Using GPG with Evolution

This page explains how to use GPG (a method for signing and encrypting email) with Evolution, which is the default email application in Fedora. First you need to generate keys using the instructions described at Creating GPG Keys and then return to this page to configure Evolution.

Configuration
From the Evolution Main Menu, select Edit -> Preferences. In the left pane, select Mail Accounts. In the right pane, select the email account you use for Fedora Project correspondence. Then select the Edit button. The Account Editor dialog appears. Select the Security tab.



In the PGP/GPG Key ID field, enter the GPG key ID matching this account's email address. If you are not sure what your key ID is, use this command:

gpg --fingerprint EMAIL_ADDRESS

The key ID is the same as the last eight characters (4 bytes) of the key fingerprint.

It is a good idea to click the option Always encrypt to myself when sending encrypted mail. You may also want to select Always sign outgoing messages when using this account.

If you do not mark public keys as trusted in your keyring, you will not be able to encrypt email to their owners unless you select the option Always trust keys in my keyring when encrypting. You will instead receive a dialog indicating that a trust check has failed.

Verifying Email with GPG
Evolution will automatically check any incoming GPG-signed messages for validity. If Evolution cannot GPG verify a message due to a missing public key (or tampering), it will end with a red banner. If the message is verified but you have not signed the key either locally or globally, the banner will be yellow. If the message is verified and you have signed the key, the banner will be green. When you click the seal icon, Evolution displays a dialog with more security information about the signature.

To add a public key to your keyring, use the search function along with the key owner's email address: gpg --keyserver pgp.mit.edu --search security@redhat.com

To import the correct key, you may need to match the key ID with the information provided by Evolution.

Signing and Encrypting with GPG
Signing email allows the recipients to verify that the email actually came from you. The FDP (and the whole of the Fedora Project) encourage you to sign email to other participants, including on Fedora mailing lists. Encrypting email allows only your recipients to read your email. Please do not send encrypted email over the Fedora mailing lists, since almost no one will be able to read it.

While composing your email, choose the Security menu, and then select PGP Sign to sign your message. To encrypt your message, select PGP Encrypt. You may sign an encrypted message as well, which is good practice. When you send the message, Evolution will ask you to enter your GPG key passphrase. (After three unsuccessful attempts Evolution generates an error.) If you select the option Remember this password for the remainder of this session, you will not need to use your passphrase again to sign or decrypt, unless you quit and restart Evolution.