GnuPG & KMail HowTo

• Install gnupg and at least one of pinentry-curses, pinentry-gtk or pinentry-qt.

GnuPG Configuration

• Append the line use-agent to ~/.gnupg/gpg.conf (or wherever you have placed your gpg.conf file).
  Note: If your configuration for GnuPG is still ~/.gnupg/options, do mv ~/.gnupg/options ~/.gnupg/gpg.conf. The file format hasn't changed, but the name options are deprecated and will cause problems with the components involved here (and will probably not be supported in future GnuPG releases).
• Create the file ~/.gnupg/gpg-agent.conf and add the line pinentry-program /usr/local/bin/pinentry-qt to it.
  Note: You could also choose pinentry-gtk (if gtk is installed) or pinentry-curses.

X Configuration

The following instructions assume some form of Bourne shell. You can change gpg-agent's output to fit csh's setenv by setting --csh instead of --sh.

• Add the line eval "$(gpg-agent --daemon --sh)" to your ~/.xinitrc or ~/.xsession, before the line containing startkde.
  Note: This line starts the gpg-agent daemon and sets an environment variable which KMail (and GnuPG) need to see. So in whatever way you start KMail or KDE, make sure you have done this first.
• If you wish to kill stale gpg-agents, append killall gpg-agent to the ~/.xinitrc or ~/.xsession file.
  Note: Since startkde will not return before you logout of your desktop-session, gpg-agent will only be killed if it's not needed anymore. Please note that this is all optional, you can spawn as many gpg-agents as you can and they will not interfere with operations as long as the environment variable gets set.
• Restart X (and KDE).

KMail Configuration

The following instructions are based on the default English settings in KDE. If you are using an i18n module, the exact wording will obviously be different.

• Open KMail.
• In the KMail menubar, traverse the submenus until you arrive at:
  Settings --> Configure KMail --> Security --> Crypto Backends
• Choose OpenPGP (gpg) from the Available Backends.
• Confirm the changes with the Apply button.
• Proceed to the Identities section of the Configure KMail dialog.
• Select an identity listed there.
• Select the Modify button.
• Select the Cryptography tab.
• Choose a default OpenPGP signing/encryption key by clicking on the respective Change buttons and selecting one of the offered OpenPGP keys.
• Confirm the selection by clicking on the OK button in the Edit Identity box.
• Confirm everything by clicking on the Apply and/or OK buttons in the Configure KMail window.

Signing/Encrypting mail

• Compose an email as normal.
• Choose OpenPGP/MIME instead of Any in the toolbar.
• Click on the fountain pen icon to sign your message. Additionally click on the padlock icon if you want to encrypt your message.

• Attempt to send a signed and/or encrypted message.
• Attempt to read PGP/MIME email already in your KMail system.
• To make the OpenPGP module the default handler for KMail, return to the Identities dialog and select the OpenPGP/MIME from the Preferred Crypto Message combobox and confirm by clicking OK.
• To have KMail default to signing new mails you write, go to the Configure KMail dialog, proceed to Security/Composing and check the Automatically sign messages checkbox.

Michael Nottebrock

[ Edit ]