to live (20, 40, 60 mins)</li> -</ul> - -<h2>1.0.6</h2> -<ul> -<li>Account adding crash on Froyo fixed</li> -<li>Secure file deletion</li> -<li>Option to delete key file after import</li> -<li>Stream encryption/decryption (gallery, etc.)</li> -<li>New options (language, force v3 signatures)</li> -<li>Interface changes</li> -<li>Bugfixes</li> -</ul> - -<h2>1.0.5</h2> -<ul> -<li>German and Italian translation</li> -<li>Much smaller package, due to reduced BC sources</li> -<li>New preferences GUI</li> -<li>Layout adjustment for localization</li> -<li>Signature bugfix</li> -</ul> - -<h2>1.0.4</h2> -<ul> -<li>Fixed another crash caused by some SDK bug with query builder</li> -</ul> - -<h2>1.0.3</h2> -<ul> -<li>Fixed crashes during encryption/signing and possibly key export</li> -</ul> - -<h2>1.0.2</h2> -<ul> -<li>Filterable key lists</li> -<li>Smarter pre-selection of encryption keys</li> -<li>New Intent handling for VIEW and SEND, allows files to be encrypted/decrypted out of file managers</li> -<li>Fixes and additional features (key preselection) for K-9 Mail, new beta build available</li> -</ul> - -<h2>1.0.1</h2> -<ul> -<li>GMail account listing was broken in 1.0.0, fixed again</li> -</ul> - -<h2>1.0.0</h2> -<ul> -<li>K-9 Mail integration, APG supporting beta build of K-9 Mail</li> -<li>Support of more file managers (including ASTRO)</li> -<li>Slovenian translation</li> -<li>New database, much faster, less memory usage</li> -<li>Defined Intents and content provider for other apps</li> -<li>Bugfixes</li> -</ul> -</body> -</html>
\ No newline at end of file diff --git a/OpenKeychain/src/main/res/raw/help_changelog.md b/OpenKeychain/src/main/res/raw/help_changelog.md new file mode 100644 index 000000000..18203b1c5 --- /dev/null +++ b/OpenKeychain/src/main/res/raw/help_changelog.md @@ -0,0 +1,269 @@ +[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!) + +## 3.2beta2 + + * Material design + * Integration of QR Scanner (New permissions required) + * Improved key creation wizard + * Fix missing contacts after sync + * Requires Android 4 + * Redesigned key screen + * Simplify crypto preferences, better selection of secure ciphers + * API: Detached signatures, free selection of signing key,... + * Fix: Some valid keys were shown revoked or expired + * Don't accept signatures by expired or revoked subkeys + * Keybase.io support in advanced view + + +## 3.1.2 + + * Fix key export to files (now for real) + + +## 3.1.1 + + * Fix key export to files (they were written partially) + * Fix crash on Android 2.3 + + +## 3.1 + + * Fix crash on Android 5 + * New certify screen + * Secure Exchange directly from key list (SafeSlinger library) + * New QR Code program flow + * Redesigned decrypt screen + * New icon usage and colors + * Fix import of secret keys from Symantec Encryption Desktop + * Subkey IDs on Yubikeys are now checked correctly + + +## 3.0.1 + + * Better handling of large key imports + * Improved subkey selection + + +## 3.0 + + * Full support for Yubikey signature generation and decryption! + * Propose installable compatible apps in apps list + * New design for decryption screens + * Many fixes for key import, also fixes stripped keys + * Honor and display key authenticate flags + * User interface to generate custom keys + * Fixing user id revocation certificates + * New cloud search (searches over traditional keyservers and keybase.io) + * Support for stripping keys inside OpenKeychain + + +## 2.9.2 + + * Fix keys broken in 2.9.1 + * Yubikey decryption now working via API + + +## 2.9.1 + + * Split encrypt screen into two + * Fix key flags handling (now supporting Mailvelope 0.7 keys) + * Improved passphrase handling + * Key sharing via SafeSlinger + * Yubikey: preference to allow other PINs, currently only signing via the OpenPGP API works, not inside of OpenKeychain + * Fix usage of stripped keys + * SHA256 as default for compatibility + * Intent API has changed, see https://github.com/open-keychain/open-keychain/wiki/Intent-API + * OpenPGP API now handles revoked/expired keys and returns all user ids + + +## 2.9 + + * Fixing crashes introduced in v2.8 + * Experimental ECC support + * Experimental Yubikey support (signing-only