Kmail

Da Mandriva Italian.

Questa pagina è in corso di traduzione da parte di nick78 dalla sua versione originale: http://wiki.mandriva.com/en/kmail
Se volete contribuire, dovete semplicemente cliccare sulla linguetta "modifica". Potete contattare direttamente il traduttore lasciando un messaggio nelle discussioni della sua pagina personale. Cliccate sul suo User per accedervi. Guardate anche altre pagine da tradurre.

Impostare messaggi firmati usando GPG in Kmail

Faccio questo sul mio notebook Acer TM802LCi in Mandriva Linux 9.2 e il programma mail Kmail (mi dispiace per gli altri, ma non li ho provati).

Creare, salvare e pubblicare la tua chiave

1. Ti serve il programma gpg per fare ciò. E' installato di default.
2. Crea la tua chiave personale (scrivi il comandi da utente, non da root): gpg --gen-key. Segui le istruzioni, sono molto chiare e semplici.
3. Controlla se è stata creata: gpg --list-key. Puoi anche vedere delle informazioni sulle tue credenziali:

   pub 1024D/85EEC6A5 2004-03-15 Fajar Priyanto (Knowledge is power! http://linux.arinet.org) sub 1024g/BBBB57F3 2004-03-15

4. Guarda nei dettagli sotto. Ad esempio 85EEC6A5 è il tuo key ID. Ora, puoi esportare la tua chiave pubblica:

   gpg -ao fajar-pub.key --export 85EEC6A5

Un file chiamato fajar-pub.key sarà creato nella directory corrente. Questa è una copia della tua chiave pubblica. Questyo è anche il file che le persone devono importare per verificare le tue mail firmate. Puoi pubblicarlo sui server apposito in giro per il mondo, oppure spedirla direttamente a chi te la richiede, oppure puoi metterla a disposizione sul tuo sito web per il download.

Se guardi dentro al file, sarà una cosa del tipo:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.3 (GNU/Linux)

mQGiBEBVTw8RBACaYvnDkgqNWyktg3urdE9mrpv63x3Iux2zVkuZk8pIRp5HeR/V

[snip snip...]

B394acuU4FdGN/EynYUAn1aRvNmgs0/IU2MDzYQpbHIaqpkE
=B0cy
-----END PGP PUBLIC KEY BLOCK-----

Puoi volere anche salvare la tua chiave segreta su un dispositivo sicuro (non un floppy: questo ti risulterà danneggiato), puoi usare il seguente comando:

$ gpg -ao secret.asc --export-secret-keys 85EEC6A5

Questo creerà un file di testo contenente la tua chiave segreta, il file sarà chiamato secret.asc. Non dare questo file a nessuno che non sia fidato al 100%. Nascondilo in un luogo sicuro (o meglio più di uno).

In fine, è consigliabile generare un certificato di revoca e salvarlo in un posto sicuro lontano dalla tua chiave segreta. Nel caso in cui la tua chiave segreta finisca in mani sbagliate, puoi revocarla in modo che non venga utilizzata da altri. Il comando per fare questo è:

$ gpg -a -o revoker.asc --gen-revoke 85EEC6A5

Verrà creato un file di testo chiamato revoker.asc contenente il certificato di revoca.

Setting up Kmail to sign emails using your gpg key

1. Fire up Kmail, and go to Setting > Configure Kmail > Identities >
2. Choose the identity that you are using
3. Then click Modify > Advance > OpenPGP Key
4. It will automatically go to the path of your gpgkey, that is ~/.gnupg
5. Click on the key ID > OK
6. Now, set up Kmail to automatically sign all emails that you write using your key
7. Still in the Kmail Configure menu, go to Security > General
8. Tick mark these: Show signed/encrypted message after composing, Always show the encryption key for approval, Automatically sign messages using OpenPGP?
9. Exit the configuration menu by clicking OK.

Testing Kmail by creating a new message

1. You will notice that there is a Sign Message icon right after the paperclip (attachment) icon. It's already active.
2. Write your message and when you are done, send it.
3. Kmail will ask for you to type the secret paraphrase that you made during the gpg --gen-key step. Type it in, and then Kmail will show you a confirmation windows of the signed message. Click OK to send it.
4. If you test it by sending to yourself, you will notice that Kmail display the message with a GREEN header, with words like this: Message was signed by Fajar Priyanto (Knowledge is power! http://linux.arinet.org) (Key ID: 0x85EEC6A5). The signature is valid and the key is ultimately trusted.
5. People that has your public key will have that display also, but they who don't, will have the message displayed in yellow with words like this: Message was signed with unknown key 0xBFE7357F. The validity of the signature cannot be verified.

CONGRATULATIONS!

You now can communicate in a more secure way if you want to. I know this howto is very short and might not be very clear. Well, please give me suggestions and I will improve it when the time comes. Also I intend to write the second part of this topic which covers how to ENCRYPT messages, import other's public key, and install Crypto Plug-ins. Special thanks to Tim Sawchuck and Philip Cronje and all my friends in the Mandrake List.

Issues

10.0 On moving to a new Mandrake version I found that I could no longer sign my mails. Also, messages signed by a key already known displayed correctly in KMail, but new keys were not being imported. The culprit was a missing package. Installing pinentry-qt appears to have solved both problems.

10.1 KMail no longer does in-line signatures. OpenGPG has to be used instead. KGpg is a useful applet that helps in the management of signatures, both your own and those collected.

If OpenGPG is functioning correctly you will have to give the pass-phrase every time you send a document that is to be signed. This soon becomes a pain, and the way out of that is to configure gpg-agent, which comes with kdebase-common. Unfortunately, the install does not pick up the need for pinentry.qt or pinentry.gtk (KDE or GNOME), so that has to be installed separately. The config file for gpg-agent is written to by KMail's settings.

To be sure the "passphrase agent" (gpg-agent) is enabled check your ~/.gnupg/gpg.conf and eventually uncomment the line containing "use-agent".

In KMail's Settings > Configure KMail > Security tab > Crypto Backends, select OpenGPG, then Configure. On the GPG Agent page, give a path to which logs can be written, in case of problems. You can check the log in KMail's Tools > GnuPG Log Viewer. It's probably a good idea, too, to increase the cache time - I use 3600.

If you do not have it already, in ~/.kde create a directory called env. In there, create a file called gpgagent.sh containing

#!bin/bash
killall gpg-agent
eval `gpg-agent --daemon`

Save it and make it executable.

In the same way you would clean gpg-agent on shutdown, so if you do not have it already, create another directory called shutdown into ~/.kde and create in it another script file called stop_gpgagent.sh containing

#!bin/bash
killall gpg-agent

Save it and make it executable.

Troubleshooting Tips

ps -edalf | grep gpg-agent

killall gpg-agent

eval "$(gpg-agent --daemon)"

gpg-agent status

For any additional information have a look at http://kmail.kde.org/kmail-pgpmime-howto.html