Sending email became one of the most popular activity on the Net right now. Almost everybody has an email address, which became their virtual address while they are connected on the Internet. Most of people have more than one email and every email address has it's own purpose (for example, personal email, business email, etc). While the activity became so popular, there should be some consideration, since email spoofing can be easily done at this time. Somebody can spoof your email and sending mass email as it was sent by you. Your credibility has been ruined by this actions. If you are running on a business activity, maybe the customers will not trust you anymore. Everything is screwed up. To counter this problem, you should have some unique ID that can not be spoofed easily by other people. Even though other people can spoof your email, they will not be able to spoof your unique ID, since it can be verified easily. This is where GnuPG comes in play. GnuPG is an OpenSource application that can be used to encrypt or decrypt files so other people can not read them unless they are true recipients. Hey... what are the relations between encrypt/decrypt with unique ID on my emails? Well... GnuPG can be configured to integrate with KMail, Pine, or other email client that supports GnuPG/PGP to provide digital signature that will be your unique id generator. We will start this articles by installing GnuPG and review some basic commands that can be used, and we will continue with integration with KMail and Pine. You can do some experimental to integrate GnuPG with other email client, such as Sylpheed, Evolutions, and Mutt.
First of all, you need GnuPG package that can be obtained from http://www.gnupg.org. There are two version that you can download, tar.gz and tar.bz2. If you use RPM-based distro, like Mandrake Linux or Red Hat, then try to find rpm package for GnuPG on RPM repository such as http://rpmfind.net or http://rpm.pbone.com. Since i have discussed about package installation on my other writing, in this article i will assume that GnuPG has been successfully installed on your computer. In my computer, i used both package in different version (RPM version 1.2.4 and source version 1.2.6), but both is working fine since i rename the RPM binary package and make a symbolic link that references to the source package. This way, i can update my GnuPG to the newest version by compiling and without having to find RPM package which is quite difficult in Mandrake. Other mandatory requirement is that you are using KDE or install KMail or PINE as your email client, since i use this two application on my computer to receive and send emails. There are other email client that you can use, such as Evolution from GNOME, Thunderbird, or Netscape. Each email client have their own settings, but they shared the basic concepts.
Ater you install your GnuPG, make your first keypair by typing gpg --gen-key in the console or terminal as your user. It will ask for some information about type of key (choose the first option for safety!!), size of key (1024 bit would be adequate, but you can choose 2048 bit), and some personal information like your real name, email address, and also passphrase (make sure you have a strong passphrase). There should be enough information through the steps, so it won't be covered in this article. After creating the keypair, it will save both public key and private key on .gnupg directory on your home directory. If you want to edit or update some information, type gpg --edit-key <yourname> and update it as you like. Type help if you need the command available. If you need further manuals, please refer to manual page included in GnuPG packages by typing man gpg. This articles will discuss about integrating GnuPG with KMail and Pine, not GnuPG operational.
KMail is one of the main application from KDE, which is included in KDEPIM packages. In the latest KDE (3.2.x above), KMail is integrated with Kontact which simplify the management process on this application with other KDEPIM packages. KMail has a great support of GNUPG or OpenPGP, so you don't have to install additional package to integrate GnuPG with KMail. You only have to change and add some settings and KMail will detect your GnuPG. First of, open your configuration window by selecting Settings > Configure KMail > Security > OpenPGP. Pick your application (GnuPG or you can use Autodetect option) and choose your options. If you always use your own computer by yourself, choose Keep passphrase in memory so that you don't have to type your passphrase everytime you want to sign your messages. You can also choose to enable Automatically sign messages using OpenPGP if you wanted to sign every messages you sent. When you have multiple keypair, you should enable Always show the encryption key for approval and Show signed/encrypted text after composing.
