Updated FAQ

pull/169/head
M66B 5 years ago
parent ede69306c7
commit 2e5f28bf8b

@ -85,8 +85,8 @@ Related questions:
* ~~Select domains to show images for~~ (this will be too complicated to use) * ~~Select domains to show images for~~ (this will be too complicated to use)
* ~~Unified starred messages view~~ (there is already a special search for this) * ~~Unified starred messages view~~ (there is already a special search for this)
* ~~Notification move action~~ * ~~Notification move action~~
* ~~S/MIME support~~
* Search for settings: low priority * Search for settings: low priority
* S/MIME support
Anything on this list is in random order and *might* be added in the near future. Anything on this list is in random order and *might* be added in the near future.
@ -560,25 +560,32 @@ So, unless your provider can enable this extension, you cannot use FairEmail for
<a name="faq12"></a> <a name="faq12"></a>
**(12) How does encryption/decryption work?** **(12) How does encryption/decryption work?**
First of all you need to install and configure [OpenKeychain](https://f-droid.org/en/packages/org.sufficientlysecure.keychain/). *General*
To encrypt and send a message just check the menu *Encrypt* and the message will be encrypted on sending. To sign/encrypt a message, just select the appropriate method in the send dialog.
You can always open the send dialog using the three-dots overflow menu in case you selected *Don't show again* before.
To decrypt a received message, open the message and just tap the padlock icon just below the message action bar. To verify a signature or to decrypt a received message, open the message and just tap the gesture or padlock icon just below the message action bar.
The first time you send an encrypted message you might be asked for a sign key. The first time you send a signed/encrypted message you might be asked for a sign key.
FairEmail will automatically store the sign key ID in the selected identity for the next time. FairEmail will automatically store the selected sign key in the used identity for the next time.
If you need to reset the sign key, just save the identity to clear the sign key ID again. If you need to reset the sign key, just save the identity or long press the identity in the list of identities and select *Reset sign key*.
The sign key is visible in the list of identities. The selected sign key is visible in the list of identities.
You can enable *Encrypt by default* in the identity settings, which replaces *Send* by *Encrypt and send*. In the privacy settings you can select the default encryption method (PGP or S/MIME),
You can enable *Automatically decrypt messages* in the privacy settings, but be aware that automatic decryption is not possible if user interaction is required. enable *Sign by default*, *Encrypt by default* and *Automatically decrypt messages*,
but be aware that automatic decryption is not possible if user interaction is required, like selecting a key or reading a security token.
FairEmail will send the [Autocrypt](https://autocrypt.org/) headers for other email clients. The to be encrypted message text/attachments and the decrypted message text/attachments are stored locally only and will never be added to the remote server.
If you want to undo decryption, you can use the *resync* menu item in the three-dots menu of the message action bar.
The decrypted message text and decrypted attachments are stored. If you want to undo this, you can use the *resync* message 'more' menu. *PGP*
Inline PGP in received messages is supported, but inline PGP in outgoing messages is not supported, You'll need to install and configure [OpenKeychain](https://f-droid.org/en/packages/org.sufficientlysecure.keychain/) first.
FairEmail will send the [Autocrypt](https://autocrypt.org/) headers for use by other email clients.
Inline encrypted PGP in received messages is supported, but inline PGP in outgoing messages is not supported,
see [here](https://josefsson.org/inline-openpgp-considered-harmful.html) about why not. see [here](https://josefsson.org/inline-openpgp-considered-harmful.html) about why not.
Signed-only or encrypted-only messages are not a good idea, please see here about why not: Signed-only or encrypted-only messages are not a good idea, please see here about why not:
@ -589,16 +596,23 @@ Signed-only or encrypted-only messages are not a good idea, please see here abou
Signed-only messages are supported, encrypted-only messages are not supported. Signed-only messages are supported, encrypted-only messages are not supported.
For S/MIME support, please see the [planned features](#user-content-planned-features). *S/MIME*
Encrypting a message requires the public key(s) of the recipient(s). Signing a message requires your private key.
Private keys are stored by Android and can be imported via the Android advanced security settings.
There is a shortcut (button) for this in the privacy settings.
Public keys are stored by FairEmail and can be imported when verifying a signature for the first time or via the privacy settings (PEM or DER format).
The use of expired keys, inline encrypted/signed messages and hardware security tokens is not supported.
Extract a public key from a S/MIME certificate: How to extract a public key from a S/MIME certificate:
``` ```
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
``` ```
Please see [this comment](https://forum.xda-developers.com/showpost.php?p=79444379&postcount=5609) S/MIME sign/encrypt is a pro feature, but all other PGP and S/MIME operations are free to use.
about [these vulnerabilities](https://amp.thehackernews.com/thn/2019/04/email-signature-spoofing.html).
<br /> <br />

Loading…
Cancel
Save