[opensuse] KDE smartcard login - FINeID
Hi, since a couple of years, I'm a proud owner of a Finnish Electronic Identification Card (FINeID) which I now finally got to run with Firefox and Thunderbird using the OpenSC security device. So I can actually sign emails and use it for web authentication. Configuration was even pretty straightforward. In the next step, I'd like to use the card for login in to KDE and to automatically lock the screen when I pull the card out of the reader. I have googled my fingers raw but I haven't found any straightforward solution for that. I noticed that some guy opened a bug for PKCS#11 auth in KDE in 2005 (yeah, 8 years ago). I can't believe that there hasn't been any progress with that, especially, as smartcards become more and more popular as ID cards from different issuers. Is there really no solution for that yet? -Stefan -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface
On Thursday, October 24, 2013 10:11:04 PM Stefan Gofferje wrote:
Hi,
since a couple of years, I'm a proud owner of a Finnish Electronic Identification Card (FINeID) which I now finally got to run with Firefox and Thunderbird using the OpenSC security device. So I can actually sign emails and use it for web authentication. Configuration was even pretty straightforward.
In the next step, I'd like to use the card for login in to KDE and to automatically lock the screen when I pull the card out of the reader.
I have googled my fingers raw but I haven't found any straightforward solution for that. I noticed that some guy opened a bug for PKCS#11 auth in KDE in 2005 (yeah, 8 years ago). I can't believe that there hasn't been any progress with that, especially, as smartcards become more and more popular as ID cards from different issuers.
Is there really no solution for that yet?
-Stefan Hi Stefan
I do not have an answer for you. When it comes to email on Linux, I am a novice (well, except for writing programs in C++, Java, and perl to run on it - my knowledge for administering it is limited to just enough to get a vanilla install to work). When I opened your email, Kmail, in Kontact (which I configured on Suse 12.3 only yesterday), it told me to 'please wait' while it checks the validity of your signature. But moments later, it told me that it had insufficient information to check the validity of your signature. Does that mean that there is something wrong with your signature, or might I have made a mistake in configuring Kmail, or would it be something else? Yesterday I also installed Thunderbird on my Ubuntu 12.04 machine (newer and faster hardware than my Suse box), but Thunderbird proved to be painfully slow. While Thunderbird was easier to set up than Kmail, I won't be using it unless I can discover why it is so slow. And I have questions about your FINeID card. Do you know how widespread such cards are in Europe? You say that you can use it for web authentication, but do you know how websites would process the certificate it must be providing and where they'd locate the other files, such as the CRL (or does your government have a website set up, with the URL provided in the crt file, from which websites can retrieve the files related to the crt, that they can use to access the validity of the crt file)? Do you have any favourite websites that explain how to set up email signing, and even encryption, beginning with the process of creating the CSR and signing it using openssl? All of the sites I have found so far, WRT openssl, focus on server side certificates, to be deployed in your favourite web server - it is my understanding that a CA can be configured o sign both server side and client side certificates, and that the latter can be used both for website authentication and encrypting/signing email, but finding useful material for figuring out how to do it has been frustrating inthe extreme. Cheers Ted -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hi, On 10/25/2013 02:22 AM, r.ted.byers@gmail.com wrote:
When I opened your email, Kmail, in Kontact (which I configured on Suse 12.3 only yesterday), it told me to 'please wait' while it checks the validity of your signature. But moments later, it told me that it had insufficient information to check the validity of your signature. Does that mean that there is something wrong with your signature, or might
My guess would be that KDE does not have the CA-certificate for the FINeID cards installed and therefore cannot verify the authenticity. Thunderbird has the same issue, but the CAcert can be downloaded from fineid.fi. See http://www.fineid.fi/default.aspx?id=596
I have made a mistake in configuring Kmail, or would it be something else? Yesterday I also installed Thunderbird on my Ubuntu 12.04 machine (newer and faster hardware than my Suse box), but Thunderbird proved to be painfully slow. While Thunderbird was easier to set up than Kmail, I won't be using it unless I can discover why it is so slow.
