- What Is PGP? GPG?
- Why Should You Care?
- Is GPG Hard to Use?
- Does It Work with Other Crypto Programs?
- Where Can You Find GPG?
- How Does It Work?
- How to Install It
- How to Use It
- Generate Your Key
- Export Your Key
- Key Management Window
- Importing a Key via the Clipboard
- Importing a Key from the Key Server Network
- Open the GPG Text Editor
- Right-Click Menu
- File Encryption/Decryption
- Possible Legal Hazards
Open the KDE Konqueror file browser, not the GPG Key Management window or the GPG right-click menu. You can see the files created by GPG via its integration with Konqueror in Figure 19 and the right-click menu you use to take advantage of this. The Crypto-test1.doc file highlighted in the browser is the original file, crypto-test1.doc.asc is the encrypted file, and crypto-test.doc.sig is the detached digital signature file.
Figure 19 Konqueror file browser integration with KGpg
Sign and Encrypt
- Right-click filename > Actions > Sign File. You’ll get a passphrase prompt. Fill it in correctly, and a file with a .sig extension (for example, filename.sig) with the original filename will appear in your file browser. This is a detached signature file. If you don’t want to sign the document, skip to the next step.
- Right-click filename > Actions > Encrypt File. Your list of keys opens. Pick one or more and double-click or click the OK button. A new file with the original filename with .asc extension appears.
- Send both the encrypted .asc file and the signature .sig file as file attachments with your e-mail.
Decrypt and then Verify
- From Konqueror (KDE file manager), right-click filename.asc > Actions > Decrypt File.
- You get a passphrase prompt, assuming that it matches a private key on your keyring (and if it doesn’t, you probably have no business opening it, anyway). Fill it in correctly, and the file will appear in your file browser.
- To verify it, go the filename.sig file.
- Right-click filename.sig > Actions > Decrypt File. This will check for the matching decrypted original file; if its content matches the signature, you’ll see either a "Good Signature" or "Bad Signature" prompt.