with imported keys) + + +## 2.8 + + * So many bugs have been fixed in this release that we focus on the main new features + * Key edit: awesome new design, key revocation + * Key import: awesome new design, secure keyserver connections via hkps, keyserver resolving via DNS SRV records + * New first time screen + * New key creation screen: autocompletion of name and email based on your personal Android accounts + * File encryption: awesome new design, support for encrypting multiple files + * New icons to show status of key (by Brennan Novak) + * Important bug fix: Importing of large key collections from a file is now possible + * Notification showing cached passphrases + * Keys are connected to Android's contacts + +This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar + +## 2.7 + + * Purple! (Dominik, Vincent) + * New key view design (Dominik, Vincent) + * New flat Android buttons (Dominik, Vincent) + * API fixes (Dominik) + * Keybase.io import (Tim Bray) + + +## 2.6.1 + + * Some fixes for regression bugs + + +## 2.6 + + * Key certifications (thanks to Vincent Breitmoser) + * Support for GnuPG partial secret keys (thanks to Vincent Breitmoser) + * New design for signature verification + * Custom key length (thanks to Greg Witczak) + * Fix share-functionality from other apps + + +## 2.5 + + * Fix decryption of symmetric OpenPGP messages/files + * Refactored key edit screen (thanks to Ash Hughes) + * New modern design for encrypt/decrypt screens + * OpenPGP API version 3 (multiple api accounts, internal fixes, key lookup) + + +## 2.4 +Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free! +Besides several small patches, a notable number of patches are made by the following people (in alphabetical order): +Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser. + + * New unified key list + * Colorized key fingerprint + * Support for keyserver ports + * Deactivate possibility to generate weak keys + * Much more internal work on the API + * Certify user ids + * Keyserver query based on machine-readable output + * Lock navigation drawer on tablets + * Suggestions for emails on creation of keys + * Search in public key lists + * And much more improvements and fixes… + + +## 2.3.1 + + * Hotfix for crash when upgrading from old versions + + +## 2.3 + + * Remove unnecessary export of public keys when exporting secret key (thanks to Ash Hughes) + * Fix setting expiry dates on keys (thanks to Ash Hughes) + * More internal fixes when editing keys (thanks to Ash Hughes) + * Querying keyservers directly from the import screen + * Fix layout and dialog style on Android 2.2-3.0 + * Fix crash on keys with empty user ids + * Fix crash and empty lists when coming back from signing screen + * Bouncy Castle (cryptography library) updated from 1.47 to 1.50 and build from source + * Fix upload of key from signing screen + + +## 2.2 + + * New design with navigation drawer + * New public key list design + * New public key view + * Bug fixes for importing of keys + * Key cross-certification (thanks to Ash Hughes) + * Handle UTF-8 passwords properly (thanks to Ash Hughes) + * First version with new languages (thanks to the contributors on Transifex) + * Sharing of keys via QR Codes fixed and improved + * Package signature verification for API + + +## 2.1.1 + + * API Updates, preparation for K-9 Mail integration + + +## 2.1 + + * Lots of bug fixes + * New API for developers + * PRNG bug fix by Google + + +## 2.0 + + * Complete redesign + * Share public keys via QR codes, NFC beam + * Sign keys + * Upload keys to server + * Fixes import issues + * New AIDL API + + +## 1.0.8 + + * Basic keyserver support + * App2sd + * More choices for passphrase cache: 1, 2, 4, 8, hours + * Translations: Norwegian (thanks, Sander Danielsen), Chinese (thanks, Zhang Fredrick) + * Bugfixes + * Optimizations + + +## 1.0.7 + + * Fixed problem with signature verification of texts with trailing newline + * More options for passphrase cache time to live (20, 40, 60 mins) + + +## 1.0.6 + + * Account adding crash on Froyo fixed + * Secure file deletion + * Option to delete key file after import + * Stream encryption/decryption (gallery, etc.) + * New options (language, force