KMyMoney README.Encryption
Author: Thomas Baumgart
Date  : Jan 01 2005

This README covers the various data formats used to store the information
managed with KMyMoney.

-----------------------------------------------------------------------------
Data storage
-----------------------------------------------------------------------------

KMyMoney stores your financial data in it's XML format. In general, files are
compressed using the GZIP format. Thus the resulting file is not directly
readable but can be made readable by the following commands:

  % mv xxx.kmy xxx.kmy.gz
  % gunzip xxx.kmy.gz

Now xxx.kmy is a readable XML file. There is no need to compress the file
again before you start KMyMoney again, because KMyMoney also reads the
uncompressed format. Please expect the file to be compressed again after
you save the file again from within the application.

Warning: Do not modify the XML data directly unless you know exactly all
the implications! Don't blame it on the KMyMoney developers if something
does not work anymore after you've changed the file. In any case, keep
a good backup of your files.

-----------------------------------------------------------------------------
Encrypting your data to hide your financial status
-----------------------------------------------------------------------------

If you want to save your data in a true encrypted fashion, you can use one of
the many encrypted filesystems to store your data or use the builtin GPG
support of KMyMoney.

In order to use this support, you have to have GPG installed and working
on your system for a key-pair you own. You can verify this by running
the following test:

  % echo "This is a test" | gpg -ae -r <your-key-id-here> | gpg

This should ask you for the passphrase of your secret key and display
"This is a test" on the screen. Here's how this looks for me:

----------------------------------------------------------------------
  thb@linux:~> echo "This is a test" | gpg -ae -r 0xb75dd3ba | gpg
  gpg: checking the trustdb
  gpg: checking at depth 0 signed=7 ot(-/q/n/m/f/u)=0/0/0/0/0/2
  gpg: checking at depth 1 signed=1 ot(-/q/n/m/f/u)=6/0/0/0/1/0
  gpg: next trustdb check due at 2010-01-02
  gpg: 0xb75dd3ba: skipped: public key already present

  You need a passphrase to unlock the secret key for
  user: "Thomas Baumgart <thb@net-bembel.de>"
  1024-bit ELG-E key, ID D1F83C2B, created 2001-06-23 (main key ID B75DD3BA)

  gpg: encrypted with 1024-bit ELG-E key, ID D1F83C2B, created 2001-06-23
        "Thomas Baumgart <thb@net-bembel.de>"
  This is a test
  thb@linux:~>
----------------------------------------------------------------------

If this works for you, then you can turn on GPG support in the KMyMoney
settings dialog. In the user id field, enter the respective information
about to find the key. The LED symbol to the right of the key will tell
you if a key is present for the data you entered. Note: Also substrings
would match. Thus entering only 'thb' in my case already turns on the
LED. Therefore, you should enter the full e-mail address or the hexadecimal
id with a leading 0x.

This would be enough to store your data encrypted with GPG. When you open
such a file with KMyMoney it will ask you for a passphrase.i

In case you use gpg-agent in the background, you will be only asked the
first time you open the file and then only again after the cache timeout
specified within gpg-agent. See the GPG documentation for more details on
howto setup the gpg-agent. If you don't use the gpg-agent, you will be asked
everytime you load an encrypted file into the engine. Saving into an
encrypted file does not need a passphrase.