When you have finished, change to Identity tab, and click on the Modify button. Switch to Advanced tab and look for a text field called OpenPGP Key. It should be empty for now, since you haven't pick your public key. Click on the Change button on the right side of the text field, and choose your primary public key (if you have more than one) and click on OK button to apply. Now, the text field will be filled with your key, represented with a combination of number and alphabetics. Click on Apply or OK to finish this settings and try to send an email to your friends. You should be prompted to enter your passphrase. If you aren't prompted, check your settings again and make sure that you don't miss the required settings. That concludes our KMail settings. If you have any problem, you can visit this HOWTO provided by Marc Mutz from KDE development team. I have tried this HOWTO and it worked but since KDE 3.1.x, you don't have to use this HOWTO again, since KMail has a builtin OpenPGP and PGP/MIME.
PINE (Program for Internet News and Email) is mail user agent (MUA), which is a program that allows you to compose and read messages using Internet mail standards. It was made by University of Washington and used by many people around the world (including me), majorly on server environment, since PINE is a text-based email client which only uses small amount of resources. Unfortunately, PINE doesn't come with PGP or GnuPG support by default, so you must use a third party application (don't worry, it's also free) to add this functionality. There are a bunch of application that you can use, but i prefer to use pgp4pine, made by Holger Lamm. The latest version is 1.76 which is released in 2001 and it's never been updated, but that's ok, since it worked perfectly. You can download the RPM or source package. No matter which type that you pick, you should install this package first and make sure it is installed correctly.
After installation, look for pgp4pinerc.example file, usually found at /usr/share/doc/packages/pgp4pine/ if you install it from RPM. Make a copy of it, put it on your home directory and rename it with .pgp4pinerc. Open the file and find the profile list line. If you are using GnuPG, make sure that the only value in that line is gpg. You should rename all of profile_<profilename>_<entryname> with profile_gpg_<entryname> and delete or commenting the rest of the profile in the Profile versions. Next, decide a temporary file or directory which will be used as your temporary file. Usually, it's in your home directory or a ramdrive if you have one. Using a public readable directory like /tmp might be the wrong place. You can also change the default option included in the file. It's self-explainatory, so i won't explain them here.
Now let's start making a change in you pine configuration. Open your pine and choose SETUP > Config. If you want pgp4pine to automatically catch and decrypt/verify PGP-signed/encrypted messages, set display-filters (near the bottom) to:
_BEGINNING("-----BEGIN PGP")_ /usr/bin/pgp4pine -d -i _TMPFILE_
Do it exactly like this. Five '-' and _TMPFILE_ and this stuff literally. (Of course, change the path to the binary if you installed it elsewhere.) If you want to run pgp4pine only when you tell it to, don't fill this in, and do this instead: In a message, export it somewhere, then, in a shell/xterm, type "pgp4pine -d -i (filename)"
Set sending-filters to :
/usr/bin/pgp4pine -e -i _TMPFILE_ -r _RECIPIENTS_
When sending mail, Pine will now offer you filters, by default 'unfiltered'. You can cycle through the filters with Ctrl-N/Ctrl-P (obviously Cursor-Up and -Down also work). If you often use pgp4pine for sending mail, you might want to go to SETUP > Configuration, and turn on compose-send-offers-first-filter option. Now, everytime you want to send your messages, a confirmation will prompt to choose whether you want to sign/encrypt your messages or not.
Mozilla Thunderbird is a great email client from Mozilla Foundation. It has great functionality and its working to fix as many bugs as they can before the final 1.0 release. I have tried it on my Windows, and it can import all of my messages from Outlook Express perfectly. It has so many security protection and also customizeable preferences. Unfortunately, not for GnuPG users since Thunderbird doesn't include a builtin support for GnuPG or PGP. It must be provided by a third party application and the configuration is quite confusing, so i don't include it on this article (it's long enough). If you have wrote an article about integrating GnuPG on Thunderbird, you can send your article to me and i will post it as a new article.
Last Update : 2 July 2009 :: 17:47:27
Comments