Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
tails
tails
Commits
90fe0cd6
Commit
90fe0cd6
authored
Oct 12, 2012
by
Tails developers
Browse files
Refresh wiki PO files, add new ones.
parent
4455d515
Changes
41
Hide whitespace changes
Inline
Side-by-side
wiki/src/doc/encryption_and_privacy.index.de.po
View file @
90fe0cd6
...
...
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2012-
07-22 16:32
+0300\n"
"POT-Creation-Date: 2012-
10-12 20:20
+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
...
...
@@ -40,8 +40,9 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
" - Use OpenPGP\n"
" - [[!traillink Encrypt_text_with_a_passphrase_using_gpgApplet|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_with_a_public_key_using_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink Encrypt,_decrypt,_sign,_and_verify_text_using_OpenPGP_and_<span_class=\"application\">Tails_gpgApplet</span>|encryption_and_privacy/gpgapplet]]\n"
" - [[!traillink Encrypt_text_with_a_passphrase|encryption_and_privacy/gpgapplet/passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_using_public-key_cryptography|encryption_and_privacy/gpgapplet/public-key_cryptography]]\n"
" - [[!traillink Decrypt_and_verify_text|encryption_and_privacy/gpgapplet/decrypt_verify]]\n"
" - [[!traillink Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
msgstr ""
wiki/src/doc/encryption_and_privacy.index.es.po
View file @
90fe0cd6
...
...
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2012-
07-22 16:32
+0300\n"
"POT-Creation-Date: 2012-
10-12 20:20
+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
...
...
@@ -40,8 +40,9 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
" - Use OpenPGP\n"
" - [[!traillink Encrypt_text_with_a_passphrase_using_gpgApplet|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_with_a_public_key_using_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink Encrypt,_decrypt,_sign,_and_verify_text_using_OpenPGP_and_<span_class=\"application\">Tails_gpgApplet</span>|encryption_and_privacy/gpgapplet]]\n"
" - [[!traillink Encrypt_text_with_a_passphrase|encryption_and_privacy/gpgapplet/passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_using_public-key_cryptography|encryption_and_privacy/gpgapplet/public-key_cryptography]]\n"
" - [[!traillink Decrypt_and_verify_text|encryption_and_privacy/gpgapplet/decrypt_verify]]\n"
" - [[!traillink Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
msgstr ""
wiki/src/doc/encryption_and_privacy.index.fr.po
View file @
90fe0cd6
...
...
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: SACKAGE VERSION\n"
"POT-Creation-Date: 2012-
07-22 16:32
+0300\n"
"POT-Creation-Date: 2012-
10-12 20:20
+0300\n"
"PO-Revision-Date: 2012-05-22 16:28+0200\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: SLANGUAGE <LL@li.org>\n"
...
...
@@ -46,21 +46,20 @@ msgid "[[!traillink TrueCrypt|encryption_and_privacy/truecrypt]]"
msgstr "[[!traillink TrueCrypt|encryption_and_privacy/truecrypt]]"
#. type: Plain text
#, fuzzy, no-wrap
#| msgid ""
#| " - Use OpenPGP\n"
#| " - [[!traillink Encrypt_text_with_a_passphrase_using_gpgApplet|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
#| " - [[!traillink Encrypt_and_sign_text_with_a_public_key_using_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
#| " - [[!traillink Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
msgid ""
" - Use OpenPGP\n"
" - [[!traillink Encrypt_text_with_a_passphrase_using_gpgApplet|"
"encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_with_a_public_key_using_gedit|"
"encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink "
"Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|"
"encryption_and_privacy/secure_deletion]]\n"
" - [[!traillink Encrypt,_decrypt,_sign,_and_verify_text_using_OpenPGP_and_<span_class=\"application\">Tails_gpgApplet</span>|encryption_and_privacy/gpgapplet]]\n"
" - [[!traillink Encrypt_text_with_a_passphrase|encryption_and_privacy/gpgapplet/passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_using_public-key_cryptography|encryption_and_privacy/gpgapplet/public-key_cryptography]]\n"
" - [[!traillink Decrypt_and_verify_text|encryption_and_privacy/gpgapplet/decrypt_verify]]\n"
" - [[!traillink Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
msgstr ""
" - Utiliser OpenPGP\n"
" - [[!traillink Chiffrer_du_texte_avec_une_phrase_secrète|"
"encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Chiffrer_et_signer_du_texte_avec_une_clé_publique_et_gedit|"
"encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink "
"Effacer_des_fichiers_de_façon_sécurisée_et_nettoyer_l'espace_disque_avec_Nautilus_Wipe|"
"encryption_and_privacy/secure_deletion]]\n"
" - [[!traillink Chiffrer_du_texte_avec_une_phrase_secrète|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Chiffrer_et_signer_du_texte_avec_une_clé_publique_et_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink Effacer_des_fichiers_de_façon_sécurisée_et_nettoyer_l'espace_disque_avec_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
wiki/src/doc/encryption_and_privacy.index.pt.po
View file @
90fe0cd6
...
