Енкрипција

To protect and encode your email transmissions, Evolution offers two encryption methods:

  • GPG Encryption
  • S/MIME Encryption

Evolution helps you protect your privacy by using GNU Privacy Guard (GPG), an implementation of strong Public Key Encryption.

In order to send and receive encrypted emails using GPG, it is necessary to use two kinds of encryption keys: public and private. Public keys are used to encrypt messages and private keys to decrypt them. To send encrypted email, you must have the recepient's public key, which is used to encrypt the message. The recipient then uses his/her private key to decrypt (and read) the encrypted message.

Those who wish to send you encrypted email must first have a copy of your public key on your keyring. To this end, public keys can be shared with those who want to send encrypted messages to you. In order to do this, you may place your public key on a public key server. Private keys should not be shared with others.

Evolution does not support older versions of PGP, such as OpenPGP and Inline PGP.

You can use encryption in two different ways:

  • You can encrypt the entire message, so that nobody but the recipient can read it.
  • You can attach an encrypted signature to a plain text message, so that the recipient can read the message without decrypting it, and needs decrypting only to verify the sender's identity.

For example, suppose that Kevin wants to send an encrypted message to his friend Rachel. He looks up her public key on a general key server, and then tells Evolution to encrypt the message. The message now reads “@#$23ui7yr87#@!48970fsd.” When the information gets to Rachel, she decrypts it using her private key, and it appears as plain text for her to read.

2.6.1. Making a GPG Encryption Key

Before you can get or send encrypted mail, you need to generate your public and private keys with GPG. This procedure covers version 1.2.4 of GPG. If your version is different, these steps might vary slightly. You can find out your version number by entering gpg --version.

  1. Open a terminal and enter gpg --gen-key.

  2. Select an algorithm, then press Enter.

    или

    To accept the default algorithm of DSA and ElGamal, press Enter (recommended).

  3. Select a key length, then press Enter. To accept the default, 1024 bits, press Enter.

  4. Enter how long your key should be valid for.

    или

    To accept the default of no expiration, press Enter, then press Y when you are prompted to verify the selection.

  5. Type your real name, then press Enter.

  6. Type your email address, then press Enter.

  7. (Optional) Type a comment, then press Enter.

  8. Review your selected user ID. If it is correct, press O.

  9. Type a passphrase, then press Enter.

  10. Move your mouse randomly to generate the keys.

After the keys are generated, you can view your key information by entering gpg --list-keys. You should see something similar to this: /home/you/.gnupg/pubring.gpg ---------------------------- pub 1024D/32j38dk2 2001-06-20 you <you@example.com> sub 1024g/289sklj3 2001-06-20 [expires: 2002-11-14]

GPG creates one list, or keyring, for your public keys and one for your private keys. All the public keys you know are stored in the file ~/.gnupg/pubring.gpg. If you want to give other people your key, send them that file.

If you want, you can upload your keys to a key server.

  1. Check your public key ID with gpg--list-keys. It is the string after “1024D” on the line beginning with “pub”. In the example above, it is “32j38dk2”.
  2. Enter the command gpg --send-keys --keyserver wwwkeys.pgp.net 32j38dk2. Substitute your key ID for “32j38dk2”. You need your password to do this.

Key servers store your public keys for you so that your friends can decrypt your messages. If you choose not to use a key server, you can manually send your public key, include it in your signature file, or put it on your own Web page. However, it is easier to publish a key once, and then let people download it from a central place when they want.

If you don't have a key to unlock or encrypt a message, you can set your encryption tool to look it up automatically. If it can't find the key, an error message appears.

2.6.2. Getting and Using GPG Public Keys

To send an encrypted message, you need to use the recipient's public key in combination with your private key. Evolution handles the encryption, but you need to get the public key and add it to your keyring.

To get public keys from a public key server, enter the command gpg --recv-keys --keyserver wwwkeys.pgp.net keyid, substituting keyid for your recipient's ID. You need to enter your password, and the ID is automatically added to your keyring.

