Skip to content

GitLab

Commit 90fe0cd6 authored by Tails developers's avatar Tails developers
Browse files

Refresh wiki PO files, add new ones.

parent 4455d515
Hide whitespace changes
Inline Side-by-side
Showing with 1471 additions and 242 deletions
wiki/src/doc/encryption_and_privacy.index.de.po
View file @ 90fe0cd6
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2012-07-22 16:32+0300\n"
"POT-Creation-Date: 2012-10-12 20:20+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -40,8 +40,9 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
" - Use OpenPGP\n"
" - [[!traillink Encrypt_text_with_a_passphrase_using_gpgApplet|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_with_a_public_key_using_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink Encrypt,_decrypt,_sign,_and_verify_text_using_OpenPGP_and_<span_class=\"application\">Tails_gpgApplet</span>|encryption_and_privacy/gpgapplet]]\n"
" - [[!traillink Encrypt_text_with_a_passphrase|encryption_and_privacy/gpgapplet/passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_using_public-key_cryptography|encryption_and_privacy/gpgapplet/public-key_cryptography]]\n"
" - [[!traillink Decrypt_and_verify_text|encryption_and_privacy/gpgapplet/decrypt_verify]]\n"
" - [[!traillink Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
msgstr ""
wiki/src/doc/encryption_and_privacy.index.es.po
View file @ 90fe0cd6
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2012-07-22 16:32+0300\n"
"POT-Creation-Date: 2012-10-12 20:20+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -40,8 +40,9 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
" - Use OpenPGP\n"
" - [[!traillink Encrypt_text_with_a_passphrase_using_gpgApplet|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_with_a_public_key_using_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink Encrypt,_decrypt,_sign,_and_verify_text_using_OpenPGP_and_<span_class=\"application\">Tails_gpgApplet</span>|encryption_and_privacy/gpgapplet]]\n"
" - [[!traillink Encrypt_text_with_a_passphrase|encryption_and_privacy/gpgapplet/passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_using_public-key_cryptography|encryption_and_privacy/gpgapplet/public-key_cryptography]]\n"
" - [[!traillink Decrypt_and_verify_text|encryption_and_privacy/gpgapplet/decrypt_verify]]\n"
" - [[!traillink Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
msgstr ""
wiki/src/doc/encryption_and_privacy.index.fr.po
View file @ 90fe0cd6
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: SACKAGE VERSION\n"
"POT-Creation-Date: 2012-07-22 16:32+0300\n"
"POT-Creation-Date: 2012-10-12 20:20+0300\n"
"PO-Revision-Date: 2012-05-22 16:28+0200\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: SLANGUAGE <LL@li.org>\n"
......@@ -46,21 +46,20 @@ msgid "[[!traillink TrueCrypt|encryption_and_privacy/truecrypt]]"
msgstr "[[!traillink TrueCrypt|encryption_and_privacy/truecrypt]]"
#. type: Plain text
#, fuzzy, no-wrap
#| msgid ""
#| " - Use OpenPGP\n"
#| " - [[!traillink Encrypt_text_with_a_passphrase_using_gpgApplet|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
#| " - [[!traillink Encrypt_and_sign_text_with_a_public_key_using_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
#| " - [[!traillink Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
msgid ""
" - Use OpenPGP\n"
" - [[!traillink Encrypt_text_with_a_passphrase_using_gpgApplet|"
"encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_with_a_public_key_using_gedit|"
"encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink "
"Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|"
"encryption_and_privacy/secure_deletion]]\n"
" - [[!traillink Encrypt,_decrypt,_sign,_and_verify_text_using_OpenPGP_and_<span_class=\"application\">Tails_gpgApplet</span>|encryption_and_privacy/gpgapplet]]\n"
" - [[!traillink Encrypt_text_with_a_passphrase|encryption_and_privacy/gpgapplet/passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_using_public-key_cryptography|encryption_and_privacy/gpgapplet/public-key_cryptography]]\n"