...
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2012-
07-22 16:32
+0300\n"
"POT-Creation-Date: 2012-
10-12 20:20
+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
...
...
@@ -20,36 +20,46 @@ msgstr ""
msgid ""
"[[!traillink Your_data_won't_be_saved_unless_explicitly_asked|"
"encryption_and_privacy/your_data_wont_be_saved_unless_explicitly_asked]]"
msgstr "[[!traillink Seus_dados_não_serão_salvos_a_não_ser_que_você_peça_"
"explicitamente|encryption_and_privacy/your_data_wont_be_saved_unless_explicitly_asked]]"
msgstr ""
"[[!traillink "
"Seus_dados_não_serão_salvos_a_não_ser_que_você_peça_explicitamente|"
"encryption_and_privacy/your_data_wont_be_saved_unless_explicitly_asked]]"
#. type: Bullet: ' - '
msgid ""
"[[!traillink Type_passwords_securely_on_an_untrusted_computer|"
"encryption_and_privacy/virtual_keyboard]]"
msgstr "[[!traillink Digite_senhas_de_forma_segura_em_computadores_não_"
"confiáveis|encryption_and_privacy/virtual_keyboard]]"
msgstr ""
"[[!traillink Digite_senhas_de_forma_segura_em_computadores_não_confiáveis|"
"encryption_and_privacy/virtual_keyboard]]"
#. type: Bullet: ' - '
msgid ""
"[[!traillink Create_and_use_encrypted_volumes|encryption_and_privacy/"
"encrypted_volumes]]"
msgstr "[[!traillink Crie_e_use_volumes_criptografados|encryption_and_privacy/encrypted_volumes]]"
msgstr ""
"[[!traillink Crie_e_use_volumes_criptografados|encryption_and_privacy/"
"encrypted_volumes]]"
#. type: Bullet: ' - '
msgid "[[!traillink TrueCrypt|encryption_and_privacy/truecrypt]]"
msgstr ""
#. type: Plain text
#, no-wrap
#, fuzzy, no-wrap
#| msgid ""
#| " - Use OpenPGP\n"
#| " - [[!traillink Encrypt_text_with_a_passphrase_using_gpgApplet|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
#| " - [[!traillink Encrypt_and_sign_text_with_a_public_key_using_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
#| " - [[!traillink Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
msgid ""
" - Use OpenPGP\n"
" - [[!traillink Encrypt_text_with_a_passphrase_using_gpgApplet|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_with_a_public_key_using_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink Encrypt,_decrypt,_sign,_and_verify_text_using_OpenPGP_and_<span_class=\"application\">Tails_gpgApplet</span>|encryption_and_privacy/gpgapplet]]\n"
" - [[!traillink Encrypt_text_with_a_passphrase|encryption_and_privacy/gpgapplet/passphrase_encryption]]\n"
" - [[!traillink Encrypt_and_sign_text_using_public-key_cryptography|encryption_and_privacy/gpgapplet/public-key_cryptography]]\n"
" - [[!traillink Decrypt_and_verify_text|encryption_and_privacy/gpgapplet/decrypt_verify]]\n"
" - [[!traillink Securely_delete_files_and_clean_diskspace_using_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
msgstr ""
" - Use OpenPGP\n"
" - [[!traillink Criptografe_textos_com_uma_senha_usando_o_gpgApplet|encryption_and_privacy/openpgp_passphrase_encryption]]\n"
" - [[!traillink Criptografe_e_assine_textos_com_uma_chave_pública_usando_gedit|encryption_and_privacy/openpgp_with_gedit]]\n"
" - [[!traillink Apague_arquivos_de_forma_segura_e_limpe_o_espaço_em_disco_usando_o_"
"Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
" - [[!traillink Apague_arquivos_de_forma_segura_e_limpe_o_espaço_em_disco_usando_o_Nautilus_Wipe|encryption_and_privacy/secure_deletion]]\n"
wiki/src/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks.de.po
View file @
90fe0cd6
...
