GPG-encrypted file

Using the GPG-encrypted file format is a very secure method of storing your personal finance data on your storage device. When KMyMoney has been instructed through the settings dialog to store your data encrypted, it will cipher the data using GPG and the key you provided before actually storing it. When opening an encrypted file, you have to provide the passphrase necessary to open your keyring. The encrypted file itself will be stored in GPG's ASCII armored format.

Note

When using GPG encryption, GPG also compresses the file, so no extra compression is necessary.

GPG-Keys

If you have not done so already for mail encryption, you need to generate a key-pair in order to use the GPG encryption feature of KMyMoney. Also, GPG must be installed on your system.

The details about how to generate a key-pair and how to take care of it are beyond the scope of this document. A Mini Howto on this subject can be found at https://www.gnupg.org/documentation/howtos.en.html.

Setting the keys in KMyMoney

On the encryption page of the settings dialog, there is a drop down list where you can select the key that should be used for encryption and decryption. Additionally you can find a field where you can enter the key-id of a key not in the listbox. You can use either the key-id, the email address associated with this key, or any other valid GPG key identification as the value for this field. When you enter the key-id, KMyMoney will check its validity and display a green LED icon in the dialog if a key is found.

Caution

Make sure you have both the public and the private key for this id. If you do not own the private key for the id entered, you will not be able to open the file again.

The KMyMoney recover key

Also on this page of the settings dialog you have the choice of selecting supplemental encryption with the KMyMoney recover key. This option is available to you if that key is stored in your GPG keyring. Selecting this option will allow you to recover your data even in the case you lose your own private key. This is possible because the data is not only encrypted for your own key, but also for the KMyMoney recover key. This key is only available to selected KMyMoney developers (at the time of writing only to the author). As of the release of KMyMoney version 4.7, the recover key is set to expire on 3 January 2015.

Under normal circumstances, you will open/save/close your file as usual. In the abnormal case of loss of your key, you have the chance to contact one of the developers who has access to the KMyMoney recover key and request help to recover your data. You may contact the developers via email to the KMyMoney developer mailing list at .