" - [[!traillink Decrypt_and_verify_text|encryption_and_privacy/gpgapplet/decrypt_verify]]\n"
" - [[!traillink Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
msgstr ""
" - Utiliser OpenPGP\n"
" - [[!traillink Chiffrer_du_texte_avec_une_phrase_secrète|"
"encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Chiffrer_et_signer_du_texte_avec_une_clé_publique_et_gedit|"
"encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink "
"Effacer_des_fichiers_de_façon_sécurisée_et_nettoyer_l'espace_disque_avec_Nautilus_Wipe|"
"encryption_and_privacy/secure_deletion]]\n"
" - [[!traillink Chiffrer_du_texte_avec_une_phrase_secrète|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Chiffrer_et_signer_du_texte_avec_une_clé_publique_et_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink Effacer_des_fichiers_de_façon_sécurisée_et_nettoyer_l'espace_disque_avec_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
wiki/src/doc/encryption_and_privacy.index.pt.po
View file @ 90fe0cd6
......@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2012-07-22 16:32+0300\n"
"POT-Creation-Date: 2012-10-12 20:20+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -20,36 +20,46 @@ msgstr ""
msgid ""
"[[!traillink Your_data_won't_be_saved_unless_explicitly_asked|"
"encryption_and_privacy/your_data_wont_be_saved_unless_explicitly_asked]]"
msgstr "[[!traillink Seus_dados_não_serão_salvos_a_não_ser_que_você_peça_"
"explicitamente|encryption_and_privacy/your_data_wont_be_saved_unless_explicitly_asked]]"
msgstr ""
"[[!traillink "
"Seus_dados_não_serão_salvos_a_não_ser_que_você_peça_explicitamente|"
"encryption_and_privacy/your_data_wont_be_saved_unless_explicitly_asked]]"
#. type: Bullet: ' - '
msgid ""
"[[!traillink Type_passwords_securely_on_an_untrusted_computer|"
"encryption_and_privacy/virtual_keyboard]]"
msgstr "[[!traillink Digite_senhas_de_forma_segura_em_computadores_não_"
"confiáveis|encryption_and_privacy/virtual_keyboard]]"
msgstr ""
"[[!traillink Digite_senhas_de_forma_segura_em_computadores_não_confiáveis|"
"encryption_and_privacy/virtual_keyboard]]"
#. type: Bullet: ' - '
msgid ""
"[[!traillink Create_and_use_encrypted_volumes|encryption_and_privacy/"
"encrypted_volumes]]"
msgstr "[[!traillink Crie_e_use_volumes_criptografados|encryption_and_privacy/encrypted_volumes]]"
msgstr ""
"[[!traillink Crie_e_use_volumes_criptografados|encryption_and_privacy/"
"encrypted_volumes]]"
#. type: Bullet: ' - '
msgid "[[!traillink TrueCrypt|encryption_and_privacy/truecrypt]]"
msgstr ""
#. type: Plain text
#, no-wrap
#, fuzzy, no-wrap
#| msgid ""
#| " - Use OpenPGP\n"
#| " - [[!traillink Encrypt_text_with_a_passphrase_using_gpgApplet|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
#| " - [[!traillink Encrypt_and_sign_text_with_a_public_key_using_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
#| " - [[!traillink Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
msgid ""
" - Use OpenPGP\n"
" - [[!traillink Encrypt_text_with_a_passphrase_using_gpgApplet|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_with_a_public_key_using_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink Encrypt,_decrypt,_sign,_and_verify_text_using_OpenPGP_and_<span_class=\"application\">Tails_gpgApplet</span>|encryption_and_privacy/gpgapplet]]\n"
" - [[!traillink Encrypt_text_with_a_passphrase|encryption_and_privacy/gpgapplet/passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_using_public-key_cryptography|encryption_and_privacy/gpgapplet/public-key_cryptography]]\n"
" - [[!traillink Decrypt_and_verify_text|encryption_and_privacy/gpgapplet/decrypt_verify]]\n"
" - [[!traillink Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
msgstr ""
" - Use OpenPGP\n"
" - [[!traillink Criptografe_textos_com_uma_senha_usando_o_gpgApplet|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Criptografe_e_assine_textos_com_uma_chave_pública_usando_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink Apague_arquivos_de_forma_segura_e_limpe_o_espaço_em_disco_usando_o_"
"Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
