Chapter 14. Encryption with KGpg

Table of Contents

Key Management
Generating a New Key Pair
Exporting the Public Key
Importing Keys
Signing Keys
The Key Server Dialog
Importing a Key from a Key Server
Exporting Your Keys to a Key Server
The Applet
Encrypting and Decrypting the Clipboard
Encrypting and Decrypting by Dragging and Dropping
The KGpg Editor
For More Information


KGpg is an important component of the encryption infrastructure on your system. With the help of this program, generate and manage all needed keys, use its editor function for the quick creation and encryption of files, or use the applet in your panel to encrypt or decrypt by dragging and dropping. The generation and management of keys is required for the correct handling of encrypted files or e-mail messages by other applications, such as KMail or Konqueror. This chapter covers the basic functions needed for daily work with encrypted files.

Key Management

This section covers operations needed for handling your digital key ring. Other programs, such as your mail program (KMail or Evolution), access the managed key data to process signed or encrypted contents.

Generating a New Key Pair

To be able to exchange encrypted messages with other users, first generate your own key pair. One part of it — the “public key” — is distributed to your communication partners, who can use it to encrypt the files or e-mail messages they send. The other part of the key pair — the “secret key” — is used to decrypt the encrypted contents.


The public key is intended for the public and is distributed to all of your communication partners. However, only you should have access to the secret key. Do not grant other users access to this data.

Start KGpg from the main menu or with the command kgpg from the command line. A padlock icon symbolizing KGpg appears in your panel. Click the icon to open the function menu. Select Open key manager. Refer to Figure 14.1: “The Key Manager”). Under the Key menu, access all options related to the generation or management of keys. To generate a new key pair for yourself, click Generate Key Pair (Ctrl + N).

Figure 14.1. The Key Manager

The Key Manager

In the following dialog, shown in Figure 14.2: “Generating Keys”, enter your user name, your e-mail address, and an optional comment. The default setting for the Expiration (Never — key pair is valid for an indefinite period) can be accepted unless you want your keys to expire after a certain time. The default settings for the Key size and the Algorithm can be accepted as they are. Now, start the key generation with OK. After this process is completed, the newly generated key appears in the overview window of the key manager.

Figure 14.2. Generating Keys

Generating Keys

Exporting the Public Key

After generating your key pair, make the public key available to other users. This enables them to use it to encrypt or sign the messages or files they send you. To make the public key available for others, select Keys -> Export Public Key. The dialog that opens offers three options:

Export Public Key To Email

Your public key is sent to a recipient of your choice by e-mail. If you activate this option and confirm with OK, the dialog for creating a new e-mail message with KMail appears. Enter the recipient and click Send. The recipient will receive your key and can then send you encrypted contents.

Export Public Key To Clipboard

You can place your public key here before you continue to process it.

Export Public Key To File

If you prefer to distribute your key as a file on a data medium instead of sending it by e-mail, click this option, confirm or change the file path and name, and click OK.

To make your public key available to a wide audience, export it to one of the key servers on the Internet. For more information, refer to Section “The Key Server Dialog”.

Importing Keys

Wurden Ihnen Schlüssel als Datei (beispielsweise als Anhang einer E-Mail) geschickt, können Sie diese mit der Funktion Schlüssel importieren in Ihren Schlüsselbund integrieren und zum verschlüsselten Nachrichtenaustausch mit dem Absender nutzen. Die Vorgehensweise ist ähnlich der oben beschriebenen für den Export von öffentlichen Schlüsseln.

Signing Keys

Like any other files, keys can also be signed for the purpose of guaranteeing the authenticity and integrity. If you are absolutely sure the imported key truly belongs to the individual specified as the owner, express your trust in the authenticity of the key by means of your signature.


Encrypted communication is only secure to the extent that you can positively associate public keys in circulation with the specified user. By cross-checking and signing these keys, you contribute to the establishment of a web of trust.

Select the key to sign in the key list. Select Keys -> Sign Key. In the following dialog, designate the secret key to use for the signature. An alert reminds you to check the authenticity of this key before you sign it. If you have performed this check, click Yes and enter the password for the selected secret key in the next step. Other users can now check the signature by means of your public key.