Using the Chiasmus encryption tool

Jan-Oliver Wagner

jan@intevation.de

Till Adam

till@kdab.net

2005-06-30 1.8 Using the Chiasmus encryption tool Preparations To encrypt and decrypt with Chiasmus, you need the BSI's Chiasmus command line tool for GNU/Linux. It is intended solely for use in government agencies and availabe from the BSI on request. When executed without parameters, the chiasmus program should output something like: Chiasmus (R) fuer Windows K 1.8.0.0 Bundesamt fuer Sicherheit in der Informationstechnik Kontakt: Chiasmus@bsi.bund.de (C) 2001 - 2005 [ ...] Version 1.8.0.0 was tested succesfully. Other versions may or may not work correctly. As a last preparation step a directory which will hold the key files ending in .xis has to be created, if none already exists. Usually ~/.chiasmus/ is used. Configuration Select SettingsConfigure KMail and choose the Crypto-Backends tab on the Security page. Select the entry for Chiasmus and click Configure.... to open the configuration dialog for the Chiasmus backend. Specify the path to the Chiasmus binary and the directory where key files are to be stored, using the file selection dialogs which open when you click the folder icons next to the path entries. Close the backend configuration dialog by clicking Ok and check the Chiasmus Checkbox to activate it. Then also close the main configuration dialog. Encryption To encrypt a message with Chiasmus, select OptionsEncrypt message with chiasmus . A dialog comes up in which you can select the key file to use, as well as additional command line arguments to be passed to chiasmus. If you want to use Chiasmus encryption regularly, you should add an icon for that option to your toolbar, using SettingsConfigure toolbars . Move the entry for Encrypt with Chiasmus from the left side of the dialog to the right, using the buttons between the two panes. You can then quickly enable or disable Chiasmus encryption using that toolbar button and have a visual indication of the current state. If automatic saving of backup copies of currently edited messages is enabled, you will be prompted for your Chiasmus password, if Chiamsus encryption is active. On message sending, you will be prompted for the password. If the password is correct, the text of the message and all its attachments will be encrypted. The other signing and encryption options are completely independent of the Chiasmus encryption. You can use those in addition to Chiasmus, ⪚ to sign the message. Additional encryption, on the other hand, does not make much sense and complicates decryption for the recipients. Decryption &kmail; and &kontact; detect messages that have been encrypted using Chiasmus and will automatically ask for the key file to use for decryption, as well as the corresponding password. If the password is correct, the message will be decrypted and displayed. To decrypt attachments that were encrypted using Chiasmus (&ie; those which have a file name ending in .xia), right-click on the attachment you want to decrypt and select Decrypt using Chiasmus . After you have chosen a key file to be used for decryption and entered the correct password for it, a file selection dialog will allow you to specify where the decrypted attachment should be saved.