" - [[!traillink Apague_arquivos_de_forma_segura_e_limpe_o_espaço_em_disco_usando_o_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
wiki/src/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks.de.po
View file @ 90fe0cd6
......@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2011-12-18 10:38+0100\n"
"POT-Creation-Date: 2012-10-12 20:20+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -27,14 +27,24 @@ msgid "**FireGPG is no more shipped in Tails.**\n"
msgstr ""
#. type: Plain text
msgid "You should instead use:"
msgid "You should instead use our custom GPG applet to:"
msgstr ""
#. type: Plain text
#. type: Bullet: ' - '
msgid ""
"[[Encrypt text with a passphrase|encryption_and_privacy/gpgapplet/"
"passphrase_encryption]]"
msgstr ""
#. type: Bullet: ' - '
msgid ""
"[[Encrypt and sign text using public-key cryptography|encryption_and_privacy/"
"gpgapplet/public-key_cryptography]]"
msgstr ""
#. type: Bullet: ' - '
msgid ""
"- our custom GPG applet to [[encrypt text with a passphrase|"
"openpgp_passphrase_encryption]] - the gedit text editor to [[encrypt text "
"with a public key|openpgp_with_gedit]]"
"[[Decrypt and verify text|encryption_and_privacy/gpgapplet/decrypt_verify]]"
msgstr ""
#. type: Plain text
......@@ -52,12 +62,12 @@ msgid ""
"[FireGPG](http://getfirefox.com) is a Firefox addon that allows users to "
"easily perform cryptographic actions on the contents of HTML pages, e.g. to "
"verify signatures appearing as HTML text, or encrypt texts written inside "
"HTML text boxes (i.e. &lt;textarea&gt;). Webmail interfaces commonly use text "
"boxes for email composition, so FireGPG is a natural fit for this use case: "
"the user writes his or her email plaintext in the text box, selects the "
"plaintext and uses one of the \"Encrypt\" or \"Sign and encrypt\" actions "
"available from the FireGPG menu to transform the selection to its encrypted "
"counterpart."
"HTML text boxes (i.e. &lt;textarea&gt;). Webmail interfaces commonly use "
"text boxes for email composition, so FireGPG is a natural fit for this use "
"case: the user writes his or her email plaintext in the text box, selects "
"the plaintext and uses one of the \"Encrypt\" or \"Sign and encrypt\" "
"actions available from the FireGPG menu to transform the selection to its "
"encrypted counterpart."
msgstr ""
#. type: Plain text
......@@ -69,40 +79,41 @@ msgid ""
"every second, thereby leaking the plaintext as it is written, effectively "
"bypassing any subsequent encryption. In fact, many non-malicious webmail "
"services do just that at longer intervals, to save a draft of a message in "
"case the user's browser crashes. The only way that a user can block this type "
"of attack is by completely disabling JavaScript, which is often not "
"desirable. In any case, FireGPG currently does nothing to make users aware of "
"this issue. To the contrary, by making encryption commands easily accessible "
"in the FireGPG context menu, it actively promotes this insecure usage."
"case the user's browser crashes. The only way that a user can block this "
"type of attack is by completely disabling JavaScript, which is often not "
"desirable. In any case, FireGPG currently does nothing to make users aware "
"of this issue. To the contrary, by making encryption commands easily "
"accessible in the FireGPG context menu, it actively promotes this insecure "
"usage."
msgstr ""
#. type: Plain text
msgid ""
"The situation is exactly the same if a user decrypts an OpenPGP block inside "
"a text box: the OpenPGP block is replaced with the plaintext within the text "
"box, so the same script can leak the plaintext when the timer fires less than "
"a second later. Luckily, webmail systems rarely present messages in text "
"boxes (although 'pastebins' often do). It is more common for received email "
"to be displayed as HTML text, and when the user decrypts it, FireGPG will "
"display the plaintext in a separate window that is safely out of reach of "
"JavaScript. FireGPG has an option, `extensions.firegpg."
