Note that this document is mostly obsolete at this point in time
With the new kde version 3.1 a new system of handling signatures and encryption is introduced in kmail. This system was introduced by the German government sponsored Aegypten project. Unfortunately this new system doesn't work out of the box. But a number of steps need to be taken to enable "aegypten" in kmail. Those steps are described on this page.
Enabling "aegypten" on gentoo takes the following steps:
To make enabling aegypten easy I submitted a set of patches as bug #14872 creating a general way of starting things before your session. I put these patches together in a zip file available here. I also have a version of newpg that uses this patch.
Emerge all the necessary packages for aegypten:
ACCEPT_KEYWORDS="~x86" emerge newpg cryptplug pinentry
Now all necessary packages should be emerged.Now setup gpg-agent to use the right modules by creating a file "~/.gnupg/gpg-agent.conf" for each user with the contents:
pinentry-program /usr/bin/pinentry-qt no-grab default-cache-ttl 1800
Now that gpg-agent is setup we need to setup gpg itself.
The gpg configuration file has been renamed to "gpg.conf" instead of "options" but gpg will recognize both names and read options if gpg.conf is not present.
Append a line containing:
use-agent
to your gpg.conf file to tell gpg to use the gpg agent for getting its passphrase.
-
Now we need to make sure that gpg-agent is started before kmail is so that kmail can find it. Because kmail finds gpg-agent using an environment variable we must make sure that variable gets set before kde gets started. This way we can be sure that the agent is started given any way of starting kmail.
In case you use a display manager (gdm/kdm/xdm) to login from X, and you used the ebuilds I mentioned above this part is obsolete. Things should just work in that case.
Kde can be started in three ways. It can be started from xdm, it can be started from gdm/kdm, or it can be started from startx+.xinitrc . To unify all start ways we create a script for checking the gpg-agent status ("/usr/bin/gpg-agent-start.sh"):
#!/bin/sh if [ -x /usr/bin/gpg-agent ]; then if [ -f ${HOME}/.gpg-agent-info ]; then OLD_GPG_AGENT=`cat ${HOME}/.gpg-agent-info` CHECK_PID=`echo ${OLD_GPG_AGENT}|cut -d ":" -f 2` PROG=`ps -p ${CHECK_PID} |tail -1| sed -e "s,^[^ ]* *[^ ]* *[^ ]* *,,"` if [ "${PROG}x" != "gpg-agentx" ]; then rm ${HOME}/.gpg-agent-info else export GPG_AGENT_INFO=${OLD_GPG_AGENT} fi fi if [ ! -f ${HOME}/.gpg-agent-info ]; then eval "`gpg-agent --daemon`" echo $GPG_AGENT_INFO >${HOME}/.gpg-agent-info fi fiThis script can be called from gdm/kdm in the /etc/X11/Sessions/kde-3.1 script, from xdm in the ~/.xsession script, and from startx in the ~/.xinitrc script. All those scripts can have equal contents:
#!/bin/sh source /usr/bin/gpg-agent-start.sh /usr/kde/3.1/bin/startkde
Now the final point. Installing the plugins in kmail. For this start kmail. Go to the settings->configure kmail option. In this configuration menu select the security option. There the third tab "Crypto Plugins". Here create a new plugin. In the Name field put some string like pgp. In the location field put: /usr/lib/cryptplug/gpgme-openpgp.so. The update url field can stay empty as it is hand-compiled. Now gpg/aegypten should work in kmail.
Note that kmail also still has the old openpgp integration and that the OpenPGP tab controls that, not the plugins. Plugins are controlled by the plugin configuration dialog.
Note too that for kmail to be able to encrypt a message, the key of the recipient needs to be signed. At least locally.
