GnuPG & KMail HowTo


GnuPG Configuration

  • Append the line use-agent to ~/.gnupg/gpg.conf (or wherever you have placed your gpg.conf file).
    Note: If your configuration for GnuPG is still ~/.gnupg/options, do mv ~/.gnupg/options ~/.gnupg/gpg.conf. The file format hasn't changed, but the name options are deprecated and will cause problems with the components involved here (and will probably not be supported in future GnuPG releases).
  • Create the file ~/.gnupg/gpg-agent.conf and add the line pinentry-program /usr/local/bin/pinentry-qt to it.
    Note: You could also choose pinentry-gtk (if gtk is installed) or pinentry-curses.

X Configuration

The following instructions assume some form of Bourne shell. You can change gpg-agent's output to fit csh's setenv by setting --csh instead of --sh.

  • Add the line eval "$(gpg-agent --daemon --sh)" to your ~/.xinitrc or ~/.xsession, before the line containing startkde.
    Note: This line starts the gpg-agent daemon and sets an environment variable which KMail (and GnuPG) need to see. So in whatever way you start KMail or KDE, make sure you have done this first.
  • If you wish to kill stale gpg-agents, append killall gpg-agent to the ~/.xinitrc or ~/.xsession file.
    Note: Since startkde will not return before you logout of your desktop-session, gpg-agent will only be killed if it's not needed anymore. Please note that this is all optional, you can spawn as many gpg-agents as you can and they will not interfere with operations as long as the environment variable gets set.
  • Restart X (and KDE).

KMail Configuration

The following instructions are based on the default English settings in KDE. If you are using an i18n module, the exact wording will obviously be different.

  • Open KMail.
  • In the KMail menubar, traverse the submenus until you arrive at:
    Settings --> Configure KMail --> Security --> Crypto Backends
  • Choose OpenPGP (gpg) from the Available Backends.
  • Confirm the changes with the Apply button.
  • Proceed to the Identities section of the Configure KMail dialog.
  • Select an identity listed there.
  • Select the Modify button.
  • Select the Cryptography tab.
  • Choose a default OpenPGP signing/encryption key by clicking on the respective Change buttons and selecting one of the offered OpenPGP keys.
  • Confirm the selection by clicking on the OK button in the Edit Identity box.
  • Confirm everything by clicking on the Apply and/or OK buttons in the Configure KMail window.
Configure KMail Security

Signing/Encrypting mail

  • Compose an email as normal.
  • Choose OpenPGP/MIME instead of Any in the toolbar.
  • Click on the fountain pen icon to sign your message. Additionally click on the padlock icon if you want to encrypt your message.
Pick OpenPGP
  • Attempt to send a signed and/or encrypted message.
  • Attempt to read PGP/MIME email already in your KMail system.
  • To make the OpenPGP module the default handler for KMail, return to the Identities dialog and select the OpenPGP/MIME from the Preferred Crypto Message combobox and confirm by clicking OK.
  • To have KMail default to signing new mails you write, go to the Configure KMail dialog, proceed to Security/Composing and check the Automatically sign messages checkbox.

Michael Nottebrock

Global navigation links