...
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 201
1-12-18 10:38
+0
1
00\n"
"POT-Creation-Date: 201
2-10-12 20:20
+0
3
00\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME
<EMAIL
@
ADDRESS
>
\n"
"Language-Team: LANGUAGE
<LL
@
li.org
>
\n"
...
...
@@ -27,14 +27,24 @@ msgid "**FireGPG is no more shipped in Tails.**\n"
msgstr ""
#. type: Plain text
msgid "You should instead use:"
msgid "You should instead use
our custom GPG applet to
:"
msgstr ""
#. type: Plain text
#. type: Bullet: ' - '
msgid ""
"[[Encrypt text with a passphrase|encryption_and_privacy/gpgapplet/"
"passphrase_encryption]]"
msgstr ""
#. type: Bullet: ' - '
msgid ""
"[[Encrypt and sign text using public-key cryptography|encryption_and_privacy/"
"gpgapplet/public-key_cryptography]]"
msgstr ""
#. type: Bullet: ' - '
msgid ""
"- our custom GPG applet to [[encrypt text with a passphrase|"
"openpgp_passphrase_encryption]] - the gedit text editor to [[encrypt text "
"with a public key|openpgp_with_gedit]]"
"[[Decrypt and verify text|encryption_and_privacy/gpgapplet/decrypt_verify]]"
msgstr ""
#. type: Plain text
...
...
@@ -52,12 +62,12 @@ msgid ""
"[FireGPG](http://getfirefox.com) is a Firefox addon that allows users to "
"easily perform cryptographic actions on the contents of HTML pages, e.g. to "
"verify signatures appearing as HTML text, or encrypt texts written inside "
"HTML text boxes (i.e.
<
textarea
>
). Webmail interfaces commonly use
text
"
"boxes for email composition, so FireGPG is a natural fit for this use
case:
"
"the user writes his or her email plaintext in the text box, selects
the
"
"plaintext and uses one of the \"Encrypt\" or \"Sign and encrypt\"
actions
"
"available from the FireGPG menu to transform the selection to its
encrypted
"
"counterpart."
"HTML text boxes (i.e.
<
textarea
>
). Webmail interfaces commonly use "
"
text
boxes for email composition, so FireGPG is a natural fit for this use "
"
case:
the user writes his or her email plaintext in the text box, selects "
"
the
plaintext and uses one of the \"Encrypt\" or \"Sign and encrypt\" "
"
actions
available from the FireGPG menu to transform the selection to its "
"
encrypted
counterpart."
msgstr ""
#. type: Plain text
...
...
@@ -69,40 +79,41 @@ msgid ""
"every second, thereby leaking the plaintext as it is written, effectively "
"bypassing any subsequent encryption. In fact, many non-malicious webmail "
"services do just that at longer intervals, to save a draft of a message in "
"case the user's browser crashes. The only way that a user can block this type "
"of attack is by completely disabling JavaScript, which is often not "
"desirable. In any case, FireGPG currently does nothing to make users aware of "
"this issue. To the contrary, by making encryption commands easily accessible "
"in the FireGPG context menu, it actively promotes this insecure usage."
"case the user's browser crashes. The only way that a user can block this "
"type of attack is by completely disabling JavaScript, which is often not "
"desirable. In any case, FireGPG currently does nothing to make users aware "
"of this issue. To the contrary, by making encryption commands easily "
"accessible in the FireGPG context menu, it actively promotes this insecure "
"usage."
msgstr ""
#. type: Plain text
msgid ""
"The situation is exactly the same if a user decrypts an OpenPGP block inside "
"a text box: the OpenPGP block is replaced with the plaintext within the text "
"box, so the same script can leak the plaintext when the timer fires less
than
"
"a second later. Luckily, webmail systems rarely present messages in
text
"
"boxes (although 'pastebins' often do). It is more common for received
email
"
"to be displayed as HTML text, and when the user decrypts it, FireGPG
will
"
"display the plaintext in a separate window that is safely out of reach
of
"
"JavaScript. FireGPG has an option, `extensions.firegpg."
