Point-and-Click E-Mail Crypto

KGPG is integrated nicely into KDE and KDE applications. The most useful is the Konqueror browser. Once KGPG is installed, you can right-click on a document, and under the Actions menu, create an encrypted version of the document. One of the options is to shred the original, which makes a lot of sense if keeping the unencrypted version is a problem. When encrypting files, you can add multiple keys for different people who can read the document. If you shred the original file, make sure you include your own key whenever you encrypt it. If I use only my rhoobler@comcast.net key, I am the only person that can decrypt the file.

Finally, we are ready to send an encrypted e-mail. Using KMail (or Kontact), type a message—I'll use rhoobler@comcast.net as the To: address. Select the Lock icon (or Options→Encrypt from the menu). When you click Send, a dialog comes up. If you do not see the recipient's key, press the refresh button. Also, if you didn't sign the key, it won't show up; go back and sign it with the Key Management tool and then press the refresh button. Finish typing the message and click Send.

With KMail, decrypting messages is built in. When you receive an encrypted message, you are asked for your passphrase and the message opens. If you are sending an encrypted message, if the e-mail address is in your keyring, it is encrypted and sent automatically. You also can send the message encrypted to several people at once, as long as you have their public keys.

Another method is to encrypt the file with KGPG and send the encrypted file as an attachment. KMail automatically decrypts the attachment for viewing (select view not open). For Web-based e-mail clients, you can download the file and decrypt or view it with Konqueror.

If you are using a Web-based e-mail client such as Yahoo mail, you can cut and paste the encrypted messages from the clipboard to the KGPG editor by right-clicking on the Tasks Tray icon, and then select decrypt clipboard. The same holds true for encrypting messages.

Figure 3. Decrypt Clipboard

More popular than encryption is signing e-mails. Of course, this doesn't encrypt the text, but signing a message proves that it is from you. If I sign all my e-mails, because it is policy, and you get an e-mail from me that is not signed (or the signature doesn't match), you can assume it is a fake and alert whoever needs to be notified.

With KMail, the e-mail message is color-coded to let you know if it is a signed message and if the message came from a trusted source—yellow means signed, and green means signed and trusted.

Another handy tool in KGPG is the ability to create groups of keys. I could have an Administrative group that contains three or four keys. When sending a message, I can select that group and send it out. Later, if a recipient forwards the message to another person in the group, it already will be ready to read.

One other thing, under Configure KGPG, use the ASCII Armor option. It should be on by default. This makes signatures and encryption in plain text, so it is easy to mail, print and cut and paste. Without ASCII Armor, some files will be binary and may cause problems.

Time permitting, I'll try to decrypt and answer any encrypted messages that may come in. Because KGPG is included with KDE, it is included with most Linux distributions. Setting up a few keys and testing it yourself is only an hour or two worth of work.

With GnuPG and KGPG, using keys and encryption is a viable solution if you need to tighten up security. In my career, a lot of attention has been given to security for connections and transactions over SSL, but little attention has been given to files and e-mail. With KDE, and some effort, having secure e-mail is easy to set up. One idea to start with is encrypting any e-mail you send to your manager or the owner of the company. Another idea is to set up a private folder on the network that stores only encrypted documents. Following these types of security policies makes encryption easier to implement.

Resources for this article: /article/7863.