个人工具

“UbuntuHelp:KMailGPGAgent”的版本间的差异

来自Ubuntu中文

跳转至: 导航, 搜索
 
(未显示同一用户的4个中间版本)
第1行: 第1行:
 
{{From|https://help.ubuntu.com/community/KMailGPGAgent}}
 
{{From|https://help.ubuntu.com/community/KMailGPGAgent}}
 
{{Languages|UbuntuHelp:KMailGPGAgent}}
 
{{Languages|UbuntuHelp:KMailGPGAgent}}
 +
<<Include(Tag/Unsupported)>>
 +
<<Include(Tag/NeedsExpansion)>>
 
== Introduction ==
 
== Introduction ==
This guide assumes that you have a working knowledge of GnuPG and the command line, and that GPG and KMail are installed in a KDE environment.  Detailed information on GnuPG can be found [https://help.ubuntu.com/community/GnuPrivacyGuardHowto here].
+
This guide assumes that you have a working knowledge of GnuPG and the command line, and that GPG and KMail are installed in a KDE environment.  Detailed information on GnuPG can be found [[UbuntuHelp:GnuPrivacyGuardHowto|here]].|More information on KMail can be found on [[UbuntuHelp:EmailClients|EmailClients]].
 
== Set up ==
 
== Set up ==
 
=== Required Packages ===
 
=== Required Packages ===
第31行: 第33行:
 
=== Configuring KDE to start gpg-agent on login ===
 
=== Configuring KDE to start gpg-agent on login ===
 
In order to use the gpg-agent with KDE, you'll want it to start up and have its environment variables added to KDE's environment before KDE starts. Thankfully, KDE allows us to do this quite easily.
 
In order to use the gpg-agent with KDE, you'll want it to start up and have its environment variables added to KDE's environment before KDE starts. Thankfully, KDE allows us to do this quite easily.
# Create the directory <code><nowiki>~/.kde/env</nowiki></code>
+
<ol><li>Create the directory <code><nowiki>~/.kde/env</nowiki></code>
2. Create a file in the directory called <code><nowiki>gpg-agent.sh</nowiki></code> with the following contents:
+
</li><li>Create a file in the directory called <code><nowiki>gpg-agent.sh</nowiki></code> with the following contents:</li></ol>
 +
 
 
<pre><nowiki>  
 
<pre><nowiki>  
 
eval "$(gpg-agent --daemon)"  
 
eval "$(gpg-agent --daemon)"  
 
</nowiki></pre>
 
</nowiki></pre>
3. Make the file executable.
+
<ol><li>Make the file executable.
4. Log out of KDE if you're in KDE and log back in.
+
</li><li>Log out of KDE if you're in KDE and log back in.
# Create the directory <code><nowiki>~/.kde/shutdown</nowiki></code>
+
</li><li>Create the directory <code><nowiki>~/.kde/shutdown</nowiki></code>
2. Create a file in the directory called <code><nowiki>gpg-agent.sh</nowiki></code> with the following contents:
+
</li><li>Create a file in the directory called <code><nowiki>gpg-agent.sh</nowiki></code> with the following contents:</li></ol>
 +
 
 
<pre><nowiki>
 
<pre><nowiki>
 
#!/bin/sh
 
#!/bin/sh
第47行: 第51行:
 
[[ -n ${GPG_AGENT_INFO} ]] && kill `echo $\{GPG_AGENT_INFO\} | cut -d ':' -f 2`
 
[[ -n ${GPG_AGENT_INFO} ]] && kill `echo $\{GPG_AGENT_INFO\} | cut -d ':' -f 2`
 
</nowiki></pre>
 
</nowiki></pre>
3. Make the file executable.
+
<ol><li>Make the file executable.</li></ol>
 +
 
 
Before proceeding, please test gpg-agent:
 
Before proceeding, please test gpg-agent:
 
<pre><nowiki>
 
<pre><nowiki>
第53行: 第58行:
 
</nowiki></pre>
 
</nowiki></pre>
 
==== Configuring KMail ====
 
==== Configuring KMail ====
# Start up KMail
+
<ol><li>Start up KMail
2. Go to the Settings menu
+
</li><li>Go to the Settings menu
3. Select the Security icon on the left hand side
+
</li><li>Select the Security icon on the left hand side
4. Select the Crypto Backends tab
+
</li><li>Select the Crypto Backends tab
5. Make sure OpenPGP (gpg) is in the list, and check the box next to it.
+
</li><li>Make sure OpenPGP (gpg) is in the list, and check the box next to it.
6. Select the Identities Icon on the left hand side
+
</li><li>Select the Identities Icon on the left hand side
7. If you haven't already created an identity for yourself, create one now.
+
</li><li>If you haven't already created an identity for yourself, create one now.
8. Select your identity and click the Modify... button
+
</li><li>Select your identity and click the Modify... button
9. Select the Cryptography tab
+
</li><li>Select the Cryptography tab</li></ol>
 +
 
 
10. Click on Change... next to OpenPGP signing key and select your preferred key from the list.
 
10. Click on Change... next to OpenPGP signing key and select your preferred key from the list.
 
11. Repeat for OpenPGP encryption key if you want to encrypt messages
 
11. Repeat for OpenPGP encryption key if you want to encrypt messages
第81行: 第87行:
 
Bottom line is that all of the steps above Configuring KMail should no longer be required for new Gutsy installs.
 