"box, so the same script can leak the plaintext when the timer fires less "
"
than
a second later. Luckily, webmail systems rarely present messages in "
"
text
boxes (although 'pastebins' often do). It is more common for received "
"
email
to be displayed as HTML text, and when the user decrypts it, FireGPG "
"
will
display the plaintext in a separate window that is safely out of reach "
"
of
JavaScript. FireGPG has an option, `extensions.firegpg."
"result_always_in_new_window`, called \"Always display encryption and "
"signature results in a separate window\" in the FireGPG options window, that "
"forces this behaviour when decrypting OpenPGP blocks in text boxes as well, "
"but it is disabled by default. This option, however, does not in any way "
"prevent leaking of plaintext while the user is writing it as described in
the
"
"previous paragraph."
"prevent leaking of plaintext while the user is writing it as described in "
"
the
previous paragraph."
msgstr ""
#. type: Plain text
msgid ""
"FireGPG also has three commands to sign (but not encrypt) messages: \"Sign
\",
"
"\"Wrapped sign\" and \"Clearsign\". Simple JavaScript can replace the "
"contents of the text box when the user selects it, so if the user does not
re-
"
"read the text after selecting one of the 'sign' commands, the attacker
will
"
"be able to obtain the user's signature on an arbitrary message.
Enabling the
"
"`result_always_in_new_window` option does not prevent this
attack; only user
"
"acuity *may* be able to detect and block it."
"FireGPG also has three commands to sign (but not encrypt) messages: \"Sign"
"
\",
\"Wrapped sign\" and \"Clearsign\". Simple JavaScript can replace the "
"contents of the text box when the user selects it, so if the user does not "
"
re-
read the text after selecting one of the 'sign' commands, the attacker "
"
will
be able to obtain the user's signature on an arbitrary message. "
"
Enabling the
`result_always_in_new_window` option does not prevent this "
"
attack; only user
acuity *may* be able to detect and block it."
msgstr ""
#. type: Plain text
...
...
@@ -126,8 +137,8 @@ msgstr ""
#. type: Bullet: '2. '
msgid ""
"FireGPG should explicitly state that the FireGPG Text editor is the only
safe
"
"place to write plaintext that are to be encrypted and/or signed, or to "
"FireGPG should explicitly state that the FireGPG Text editor is the only "
"
safe
place to write plaintext that are to be encrypted and/or signed, or to "
"decrypt messages unless the `result_always_in_new_window` option is enabled. "
"Hopefully this will save users that have been misled by FireGPG for years "
"from risking their data again, and make them understand why this new, less "
...
...
@@ -153,14 +164,14 @@ msgstr ""
#. type: Plain text
msgid ""
"After these changes, the only remaining actions in the FireGPG menu will be "
"\"Decrypt\" and \"Verify\". \"Decrypt\" is made safe by change 3, and
\"Verify
"
"\" is made safe by change 4. It may still be a good idea to remove
these
"
"actions as well to further promote the use of the FireGPG Text editor
for all
"
"cryptographic actions. If they are removed, points 3 and 4 above
become
"
"irrelevant and may be ignored. Per a discussion on #tor-dev and
later #tails
"
"with rransom and katmagic it came to light that FireGPG may
have a few
"
"serious security and anonymity issues (katmagic even claimed with
\"85%\"
"
"certainty that these issues were among the main reasons FireGPG was "
"\"Decrypt\" and \"Verify\". \"Decrypt\" is made safe by change 3, and "
"\"
Verify\"
is made safe by change 4. It may still be a good idea to remove "
"
these
actions as well to further promote the use of the FireGPG Text editor "
"
for all
cryptographic actions. If they are removed, points 3 and 4 above "
"
become
irrelevant and may be ignored. Per a discussion on #tor-dev and "
"
later #tails
with rransom and katmagic it came to light that FireGPG may "
"
have a few
serious security and anonymity issues (katmagic even claimed with "
"
\"85%\"
certainty that these issues were among the main reasons FireGPG was "
"discontinued):"
msgstr ""
...
