Table of Contents
KGpg is an important component of the encryption infrastructure on your system. With the help of this program, generate and manage all needed keys, use its editor function for the quick creation and encryption of files, or use the applet in your panel to encrypt or decrypt by dragging and dropping. This chapter covers the basic functions needed for daily work with encrypted files.
This section covers operations needed for handling your digital key ring. Other programs, such as your mail program (KMail or Evolution), access the managed key data to process signed or encrypted contents.
To be able to exchange encrypted messages with other users, first generate your own key pair. One part of it — the public key — is distributed to your communication partners, who can use it to encrypt the files or e-mail messages they send. The other part of the key pair — the private key — is used to decrypt the encrypted contents.
|Private Key versus Public Key|
The public key is intended for the public and is distributed to all of your communication partners. However, only you should have access to the private key. Do not grant other users access to this data.
Start KGpg from the main menu by selecting + or enter kgpg on the command line. When you start the program for the first time, an assistant appears to guide you through the configuration. Follow the instructions up to the point where you are prompted to create a key. Enter a name, an e-mail address, and, optionally, a comment. If you do not like the default settings provided, also set the expiration time for the key, the key size, and the encryption algorithm used. See Figure 11.1. “KGpg: Creating a Key”.
Confirm your settings with KGpg displays its main window. See Figure 11.2. “KGpg: The Key Manager”.. The next dialog asks you to enter a password. After doing so twice, the program generates the key pair and display a summary. It is a good idea to save or print a revocation certificate right away. Such a certificate will be needed if you forget the password for your private key, so need to revoke it. After confirming with ,
After generating your key pair, make the public key available to other users. This enables them to use it to encrypt or sign the messages or files they send you. To make the public key available for others, select+ . The dialog that opens offers four options:
Your public key is sent to a recipient of your choice by e-mail. If you activate this option and confirm with KMail appears. Enter the recipient and click . The recipient will receive your key and can then send you encrypted contents., the dialog for creating a new e-mail message with
You can place your public key here before you continue to process it.
To make your public key available to a wide audience, export it to one of the key servers on the Internet. For more information, refer to 11.2. “The Key Server Dialog”.
If you prefer to distribute your key as a file on a data medium instead of sending it by e-mail, click this option, confirm or change the file path and name, and click.
If you receive a key in a file (for example, as an e-mail attachment), integrate it in your key ring withand use it for encrypted communication with the sender. The procedure is similar to the procedure for exporting keys already described.
Keys can be signed like every other file to guarantee their authenticity and integrity. If you are absolutely sure an imported key belongs to the individual specified as the owner, express your trust in the authenticity of the key with your signature.
Encrypted communication is only secure to the extent that you can positively associate public keys in circulation with the specified user. By cross-checking and signing these keys, you contribute to the establishment of a web of trust.
Select the key to sign in the key list. Select+ . In the following dialog, designate the private key to use for the signature. An alert reminds you to check the authenticity of this key before you sign it. If you have performed this check, click and enter the password for the selected private key in the next step. Other users can now check the signature by means of your public key.
Normally, you are asked by the corresponding program whether you trust the key (whether you assume it is really used by its authorized owner). This happens each time a message needs to be decrypted or a signature must be checked. To avoid this, edit the trust level of the newly imported key. By default, a newly imported key is listed with a “?”, meaning that no concrete value has been assigned for the trust level.
Right-click the newly imported key to access a small context menu for key management. Select KGpg opens a text console in which to set the trust level with a few commands.from it.
At the prompt of the text console (Command >), enter trust. Now on a scale between 1 and 5 make an estimate of how much you trust the signers of the imported key to have checked the true identity of the key owner. Enter the selected value at the prompt (Your decision?). If you are really sure about the signers' trustworthiness, enter 5. Answer the following question by entering y. Finally, enter quit to exit the console and return to the list of keys. The key now has the trust level Ultimate.