4. Cryptography

4.1. Using a PGP Key

KMail allows you to use cryptography in order to encrypt and sign your e-mails, ensuring that your e-communications are not tampered with. With the growing need for privacy over the Internet, you might want to try out this feature.

Figure 8.6. Using OpenPGP within KMail

Using OpenPGP within KMail

The easiest way to use encryption with KMail is if you already have a PGP key. If you don't here's how to proceed:

  1. Open a terminal window (System+Terminals->Konsole)(Administer your system->Use a terminal emulator).

  2. Type gpg --gen-key.

  3. You will be asked for what type of key you want: choose DSA and ElGamal.

  4. Choose a key size: 2048 bits is the default, and is enough for today's needs; 4096 bits is probably extreme.

  5. You can select an expiration date: 0 is for no expiration date.

  6. Enter your user identification which contains your Real Name, then E-mail Address and finally an optional Comment.

  7. Enter a passphrase which should be composed of upper- and lowercase letters, numbers and symbols: you need to enter it twice.

  8. GPG will now generate your key. Move your mouse around, surf the web, play music since it needs a lot of random data.

  9. Finally to make sure everything works, type gpg --list-keys. You should get something similar to this as a result:

    [peter@community peter]$ gpg --list-keys
    pub   1024D/95DBB95A 2005-03-15 Your Name (Comment) <your@email.com>
    sub   1024g/47FBB9BA 2005-03-15

For more information about generating a GPG key, please refer to the gpg man page or to this excellent tutorial.

To set it up go back to the Manage Identities window (Settings->Configure KMail) and click on the Cryptography tab: simply click on the Change buttons for the OpenPGP signing key and OpenPGP encryption key fields and select your key (see Figure 8.6, “Using OpenPGP within KMail”), then OK.

Now when you will open a new composition window, you will see two new icons:

  • This icon allows you to electronically sign your e-mail, which proves without a doubt that the e-mail comes from you.

  • This icon permits to encrypt a message so that only the recipient you have chosen will be able to read the contents of your e-mail. Note however that the recipient must have shared his public key with you.

Once you have finished writing your e-mail, click on the icon which you need (sign, encrypt or both) then click on or Ctrl-Enter. A dialog box will appear and you will be asked to confirm your key and the recipient's:

Figure 8.7. Encryption Key Approval Dialog

Encryption Key Approval Dialog

Finally you will be asked to enter your GPG passphrase.

Figure 8.8. Passphrase Dialog

Passphrase Dialog

When you receive encrypted mail, you will be prompted for your passphrase: simply type it in the dialog box which pops up.