- → (Ctrl+N)
Creates a new key pair (public and private) and allows to send the public part to a certification authority (CA) for signing. The resulting certificate is then sent back to you, or stored in an LDAP server for you to download into your local keybox, where you can use it to sign and decrypt mails.
This mode of operation is called “decentralized key generation”, since all keys are created locally. Kleopatra (and GpgSM) do not support “centralized key generation” directly, but you can import the public/secret key bundle that you receive from the CA in PKCS#12 format via → (Ctrl+I) .
- → (Ctrl+Shift+I)
Searches for, and imports, certificates from certificate servers into the local keybox. See the section called “Searching and Importing Certificates” for details.
You need to have key servers configured for this to work. See the section called “Configuring Directory Services” for more details.
- → (Ctrl+I)
Imports certificates and/or secret keys from files into the local keybox. See the section called “Searching and Importing Certificates” for details.
The format of the certificate file must be supported by GpgSM/GPG. Please refer to the GpgSM and GPG manuals for a list of supported formats.
- → (Ctrl+E)
Exports the selected certificates to a file.
The filename extension you choose for the export file name determines the format of the export file:
For OpenPGP certificates,
pgpwill result in a binary file, whereas
ascwill result in an ASCII-armored file.
For S/MIME certificates,
derwill result in a binary, DER-encoded file, whereas
pemwill result in an ASCII-armored file.
Unless multiple certificates are selected, Kleopatra will propose
as the export file name.
This function is only available when one or more certificates have been selected.
This function exports only the public keys, even if the secret key is available. Use → to export both public and secret keys into a file, but note that this is almost always a bad idea.
Exports both the public and the secret key to a file.
In the dialog that opens, you can choose an Output file name, and whether to create a binary or an ASCII-armored export file (ASCII armor). When exporting S/MIME secret keys, you can also choose the Passphrase charset. See the discussion of the
--p12-charsetoption in the GpgSM manual for more details.
This function is only available when exactly one certificate has been selected, and the secret key for that certificate is available.
It should rarely be necessary to use this function, and if it is, it should be carefully planned. Planning the migration of a secret key involves choice of transport media and secure deletion of the key data on the old machine, as well as on the transport medium, among other things.
- → (Ctrl+Shift+E)
Publish the selected certificates on a keyserver (OpenPGP only).
The certificate is sent to the certificate server configured for OpenPGP (cf. the section called “Configuring Directory Services”), if that is set, otherwise to
This function is only available if at least one OpenPGP (and no S/MIME) certificates have been selected.
When OpenPGP certificates have been exported to a public directory server, it is nearly impossible to remove them again. Before exporting your certificate to a public directory server, make sure that you have created a revocation certificate so you can revoke the certificate if needed later.
Most public OpenPGP certificate servers synchronize certificates amongst each other, so there is little point in sending to more than one.
It can happen that a search on a certificate server turns up no results even though you just have sent your certificate there. This is because most public keyserver addresses use DNS round-robin to balance the load over multiple machines. These machines synchronize with each other, but usually only every 24 hours or so.
Decrypts files and/or verifies signatures over files.
Signs and/or encrypts files.
- → (Ctrl+W)
Closes Kleopatra's main window. You can restore it from the system tray icon at any time.
- → (Ctrl+Q)