v3 signatures) + * Interface changes + * Bugfixes + + +## 1.0.5 + + * German and Italian translation + * Much smaller package, due to reduced BC sources + * New preferences GUI + * Layout adjustment for localization + * Signature bugfix + + +## 1.0.4 + + * Fixed another crash caused by some SDK bug with query builder + + +## 1.0.3 + + * Fixed crashes during encryption/signing and possibly key export + + +## 1.0.2 + + * Filterable key lists + * Smarter pre-selection of encryption keys + * New Intent handling for VIEW and SEND, allows files to be encrypted/decrypted out of file managers + * Fixes and additional features (key preselection) for K-9 Mail, new beta build available + + +## 1.0.1 + + * GMail account listing was broken in 1.0.0, fixed again + + +## 1.0.0 + + * K-9 Mail integration, APG supporting beta build of K-9 Mail + * Support of more file managers (including ASTRO) + * Slovenian translation + * New database, much faster, less memory usage + * Defined Intents and content provider for other apps + * Bugfixes diff --git a/OpenKeychain/src/main/res/raw/help_faq.md b/OpenKeychain/src/main/res/raw/help_faq.md new file mode 100644 index 000000000..049d040e1 --- /dev/null +++ b/OpenKeychain/src/main/res/raw/help_faq.md @@ -0,0 +1,126 @@ +[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!) + +# Frequently Asked Questions + +## Are my secret keys safe on my mobile device? + +This is a very common question, and it's not an easy one. In the end it comes down to how much you trust your mobile device. +The real question usually isn't, "how safe are they", but rather "are they less safe than on my laptop"? The answer depends on three factors: + + 1. Do you trust the hardware? Obviously, there are no guarantees that the vendor of your phone hardware didn't add some kind of backdoor. + Then again, the same applies to your laptop's hardware, so it's about even. + 2. How easily can the device be stolen? This depends a lot on how careful you are, but this too is probably about even with your laptop. + 3. Do you trust the software? The Android operating system actually offers a lot more in the way of security between applications than desktop operating systems. + No app without root privileges besides OpenKeychain can ever access the keys stored in OpenKeychain's database. + By comparison, any program you run on your computer can just upload your gnupg keyring, if those files belong to the same user. + As long as Android as a platform is trustworthy, your keys are safe from malware apps. + +In conclusion, we believe that secret keys are not notably less safe on your mobile than they would be on your laptop. +If your security requirements are high enough that you don't keep your keys on your laptop, you probably shouldn't put them on your mobile either. +Otherwise, they should be fine. + +## What is the best way to transfer my own key to OpenKeychain? + +Ideally, put the key on an sd card, import, then erase from the sd card. +If your mobile does not have an sd card reader, read on. + +Our recommended method is to transfer the exported key "through the cloud", but with a super-safe passphrase which is only used during the transfer. +Your key is **encrypted with its passphrase**, the only visible parts in the exported file are your public key. + +So is this really safe? The answer is: Yes, IF you use a good passphrase. +If your passphrase is as difficult to guess as your key, an attacker will gain no useful information from your exported key file. +To give you a (very!) rough impression, the passphrase "J0hnnnyy1995" is about a third as difficult to guess as a 2048 bit RSA key, while "%aBbaf11!o9$pP2,o9/=" is about the same. + + 1. Make up a long and complex passphrase to use during the transfer. + It should be at least 20 characters (more is better, although more than 50 is overkill), with varying capitalization, many special characters and *no words from the dictionary*. + Yes, it is annoying to type, but you'll only use it once! + You can also write it down, but make sure to destroy the note afterwards, and make sure it is never transferred over the internet! + 2. Change the passphrase of your key to that one, then export + 3. Transfer the key file to your mobile by whatever way is most convenient to you (Mail to yourself, PushBullet, Dropbox, ...) + 4. Import the key with OpenKeychain, then delete the file from your storage. + 5. **Change the passphrase** to an easier one which is still safe, but more reasonable to type. + +## Should I certify a key without manually comparing fingerprints? + +To certify someone's key, you should make sure that it's really that same key the other person wants you to certify with their name on it. + +Since keys are usually obtained from a keyserver, it is necessary to double-check that the keyserver gave you the correct key. +This is traditionally done by manually comparing the key's entire fingerprint, character by character. + +However, scanning a QR code, receiving a key via NFC, or exchanging keys via SafeSlinger all have that same check already built-in, so as long as you trust the method used for key exchange, there is no reason to check the fingerprint again manually. + +## Can I mark public keys as trusted without certifying them with my own key? + +No. You can, however, simply create a new key just for certification, which will essentially be the same thing. + + +# Avanced Questions + +## Why is OpenKeychain's database not password protected? + +Your keys are already encrypted with their passphrase - that's the reason you have to input it for every crypto operation. +There is no point in encrypting those keys again with another password, so password protecting the entire database would only protect the list of public keys. +If this is important to you, consider using [full disk encryption](https://source.android.com/devices/tech/security/encryption/). + +## How can I specify connection port for Keyserver? + +Add a new Keyserver (or modify existing one) by going to Preferences -> General -> Keyservers. Enter the port number after the Keyserver address and preceded it by a colon. +For example, "p80.pool.sks-keyservers.net:80" (without quotation marks) means that server "p80.pool.sks-keyservers.net" is working on a port 80. +Default connection port is 11371 and it doesn't need to be specified. + +## I have more than one subkey capable of singing. Which one is selected when signing with this OpenPGP key? + +OpenKeychain assumes that OpenPGP keys hold one usable signing subkey only and selects the first non-revoked non-expired non-stripped one it finds in the unordered list of subkeys. +We consider having more than one valid signing subkey an advanced usecase. You can either strip subkeys that should not be used using OpenKeychain's edit key screen or explicitly select the right subkeys when exporting from gpg with ``gpg --export-secret-subkeys``. + +## How to prepare a YubiKey NEO for OpenKeychain? + + 1. [Buy a YubiKey NEO](http://www.yubico.com/support/resellers/) + 2. [Prepare it for usage with OpenPGP using GnuPG and Yubico's tools](http://www.yubico.com/2012/12/yubikey-neo-openpgp/). + 3. Export the keypair from GnuPG with + ``` + gpg -a --output gpg-secret-key.asc --export-secret-keys <insert key id or name> + ``` + and transfer the file to your Android device. + 4. In OpenKeychain, select "Import from file", select the file and import the keypair. It will be automatically detect that this is a keypair that works with a YubiKey only. + +You can now use your YubiKey with OpenKeychain and compatible [apps](http://www.openkeychain.org/apps/). A screen will appear when you need to hold your YubiKey against the NFC antenna. + +## How to use a different YubiKey PIN? + 1. Deselect "Use default YubiKey PIN" in OpenKeychain's advanced settings screen + 2. Follow [https://developers.yubico.com/ykneo-openpgp/CardEdit.html](https://developers.yubico.com/ykneo-openpgp/CardEdit.html) + +## How to import an existing key onto the YubiKey? +Follow [https://developers.yubico.com/ykneo-openpgp/KeyImport.html](https://developers.yubico.com/ykneo-openpgp/KeyImport.html) + +## Advanced YubiKey Infos + * [https://developers.yubico.com/ykneo-openpgp](https://developers.yubico.com/ykneo-openpgp) + * [https://github.com/Yubico/ykneo-openpgp](https://github.com/Yubico/ykneo-openpgp) + +## Where can I find more information about