Table of Contents
Kleopatra's main function is to display and edit the contents of the local keybox, which is similar to GPG's concept of keyrings, albeit one should not stretch this analogy too much.
The main window is divided into the large key listing area consisting of several tabs, the menubar and the search bar on top, and a status bar at the bottom.
Each line in the key list corresponds to one certificate, identified by the so-called Subject DN. DN is an acronym for “Distinguished Name”, a hierarchical identifier, much like a file system path with an unusual syntax, that is supposed to globally uniquely identify a given certificate.
To be valid, and thus usable, (public) keys need to be signed by a CA (Certification Authority). These signatures are called certificates, but usually the terms “certificate” and “(public) key” are used interchangeably, and we will not distinguish between them in this manual either, except when explicitly noted.
CAs must in turn be signed by other CAs to be valid. Of course, this must end somewhere, so the top-level CA (root-CA) signs its key with itself (this is called a self-signature). Root certificates thus need to be assigned validity (commonly called trust) manually, e.g. after comparing the fingerprint with the one on the website of the CA. This is typically done by the system administrator or the vendor of a product using certificates, but can be done by the user via GpgSM's command line interface.
To see which of the certificates are root certificates, you switch to the hierarchical keylist mode with → .
You can see the details of any certificate by double-clicking it or using → . This opens a dialog that shows the most common properties of the certificate, its certificate chain (i.e. the chain of issuers up to the root-CA), and a dump of all information the backend is able to extract from the certificate.
If you change the keybox without using Kleopatra (e.g. using GpgSM's command line interface), you can refresh the view with → (F5) .