I am using Mandriva 2006 and am a relative newbie.

The only real configuration I have left to do with my install is to get GPG up and running in either Kmail or Evolution. The problem is I can't seem to get it working in either. I followed the K-mail website's guide step by step and I still cannot get a test e-mail sent to myself to decrypt. I always get error messages saying the e-mails cannot be decrypted. The same problem occurs in Evolution, it says it cannot decrypt the message (cannot parse S/MIME).

I think the issue lies with gpg-agent -- I don't think it is running when it should be running. If it type "gpg-agent" at the terminal I often get a reply that gpg-agent is not running in this session.

I guess my question is, where do I start in attempting to debug why gpg will not decrypt e-mails? I am assuming it is gpg-agent, but with all the software I installed to get gpg running in K-mail it could be a host of other issues. Again, I am open to using either K-mail or Evolution (or other e-mail software if they are easier to configure).

Thanks in advance.

Hello there,

first, let's try to see if GPG itself is working. Did you create your keys? If so,

gpg --list-keys

should give you a listing. If not,

gpg --gen-key

will guide you through the process. These keys will be stored in ~/.gnupg/, and encrypting will be done using the Public Key of the pair.

That's one. Let's see if it encrypts properly:

gpg --encrypt file.name

It will ask for a key ID: it's that with the numbers and letters. You'll notice public and private are different, but that's not a problem, gpg will use the proper one. It may happen you have more than one pair; in this case, pick one to start with. And now, input your passphrase...

Did you work? Now let's undo: using, you guessed, --decrypt file.name

We're almost there now. To sign your emails, your mail client needs a plugin - I use thunderbird+enigmail, but KDE will have its own. While you're at it, try KGPG out, it's a nice interface to manage the keychain.

Usually, the plugin will now where to look for the gpg binary; then, if you have multiple keys, you may have to speficy one. It might also be the case that gpg signing must be explicitly enabled.

If everything's OK, by the time the signature is to be inserted (or the email encrypted, but keep in mind these are different things), the program will request your passphrase. Send the email to yourself and to some other email account - try a webmail account, to check that you can't read whats inside. The email client should decode the message as it arrives. It may, or may not, request the password again.

If it didn't ask for a passphrase while decoding, it means it was stored somewhere. This may be an internal cache, or it may be that it understands gpg-agent. Thunderbird, f.ex., has some problems doing that.

Do

ps ax|grep gpg

Is the agent around? No? Well, you'll have to add it to a startup script. It is? Then check if your key is listed. If not, then you'll have to add it.

You may have to configure the mail agent properly to get it to talk to gpg-agent. For these details, better read the manual!

Cheers,

rdrs

Thanks. I performed the test but I still can't decrypt e-mails. I suppose I will have to give up on this, obviously my PC wont utilize GPG properly.

Are there any other free open-source encryption programs for e-mail that might work?

I finally figured it out after several days of searching. It was as simple as editing my start.kde file in the /usr/bin directory. This whole time I thought gpg-agent was starting on boot but apparently the default installation does not configure it to do so.

I have seen a few threads recently around here about using GPG. I will provide what I did to get mine running below:

First visit the official KDE webpage describing how to set-up GPG in Kmail. You must have Kmail 1.7 or NEWER for it to work (according to them). This link provides you with everything you need to know. You will have to download numerous packages and libraries from your distro's repository. Most mainstream distros should have (to my understanding) a GUI for doing this. In Mandriva it is in the system control center, and in Ubuntu/Debian there is also a GUI for apt-get in the menu. Here is the link for set-up. This link should allow you to configure everything you need except for the modification of your start.kde file: http://kmail.kde.org/kmail-pgpmime-howto.html

Note: this link assumes you are trying to use gpg in Kmail 1.7 or NEWER.

After you have completed those steps, generated and signed your keys, you must modify your start.kde file so that gpg-agent will start when kde starts. This file is found in:

/usr/bin

You must open it with Kwrite or some other text editor.

You will add the following line to the beginning of the file:

The beginning of the file should look exactly like this once you add the above line:


Hope this helps clear up the problems that I, and a couple of other people I have seen post here recently, have had with gpg-agent being installed but not running when trying to encrypt/decrypt.