runtime/doc/kcontrol/crypto/index.docbook

   1 <?xml version="1.0" ?>
   2 <!DOCTYPE article PUBLIC "-//KDE//DTD DocBook XML V4.2-Based Variant V1.1//EN"
   3 "dtd/kdex.dtd" [
   4 <!ENTITY % addindex "IGNORE">
   5 <!ENTITY % English "INCLUDE" > <!-- change language only here -->
   6 ]>
   7
   8 <article lang="&language;">
   9 <articleinfo>
  10
  11 <authorgroup>
  12 <author>&Mike.McBride; &Mike.McBride.mail;</author>
  13 <!-- TRANS:ROLES_OF_TRANSLATORS -->
  14 </authorgroup>
  15
  16 <date>2002-10-17</date>
  17 <releaseinfo>3.1</releaseinfo>
  18
  19 <keywordset>
  20 <keyword>KDE</keyword>
  21 <keyword>KControl</keyword>
  22 <keyword>crypto</keyword>
  23 <keyword>SSL</keyword>
  24 <keyword>encryption</keyword>
  25
  26 </keywordset>
  27 </articleinfo>
  28
  29 <sect1 id="crypto">
  30
  31 <title>Encryption Configuration</title>
  32
  33 <sect2 id="crypto-intro">
  34 <title>Introduction</title>
  35 <para>Many applications within &kde; are capable of exchanging information using
  36 encrypted files and/or network transmissions.</para>
  37 </sect2>
  38
  39 <sect2 id="crypto-use">
  40 <title>Use</title>
  41
  42 <warning><para>All encryption schemes are only as strong as their
  43 weakest link.  In general, unless you have some previous
  44 training/knowledge, it is better to leave this module
  45 unchanged.</para></warning>
  46
  47 <para>The options within this module can be divided into two
  48 groups:</para>
  49
  50 <para>Two options along the bottom of the module, <guilabel>Warn on
  51 entering SSL Mode</guilabel> and <guilabel>Warn on leaving SSL
  52 mode</guilabel>, allow you to determine if &kde; should inform you when
  53 you enter or leave SSL encryption.</para>
  54
  55 <para>The remainder of the options are about determining which
  56 encryption methods to use, and which should not be used. Once you have
  57 selected the appropriate encryption protocols, simply click
  58 <guibutton>Apply</guibutton> to commit your changes.</para>
  59
  60 <tip><para>Only make changes to this module if specific information
  61 about the strength or weakness of a particular encryption method is
  62 given to you from <emphasis>a reliable source</emphasis>.</para></tip>
  63
  64 </sect2>
  65
  66 <!-- Ugh.. write a bunch of stuff about the rest of it -->
  67 <sect2 id="ssl_tab">
  68 <title>The <guilabel>SSL</guilabel> Tab</title>
  69
  70 <para>The first option is <guilabel>Enable TLS support if supported by
  71 the server</guilabel>. <acronym>TLS</acronym> is Transport Layer
  72 Security, and is the newest version of <acronym>SSL</acronym>.  It
  73 integrates better than <acronym>SSL</acronym> with other protocols,
  74 and it has replaced <acronym>SSL</acronym> in protocols such as POP3
  75 and <acronym>SMTP</acronym>.</para>
  76
  77 <para>Then next options are <guilabel>Enable SSL v2</guilabel> and
  78 <guilabel>Enable SSL v3</guilabel>.  These are the second and third
  79 revision of the <acronym>SSL</acronym> protocol, and it is normal to
  80 enable both.</para>
  81
  82 <para>There are several different <firstterm>Ciphers</firstterm>
  83 available, and you can enable these separately in the lists labeled
  84 <guilabel>SSL v2 Ciphers to Use</guilabel> and <guilabel>SSL v3
  85 Ciphers to Use</guilabel>.  The actual protocol to use is negotiated
  86 by the application and the server when the connection is
  87 created.</para>
  88
  89 <para>There are several <guilabel>Cipher Wizards</guilabel> to help
  90 you choose a set that is suitable for your use.</para>
  91
  92 <variablelist>
  93 <varlistentry>