Try disabling the trackerbird add-on in TB. I sent another email to the list yesterday regarding problems with TB and IMAP and it turned out to be trackerbird.
And I have questions about your FINeID card. Do you know how widespread such cards are in Europe?
I know for sure about Finland, Estonia, Italy, Austria and Germany. There's also an EU draft about electronic ID cards.
You say that you can use it for web authentication, but do you know how websites would process the certificate it must be providing and where they'd locate the other files, such as the CRL (or does your government have a website set up, with the URL provided in the crt file, from which websites can retrieve the files related to the crt, that they can use to access the validity of the crt file)?
The majority of the Finnish websites use a unified identification service against which you can also authenticate with online-banking codes. CRL info is here: http://www.fineid.fi/default.aspx?docid=2330&action=publish#Revocationlists Here is a tutorial for implementing FINeID authentication for the Drupal CMS - which includes the configuration of Apache 2: https://www.zeip.eu/node/2
Do you have any favourite websites that explain how to set up email signing, and even encryption, beginning with the process of creating the CSR and signing it using openssl?
Nope. No favorite website.
All of the sites I have found so far, WRT openssl, focus on server side certificates, to be deployed in your favourite web server - it is my understanding that a CA can be configured o sign both server side and client side certificates, and that the latter can be used both for website authentication and encrypting/signing email, but finding useful material for figuring out how to do it has been frustrating inthe extreme.
If you are talking about your off-the-shelf X.509 or p12 mail certificate, it's the same way as you create a certificate for your webserver. The difference is that the common name (CN) is your email-address while for an https-server, the common name is the server's FQDN. However, that's not only lots of typing but also relatively useless because to verify your certificate, every recipient would have to install your CA certificate. The better way is to use a free certificate provider, such as Comodo (http://www.comodo.com/home/email-security/free-email-certificate.php). Theit CA certificates are usually preinstalled in all big OSs and mailclients. --Stefan -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface
On Friday, October 25, 2013 03:06:32 AM Stefan Gofferje wrote:
Hi,
On 10/25/2013 02:22 AM, r.ted.byers@gmail.com wrote:
When I opened your email, Kmail, in Kontact (which I configured on Suse 12.3 only yesterday), it told me to 'please wait' while it checks the validity of your signature. But moments later, it told me that it had insufficient information to check the validity of your signature. Does that mean that there is something wrong with your signature, or might
My guess would be that KDE does not have the CA-certificate for the FINeID cards installed and therefore cannot verify the authenticity. Thunderbird has the same issue, but the CAcert can be downloaded from fineid.fi. See http://www.fineid.fi/default.aspx?id=596
I have made a mistake
in configuring Kmail, or would it be something else? Yesterday I also installed Thunderbird on my Ubuntu 12.04 machine (newer and faster hardware than my Suse box), but Thunderbird proved to be painfully slow. While Thunderbird was easier to set up than Kmail, I won't be using it unless I can discover why it is so slow.
Try disabling the trackerbird add-on in TB. I sent another email to the list yesterday regarding problems with TB and IMAP and it turned out to be trackerbird.
Thanks Stefan, Alas, it seems the problem on Ubuntu is not Trackerbird as it does not seem to exist on Ubuntu. The version of Thunderbird there is 24, and when I check the plugins it has installed, trackerbird is not listed. Not only that, but it was not found in whatever repositories it is configured to search (that would be by default as until I went to look for it, I had not touched those settings or attempted to install plugins. I figure it is better to learn to use the basic product in its default configuration, as installed by the OS from whatever repository it has which contains the distro for that OS, before I start mucking about with addons Thanks again Ted. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Friday, October 25, 2013 03:06:32 AM Stefan Gofferje wrote:
Hi,
On 10/25/2013 02:22 AM, r.ted.byers@gmail.com wrote:
When I opened your email, Kmail, in Kontact (which I configured on Suse 12.3 only yesterday), it told me to 'please wait' while it checks the validity of your signature. But moments later, it told me that it had insufficient information to check the validity of your signature. Does that mean that there is something wrong with your signature, or might
My guess would be that KDE does not have the CA-certificate for the FINeID cards installed and therefore cannot verify the authenticity. Thunderbird has the same issue, but the CAcert can be downloaded from fineid.fi. See http://www.fineid.fi/default.aspx?id=596
There are quite a number of CA files there. Does it matter which one is downloaded? Or should I just download the VRK Gov. Root CA? BTW: What does VRK stand for? Thanks, Ted -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Addition: On 10/25/2013 02:22 AM, r.ted.byers@gmail.com wrote:
(or does your government have a website set up, with the URL provided in the crt file, from which websites can retrieve the files related to the crt, that they can use to access the validity of the crt file)?
