# KMail + S/MIME mini-howto

## Yenda

WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

This is very experimental setup. Some packages used in this howto are still alpha, thus do not use this setup in production environment!

WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 

Hi all, I've struggled all weekend to get KMail able to use S/MIME extension. I will try to describe the way to coveted result. Used references are at the end of the howto. 

There are some small glitches, which prevent smooth compilation

1) GPG/SM is contained in >=gnupg-1.9.8. Since this releases are still alpha, it is not generally wise thing to use it in production system. So we will use last stable gnupg (1.2.9 ATM) and from gnupg-1.9.10 build only gpgSM. I've hacked a bit gnupg-1.9.10.ebuild,  you can download it here. I encourage people with experience in writing ebuild to improve it.

2) configure script in kdepim-3.0.0 package looks for /usr/bin/gpgme4-config, but you needn't necessary have to.

You should have /usr/bin/gpgme-config, it is part of >=gpgme-0.9. In case you havn't /usr/bin/gpgme4-config, but have/usr/bin/gpgme-config,  just ln -s /usr/bin/gpgme-config /usr/bin/gpgme4-config.

3) run emerge kdepim and watch for messages

```
...snip...

checking for gpgme-config... /usr/bin/gpgme4-config

checking for GPGME - version >= 0.4.5... yes

checking if gpgme has GPGME_KEYLIST_MODE_VALIDATE... yes

checking if gpgme has gpgme_cancel... yes

checking if gpgme has gpgme_key_t->keylist_mode... yes

checking for sys/select.h... (cached) yes

checking for unsigned int... yes

checking size of unsigned int... 4

checking for stpcpy... yes

checking for vasprintf... yes

checking whether we are using the GNU C Library 2.1 or newer... yes

checking for getenv_r... no

checking for timegm... yes

checking for gpg... /usr/bin/gpg

checking for gpgsm... /usr/bin/gpgsm

checking for funopen... no

checking for putc_unlocked... (cached) yes

checking for memrchr... (cached) yes

checking sys/uio.h usability... yes

checking sys/uio.h presence... yes

checking for sys/uio.h... yes

        GPGME v3.3.0 has been configured as follows:

        GnuPG version: min. 1.2.2

        GnuPG path:    /usr/bin/gpg

        GpgSM version: min. 1.9.3

        GpgSM path:    /usr/bin/gpgsm

...snip...

```

4) compile kdepim

5) get personal S/MIME certificate (for example from http://www.thawte.com/)

5) will be continued ... still emerging kde-3.3.0

Aditional reading I've googled and used:

http://www.gnupg.org/aegypten2/index.html

http://home.arcor.de/dralbrecht.dress/balsa/balsa-smime.html

http://lists.gnupg.org/pipermail/gpa-dev/2003-January/001148.html

http://kmail.kde.org/kmail-pgpmime-howto.html

----------

## Yenda

This is still a work in progress. I even do not known, I if it will work. So feel free to comment.

----------

## supermihi

When I try to import the certificate from my freemail provider (which is Web.DE), gpgsm fails.

```
gpgsm --import freemail-1.p12

Secure memory is not locked into core

gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!

gpgsm: It is only intended for test purposes and should NOT be

gpgsm: used in a production environment or with production keys!

gpgsm: gpgsm: GPG_TTY has not been set - using maybe bogus default

gpgsm: gpg-protect-tool: Secure memory is not locked into core

gpgsm: gpg-protect-tool: 1112 bytes of RC2 encrypted text

gpgsm: gpg-protect-tool: error at "bag.encryptedData", offset 43

gpgsm: gpg-protect-tool: error parsing or decrypting the PKCS-12 file

gpgsm: error running `/usr/libexec/gpg-protect-tool': exit status 2

gpgsm: gesamte verarbeitete Anzahl: 0

secmem usage: 0/16384 bytes in 0 blocks

```

I get asked for the passphrase by pinentry, the passphrase is correct (otherwise I get another error). What's the matter here?

----------

## Herring42

Yeah, I get that problem too.

Found this: https://www.intevation.de/roundup/aegypten/issue408

Looks like a known problem with certs backed up from firefox.

----------