"box, so the same script can leak the plaintext when the timer fires less "
"than a second later. Luckily, webmail systems rarely present messages in "
"text boxes (although 'pastebins' often do). It is more common for received "
"email to be displayed as HTML text, and when the user decrypts it, FireGPG "
"will display the plaintext in a separate window that is safely out of reach "
"of JavaScript. FireGPG has an option, `extensions.firegpg."
"result_always_in_new_window`, called \"Always display encryption and "
"signature results in a separate window\" in the FireGPG options window, that "
"forces this behaviour when decrypting OpenPGP blocks in text boxes as well, "
"but it is disabled by default. This option, however, does not in any way "
"prevent leaking of plaintext while the user is writing it as described in the "
"previous paragraph."
"prevent leaking of plaintext while the user is writing it as described in "
"the previous paragraph."
msgstr ""
#. type: Plain text
msgid ""
"FireGPG also has three commands to sign (but not encrypt) messages: \"Sign\", "
"\"Wrapped sign\" and \"Clearsign\". Simple JavaScript can replace the "
"contents of the text box when the user selects it, so if the user does not re-"
"read the text after selecting one of the 'sign' commands, the attacker will "
"be able to obtain the user's signature on an arbitrary message. Enabling the "
"`result_always_in_new_window` option does not prevent this attack; only user "
"acuity *may* be able to detect and block it."
"FireGPG also has three commands to sign (but not encrypt) messages: \"Sign"
"\", \"Wrapped sign\" and \"Clearsign\". Simple JavaScript can replace the "
"contents of the text box when the user selects it, so if the user does not "
"re-read the text after selecting one of the 'sign' commands, the attacker "
"will be able to obtain the user's signature on an arbitrary message. "
"Enabling the `result_always_in_new_window` option does not prevent this "
"attack; only user acuity *may* be able to detect and block it."
msgstr ""
#. type: Plain text
......@@ -126,8 +137,8 @@ msgstr ""
#. type: Bullet: '2. '
msgid ""
"FireGPG should explicitly state that the FireGPG Text editor is the only safe "
"place to write plaintext that are to be encrypted and/or signed, or to "
"FireGPG should explicitly state that the FireGPG Text editor is the only "
"safe place to write plaintext that are to be encrypted and/or signed, or to "
"decrypt messages unless the `result_always_in_new_window` option is enabled. "
"Hopefully this will save users that have been misled by FireGPG for years "
"from risking their data again, and make them understand why this new, less "
......@@ -153,14 +164,14 @@ msgstr ""
#. type: Plain text
msgid ""
"After these changes, the only remaining actions in the FireGPG menu will be "
"\"Decrypt\" and \"Verify\". \"Decrypt\" is made safe by change 3, and \"Verify"
"\" is made safe by change 4. It may still be a good idea to remove these "
"actions as well to further promote the use of the FireGPG Text editor for all "
"cryptographic actions. If they are removed, points 3 and 4 above become "
"irrelevant and may be ignored. Per a discussion on #tor-dev and later #tails "
"with rransom and katmagic it came to light that FireGPG may have a few "
"serious security and anonymity issues (katmagic even claimed with \"85%\" "
"certainty that these issues were among the main reasons FireGPG was "
"\"Decrypt\" and \"Verify\". \"Decrypt\" is made safe by change 3, and "
"\"Verify\" is made safe by change 4. It may still be a good idea to remove "
"these actions as well to further promote the use of the FireGPG Text editor "
"for all cryptographic actions. If they are removed, points 3 and 4 above "
"become irrelevant and may be ignored. Per a discussion on #tor-dev and "
"later #tails with rransom and katmagic it came to light that FireGPG may "
"have a few serious security and anonymity issues (katmagic even claimed with "
"\"85%\" certainty that these issues were among the main reasons FireGPG was "
"discontinued):"
msgstr ""
......@@ -219,8 +230,8 @@ msgstr ""
#. type: Bullet: '- '
msgid ""
"[[tor-talk] Tor Browser Bundle: PGP encryption built-in?](http://www.mail-"
"archive.com/tor-talk@lists.torproject.org/msg02105.html)<br/> A thread on the "
"[tor-talk] list adressing the issues of supporting GPG inside a browser."