If you open my certificate in the certificate viewer, check the path certificate/extensions! There you'll find among others: Authority information access: URI: http://proxy.fineid.fi/ca/vrkcqc.crt and CRL Distribution Points: URI: http://proxy.fineid.fi/crl/vrkcqcc.crl URI: ldap://ldap.fineid.fi:389/cn%3dVRK%20Gov.%20CA%20for%20Citizen%20Qualified%20Certificates,ou%3dValtion%20kansalaisvarmenteet,o%3dVaestorekisterikeskus%20CA,dmdName%3dFINEID,c%3dFI?certificateRevocationList Besides, it can also be that KMail is nagging because my certificate does not contain any email-address, because it's a personal identification certificate and no dedicated email-signing certificate. TB says "Although the digital signature is valid, it is unknown whether the sender and signer are the same person. The certificate used to sign the message does not contain an email address. [...]" In practice, this doesn't really matter, because the purpose of the certificate is to prove that *I* wrote and signed the message, i.e. that I am legally the originator of the message. For the legal impact of the content of the message, it's of no consequence, who *sent* the message. Only, who *originated* and *signed* it. Transferred to the physical world: If I e.g. write a paper document to a court, it doesn't matter if I personally bring it to the court, if I send my girl-friend or if I send the letter by mail. The important fact for the court is that *I* wrote and signed the letter. --Stefan -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface
On Friday, October 25, 2013 03:30:35 AM Stefan Gofferje wrote:
Addition:
On 10/25/2013 02:22 AM, r.ted.byers@gmail.com wrote:
(or does your government have a website set up, with the URL provided
in the crt file, from which websites can retrieve the files related to the crt, that they can use to access the validity of the crt file)?
If you open my certificate in the certificate viewer, check the path certificate/extensions!
There you'll find among others:
Authority information access: URI: http://proxy.fineid.fi/ca/vrkcqc.crt
I installed the above crt on my system
and
CRL Distribution Points: URI: http://proxy.fineid.fi/crl/vrkcqcc.crl But my system refused to install the CRL
Besides, it can also be that KMail is nagging because my certificate does not contain any email-address, because it's a personal identification certificate and no dedicated email-signing certificate.