...
@@ -219,8 +230,8 @@ msgstr ""
#. type: Bullet: '- '
msgid ""
"[[tor-talk] Tor Browser Bundle: PGP encryption built-in?](http://www.mail-"
"archive.com/tor-talk@lists.torproject.org/msg02105.html)
<br/>
A thread on
the
"
"[tor-talk] list adressing the issues of supporting GPG inside a browser."
"archive.com/tor-talk@lists.torproject.org/msg02105.html)
<br/>
A thread on "
"
the
[tor-talk] list adressing the issues of supporting GPG inside a browser."
msgstr ""
#. type: Bullet: '- '
...
...
wiki/src/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks.es.po
View file @
90fe0cd6
...
...
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 201
1-12-18 10:38
+0
1
00\n"
"POT-Creation-Date: 201
2-10-12 20:20
+0
3
00\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME
<EMAIL
@
ADDRESS
>
\n"
"Language-Team: LANGUAGE
<LL
@
li.org
>
\n"
...
...
@@ -27,14 +27,24 @@ msgid "**FireGPG is no more shipped in Tails.**\n"
msgstr ""
#. type: Plain text
msgid "You should instead use:"
msgid "You should instead use
our custom GPG applet to
:"
msgstr ""
#. type: Plain text
#. type: Bullet: ' - '
msgid ""
"[[Encrypt text with a passphrase|encryption_and_privacy/gpgapplet/"
"passphrase_encryption]]"
msgstr ""
#. type: Bullet: ' - '
msgid ""
"[[Encrypt and sign text using public-key cryptography|encryption_and_privacy/"
"gpgapplet/public-key_cryptography]]"
msgstr ""
#. type: Bullet: ' - '
msgid ""
"- our custom GPG applet to [[encrypt text with a passphrase|"
"openpgp_passphrase_encryption]] - the gedit text editor to [[encrypt text "
"with a public key|openpgp_with_gedit]]"
"[[Decrypt and verify text|encryption_and_privacy/gpgapplet/decrypt_verify]]"
msgstr ""
#. type: Plain text
...
...
@@ -52,12 +62,12 @@ msgid ""
"[FireGPG](http://getfirefox.com) is a Firefox addon that allows users to "
"easily perform cryptographic actions on the contents of HTML pages, e.g. to "
"verify signatures appearing as HTML text, or encrypt texts written inside "
"HTML text boxes (i.e.
<
textarea
>
). Webmail interfaces commonly use
text
"
"boxes for email composition, so FireGPG is a natural fit for this use
case:
"
"the user writes his or her email plaintext in the text box, selects
the
"
"plaintext and uses one of the \"Encrypt\" or \"Sign and encrypt\"
actions
"
"available from the FireGPG menu to transform the selection to its
encrypted
"
"counterpart."
"HTML text boxes (i.e.
<
textarea
>
). Webmail interfaces commonly use "
"
text
boxes for email composition, so FireGPG is a natural fit for this use "
"
case:
the user writes his or her email plaintext in the text box, selects "
"
the
plaintext and uses one of the \"Encrypt\" or \"Sign and encrypt\" "
"
actions
available from the FireGPG menu to transform the selection to its "
"
encrypted
counterpart."
msgstr ""
#. type: Plain text
...
...
@@ -69,40 +79,41 @@ msgid ""
"every second, thereby leaking the plaintext as it is written, effectively "
"bypassing any subsequent encryption. In fact, many non-malicious webmail "
"services do just that at longer intervals, to save a draft of a message in "
"case the user's browser crashes. The only way that a user can block this type "
"of attack is by completely disabling JavaScript, which is often not "
"desirable. In any case, FireGPG currently does nothing to make users aware of "
"this issue. To the contrary, by making encryption commands easily accessible "
"in the FireGPG context menu, it actively promotes this insecure usage."
