KMyMoney README.Encryption Author: Thomas Baumgart Date : Jan 01 2005 This README covers the various data formats used to store the information managed with KMyMoney. ----------------------------------------------------------------------------- Data storage ----------------------------------------------------------------------------- KMyMoney stores your financial data in it's XML format. In general, files are compressed using the GZIP format. Thus the resulting file is not directly readable but can be made readable by the following commands: % mv xxx.kmy xxx.kmy.gz % gunzip xxx.kmy.gz Now xxx.kmy is a readable XML file. There is no need to compress the file again before you start KMyMoney again, because KMyMoney also reads the uncompressed format. Please expect the file to be compressed again after you save the file again from within the application. Warning: Do not modify the XML data directly unless you know exactly all the implications! Don't blame it on the KMyMoney developers if something does not work anymore after you've changed the file. In any case, keep a good backup of your files. ----------------------------------------------------------------------------- Encrypting your data to hide your financial status ----------------------------------------------------------------------------- If you want to save your data in a true encrypted fashion, you can use one of the many encrypted filesystems to store your data or use the builtin GPG support of KMyMoney. In order to use this support, you have to have GPG installed and working on your system for a key-pair you own. You can verify this by running the following test: % echo "This is a test" | gpg -ae -r <your-key-id-here> | gpg This should ask you for the passphrase of your secret key and display "This is a test" on the screen. Here's how this looks for me: ---------------------------------------------------------------------- thb@linux:~> echo "This is a test" | gpg -ae -r 0xb75dd3ba | gpg gpg: checking the trustdb gpg: checking at depth 0 signed=7 ot(-/q/n/m/f/u)=0/0/0/0/0/2 gpg: checking at depth 1 signed=1 ot(-/q/n/m/f/u)=6/0/0/0/1/0 gpg: next trustdb check due at 2010-01-02 gpg: 0xb75dd3ba: skipped: public key already present You need a passphrase to unlock the secret key for user: "Thomas Baumgart <thb@net-bembel.de>" 1024-bit ELG-E key, ID D1F83C2B, created 2001-06-23 (main key ID B75DD3BA) gpg: encrypted with 1024-bit ELG-E key, ID D1F83C2B, created 2001-06-23 "Thomas Baumgart <thb@net-bembel.de>" This is a test thb@linux:~> ---------------------------------------------------------------------- If this works for you, then you can turn on GPG support in the KMyMoney settings dialog. In the user id field, enter the respective information about to find the key. The LED symbol to the right of the key will tell you if a key is present for the data you entered. Note: Also substrings would match. Thus entering only 'thb' in my case already turns on the LED. Therefore, you should enter the full e-mail address or the hexadecimal id with a leading 0x. This would be enough to store your data encrypted with GPG. When you open such a file with KMyMoney it will ask you for a passphrase.i In case you use gpg-agent in the background, you will be only asked the first time you open the file and then only again after the cache timeout specified within gpg-agent. See the GPG documentation for more details on howto setup the gpg-agent. If you don't use the gpg-agent, you will be asked everytime you load an encrypted file into the engine. Saving into an encrypted file does not need a passphrase.