"archive.com/tor-talk@lists.torproject.org/msg02105.html)<br/> A thread on "
"the [tor-talk] list adressing the issues of supporting GPG inside a browser."
msgstr ""
#. type: Bullet: '- '
......
wiki/src/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks.es.po
View file @ 90fe0cd6
......@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2011-12-18 10:38+0100\n"
"POT-Creation-Date: 2012-10-12 20:20+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -27,14 +27,24 @@ msgid "**FireGPG is no more shipped in Tails.**\n"
msgstr ""
#. type: Plain text
msgid "You should instead use:"
msgid "You should instead use our custom GPG applet to:"
msgstr ""
#. type: Plain text
#. type: Bullet: ' - '
msgid ""
"[[Encrypt text with a passphrase|encryption_and_privacy/gpgapplet/"
"passphrase_encryption]]"
msgstr ""
#. type: Bullet: ' - '
msgid ""
"[[Encrypt and sign text using public-key cryptography|encryption_and_privacy/"
"gpgapplet/public-key_cryptography]]"
msgstr ""
#. type: Bullet: ' - '
msgid ""
"- our custom GPG applet to [[encrypt text with a passphrase|"
"openpgp_passphrase_encryption]] - the gedit text editor to [[encrypt text "
"with a public key|openpgp_with_gedit]]"
"[[Decrypt and verify text|encryption_and_privacy/gpgapplet/decrypt_verify]]"
msgstr ""
#. type: Plain text
......@@ -52,12 +62,12 @@ msgid ""
"[FireGPG](http://getfirefox.com) is a Firefox addon that allows users to "
"easily perform cryptographic actions on the contents of HTML pages, e.g. to "
"verify signatures appearing as HTML text, or encrypt texts written inside "
"HTML text boxes (i.e. &lt;textarea&gt;). Webmail interfaces commonly use text "
"boxes for email composition, so FireGPG is a natural fit for this use case: "
"the user writes his or her email plaintext in the text box, selects the "
"plaintext and uses one of the \"Encrypt\" or \"Sign and encrypt\" actions "
"available from the FireGPG menu to transform the selection to its encrypted "
"counterpart."
"HTML text boxes (i.e. &lt;textarea&gt;). Webmail interfaces commonly use "
"text boxes for email composition, so FireGPG is a natural fit for this use "
"case: the user writes his or her email plaintext in the text box, selects "
"the plaintext and uses one of the \"Encrypt\" or \"Sign and encrypt\" "
"actions available from the FireGPG menu to transform the selection to its "
"encrypted counterpart."
msgstr ""
#. type: Plain text
......@@ -69,40 +79,41 @@ msgid ""
"every second, thereby leaking the plaintext as it is written, effectively "
"bypassing any subsequent encryption. In fact, many non-malicious webmail "
"services do just that at longer intervals, to save a draft of a message in "
"case the user's browser crashes. The only way that a user can block this type "
"of attack is by completely disabling JavaScript, which is often not "
"desirable. In any case, FireGPG currently does nothing to make users aware of "
"this issue. To the contrary, by making encryption commands easily accessible "
"in the FireGPG context menu, it actively promotes this insecure usage."
"case the user's browser crashes. The only way that a user can block this "
"type of attack is by completely disabling JavaScript, which is often not "
"desirable. In any case, FireGPG currently does nothing to make users aware "
"of this issue. To the contrary, by making encryption commands easily "
"accessible in the FireGPG context menu, it actively promotes this insecure "
"usage."
msgstr ""
#. type: Plain text
msgid ""
"The situation is exactly the same if a user decrypts an OpenPGP block inside "
"a text box: the OpenPGP block is replaced with the plaintext within the text "
"box, so the same script can leak the plaintext when the timer fires less than "
"a second later. Luckily, webmail systems rarely present messages in text "
"boxes (although 'pastebins' often do). It is more common for received email "
"to be displayed as HTML text, and when the user decrypts it, FireGPG will "
"display the plaintext in a separate window that is safely out of reach of "
"JavaScript. FireGPG has an option, `extensions.firegpg."