OpenKeychain's security model and design decisions? + +Head over to our [Wiki](https://github.com/open-keychain/open-keychain/wiki). + + + +# Known Issues + +### Importing secret key fails + +Before posting a new bug report, please check if you are using gpg prior to 2.1.0 and changed the expiry date before exporting the secret key. + +Changing the expiry date of a key in gpg prior to version 2.1.0 breaks the secret key in a way which emerges only on export. +It's not a problem with OpenKeychain, we correctly reject the key because its self-certificates are either invalid, or have wrong flags. + +This issue has been reported before ([#996](https://github.com/open-keychain/open-keychain/issues/996), [#1003](https://github.com/open-keychain/open-keychain/issues/1003), [#1026](https://github.com/open-keychain/open-keychain/issues/1026)), and can be assumed to affect a large number of users. +The bug in gpg has been fixed in gpg 2.1.0, but that version is as of now [only deployed in debian experimental](https://packages.debian.org/search?keywords=gnupg2), not even sid. +Another [bug report](https://bugs.g10code.com/gnupg/issue1817) has been opened to backport the fix, so we hope this gets fixed soonish. + +## A wrong primary user id is shown when searching on a Keyserver + +Unfortunately, this is a bug in the SKS Keyserver software. Its machine-readable output returns the user ids in an arbitrary order. Read the [related bug](https://bitbucket.org/skskeyserver/sks-keyserver/issue/28/primary-uid-in-machine-readable-index) report for more information. + +### Not working with AOSP Mail + +For now, OpenKeychain will not support AOSP Mail due to bugs in AOSP were we cannot work around ([#290](https://github.com/open-keychain/open-keychain/issues/290)). + diff --git a/OpenKeychain/src/main/res/raw/help_start.html b/OpenKeychain/src/main/res/raw/help_start.html deleted file mode 100644 index 0a30cbd92..000000000 --- a/OpenKeychain/src/main/res/raw/help_start.html +++ /dev/null @@ -1,27 +0,0 @@ -<!-- Maintain structure with headings with h2 tags and content with p tags. -This makes it easy to translate the values with transifex! -And don't add newlines before or after p tags because of transifex --> -<html> -<head> -</head> -<body> - -<h2>How do I activate OpenKeychain in K-9 Mail?</h2> -<p>To use OpenKeychain with K-9 Mail, you want to follow these steps:</p> -<ol> - <li>Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.</li> - <li>Select "Account settings" and scroll to the very bottom and click "Cryptography".</li> - <li>Click on "OpenPGP Provider" and select OpenKeychain from the list.</li> -</ol> - -<h2>I found a bug in OpenKeychain!</h2> -<p>Please report the bug using the <a href="https://github.com/openpgp-keychain/openpgp-keychain/issues">issue tracker of OpenKeychain</a>.</p> - -<h2>Contribute</h2> -<p>If you want to help us developing OpenKeychain by contributing code <a href="https://github.com/openpgp-keychain/openpgp-keychain#contribute-code">follow our small guide on Github</a>.</p> - -<h2>Translations</h2> -<p>Help translating OpenKeychain! Everybody can participate at <a href="https://www.transifex.com/projects/p/openpgp-keychain/">OpenKeychain on Transifex</a>.</p> - -</body> -</html> diff --git a/OpenKeychain/src/main/res/raw/help_start.md b/OpenKeychain/src/main/res/raw/help_start.md new file mode 100644 index 000000000..4b3531480 --- /dev/null +++ b/OpenKeychain/src/main/res/raw/help_start.md @@ -0,0 +1,16 @@ +[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!) + +## How do I activate OpenKeychain in K-9 Mail? +To use OpenKeychain with K-9 Mail, you want to follow these steps: + 1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with. + 2. Select "Account settings", scroll to the very bottom and click "Cryptography". + 3. Click on "OpenPGP Provider" and select OpenKeychain from the list. + +## I found a bug in OpenKeychain! +Please report the bug using the [issue tracker of OpenKeychain](https://github.com/openpgp-keychain/openpgp-keychain/issues). + +## Contribute +If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code). + +## Translations +Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/). |