I am appending the output from Kmail below, but unless I have misunderstood this output, it seems that the root and issuer certificates are missing (which probably means I need to install more CRT files). BTW: How do I examine the CRT you attach to your email. Kmail seems to know automagically what to do, but I don't. Thanks Ted =========KMail's assessment of your signature==================== * Data verification succeeded Yes * Data available Yes * Signature available Yes * Parsing data succeeded Yes * (data hash algorithm: SHA1) * Signature 0 Bad * (#3BB20FC9/CN=VRK Gov. CA for Citizen Qualified Certificates,OU=Valtion kansalaisvarmenteet,O=Vaestorekisterikeskus CA,ST=Finland,C=FI) * (data hash algorithm: SHA1) * (attr hash algorithm: SHA1) * Certificate chain available Yes * (root certificate missing) * (#018899/CN=VRK Gov. Root CA,OU=Varmennepalvelut,OU=Certification Authority Services,O=Vaestorekisterikeskus CA,ST=Finland,C=FI) * (/CN=VRK Gov. CA for Citizen Qualified Certificates,OU=Valtion kansalaisvarmenteet,O=Vaestorekisterikeskus CA,ST=Finland,C=FI) * (#3BB20FC9/CN=VRK Gov. CA for Citizen Qualified Certificates,OU=Valtion kansalaisvarmenteet,O=Vaestorekisterikeskus CA,ST=Finland,C=FI) * (/CN=GOFFERJE STEFAN 160337646,2.5.4.4=#474F464645524A45,2.5.4.42=#53544546414E,2.5.4.5=#313630333337363436,C=FI) * Certificate chain valid No * (Missing issuer certificate) * CRL/OCSP check of certificates Good * Included certificates 2 * (#3BB20FC9/CN=VRK Gov. CA for Citizen Qualified Certificates,OU=Valtion kansalaisvarmenteet,O=Vaestorekisterikeskus CA,ST=Finland,C=FI) * (/CN=GOFFERJE STEFAN 160337646,2.5.4.4=#474F464645524A45,2.5.4.42=#53544546414E,2.5.4.5=#313630333337363436,C=FI) * (#018899/CN=VRK Gov. Root CA,OU=Varmennepalvelut,OU=Certification Authority Services,O=Vaestorekisterikeskus CA,ST=Finland,C=FI) * (/CN=VRK Gov. CA for Citizen Qualified Certificates,OU=Valtion kansalaisvarmenteet,O=Vaestorekisterikeskus CA,ST=Finland,C=FI) * Dirmngr usable Yes -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/25/2013 06:35 AM, r.ted.byers@gmail.com wrote:
BTW: How do I examine the CRT you attach to your email. Kmail seems to know automagically what to do, but I don't.
I can't help you with that because I don't use kmail. In TB you just doubleclick on the "signed" icon and it will open an infobox. -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface
On 25/10/13 01:22, r.ted.byers@gmail.com wrote:
On Thursday, October 24, 2013 10:11:04 PM Stefan Gofferje wrote: Do you know how widespread such cards are in Europe? We have them in Belgium too. We can use our ID card, e.g. to sign our tax returns. It's working well under Linux using the opensc module (or so I heard from my colleague -- I've never used it myself).
But I don't know whether there is a plugin for PAM. HTH Cheers. Bye. Ph. A. -- *Philippe Andersson* Unix System Administrator IBA Particle Therapy | Tel: +32-10-475.983 Fax: +32-10-487.707 eMail: pan@iba-group.com <http://www.iba-worldwide.com>
On Friday, October 25, 2013 09:15:57 AM Philippe Andersson wrote:
On 25/10/13 01:22, r.ted.byers@gmail.com wrote:
On Thursday, October 24, 2013 10:11:04 PM Stefan Gofferje wrote: Do you know how widespread such cards are in Europe?
We have them in Belgium too. We can use our ID card, e.g. to sign our tax returns. It's working well under Linux using the opensc module (or so I heard from my colleague -- I've never used it myself).
Thanks Philippe. Part of the reason for asking is that such technology has the potential of making online ecommerce as safe for all concerned (issuing and processing banks, merchants and consumers) as card present transactions (i.e. when you use your card in person at your favourite conventional store). I work in that industry, but am not aware of any bank actually supporting use of it in ecommerce.
But I don't know whether there is a plugin for PAM.
What is PAM? NB: I finially figured out how to get Kmail to accept Stefan's signature, but I get the following with your's: =======Validation details Kmail shows========= Message was signed on 10/25/13 03:15 AM with unknown key 0x7A4AF84E0F491F6C. The validity of the signature cannot be verified. Status: No public key to verify the signature =======End of Validation details Kmail shows========= Any ideas as to what is awry in this case? Thanks again Ted -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
What is PAM? Pluggable authentication module. See <http://en.wikipedia.org/wiki/Pluggable_authentication_module> or "man 8
On 25/10/13 15:18, Ted Byers wrote: pam" on your linux box.