"box, so the same script can leak the plaintext when the timer fires less "
"than a second later. Luckily, webmail systems rarely present messages in "
"text boxes (although 'pastebins' often do). It is more common for received "
"email to be displayed as HTML text, and when the user decrypts it, FireGPG "
"will display the plaintext in a separate window that is safely out of reach "
"of JavaScript. FireGPG has an option, `extensions.firegpg."
"result_always_in_new_window`, called \"Always display encryption and "
"signature results in a separate window\" in the FireGPG options window, that "
"forces this behaviour when decrypting OpenPGP blocks in text boxes as well, "
"but it is disabled by default. This option, however, does not in any way "
"prevent leaking of plaintext while the user is writing it as described in the "
"previous paragraph."
"prevent leaking of plaintext while the user is writing it as described in "
"the previous paragraph."
msgstr ""
#. type: Plain text
msgid ""
"FireGPG also has three commands to sign (but not encrypt) messages: \"Sign\", "
"\"Wrapped sign\" and \"Clearsign\". Simple JavaScript can replace the "
"contents of the text box when the user selects it, so if the user does not re-"
"read the text after selecting one of the 'sign' commands, the attacker will "
"be able to obtain the user's signature on an arbitrary message. Enabling the "
"`result_always_in_new_window` option does not prevent this attack; only user "
"acuity *may* be able to detect and block it."
"FireGPG also has three commands to sign (but not encrypt) messages: \"Sign"
"\", \"Wrapped sign\" and \"Clearsign\". Simple JavaScript can replace the "
"contents of the text box when the user selects it, so if the user does not "
"re-read the text after selecting one of the 'sign' commands, the attacker "
"will be able to obtain the user's signature on an arbitrary message. "
"Enabling the `result_always_in_new_window` option does not prevent this "
"attack; only user acuity *may* be able to detect and block it."
msgstr ""
#. type: Plain text
......@@ -126,8 +137,8 @@ msgstr ""
#. type: Bullet: '2. '
msgid ""
"FireGPG should explicitly state that the FireGPG Text editor is the only safe "
"place to write plaintext that are to be encrypted and/or signed, or to "
"FireGPG should explicitly state that the FireGPG Text editor is the only "
"safe place to write plaintext that are to be encrypted and/or signed, or to "
"decrypt messages unless the `result_always_in_new_window` option is enabled. "
"Hopefully this will save users that have been misled by FireGPG for years "
"from risking their data again, and make them understand why this new, less "
......@@ -153,14 +164,14 @@ msgstr ""
#. type: Plain text
msgid ""
"After these changes, the only remaining actions in the FireGPG menu will be "
"\"Decrypt\" and \"Verify\". \"Decrypt\" is made safe by change 3, and \"Verify"
"\" is made safe by change 4. It may still be a good idea to remove these "
"actions as well to further promote the use of the FireGPG Text editor for all "
"cryptographic actions. If they are removed, points 3 and 4 above become "
"irrelevant and may be ignored. Per a discussion on #tor-dev and later #tails "
"with rransom and katmagic it came to light that FireGPG may have a few "
"serious security and anonymity issues (katmagic even claimed with \"85%\" "
"certainty that these issues were among the main reasons FireGPG was "
"\"Decrypt\" and \"Verify\". \"Decrypt\" is made safe by change 3, and "
"\"Verify\" is made safe by change 4. It may still be a good idea to remove "
"these actions as well to further promote the use of the FireGPG Text editor "
"for all cryptographic actions. If they are removed, points 3 and 4 above "
"become irrelevant and may be ignored. Per a discussion on #tor-dev and "
"later #tails with rransom and katmagic it came to light that FireGPG may "
"have a few serious security and anonymity issues (katmagic even claimed with "
"\"85%\" certainty that these issues were among the main reasons FireGPG was "
"discontinued):"
msgstr ""
......@@ -219,8 +230,8 @@ msgstr ""
#. type: Bullet: '- '
msgid ""
"[[tor-talk] Tor Browser Bundle: PGP encryption built-in?](http://www.mail-"
"archive.com/tor-talk@lists.torproject.org/msg02105.html)<br/> A thread on the "
"[tor-talk] list adressing the issues of supporting GPG inside a browser."
