Use unusual characters or symbols

If you write in foreign languages, or just use unusual symbols in your work, you might have used Character Map under Windows. Ubuntu's equivalent is found on the Applications ^ Accessories menu. It works in pretty much the same way—double-click the letter(s) you want and then click Copy. One useful tip is that right-clicking a letter enlarges it.

You can make Character Map quite literally fill the screen, to aid searching, by running gconf-editor, navigating to /apps/gucharmap and putting a check in the fullscreen box. To quit the program when it's in full-screen mode, either hit [Alt 1+iF4 or click File ^ Quit.

By right-clicking a blank spot on the panel, selecting Add to panel, and selecting Character Palette from the list, you can have a constantly onscreen list of unusual foreign characters—useful if you often type in languages other than your own. Click the small down arrow to the left of the applet to change the selection of characters shown. Selections of characters are available for most languages.

Some people like to digitally sign their emails. This means that the recipient can be sure that the email is from them. Alternatively, or additionally, emails can be entirely encrypted so that only the recipient can read them—anybody who intercepts the message along its travels through the Internet will see only garbage.

Email encryption and signing works on the principle of a key pair. Two cryptographic keys are created by an individual—a private one, that you keep secret, and a public one that you share with others, either by giving them the details in a file or uploading it to a public key server.

The two keys work in concert—effectively, anything encrypted with one can only be decrypted with the other. When used with email, this allows you to digitally sign using your private key. Those who have the public key can check the signature of the email, which could only have been generated by you, and which is also based on the contents of the email, thus proving things weren't tampered with in transit. Alternatively, anybody with your public key can encrypt an email (and/or file) so that only you can decrypt it using your private key. If you have their public key, you can encrypt emails so that only they can read them.

The steps below look at setting up encryption, first by creating a key pair, and then configuring Evolution to use it (note that you can skip creating a key pair if you have already followed the instructions in Tip 250, on page 289).

Creating a key pair

Here's how to create a key pair (note that this only needs be done once):

1. Click Applications ^ Accessories ^ Passwords and Encryption Keys to start the Seahorse application, which is used to manage all encryption keys within Ubuntu.

2. In the program window that appears, click the New button. In the dialog box that appears, select PGP Key25 and click the Continue button.

3. In the dialog box that appears, fill in the Full Name and Email Address fields. You must type both a forename and surname into the Full Name text field. In the Comments field you can type a short description to describe who you are, such as your location or job. This can help avoid confusion if more than one person shares the same name as you, or has a similar-looking email address. See Figure 3.29, on the next page for an example.

4. In the Advanced key options dropdown, you can select to choose a different type of encryption, although the default choice of DSA Elgamal and 2048 bits is considered extremely secure and also flexible enough to meet most needs. Once done, click the Create button.

5. Following this, you'll be prompted for a passphrase. Essentially, this is the password that you will need to decrypt emails others have sent to you. It's important that you make the passphrase something hard to second-guess but also memorable enough so you don't forget it. The passphrase can include letters, numbers, symbols and space characters.

6. After this the key will be generated. This will probably take some time. Depending on the speed of your computer, it could take up to an hour.

7. Once it's finished, you'll need to export public key so your email contacts can use it. To export it as a file, so you can hand it to others on a floppy disk or USB key stick, simply click select the new key, right-click it, and click Export Public Key. You'll be prompted to

25. Ubuntu and most other versions of Linux use the GNU Privacy Guard (GPG) software, which is an entirely Free Software version of the original Pretty Good Privacy (PGP) software. GPG uses the OpenPGP standard, just like PGP, so the two are entirely compatible.

page 209)

save a .asc file, so do so. Then simply pass this file onto friends or colleagues, and ask them to import it as a trusted key.26

8. Alternatively, you might choose to upload it to a public key server. This is like a worldwide phonebook of public keys. It certainly saves a lot of effort handing the key out to your contacts one-by-one. To do so, right-click the new key you created and click Sync and publish keys. Then click the Key Servers button in the dialog box that appears and, in the new window, select an option from the Publish keys to dropdown list (pgp.mit.edu is a good choice). Click the Close button, and then the Sync button in the original dialog box.