"case the user's browser crashes. The only way that a user can block this "
"type of attack is by completely disabling JavaScript, which is often not "
"desirable. In any case, FireGPG currently does nothing to make users aware "
"of this issue. To the contrary, by making encryption commands easily "
"accessible in the FireGPG context menu, it actively promotes this insecure "
"usage."
msgstr ""
#. type: Plain text
msgid ""
"The situation is exactly the same if a user decrypts an OpenPGP block inside "
"a text box: the OpenPGP block is replaced with the plaintext within the text "
"box, so the same script can leak the plaintext when the timer fires less
than
"
"a second later. Luckily, webmail systems rarely present messages in
text
"
"boxes (although 'pastebins' often do). It is more common for received
email
"
"to be displayed as HTML text, and when the user decrypts it, FireGPG
will
"
"display the plaintext in a separate window that is safely out of reach
of
"
"JavaScript. FireGPG has an option, `extensions.firegpg."
"box, so the same script can leak the plaintext when the timer fires less "
"
than
a second later. Luckily, webmail systems rarely present messages in "
"
text
boxes (although 'pastebins' often do). It is more common for received "
"
email
to be displayed as HTML text, and when the user decrypts it, FireGPG "
"
will
display the plaintext in a separate window that is safely out of reach "
"
of
JavaScript. FireGPG has an option, `extensions.firegpg."
"result_always_in_new_window`, called \"Always display encryption and "
"signature results in a separate window\" in the FireGPG options window, that "
"forces this behaviour when decrypting OpenPGP blocks in text boxes as well, "
"but it is disabled by default. This option, however, does not in any way "
"prevent leaking of plaintext while the user is writing it as described in
the
"
"previous paragraph."
"prevent leaking of plaintext while the user is writing it as described in "
"
the
previous paragraph."
msgstr ""
#. type: Plain text
msgid ""
"FireGPG also has three commands to sign (but not encrypt) messages: \"Sign
\",
"
"\"Wrapped sign\" and \"Clearsign\". Simple JavaScript can replace the "
"contents of the text box when the user selects it, so if the user does not
re-
"
"read the text after selecting one of the 'sign' commands, the attacker
will
"
"be able to obtain the user's signature on an arbitrary message.
Enabling the
"
"`result_always_in_new_window` option does not prevent this
attack; only user
"
"acuity *may* be able to detect and block it."
"FireGPG also has three commands to sign (but not encrypt) messages: \"Sign"
"
\",
\"Wrapped sign\" and \"Clearsign\". Simple JavaScript can replace the "
"contents of the text box when the user selects it, so if the user does not "
"
re-
read the text after selecting one of the 'sign' commands, the attacker "
"
will
be able to obtain the user's signature on an arbitrary message. "
"
Enabling the
`result_always_in_new_window` option does not prevent this "
"
attack; only user
acuity *may* be able to detect and block it."
msgstr ""
#. type: Plain text
...
...
@@ -126,8 +137,8 @@ msgstr ""
#. type: Bullet: '2. '
msgid ""
"FireGPG should explicitly state that the FireGPG Text editor is the only
safe
"
"place to write plaintext that are to be encrypted and/or signed, or to "
"FireGPG should explicitly state that the FireGPG Text editor is the only "
"
safe
place to write plaintext that are to be encrypted and/or signed, or to "
"decrypt messages unless the `result_always_in_new_window` option is enabled. "
"Hopefully this will save users that have been misled by FireGPG for years "
"from risking their data again, and make them understand why this new, less "
...
...
@@ -153,14 +164,14 @@ msgstr ""
#. type: Plain text
msgid ""
"After these changes, the only remaining actions in the FireGPG menu will be "
"\"Decrypt\" and \"Verify\". \"Decrypt\" is made safe by change 3, and
\"Verify
"
"\" is made safe by change 4. It may still be a good idea to remove
these
"
"actions as well to further promote the use of the FireGPG Text editor
for all
"
"cryptographic actions. If they are removed, points 3 and 4 above
become
"
"irrelevant and may be ignored. Per a discussion on #tor-dev and
later #tails
"
"with rransom and katmagic it came to light that FireGPG may
have a few
"
"serious security and anonymity issues (katmagic even claimed with
\"85%\"
"
"certainty that these issues were among the main reasons FireGPG was "
"\"Decrypt\" and \"Verify\". \"Decrypt\" is made safe by change 3, and "
"\"
Verify\"
is made safe by change 4. It may still be a good idea to remove "
"
these
actions as well to further promote the use of the FireGPG Text editor "
"
for all
cryptographic actions. If they are removed, points 3 and 4 above "
"
become
irrelevant and may be ignored. Per a discussion on #tor-dev and "
"
later #tails
with rransom and katmagic it came to light that FireGPG may "
"
have a few
serious security and anonymity issues (katmagic even claimed with "
"
\"85%\"
certainty that these issues were among the main reasons FireGPG was "
"discontinued):"
msgstr ""
...