"archive.com/tor-talk@lists.torproject.org/msg02105.html)<br/> A thread on "
"the [tor-talk] list adressing the issues of supporting GPG inside a browser."
msgstr ""
#. type: Bullet: '- '
......
wiki/src/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks.fr.po
View file @ 90fe0cd6
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2012-01-05 01:30+0100\n"
"POT-Creation-Date: 2012-10-12 20:20+0300\n"
"PO-Revision-Date: 2011-12-25 22:34+0100\n"
"Last-Translator: \n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -26,18 +26,27 @@ msgid "**FireGPG is no more shipped in Tails.**\n"
msgstr "**FireGPG n'est plus livré dans Tails.**\n"
#. type: Plain text
msgid "You should instead use:"
#, fuzzy
#| msgid "You should instead use:"
msgid "You should instead use our custom GPG applet to:"
msgstr "À la place, vous devriez vous servir de :"
#. type: Plain text
#. type: Bullet: ' - '
msgid ""
"[[Encrypt text with a passphrase|encryption_and_privacy/gpgapplet/"
"passphrase_encryption]]"
msgstr ""
#. type: Bullet: ' - '
msgid ""
"- our custom GPG applet to [[encrypt text with a passphrase|"
"openpgp_passphrase_encryption]] - the gedit text editor to [[encrypt text "
"with a public key|openpgp_with_gedit]]"
"[[Encrypt and sign text using public-key cryptography|encryption_and_privacy/"
"gpgapplet/public-key_cryptography]]"
msgstr ""
#. type: Bullet: ' - '
msgid ""
"[[Decrypt and verify text|encryption_and_privacy/gpgapplet/decrypt_verify]]"
msgstr ""
"- notre applet GPG personnalisée pour [[chiffrer du texte avec une phrase de "
"passe|openpgp_passphrase_encryption]] - l'éditeur de texte gedit pour "
"[[chiffrer du texte avec une clé publique|openpgp_with_gedit]]"
#. type: Plain text
#, no-wrap
......@@ -54,20 +63,20 @@ msgid ""
"[FireGPG](http://getfirefox.com) is a Firefox addon that allows users to "
"easily perform cryptographic actions on the contents of HTML pages, e.g. to "
"verify signatures appearing as HTML text, or encrypt texts written inside "
"HTML text boxes (i.e. &lt;textarea&gt;). Webmail interfaces commonly use text "
"boxes for email composition, so FireGPG is a natural fit for this use case: "
"the user writes his or her email plaintext in the text box, selects the "
"plaintext and uses one of the \"Encrypt\" or \"Sign and encrypt\" actions "
"available from the FireGPG menu to transform the selection to its encrypted "
"counterpart."
"HTML text boxes (i.e. &lt;textarea&gt;). Webmail interfaces commonly use "
"text boxes for email composition, so FireGPG is a natural fit for this use "
"case: the user writes his or her email plaintext in the text box, selects "
"the plaintext and uses one of the \"Encrypt\" or \"Sign and encrypt\" "
"actions available from the FireGPG menu to transform the selection to its "
"encrypted counterpart."