26. Perhaps it goes without saying that your contacts will need some kind of PGP email setup before they can import your public key. Encryption programs are available for both Mac and Windows—just search Google. If they're using Windows, direct them towards http://www.gpg4win.org, which is an implementation of the same GPG software used under Ubuntu.

Figure 3.29: Creating a key pair (see Tip 172, on

Signing email

Once the keys have been generated, signing email using Evolution is easy. Just select the PGP Sign option from the Security menu in the Evolution new mail window. However, prior to this, you'll need to configure Evolution to use the key, as follows:

1. Start the Seahorse application (Applications ^ Accessories ^ Passwords and Encryption Keys), right-click your key, and select Properties from the menu that appears. In the dialog box that appears, click and drag to highlight the text alongside the Key ID heading so. Then right-click the highlight and select Copy.

2. Close Seahorse and then start Evolution. Click Edit ^ Preferences, ensure Mail Accounts is selected in the window that appears, and double-click your email address on the right of the window.

3. In the dialog box that appears, click the Security tab and then, in the PGP/GPG Key ID field, paste the key ID you copied earlier. Click the OK button and then then Close button in the parent window. Following this, you should be able to sign messages.

Encrypting email

If you want to encrypt messages for other people within Evolution, so that only they can read them, you'll need to import and trust their public keys, and subsequently select to encrypt the emails in Evolution, as follows:

1. Start Seahorse (Applications ^ Accessories ^ Passwords and Encryption Keys) and click the Find Remote Keys button. In the dialog box, type the email address of the individual in the Search for keys containing text field. Then hit Search.

2. In the search results window, select any key you wish to import, and click the Import button on the toolbar. Then close the search results window, and click the Other Collected Keys tab in Seahorse.

3. You should now physically check that the key was actually created by the recipient. Ideally, this should be done in person, or over the phone, and can be done by reading-out the key ID to them—this is listed alongside the key and is eight digits. Try to avoid using email for this task because emails can be tampered with in transit.

4. If you are sure the key was generated by the individual, right-click it, select Properties, and then the Trust tab. Then put a check alongside I have checked that this key belongs to You can also put a check alongside I trust signatures from..., which will mean that any further keys you import that have been trusted by your contact will automatically be trusted by you.

It's also a good idea to click the Sign this key button, which will prompt you to state how well you trust the imported key. Once the information has been entered, the level of trust will be added to the key, and the whole thing signed using your own key. These details can then be uploaded to the key server and serve as part of the PGP Web of Trust system that helps prove the authenticity of public keys (for more details, see http://en.wikipedia.org/wiki/Web_ of_trust). Following this, the new key will now appear under the Trusted Keys in Seahorse (which you can now close).

5. Close the Properties dialog box. You should now find the imported key is in your Trusted Keys collection—ensure the Trusted Keys tab is selected to see this.

6. If you individual has handed you their public key file in person, perhaps on a USB memory stick or floppy disk, then click Key ^ Import, and navigate to the key file. Then follow the steps above to trust and sign the key, if desirable. Remember that emailing a public key is not a good way of exchanging keys, because they key may be tampered with (or swapped with another) in transit.

7. Switch to Evolution and click Edit ^ Preferences. Ensure Mail Accounts is selected on the left of the window that appears, and double-click your email address on the right. In the dialog that appears, click the Security tab and put a check the box alongside Always trust keys in my keyring when encrypting. This option will let you send encrypted email to a recipient even if you haven't signed their key, as explained in the step above (if you intend to sign all keys you import then this can be skipped). Then click OK, and Close in the parent dialog box.

8. Following this, to encrypt emails for that recipient in Evolution, click Security ^ PGP Encrypt in the new mail window. If you see an error message about a "broken pipe", it's likely that you don't have that recipient's public key, or you posses it but have not signed it. Check the details and try again.

Get a nice trashcan on the desktop M 214

Was this article helpful?

0 0

Post a comment