...
@@ -219,8 +230,8 @@ msgstr ""
#. type: Bullet: '- '
msgid ""
"[[tor-talk] Tor Browser Bundle: PGP encryption built-in?](http://www.mail-"
"archive.com/tor-talk@lists.torproject.org/msg02105.html)
<br/>
A thread on
the
"
"[tor-talk] list adressing the issues of supporting GPG inside a browser."
"archive.com/tor-talk@lists.torproject.org/msg02105.html)
<br/>
A thread on "
"
the
[tor-talk] list adressing the issues of supporting GPG inside a browser."
msgstr ""
#. type: Bullet: '- '
...
...
wiki/src/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks.fr.po
View file @
90fe0cd6
...
...
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2012-
01-05 01:3
0+0
1
00\n"
"POT-Creation-Date: 2012-
10-12 20:2
0+0
3
00\n"
"PO-Revision-Date: 2011-12-25 22:34+0100\n"
"Last-Translator: \n"
"Language-Team: LANGUAGE
<LL
@
li.org
>
\n"
...
...
@@ -26,18 +26,27 @@ msgid "**FireGPG is no more shipped in Tails.**\n"
msgstr "**FireGPG n'est plus livré dans Tails.**\n"
#. type: Plain text
msgid "You should instead use:"
#, fuzzy
#| msgid "You should instead use:"
msgid "You should instead use our custom GPG applet to:"
msgstr "À la place, vous devriez vous servir de :"
#. type: Plain text
#. type: Bullet: ' - '
msgid ""
"[[Encrypt text with a passphrase|encryption_and_privacy/gpgapplet/"
"passphrase_encryption]]"
msgstr ""
#. type: Bullet: ' - '
msgid ""
"- our custom GPG applet to [[encrypt text with a passphrase|"
"openpgp_passphrase_encryption]] - the gedit text editor to [[encrypt text "
"with a public key|openpgp_with_gedit]]"
"[[Encrypt and sign text using public-key cryptography|encryption_and_privacy/"
"gpgapplet/public-key_cryptography]]"
msgstr ""
#. type: Bullet: ' - '
msgid ""
"[[Decrypt and verify text|encryption_and_privacy/gpgapplet/decrypt_verify]]"
msgstr ""
"- notre applet GPG personnalisée pour [[chiffrer du texte avec une phrase de "
"passe|openpgp_passphrase_encryption]] - l'éditeur de texte gedit pour "
"[[chiffrer du texte avec une clé publique|openpgp_with_gedit]]"
#. type: Plain text
#, no-wrap
...
...
@@ -54,20 +63,20 @@ msgid ""
"[FireGPG](http://getfirefox.com) is a Firefox addon that allows users to "
"easily perform cryptographic actions on the contents of HTML pages, e.g. to "
"verify signatures appearing as HTML text, or encrypt texts written inside "
"HTML text boxes (i.e.
<
textarea
>
). Webmail interfaces commonly use
text
"
"boxes for email composition, so FireGPG is a natural fit for this use
case:
"
"the user writes his or her email plaintext in the text box, selects
the
"
"plaintext and uses one of the \"Encrypt\" or \"Sign and encrypt\"
actions
"
"available from the FireGPG menu to transform the selection to its
encrypted
"
"counterpart."
"HTML text boxes (i.e.
