Monday, February 27, 2006 at 02:27 PM
Since I had some difficulties getting my CACert certificate integrated with KMail on Debian unstable, I wanted to share the steps I took in order to get email encryption and singing up and running. Basically you need to run gpg-agent, create the certificate with Firefox, export it to KMail and congfigure KMail to use it for encryption and signing.
- Setup gpg-agent
For some reason gpg-agent is not enabled by default in Debian. Add this to your
~/.xsessionto run gpg-agent when you log in:
eval "$(gpg-agent --daemon --allow-mark-trusted)"
- Log out and back in
- Check if gpg-agent is running
set | grep GPG_AGENT_INFOThe output should like similar to this:
- Import the root certificate into kleopatra
- Download and save the CACert root certificate
File -> Import Certificates
- Select the saved file
- Create and import your personal into Firefox
I have not been able to create a personal certificate using konqueror so far. CACert always complains about an invalid certificate request.
- Export your personal certificate from Firefox
- Import your personal certificate into Konqueror and Kleopatra
- Check if the certificate was imported
Run gpgsm -k to list the imported certificates. The CACert root certificate and your personal certiciate should be displayed:
Serial number: 00 Issuer: /CN=CA Cert Signing Authority
/EMailemail@example.com Subject: /CN=CA Cert Signing
CA/EMailfirstname.lastname@example.org validity: 2003-03-30 12:29:49
through 2033-03-29 12:29:49 key type: 4096 bit RSA chain
Use gpgsm -K to display your personal certiciate only.
- Setup kmail to use your personal certificate
- That's it
Now you should be able to send and receive signed and encrypted emails with KMail.