Bottom line is that all of the steps above Configuring KMail should no longer be required for new Gutsy installs.
 
----
 
----
[[category:CategoryDocumentation]]
+
[[category:CategoryEmail]]
  
 
[[category:UbuntuHelp]]
 
[[category:UbuntuHelp]]

2009年11月17日 (二) 19:41的最新版本

<<Include(Tag/Unsupported)>> <<Include(Tag/NeedsExpansion)>>

Introduction

This guide assumes that you have a working knowledge of GnuPG and the command line, and that GPG and KMail are installed in a KDE environment. Detailed information on GnuPG can be found here.|More information on KMail can be found on EmailClients.

Set up

Required Packages

Pinentry-Qt will provide the front end into which you will type your pass phrase. pinentry-qt gpg-agent is a program that caches your private key passphrases for a period of time. Without gpg-agent you'd have to type your passphrase every time you wanted to decrypt an email or file. Since it is recommended that your passphrase be very long, and hard to guess, this can become cumbersome. gpg-agent

Configuring GPG

Uncomment the following line in ~/.gnupg/gpg.conf. If not present, please append it to the file.

use-agent

Note: Due to a gnupg bug in Feisty, your ~/.gnupg/gpg.conf may not have been created. You can create it by:

cp /usr/share/gnupg/options.skel ~/.gnupg/gpg.conf

Then create the file ~/.gnupg/gpg-agent.conf with the following contents:

pinentry-program /usr/bin/pinentry-qt
no-grab
default-cache-ttl 1800

You can replace the time, 1800 seconds, for a greater period, but it must be inferior to two hours (7200). If you wish to store the passphrase for a longer period of time, you must substitute default-cache-ttl 1800 with the following block of text, where XXXX is the time in seconds. You should also remember that there is compromise between ease of use and security.

default-cache-ttl XXXX
max-cache-ttl XXXX

Configuring KDE to start gpg-agent on login

In order to use the gpg-agent with KDE, you'll want it to start up and have its environment variables added to KDE's environment before KDE starts. Thankfully, KDE allows us to do this quite easily.

  1. Create the directory ~/.kde/env
  2. Create a file in the directory called gpg-agent.sh with the following contents:
 
eval "$(gpg-agent --daemon)" 
  1. Make the file executable.
  2. Log out of KDE if you're in KDE and log back in.
  3. Create the directory ~/.kde/shutdown
  4. Create a file in the directory called gpg-agent.sh with the following contents:
#!/bin/sh
# the second field of the GPG_AGENT_INFO variable is the
# process ID of the gpg-agent active in the current session
# so we'll just kill that, rather than all of them :)
[[ -n ${GPG_AGENT_INFO} ]] && kill `echo $\{GPG_AGENT_INFO\} | cut -d ':' -f 2`
  1. Make the file executable.

Before proceeding, please test gpg-agent:

echo "test" | gpg -ase -r 0xE95EDDC9 | gpg

Configuring KMail

  1. Start up KMail
  2. Go to the Settings menu
  3. Select the Security icon on the left hand side
  4. Select the Crypto Backends tab
  5. Make sure OpenPGP (gpg) is in the list, and check the box next to it.
  6. Select the Identities Icon on the left hand side
  7. If you haven't already created an identity for yourself, create one now.
  8. Select your identity and click the Modify... button
  9. Select the Cryptography tab

10. Click on Change... next to OpenPGP signing key and select your preferred key from the list. 11. Repeat for OpenPGP encryption key if you want to encrypt messages 12. Make sure the Preferred crypto message format is either Any or OpenPGP/MIME. The inline format is deprecated, and highly annoying to users of mail client software that doesn't support this standard. This is the "old" way of doing things, and the OpenPGP/MIME format is the preferred method. 13. Click OK in the edit identity window and in the preferences window.

Using

Sending emails

When you compose an email, you will notice an icon depicting a fountain pen drawing a scribble. Click it to sign an email with your private key. The icon next to it depicts a lock and is used to encrypt an email using the recipient's public key.

Reading emails

KMail will automatically validate signatures on a received message. When you receive an encrypted message, you will be prompted to enter your pass phrase. If you have successfully done so, KMail will display the encrypted message.

Conclusion

Now you're successfully using KMail to send and receive signed and encrypted messages. Remember that the more people use tools like PGP and GnuPG, the safer the internet can become. You can sincerely tell someone you never sent an email they said you sent because it wasn't signed with your key, and you can send sensitive information safely between your peers with encrypted messages! Note: If you create Ubuntu packages (no longer required with the Gutsy version of devscripts), please add the following line to ~/.devscripts :

DEBUILD_PRESERVE_ENVVARS=DISPLAY

Gutsy Updates

As of gnupg 1.4.6-2ubuntu3 in Gutsy, new installations/users will automatically be configured for gpg to use-agent. Dependencies for KMail have also been adjusted to automatically install gnupg-agent and pinentry-qt. If you want a non-default cache period or you don't want the pinentry window to grab focus you can still make the ~/.gnupg/gpg-agent.conf changes recommended above, but they are not required. Bottom line is that all of the steps above Configuring KMail should no longer be required for new Gutsy installs.