msgstr ""
"[FireGPG](http://getfirefox.com) est une extension de Firefox qui permet "
"d'utiliser facilement la cryptographie sur le contenu de pages HTML, par "
"exemple pour vérifier des signatures qui apparaissent comme du texte HTML, ou "
"pour chiffrer du texte écrit dans une fenêtre de texte HTML (&lt;"
"exemple pour vérifier des signatures qui apparaissent comme du texte HTML, "
"ou pour chiffrer du texte écrit dans une fenêtre de texte HTML (&lt;"
"textarea&gt;). Les interfaces webmail utilisent généralement ces fenêtres de "
"texte pour écrire un email, c'est pourquoi FireGPG est l'outil idéal pour cet "
"usage : l'utilisateur/ice écrit son email dans la fenêtre de texte, le "
"texte pour écrire un email, c'est pourquoi FireGPG est l'outil idéal pour "
"cet usage : l'utilisateur/ice écrit son email dans la fenêtre de texte, le "
"sélectionne et choisit l'action \"Chiffrer\" ou \"Signer et chiffrer\", "
"disponibles depuis le menu FireGPG, pour transformer le texte en clair en "
"texte chiffré."
......@@ -81,11 +90,12 @@ msgid ""
"every second, thereby leaking the plaintext as it is written, effectively "
"bypassing any subsequent encryption. In fact, many non-malicious webmail "
"services do just that at longer intervals, to save a draft of a message in "
"case the user's browser crashes. The only way that a user can block this type "
"of attack is by completely disabling JavaScript, which is often not "
"desirable. In any case, FireGPG currently does nothing to make users aware of "
"this issue. To the contrary, by making encryption commands easily accessible "
"in the FireGPG context menu, it actively promotes this insecure usage."
"case the user's browser crashes. The only way that a user can block this "
"type of attack is by completely disabling JavaScript, which is often not "
"desirable. In any case, FireGPG currently does nothing to make users aware "
"of this issue. To the contrary, by making encryption commands easily "
"accessible in the FireGPG context menu, it actively promotes this insecure "
"usage."
msgstr ""
"La conception de FireGPG nous assure être sûre, alors qu'elle ne l'est\n"
"pas, étant donné que le JavaScript tournant sur la page peut toujours\n"
......@@ -108,18 +118,18 @@ msgstr ""
msgid ""
"The situation is exactly the same if a user decrypts an OpenPGP block inside "
"a text box: the OpenPGP block is replaced with the plaintext within the text "
"box, so the same script can leak the plaintext when the timer fires less than "
"a second later. Luckily, webmail systems rarely present messages in text "
"boxes (although 'pastebins' often do). It is more common for received email "
"to be displayed as HTML text, and when the user decrypts it, FireGPG will "
"display the plaintext in a separate window that is safely out of reach of "
"JavaScript. FireGPG has an option, `extensions.firegpg."
"box, so the same script can leak the plaintext when the timer fires less "
"than a second later. Luckily, webmail systems rarely present messages in "
"text boxes (although 'pastebins' often do). It is more common for received "
"email to be displayed as HTML text, and when the user decrypts it, FireGPG "
"will display the plaintext in a separate window that is safely out of reach "
"of JavaScript. FireGPG has an option, `extensions.firegpg."
"result_always_in_new_window`, called \"Always display encryption and "
"signature results in a separate window\" in the FireGPG options window, that "
"forces this behaviour when decrypting OpenPGP blocks in text boxes as well, "
"but it is disabled by default. This option, however, does not in any way "
"prevent leaking of plaintext while the user is writing it as described in the "
"previous paragraph."
"prevent leaking of plaintext while the user is writing it as described in "
"the previous paragraph."
msgstr ""
"La situation est exactement la même si un utilisateur déchiffre un bloc "
"OpenPGP\n"
......@@ -134,35 +144,35 @@ msgstr ""
"les 'pastebins' le font souvent). Les emails reçus sont plus fréquemment\n"
"affichés en tant que texte HTML, et quand l'utilisateur le déchiffre, "
"FireGPG\n"
"affiche le texte déchiffré dans une fenêtre séparée qui est hors de portée du "
"JavaScript. Dans la fenêtre des options de FireGPG se trouve l'option "
"affiche le texte déchiffré dans une fenêtre séparée qui est hors de portée "
"du JavaScript. Dans la fenêtre des options de FireGPG se trouve l'option "