Open source software security

Getting GPG Encryption with Evolution

30 November -0001

I have to admit I'm loving using Gnome on my Mandriva machine. Mandriva is a popular French distribution of Linux that, like most of it's European counterparts (well, perhaps SUSE can't be considered European now that they belong to Novell), uses KDE as it's default window manager. I used KDE for ages and became quite comfortable with it, but I actually find Gnome to be a lot cleaner and easier to use these days. Gnome integrates quite nicely with Evolution. Despite having Thunderbird available, Sunbird hasn't come along far enough to make calendar integration with Thunderbird feasible quite yet. Given compatibility problems between Thunderbird and the Gnome desktop manager (there are still issues with things like dragging and e-mail attachment onto a Samba mounted directory icon (i.e. it doesn't work, you can only drag and drop to local folders in Thunderbird)) I decided to look into using Evolution for more than just calendaring and contact info. Encryption is a big requirement for me, especially digital signing, and so I wanted to make sure Evolution had an easy to use interface for GPG encryption that was on par with the Enigmail extension for Thunderbird.

Getting encryption working with Evolution requires a few steps. The first of which is to install Seahorse. Seahorse is the GPG encryption manager for Gnome. In Mandriva it's easy enough to install Seahorse using the Mandriva Control Center.

Screenshot of Seahorse installation

Once Seahorse is installed you can import and export keys as well as manage them, in much the same way you can with the GPG Keyring manager under Windows. You can create a new GPG key or import and old one. One really nice thing about Seahorse is you can use it to create and manage keys for PKA on other machines. On Mandriva systems you can find the link to Seahorse from the menu under System -> File Tools -> Passwords and Encryption Keys.

Screenshot of Seahorse

Setting up your encryption and digital signing preferences under Evolution is straightforward. Simply go to the Edit -> Preferences menu, select the account you want by clicking the 'Mail Accounts' icon on the left, then highlighting the account from the list on the right (or click 'Add' to create a new one) and click the 'Edit' button. Next select the 'Security' tab. You can set up your security options on that screen. By checking the box that says 'Always sign outgoing messages' you can insure your outbound emails are always signed.

Screenshot of Evolution's Security tab

To encrypt your outgoing email messages you'll need the send your public key to the intended recipient (so they can decrypt the email). If you have this though simply click the 'Security' drop down menu while composing the email and select the 'PGP Encrypt' option.

Screenshot of encrypting an email

I will say that Thunderbird has an advantage over Evolution in that you can set up rules for encrypting email. For instance, you can encrypt all email to certain recipients by default. This saves a few clicks and also insures you don't forget to encrypt email.