  94 <term><guibutton>Most Compatible</guibutton></term>
  95 <listitem>
  96 <para>Select the settings found to be most compatible with the most
  97 servers.</para>
  98 </listitem>
  99 </varlistentry>
 100 <varlistentry>
 101 <term><guibutton>US Ciphers Only</guibutton></term>
 102 <listitem>
 103 <para>Select only the US <quote>strong</quote> (128 bit or greater)
 104 ciphers.</para>
 105 </listitem>
 106 </varlistentry>
 107 <varlistentry>
 108 <term><guibutton>Export Ciphers Only</guibutton></term>
 109 <listitem>
 110 <para>Select only the weak (56 bit or less) ciphers.</para>
 111 </listitem>
 112 </varlistentry>
 113 <varlistentry>
 114 <term><guibutton>Enable All</guibutton></term>
 115 <listitem>
 116 <para>Select all ciphers and methods.</para>
 117 </listitem>
 118 </varlistentry>
 119 </variablelist>
 120
 121 <para>Finally, there are some general <acronym>SSL</acronym> settings.</para>
 122
 123 <variablelist>
 124 <varlistentry>
 125 <term><guilabel>Use EGD</guilabel></term>
 126 <listitem>
 127 <para>If selected, <application>OpenSSL</application> will be asked to
 128 use the entropy gathering daemon (<acronym>EGD</acronym>) for
 129 initializing the pseudo-random number generator.</para>
 130 </listitem>
 131 </varlistentry>
 132
 133 <varlistentry>
 134 <term><guilabel>Use entropy file</guilabel></term>
 135 <listitem>
 136 <para>If selected, <application>OpenSSL</application> will be asked to
 137 use the given file as entropy for initializing the pseudo-random number
 138 generator.</para>
 139 </listitem>
 140 </varlistentry>
 141
 142 <varlistentry>
 143 <term><guilabel>Warn on entering SSL mode</guilabel></term>
 144 <listitem>
 145 <para>If selected, you will be notified when entering an
 146 <acronym>SSL</acronym> enabled site.</para>
 147 </listitem>
 148 </varlistentry>
 149
 150 <varlistentry>
 151 <term><guilabel>Warn on leaving SSL mode</guilabel></term>
 152 <listitem>
 153 <para>If selected, you will be notified when leaving an
 154 <acronym>SSL</acronym> based site.</para>
 155 </listitem>
 156 </varlistentry>
 157
 158 <varlistentry>
 159 <term><guilabel>Warn on sending unencrypted data</guilabel></term>
 160 <listitem>
 161 <para>If selected, you will be notified before sending unencrypted
 162 data via a web browser.</para>
 163 </listitem>
 164 </varlistentry>
 165 </variablelist>
 166 </sect2>
 167
 168 <sect2 id="openssl">
 169 <title>The <guilabel>OpenSSL</guilabel> Tab</title>
 170
 171 <para>Here you can test if your <application>OpenSSL</application>
 172 libraries have been detected correctly by &kde;, with the
 173 <guibutton>Test</guibutton> button.</para>
 174
 175 <para>If the test is unsuccessful, you can specify a path to the
 176 libraries in the field labelled <guilabel>Path to OpenSSL Shared
 177 Libraries</guilabel>.</para>
 178
 179 </sect2>
 180
 181 <sect2 id="your-certificates">
 182 <title>The <guilabel>Your Certificates</guilabel> Tab</title>
 183
 184 <para>The list shows which certificates of yours &kde; knows about.
 185 You can easily manage them from here.</para>
 186
 187 </sect2>
 188
 189 <sect2 id="authentication">
 190 <title>The <guilabel>Authentication</guilabel> Tab</title>
 191
 192 <para>Not yet documented<!-- No "what's this" to get any info from --></para>
 193 </sect2>
 194
 195 <sect2 id="peer-ssl-certificates">
 196 <title>The <guilabel>Peer SSL Certificates</guilabel> Tab</title>
 197
 198 <para>The list box shows which site and personal certificates &kde;
 199 knows about.  You can easily manage them from here.</para>
 200
 201 </sect2>
 202
 203 </sect1>
 204
 205 </article>