| Mail Encryption with PGP or GnuPG | ||
|---|---|---|
 | Chapter 15. KMail — The KDE Mail Application |  |
| Filters | For More Information | |
| Mail Encryption with PGP or GnuPG | ||
|---|---|---|
| | Chapter 15. KMail — The KDE Mail Application | |
| Filters | For More Information | |
You can encrypt outgoing e-mail with KMail. To encrypt your e-mail, first generate a key pair as described in Chapter Chapter 14, Encryption with KGpg. Then log out and log in again.
Go to -> -> -> -> to specify when and with which method your e-mail messages should be encrypted. First, activate the respective module, usually openpgp. Under , enter the file name of the crypto library: for OpenPGP, select /usr/lib/cryptplug/gpgme-openpgp.so and, for smime, select /usr/lib/cryptplug/gpgme-smime.so. An asterisk must appear in the column of the displayed table. Also determine whether an alert should be displayed when you send unencrypted e-mail. To encrypt the attachments as well, select in -> -> -> -> .
Once the preferences have been set, click (under ). Select the identity with which encrypted or signed messages should be sent and choose . Select the tab in the dialog that opens. Clicking for the entry displays a selection box from which to choose the keys. Confirm with . The encryption system is now ready.
The public key must be made available to recipients of a signed message so they can verify its authenticity. It also needs to be accessible to enable others to send encrypted messages to the owner of the key. Public keys can be stored on a public PGP key server, such as www.pgp.net.
Create your messages as usual. Before sending the message, click the corresponding icon (second to last) in the toolbar of the window or choose -> . The message can then be sent. To sign it, KMail must know your PGP password. However, if you have already provided the password, KMail signs the message without requesting any further information. The results of the PGP signing process can be reviewed in the Sent Messages folder (or in the outbox if you did not use ). There, your e-mail should be marked with the notice that it was signed by you.
If KMail is able to verify the signature of an e-mail, a green frame with the key ID is displayed. If the signature cannot be verified, a yellow frame with an alert is displayed. This means that you do not have a suitable public key for the signature.
Create a message for the person who should receive your public key. Choose -> . The mail can then be sent. There is no guarantee that the recipient of a signed message receives the correct key. It is possible that the mail is intercepted on the way to the recipient and is signed with another key. Therefore, the recipient should check the attached key by comparing the finger print with a previously received value. Further information about this can be found in the PGP and GnuPG documentation.
In KMail, select the message to decrypt. Enter your password when prompted. KMail attempts to decrypt the message. If it was encrypted with your public key, KMail displays it in clear text. If not, you cannot read the e-mail message. KMail saves these e-mail messages encrypted to prevent anyone from reading them without your password.
To send an encrypted message to a recipient for whom you have the public key, simply write the message in the window. Before sending the message, click the red key icon in the window's toolbar. Now, the message can be sent. If KMail cannot find a key for the recipient, a list with all available keys is shown. Select the appropriate one from the list or abort the process. KMail also informs you if errors occur during the encryption process. You cannot read encrypted messages if you did not click in the tab.
| |  | |
| Filters |  | For More Information |