Šifriranje
To protect and encode your email transmissions, Evolution offers two encryption methods:
- Šifriranje GPG
- S/MIME Encryption
Evolution helps you protect your privacy by using GNU Privacy Guard (GPG), an implementation of strong Public Key Encryption.
In order to send and receive encrypted emails using GPG, it is necessary to use two kinds of encryption keys: public and private. Public keys are used to encrypt messages and private keys to decrypt them. To send encrypted email, you must have the recepient's public key, which is used to encrypt the message. The recipient then uses his/her private key to decrypt (and read) the encrypted message.
Those who wish to send you encrypted email must first have a copy of your public key on your keyring. To this end, public keys can be shared with those who want to send encrypted messages to you. In order to do this, you may place your public key on a public key server. Private keys should not be shared with others.
Evolution does not support older versions of PGP, such as OpenPGP and Inline PGP.
You can use encryption in two different ways:
- You can encrypt the entire message, so that nobody but the recipient can read it.
- You can attach an encrypted signature to a plain text message, so that the recipient can read the message without decrypting it, and needs decrypting only to verify the sender's identity.
For example, suppose that Kevin wants to send an encrypted message to his friend Rachel. He looks up her public key on a general key server, and then tells Evolution to encrypt the message. The message now reads “@#$23ui7yr87#@!48970fsd.” When the information gets to Rachel, she decrypts it using her private key, and it appears as plain text for her to read.
- 2.6.1. Making a GPG Encryption Key
- 2.6.2. Getting and Using GPG Public Keys
- 2.6.3. Setting up GPG Encryption
- 2.6.4. Encrypting Messages
- 2.6.5. Unencrypting a Received Message
- 2.6.6. S/MIME Encryption
2.6.1. Making a GPG Encryption Key
Before you can get or send encrypted mail, you need to generate your public and private keys with GPG. This procedure covers version 1.2.4 of GPG. If your version is different, these steps might vary slightly. You can find out your version number by entering gpg --version.
-
Open a terminal and enter gpg --gen-key.
-
Select an algorithm, then press Enter.
or
To accept the default algorithm of DSA and ElGamal, press Enter (recommended).
-
Select a key length, then press Enter. To accept the default, 1024 bits, press Enter.
-
Enter how long your key should be valid for.
or
To accept the default of no expiration, press Enter, then press Y when you are prompted to verify the selection.
-
Type your real name, then press Enter.
-
Type your email address, then press Enter.
-
(Optional) Type a comment, then press Enter.
-
Review your selected user ID. If it is correct, press O.
-
Type a passphrase, then press Enter.
-
Move your mouse randomly to generate the keys.
After the keys are generated, you can view your key information by entering gpg --list-keys. You should see something similar to this: /home/you/.gnupg/pubring.gpg ---------------------------- pub 1024D/32j38dk2 2001-06-20 you <you@example.com> sub 1024g/289sklj3 2001-06-20 [expires: 2002-11-14]
GPG creates one list, or keyring, for your public keys and one for your private keys. All the public keys you know are stored in the file ~/.gnupg/pubring.gpg. If you want to give other people your key, send them that file.
If you want, you can upload your keys to a key server.
Key servers store your public keys for you so that your friends can decrypt your messages. If you choose not to use a key server, you can manually send your public key, include it in your signature file, or put it on your own Web page. However, it is easier to publish a key once, and then let people download it from a central place when they want.
If you don't have a key to unlock or encrypt a message, you can set your encryption tool to look it up automatically. If it can't find the key, an error message appears.
2.6.2. Getting and Using GPG Public Keys
To send an encrypted message, you need to use the recipient's public key in combination with your private key. Evolution handles the encryption, but you need to get the public key and add it to your keyring.
To get public keys from a public key server, enter the command gpg --recv-keys --keyserver wwwkeys.pgp.net keyid, substituting keyid for your recipient's ID. You need to enter your password, and the ID is automatically added to your keyring.
The domain “wwwkeys.pgp.net” is assigned to multiple hosts in various networks. The gpg utility tries to connect to one in the current network; and if that particular host is down, it fails with a time-out.
To avoid this, type $ host wwwkeys.pgp.net in a terminal console and get the IP address of the hosts. You can ping each of them to find the one which is up and running. Now, you can replace wwwkeys.pgp.net in the gpg --recv-keys --keyserver wwwkeys.pgp.net keyid command with that explicit IP number as returned by the host utility.
If someone sends you a public key directly, save it as a plain text file and enter the command gpg --import to add it to your keyring.
2.6.3. Setting up GPG Encryption
Evolution requires that you know your key ID. If you don't remember it, you can find it by typing gpg --list-keys in a terminal window. Your key ID is an eight-character string with random numbers and letters.
2.6.4. Encrypting Messages
To encrypt a single message:
The Subject line of the message will not be encrypted and should not be used for sensitive information.
You can set Evolution to always sign your email messages:
2.6.5. Unencrypting a Received Message
If you receive an encrypted message, you need to decrypt it before you read it. Remember, the sender must have your public key before they can send you an encrypted message.
When you view the message, Evolution prompts you for your PGP password. Enter it, and the unencrypted message is displayed.
2.6.6. S/MIME Encryption
S/MIME encryption also uses a key-based approach, but it has some significant advantages in convenience and security. S/MIME uses certificates, which are similar to keys. The public portion of each certificate is held by the sender of a message and by one of several certificate authorities, who are paid to guarantee the identity of the sender and the security of the message. Evolution already recognizes a large number of certificate authorities, so when you get a message with an S/MIME certificate, your system automatically receives the public portion of the certificate and decrypts or verifies the message.
S/MIME is used most often in corporate settings. In these cases, administrators supply certificates that they have purchased from a certificate authority. In some cases, an organization can act as its own certificate authority, with or without a guarantee from a dedicated authority such as VeriSign* or Thawte*. In either case, the system administrator provides you with a certificate file.
If you want to use S/MIME independently, you can extract an identification certificate from your Mozilla* or Netscape* Web browser. See the Mozilla Help for more information on security certificates.
The certificate file is a password-protected file on your computer.
- 2.6.6.1. Adding a Signing Certificate
- 2.6.6.2. Signing or Encrypting Every Message
2.6.6.1. Adding a Signing Certificate
Similarly, you can add certificates that are sent to you independently of any authority by clicking the Contact Certificates tab and using the same import tool. You can also add new certificate authorities, which have their own certificate files, in the same way.
2.6.6.2. Signing or Encrypting Every Message
After you have added your certificate, you can sign or encrypt a message by clicking Security > S/MIME Sign or S/MIME Encrypt in the message composer.
To have every message signed or encrypted:
-
Select Edit > Preferences, then select Mail Accounts.
-
Select the account to encrypt the messages in.
-
Click Edit, then click Security.
-
Click Select next to Signing Certificate and specify the path to your signing certificate.
or
Click Select next to Encryption Certificate and specify the path to your encryption certificate.
-
Select the appropriate options.
-
Click OK.
-
Click Close.