<
textarea
>
). Webmail interfaces commonly use "
"
text
boxes for email composition, so FireGPG is a natural fit for this use "
"
case:
the user writes his or her email plaintext in the text box, selects "
"
the
plaintext and uses one of the \"Encrypt\" or \"Sign and encrypt\" "
"
actions
available from the FireGPG menu to transform the selection to its "
"
encrypted
counterpart."
msgstr ""
"[FireGPG](http://getfirefox.com) est une extension de Firefox qui permet "
"d'utiliser facilement la cryptographie sur le contenu de pages HTML, par "
"exemple pour vérifier des signatures qui apparaissent comme du texte HTML,
ou
"
"pour chiffrer du texte écrit dans une fenêtre de texte HTML (
<
"
"exemple pour vérifier des signatures qui apparaissent comme du texte HTML, "
"
ou
pour chiffrer du texte écrit dans une fenêtre de texte HTML (
<
"
"textarea
>
). Les interfaces webmail utilisent généralement ces fenêtres de "
"texte pour écrire un email, c'est pourquoi FireGPG est l'outil idéal pour
cet
"
"usage : l'utilisateur/ice écrit son email dans la fenêtre de texte, le "
"texte pour écrire un email, c'est pourquoi FireGPG est l'outil idéal pour "
"
cet
usage : l'utilisateur/ice écrit son email dans la fenêtre de texte, le "
"sélectionne et choisit l'action \"Chiffrer\" ou \"Signer et chiffrer\", "
"disponibles depuis le menu FireGPG, pour transformer le texte en clair en "
"texte chiffré."
...
...
@@ -81,11 +90,12 @@ msgid ""
"every second, thereby leaking the plaintext as it is written, effectively "
"bypassing any subsequent encryption. In fact, many non-malicious webmail "
"services do just that at longer intervals, to save a draft of a message in "
"case the user's browser crashes. The only way that a user can block this type "
"of attack is by completely disabling JavaScript, which is often not "
"desirable. In any case, FireGPG currently does nothing to make users aware of "
"this issue. To the contrary, by making encryption commands easily accessible "
"in the FireGPG context menu, it actively promotes this insecure usage."
"case the user's browser crashes. The only way that a user can block this "
"type of attack is by completely disabling JavaScript, which is often not "
"desirable. In any case, FireGPG currently does nothing to make users aware "
"of this issue. To the contrary, by making encryption commands easily "
"accessible in the FireGPG context menu, it actively promotes this insecure "
"usage."
msgstr ""
"La conception de FireGPG nous assure être sûre, alors qu'elle ne l'est\n"
"pas, étant donné que le JavaScript tournant sur la page peut toujours\n"
...
...
@@ -108,18 +118,18 @@ msgstr ""
msgid ""
"The situation is exactly the same if a user decrypts an OpenPGP block inside "
"a text box: the OpenPGP block is replaced with the plaintext within the text "
"box, so the same script can leak the plaintext when the timer fires less
than
"
"a second later. Luckily, webmail systems rarely present messages in
text
"
"boxes (although 'pastebins' often do). It is more common for received
email
"
"to be displayed as HTML text, and when the user decrypts it, FireGPG
will
"
"display the plaintext in a separate window that is safely out of reach
of
"
"JavaScript. FireGPG has an option, `extensions.firegpg."
"box, so the same script can leak the plaintext when the timer fires less "
"
than
a second later. Luckily, webmail systems rarely present messages in "
"
text
boxes (although 'pastebins' often do). It is more common for received "
"
email
to be displayed as HTML text, and when the user decrypts it, FireGPG "
"
will
display the plaintext in a separate window that is safely out of reach "
"
of
JavaScript. FireGPG has an option, `extensions.firegpg."
"result_always_in_new_window`, called \"Always display encryption and "
"signature results in a separate window\" in the FireGPG options window, that "
"forces this behaviour when decrypting OpenPGP blocks in text boxes as well, "
"but it is disabled by default. This option, however, does not in any way "
"prevent leaking of plaintext while the user is writing it as described in
the
"
"previous paragraph."
"prevent leaking of plaintext while the user is writing it as described in "
"
the
previous paragraph."
msgstr ""
"La situation est exactement la même si un utilisateur déchiffre un bloc "
"OpenPGP\n"
...
...
@@ -134,35 +144,35 @@ msgstr ""
"les 'pastebins' le font souvent). Les emails reçus sont plus fréquemment\n"
"affichés en tant que texte HTML, et quand l'utilisateur le déchiffre, "
"FireGPG\n"
"affiche le texte déchiffré dans une fenêtre séparée qui est hors de portée
du
"
"JavaScript. Dans la fenêtre des options de FireGPG se trouve l'option "
"affiche le texte déchiffré dans une fenêtre séparée qui est hors de portée "