NB: I finially figured out how to get Kmail to accept Stefan's signature, but I get the following with your's:
=======Validation details Kmail shows========= Message was signed on 10/25/13 03:15 AM with unknown key 0x7A4AF84E0F491F6C. The validity of the signature cannot be verified. Status: No public key to verify the signature =======End of Validation details Kmail shows=========
Any ideas as to what is awry in this case?
I'm not sure. It seems KMail has problems retrieving my public key. I configured TB to send a key retreival URL in the GPG header (the URL is still valid -- I checked). My key is also published on public key servers. Perhaps there is a configuration item missing in your KMail, but I don't use it myself, so I don't know which. Sorry. Ph. A. -- *Philippe Andersson* Unix System Administrator IBA Particle Therapy | Tel: +32-10-475.983 Fax: +32-10-487.707 eMail: pan@iba-group.com <http://www.iba-worldwide.com>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, October 25, 2013 04:20:35 PM Philippe Andersson wrote:
=======Validation details Kmail shows========= Message was signed on 10/25/13 03:15 AM with unknown key 0x7A4AF84E0F491F6C. The validity of the signature cannot be verified. Status: No public key to verify the signature =======End of Validation details Kmail shows=========
Any ideas as to what is awry in this case?
I'm not sure. It seems KMail has problems retrieving my public key. I configured TB to send a key retreival URL in the GPG header (the URL is still valid -- I checked). My key is also published on public key servers.
Perhaps there is a configuration item missing in your KMail, but I don't use it myself, so I don't know which.
Sorry.
Ph. A.
Your key works fine. Both in Tbird and Kmail. However, you have to have Kleopatra running, as kmail does not appear to start it automatically. First time users of Opensuse often don't get around to setting up Kleopatra the first time around. Once done, the integration with Kmail seems adequate although it may occasionally be necessary to run the key server dialog manually at least once to make sure it is working properly. - -- - From the Myth of Me -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJqwn0ACgkQv7M3G5+2DLKy1QCfak16QkH7aq8XEfciMzVN/HRZ aTQAn3J3CApM3xs7RFrZuCFof1agg+jQ =1dnK -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Friday, October 25, 2013 12:10:50 PM John M Andersen wrote:
On Friday, October 25, 2013 04:20:35 PM Philippe Andersson wrote:
Perhaps there is a configuration item missing in your KMail, but I don't use it myself, so I don't know which.
Sorry.
Ph. A.
Your key works fine. Both in Tbird and Kmail. However, you have to have Kleopatra running, as kmail does not appear to start it automatically.
First time users of Opensuse often don't get around to setting up Kleopatra the first time around. Once done, the integration with Kmail seems adequate although it may occasionally be necessary to run the key server dialog manually at least once to make sure it is working properly.
Thanks John, It is good to know I probably made a mistake somewhere, as that means that if I can gather the right information, I can fix it. Given that I had never heard of Kmail before yesterday, and I discovered the existance of Kleopatra only this morning, would you be so kind as to give me a pointer to a web page or two that a) describes how to do this right, and b) what key server you're talking about? Is that server supposed to be running on OpenSuse, or is it a server out on the net to which I should point Kleopatra? Thanks Ted -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/25/2013 12:39 PM, Ted Byers wrote:
Given that I had never heard of Kmail before yesterday, and I discovered the existance of Kleopatra only this morning, would you be so kind as to give me a pointer to a web page or two that a) describes how to do this right, and b) what key server you're talking about? Is that server supposed to be running on OpenSuse, or is it a server out on the net to which I should point Kleopatra?