The domain wwwkeys.pgp.net is assigned to multiple hosts in various networks. The gpg utility tries to connect to one in the current network; and if that particular host is down, it fails with a time-out.

To avoid this, type $ host wwwkeys.pgp.net in a terminal console and get the IP address of the hosts. You can ping each of them to find the one which is up and running. Now, you can replace wwwkeys.pgp.net in the gpg --recv-keys --keyserver wwwkeys.pgp.net keyid command with that explicit IP number as returned by the host utility.

If someone sends you a public key directly, save it as a plain text file and enter the command gpg --import to add it to your keyring.

2.6.3. Setting up GPG Encryption

  1. Select Edit > Preferences, then select Mail Accounts.
  2. Select the account you want to use securely, then click Edit.
  3. Click the Security tab.
  4. Specify your key ID in the PGP/GPG Key ID field.
  5. Кликнете на „Креирај“.
  6. Кликнете на „Затвори“.

Evolution requires that you know your key ID. If you don't remember it, you can find it by typing gpg --list-keys in a terminal window. Your key ID is an eight-character string with random numbers and letters.

2.6.4. Encrypting Messages

To encrypt a single message:

  1. Open a Compose Message window.

  2. Click Security > PGP Encrypt.

  3. Compose your message.

    Click Send.

The Subject line of the message will not be encrypted and should not be used for sensitive information.

You can set Evolution to always sign your email messages:

  1. Select Edit > Preferences, then select Mail Accounts.
  2. Select the account you want to use securely, then click Edit.
  3. Click the Security tab.
  4. Select Always Sign Outgoing Messages When Using This Account.
  5. Кликнете на „Креирај“.
  6. Кликнете на „Затвори“.

2.6.5. Unencrypting a Received Message

If you receive an encrypted message, you need to decrypt it before you read it. Remember, the sender must have your public key before they can send you an encrypted message.

When you view the message, Evolution prompts you for your PGP password. Enter it, and the unencrypted message is displayed.

2.6.6. S/MIME Encryption

S/MIME encryption also uses a key-based approach, but it has some significant advantages in convenience and security. S/MIME uses certificates, which are similar to keys. The public portion of each certificate is held by the sender of a message and by one of several certificate authorities, who are paid to guarantee the identity of the sender and the security of the message. Evolution already recognizes a large number of certificate authorities, so when you get a message with an S/MIME certificate, your system automatically receives the public portion of the certificate and decrypts or verifies the message.

S/MIME is used most often in corporate settings. In these cases, administrators supply certificates that they have purchased from a certificate authority. In some cases, an organization can act as its own certificate authority, with or without a guarantee from a dedicated authority such as VeriSign* or Thawte*. In either case, the system administrator provides you with a certificate file.

If you want to use S/MIME independently, you can extract an identification certificate from your Mozilla* or Netscape* Web browser. See the Mozilla Help for more information on security certificates.

The certificate file is a password-protected file on your computer.

2.6.6.1. Adding a Signing Certificate

  1. Select Edit > Preferences.
  2. Click Certificates.
  3. Click Import.
  4. Select the file to import, then click Open.
  5. Кликнете на „Затвори“.

Similarly, you can add certificates that are sent to you independently of any authority by clicking the Contact Certificates tab and using the same import tool. You can also add new certificate authorities, which have their own certificate files, in the same way.

2.6.6.2. Signing or Encrypting Every Message

After you have added your certificate, you can sign or encrypt a message by clicking Security > S/MIME Sign or S/MIME Encrypt in the message composer.

To have every message signed or encrypted:

  1. Select Edit > Preferences, then select Mail Accounts.

  2. Select the account to encrypt the messages in.

  3. Click Edit, then click Security.

  4. Click Select next to Signing Certificate and specify the path to your signing certificate.

    или

    Click Select next to Encryption Certificate and specify the path to your encryption certificate.

  5. Select the appropriate options.

  6. Кликнете на „Креирај“.

  7. Кликнете на „Затвори“.