Encryption is an ancient method of keeping information safe from prying eyes. Evolution helps you you protect your privacy by using gpg, an implementation of strong Public Key Encryption.
Public Key? Private Key? What is the difference?: GPG uses two keys: public and private. You can give your public key to anyone you want to receive encrypted messages, or put it on a public key server so that people can look it up before contacting you. Never give your private key to anyone, ever. Your private key lets you decrypt any message encrypted with your public key.
Using encryption takes a bit of forethought. When you send a message that is encrypted, you must encrypt it using your intended recipient's public key. To get an encrypted message, you must make sure that the sender has your public key in advance.
You can use encryption in two different ways:
| Encrypt the entire message, so that nobody but the recipient can read it. |
| Attach an encrypted signature to a plain text message, so that the recipient can read the message without decrypting it, and only needs decryption to verify the sender's identity. |
Example 3-2. Sending an Encrypted Messagee
Kevin wants to send an encrypted message to his friend Rachel. He looks up her public key on a general key server, and then tells Evolution to encrypt the message. The message now reads "@#$23ui7yr87#@!48970fsd." When the information gets to Rachel, she decrypts it using her private key, and it appears as plain text for her to read.
Before you can get or send encrypted mail, you need to generate your public and private keys with GPG. Here's how:
GPG Versions: This manual covers version 1.0.6 of GPG. If your version is different, this may not be entirely accurate. You may find out your version number by typing in: gpg --version.
Open a terminal and type gpg --gen-key.
Choose the default algorythm, "DSA and ElGamal."
Choose a key length. The default, 1024 bits, should be long enough.
Decide if you want your key to expire automatically, and if so, when.
Enter your name, email address, and any additional personal information you think is appropriate. Do not falsify this information, because it will be needed to verify your identity later on.
Next, enter your passphrase. It does not have to be the same as your email password or your login password. In fact, it probably shouldn't. Don't forget it. If you lose it, your keys will be useless and you will be unable to decrypt messages sent to you with those keys.
Now, GPG will generate your keys. This may take awhile, so feel free to do something else while it's happening. In fact, using your computer for something else actually helps to generate better keys, because it increases the randomness in the key generation seeds.
Once the keys are generated, you can view your key information by typing gpg --list-keys. You should see something similar to this:
/home/you/.gnupg/pubring.gpg ---------------------------- pub 1024D/32j38dk2 2001-06-20 you <you@your-address.com> sub 1024g/289sklj3 2001-06-20 [expires: 2002-11-14] |
GPG will create one list, or keyring, for your public keys and one for your private keys. All the public keys you know are stored in the file ~/.gnupg/pubring.gpg. If you want to give other people your key, send them that file.
If you wish, you can upload your keys to a keyserver. Here's how:
Check your public key ID with gpg --list-keys. It will be the string after 1024D on the line beginning with "pub." In this example, it's 32j38dk2.
Enter the command gpg --send-keys --keyserver wwwkeys.pgp.net 32j38dk2. Substitute your key ID for 32j38dk2. You will need your password to do this.
Why Use a Keyserver?: Keyservers store your public keys for you so that your friends can decrypt your messages. If you choose not to use a keyserver, you can manually send your people public key, include it in your signature file, or put it on your own web page. However, it's easier to publish them once, and then let people download them from the keyserver when they want.
To encrypt a message to your someone else you'll need to use their public key in combination with your private key. Evolution does that for you, but you still need to get their key and add it to your keyring.
To get public keys from a public key server, enter the command: gpg --recv-keys --keyserver wwwkeys.pgp.net keyid , substituting "keyid" for your recipient's ID. You will need to type in your password, and then their ID will automatically be added to your keyring. When you send mail to them, Evolution will allow you to encrypt your messages.
If someone sends you their public key directly, save it as a plain text file and enter the command gpg filename. This will add it to your keyring.
You'll need to open Tools->Mail Settings Once there, select the account with which you'd like to send and receive encrypted mail, and click the Edit button. In the Security tab is a section labeled Pretty Good Privacy. Enter your key ID and click OK. Your key is now integrated into your identity in Evolution.
What is my Key ID again?: Evolution requires that you know your key ID. If you don't remember it, you can find it by typing gpg --list-keys in a console window. Your key ID will be an eight character string with random numbers and letters.
As you know, you can use encryption to hide the entire message, or just to verify your signature. Once you've generated your public and private keys, and have the public keys of the people to whom you want to send mail, here's what to do:
To sign a message, choose: Security->PGP Sign . You will be prompted for your PGP password. Once you enter it, click OK and your message will be signed.
Encrypting a message is very similar to signing a message. Just choose the menu item Security->PGP Encrypt
If you get an encrypted message, you will need to decrypt it before you read it. Remember, the sender has to have your public key before they can send you an encrypted message.
When you view the message, Evolution will ask you for your PGP password. Enter it, and the message will be displayed properly.