Well, If Kleopatra is installed, and you installed the help rpms you should be able to find out quite a bit by launching Kelopatra and pressing F1 to bring up the handbook. It is also available here http://docs.kde.org/development/en/kdepim/kleopatra/index.html The whole aspect of Signing messages (and encrypting messages) is fairly complex, and composed of a number of pieces and parts and key concepts, not all of which do I have a ready reference for. Its intertwined and interdependent on multiple different signing an encryption techniques all aimed at proving that the email came from the person purporting to have sent it, or allowing encryption such that no one else other than the intended recipient could read it. Key servers (there are hundreds of them and they all talk to each other) are repositories for digital signatures. When you generate a signature (tied to your email address) you publish that to any key server, and withing a day it gets sent to all of the key servers, so that no matter which key server My computer uses it will find your key. All of this is built into Kleopatra. All aspects of generating keys, publishing keys, querying keys, etc is managed by Kleopatra (which is also available for windows). There are other utilities that do this function, Kleo is the one most often encountered with KDE. It vastly simplifies the whole process. Its a big topic, and not one you have to become familiar with on your first go-around with Linux, but start by reading up on GnuPGP in general. WIKI or Google search are good places to start getting your head around the concept. - -- _____________________________________ - ---This space for rent--- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAlJqzhUACgkQv7M3G5+2DLIgfACfVMs0UjtWu2NPxJ7C9SWNNFjV lGcAn2gopI5EpFSs9KJcJQ6Za9d9E7he =RGAp -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Friday, October 25, 2013 01:01:25 PM John Andersen wrote:
On 10/25/2013 12:39 PM, Ted Byers wrote:
Given that I had never heard of Kmail before yesterday, and I discovered the existance of Kleopatra only this morning, would you be so kind as to give me a pointer to a web page or two that a) describes how to do this right, and b) what key server you're talking about? Is that server supposed to be running on OpenSuse, or is it a server out on the net to which I should point Kleopatra? Well, If Kleopatra is installed, and you installed the help rpms you should be able to find out quite a bit by launching Kelopatra and pressing F1 to bring up the handbook.
It is also available here http://docs.kde.org/development/en/kdepim/kleopatra/index.html
Thanks John, I guess I will be studying this over the weekend. Some of the concepts I have a passing familiarity with, but mostly through studying openssl. At present, I have only two questions for you. First, in making a PKI system, are openssl and GnuPG interoperable? That is, if I generate a client side certificate using OpenSSL, with support for both client authentication and email encryption/signing, would it work well with GnuPG systems (I am thinking of this as being possible via standards like X.509). Or am I way off in terms of hoping for such interoperability? Second,
[snip] Key servers (there are hundreds of them and they all talk to each other) are repositories for digital signatures. When you generate a signature (tied to your email address) you publish that to any key server, and withing a day it gets sent to all of the key servers, so that no matter which key server My computer uses it will find your key. All of this is built into Kleopatra.
OK, but Kleopatra does not seem to be configured by default to use any of these hundreds of servers, or even provide a way to identify the nearest and most useful one (i.e. One that is not too too restrictive in terms of the amount of data that can be retrieved at any one time or how fast the server is). At least, so far, I have not found a way to identify a good server to use. How, then, do I identify a server to use? I am wary of searching for such a server using Google, as I don't know how I'd distinguish a legitimate site from one maintained by bad guys (it is, after all, a question of trust, is it not - how can we know there isn't a bad site out there with bad keys mixed in with good ones, or not connected to the good sites at all - or am I too paranoid). Don't be surprised if I start asking a few dumb questions on the weekend, once I get into this in detail. ;-) Thanks again. Ted -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/25/2013 1:43 PM, Ted Byers wrote:
OK, but Kleopatra does not seem to be configured by default to use any of these hundreds of servers, or even provide a way to identify the nearest and most useful one (i.e. One that is not too too restrictive in terms of the amount of data that can be retrieved at any one time or how fast the server is). At least, so far, I have not found a way to identify a good server to use.
If you visit Settings / Configure Kleopatra, then select Directory Services, it should have the default hpk server already entered, or if not, click the new button, and it will prompt the default. The default is actually a pool of servers, managed by a DNS scheme that gets you to a server even if one or more are down. There is seldom any need to select other than the default, but if you have your own favorite server you can key it in where the name appears. You can look up anyone's key either by their email address or their short key here: http://pgp.mit.edu/ although its just as easy to let Kleopatra do that. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
John Andersen -
John M Andersen
-
Philippe Andersson -
r.ted.byers@gmail.com -
Stefan Gofferje -
Ted Byers