summaryrefslogtreecommitdiffstats
path: root/doc/kcontrol/crypto/index.docbook
blob: 5063a723f56cf5103a8efe8643bdc128c0743093 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
<?xml version="1.0" ?>
<!DOCTYPE article PUBLIC "-//KDE//DTD DocBook XML V4.2-Based Variant V1.1//EN"
"dtd/kdex.dtd" [
<!ENTITY % addindex "IGNORE">
<!ENTITY % English "INCLUDE" > <!-- change language only here -->
]>

<article lang="&language;">
<articleinfo>

<authorgroup>
<author>&Mike.McBride; &Mike.McBride.mail;</author>
<!-- TRANS:ROLES_OF_TRANSLATORS -->
</authorgroup>

<date>2002-10-17</date>
<releaseinfo>3.1</releaseinfo>

<keywordset>
<keyword>KDE</keyword>
<keyword>KControl</keyword>
<keyword>crypto</keyword>
<keyword>SSL</keyword>
<keyword>encryption</keyword>

</keywordset>
</articleinfo>

<sect1 id="crypto">

<title>Encryption Configuration</title>

<sect2 id="crypto-intro">
<title>Introduction</title>
<para>Many applications within &tde; are capable of exchanging information using
encrypted files and/or network transmissions.</para>
</sect2>

<sect2 id="crypto-use">
<title>Use</title>

<warning><para>All encryption schemes are only as strong as their
weakest link.  In general, unless you have some previous
training/knowledge, it is better to leave this module
unchanged.</para></warning>

<para>The options within this module can be divided into two
groups:</para>

<para>Two options along the bottom of the module, <guilabel>Warn on
entering SSL Mode</guilabel> and <guilabel>Warn on leaving SSL
mode</guilabel>, allow you to determine if &tde; should inform you when
you enter or leave SSL encryption.</para> 

<para>The remainder of the options are about determining which
encryption methods to use, and which should not be used. Once you have
selected the appropriate encryption protocols, simply click
<guibutton>Apply</guibutton> to commit your changes.</para>

<tip><para>Only make changes to this module if specific information
about the strength or weakness of a particular encryption method is
given to you from <emphasis>a reliable source</emphasis>.</para></tip>

</sect2>

<!-- Ugh.. write a bunch of stuff about the rest of it -->
<sect2 id="ssl_tab">
<title>The <guilabel>SSL</guilabel> Tab</title>

<para>The first option is <guilabel>Enable TLS support if supported by
the server</guilabel>. <acronym>TLS</acronym> is Transport Layer
Security, and is the newest version of <acronym>SSL</acronym>.  It
integrates better than <acronym>SSL</acronym> with other protocols,
and it has replaced <acronym>SSL</acronym> in protocols such as POP3
and <acronym>SMTP</acronym>.</para>

<para>Then next options are <guilabel>Enable SSL v2</guilabel> and
<guilabel>Enable SSL v3</guilabel>.  These are the second and third
revision of the <acronym>SSL</acronym> protocol, and it is normal to
enable both.</para>

<para>There are several different <firstterm>Ciphers</firstterm>
available, and you can enable these separately in the lists labeled
<guilabel>SSL v2 Ciphers to Use</guilabel> and <guilabel>SSL v3
Ciphers to Use</guilabel>.  The actual protocol to use is negotiated
by the application and the server when the connection is
created.</para>

<para>There are several <guilabel>Cipher Wizards</guilabel> to help
you choose a set that is suitable for your use.</para>

<variablelist>
<varlistentry>
<term><guibutton>Most Compatible</guibutton></term>
<listitem>
<para>Select the settings found to be most compatible with the most
servers.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guibutton>US Ciphers Only</guibutton></term>
<listitem>
<para>Select only the US <quote>strong</quote> (128 bit or greater)
ciphers.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guibutton>Export Ciphers Only</guibutton></term>
<listitem>
<para>Select only the weak (56 bit or less) ciphers.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guibutton>Enable All</guibutton></term>
<listitem>
<para>Select all ciphers and methods.</para>
</listitem>
</varlistentry>
</variablelist>

<para>Finally, there are some general <acronym>SSL</acronym> settings.</para>

<variablelist>
<varlistentry>
<term><guilabel>Use EGD</guilabel></term>
<listitem>
<para>If selected, <application>OpenSSL</application> will be asked to
use the entropy gathering daemon (<acronym>EGD</acronym>) for
initializing the pseudo-random number generator.</para>
</listitem>
</varlistentry>

<varlistentry>
<term><guilabel>Use entropy file</guilabel></term>
<listitem>
<para>If selected, <application>OpenSSL</application> will be asked to
use the given file as entropy for initializing the pseudo-random number
generator.</para>
</listitem>
</varlistentry>

<varlistentry>
<term><guilabel>Warn on entering SSL mode</guilabel></term>
<listitem>
<para>If selected, you will be notified when entering an
<acronym>SSL</acronym> enabled site.</para>
</listitem>
</varlistentry>

<varlistentry>
<term><guilabel>Warn on leaving SSL mode</guilabel></term>
<listitem>
<para>If selected, you will be notified when leaving an
<acronym>SSL</acronym> based site.</para>
</listitem>
</varlistentry>

<varlistentry>
<term><guilabel>Warn on sending unencrypted data</guilabel></term>
<listitem>
<para>If selected, you will be notified before sending unencrypted
data via a web browser.</para>
</listitem>
</varlistentry>
</variablelist>
</sect2>

<sect2 id="openssl">
<title>The <guilabel>OpenSSL</guilabel> Tab</title>

<para>Here you can test if your <application>OpenSSL</application>
libraries have been detected correctly by &tde;, with the
<guibutton>Test</guibutton> button.</para>

<para>If the test is unsuccessful, you can specify a path to the
libraries in the field labelled <guilabel>Path to OpenSSL Shared
Libraries</guilabel>.</para>

</sect2>

<sect2 id="your-certificates">
<title>The <guilabel>Your Certificates</guilabel> Tab</title>

<para>The list shows which certificates of yours &tde; knows about.
You can easily manage them from here.</para>

</sect2>

<sect2 id="authentication">
<title>The <guilabel>Authentication</guilabel> Tab</title>

<para>Not yet documented<!-- No "what's this" to get any info from --></para>
</sect2>

<sect2 id="peer-ssl-certificates">
<title>The <guilabel>Peer SSL Certificates</guilabel> Tab</title>

<para>The list box shows which site and personal certificates &tde;
knows about.  You can easily manage them from here.</para>

</sect2>

</sect1>

</article>