Ok, I am not a noob, but in some areas, I am still learning, so I won't say I am a noobie on this... (but I am) [giggle]

I keep getting email (through KMail) that shows the following:


Message was signed with unknown key.
The validity of the signature cannot be verified.
Problem: OpenPGP plug-in was not specified.
Use the 'Settings->Configure KMail->Security' dialog to specify the
plug-in or ask your system administrator to do that for you.

Ouch! That hurts! I am the system administrator!

Ok, I tried to do what it said, and got completely lost doing it, I set it to something, I thought would get it working, and the next email I got, it came out with the same error -=- So, I'm missing something, or not doing something...

Way back, when I first started getting these things, I tried to set what it wanted, and then gave up, thinking it was only "foof" or "fluff" as far as the workings of email, but, with the growing concerns of email security, I'd really like this to be working.

Has anyone got the above working? And how can I get it working?
Ms. Cuddles

Add this to your sources.list.



# Project Aegypten Debs GPG Kmail Plugin #
deb http://ma2geo.mathematik.uni-karlsruhe.de/public-debian binary/
deb http://ma2geo.mathematik.uni-karlsruhe.de/public-debian testing/
deb-src http://ma2geo.mathematik.uni-karlsruhe.de/public-debian binary/
deb-src http://ma2geo.mathematik.uni-karlsruhe.de/public-debian testing/


Then apt-get update and apt-get install newpg libgpgme6 libksba0 cryptplug pinentry-common pinentry-qt should get you everything you need. Then you can go into the Settings -> Configure Kmail -> Security -> Crypto Plugins tab and add the /usr/lib/cryptplug/gpgme-openpgp.so in the location and name it OpenGPG and apply the changes, the warning should now go away and you will get a different message like this when the email is signed.



Message was signed with unknown key 0x79F1BCE38DE4D38E.
The validity of the signature cannot be verified.
Status: No public key to verify the signature.


This is telling you the plugin works but you have not imported the public key of the person sending the mail into your keyring. If you import the key it looks like this.



Message was signed by kmself@ix.netcom.com (Key ID: 0x79F1BCE38DE4D38E).
The signature is valid, but the key's validity is unknown.


Sign it with your own key and it looks like this and the colour of the message changes to green from yellow.



Message was signed by kmself@ix.netcom.com (Key ID: 0x79F1BCE38DE4D38E).
The signature is valid and the key is fully trusted.


If you want to use GPG signing for your out going messages then you need to create a key with KGpg then edit the file /home/user_name/.gnupg/gpg.conf and uncomment the use-agent line then create a /home/user_name/.gnupg/gpg-agent.conf with the following contents:



pinentry-program /usr/bin/pinentry-qt
no-grab
default-cache-ttl 1800


Now you edit the /etc/X11/Xsession.d/90newpg_gpg-agent and change to this line at the top of the file.



STARTGPG=yes


Then you have to return to the Configure Kmail -> Manage Identities and choose the email account for the GPG key you created and select the Modify option, in the Advanced tab of the configuration dialog that pops up use the Change button in the OpenGPG key selection and in the dialog select the key to use then apply the changes. You have to log out of KDE and restart the X server then log back in and every time you send a mail with the account you should have an encryption option to choose too use.

Thanks Stephen, now some more questions (you knew this was going to happen...)

OpenPGP is for incomming email signing ?
OpenGPG is for outgoing email signing ?

Am I right, or do I have something mixed up?

Also, the above is not for encryption, right? Because the email I get with these messages, can be read (but just have the message above them), so it can't be an encrypted email. So, "signing" an email just ensures who the sender is, and that "they" sent it, correct?

Considering how much the trouble, as seen above, to get "signing" working with email, and the fact that I don't have anyone I would "need" this for, nor would they care if I did or not, and that the email I am getting that has this, is coming from ALSA email newsgroup, I think its a moot issue to get it working. I just thought, by the message that pops up in the email, it was something serious that I am missing, and by the wording, something that "should" be running, or something is seriously going to go wrong, kinda thing.

Thanks again for the help Stephen,
Ms. Cuddles