Summary: | Option to store decrypted GPG email unencrypted locally. | ||
---|---|---|---|
Product: | [Applications] kmail2 | Reporter: | Unknown <null> |
Component: | crypto | Assignee: | kdepim bugs <kdepim-bugs> |
Status: | CONFIRMED --- | ||
Severity: | wishlist | CC: | annma, b-misc, bartoschek, buginfo, cookie170, felix, hp.news, ot.an, pancho.s, pg-112, shopping, stth1998, thomas.friedrichsmeier, tuju, vishnugb |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | openSUSE | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: | |||
Bug Depends on: | |||
Bug Blocks: | 34681 | ||
Attachments: |
filter for decrypting kmail messages
fixed script An improved kmail filter to save decrypted mails locally A kmail filter to permanently decrypt GPG messages with the help of gpg-agent Python-based encryption script, similar to the others, but including the decoding of special characters |
Description
865news6855
2001-07-06 12:09:40 UTC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 6. July 2001 14:09 865news6855@vortex.physik.uni-konstanz.de wrote: > It would be really nice if KMail had the option to save decrypted GPG > messages *unencrypted* on your local disk. This would make it a lot > easier to browse and grep through your personal mail-archive withour > having to decrypt every single messages. As a workaround which maybe only works with KMail from KDE2.2beta1 you can copy the message to the drafts folder then double click on it in order to open the message in the composer then save it again in the drafts folder (of course without encryption) and then save it to the disk. > For added security (which is not always necessary) on could save mail > on an encrypted partition. But that is something different. Encrypted partitions are of course not KMail's concern. > This feature is the only thing stopping me from using encrypted email > on a regular basis. Regards Ingo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7RjMmGnR+RTDgudgRAraUAJ9r0uDkGfhmXxGd4ZMvaqqbmlnBgwCgzmES 2mBPs6fuA82sKaW8td1ROQY= =jYjT -----END PGP SIGNATURE----- Hi, I'd also like to stress that this is really a missing feature. Not only would it allow easy handling (grepping, etc.) of all mails, it would also enable searching messages within kmail itself (bugs 34681, 62953). Of course, this wouldn't be an elegant or even acceptable solution of this problem. Yet, it would be an improvement for many people. More generally, I'd say that many, if not most, people use gpg to ensure a secure transmission of their messages over an inherently insecure network. This is completely independent of local security, which for many people is already "good enough". However, the current inability of kmail to store mails unencrypted is a burden for everyone who only tries to secure the transmission, and not the local storing. Furthermore the introduction of the Crypto API in kernel 2.6 simplifies the creation of encrypted partitions, even though the major distributions already support encrypted partitions in their graphical configuration utilities. I really don't like the idea of having potentially thousands of single encrypted files in my home directory. It's just too cumbersome. I also don't encrypt every single kword document. And if I'd like to, the best idea would be to have an encrypted filesystem, which is completely transparent to grep et al. I'm glad to see that the kmail developers care very much about security, yet ignoring the users' needs isn't the way to go. Kind regards Gilles I agree with the previous post. To encrypt a message is really as putting a letter in an envelope, whenever the reciever gets the message she trows the envelope away and saves the letter in a suitable way. Not beeing able to save messages decrypted after i recieve them is the main reason why i use encryption very sparsely. i have copies of the keys, but still, if i happen to loose a key i also loose all old mails that came encrypted. this is obviously not good. kind regards Replaced 865news6855@vortex.physik.uni-konstanz.de with null@kde.org due to bounces by reporter I just tried the workaround through the drafts folder, and it doesn't work anymore. I checked the setting, and the "Never sign/encrypt when saving as draft" is checked. I was about to add my vote to this one, but I would perfer it in a slightly different way. I have mail here that I want to keep encrypted in the folder - mails with passwords for example - and I have some where only the transport over the net was the reason for the encryption. To solve this, I would propose a button or link or ?? where I can choose to decrypt the mail once and for all. Technically this would mean replacing the original mail with the unencrypted mail. Or even cooler: Replacing it with a new mime mail, where you have two mime parts - one being the original mail, and the other the decrypted mail. Don't know if this would be overkill, though. But just having the possibility of the decrypt once and for all on a per message base would be really nice. *** Bug 46390 has been marked as a duplicate of this bug. *** I concur with what is being said here. I would like to use encryption to transmit messages securely, but not being able to browse messages without using my private key and pass-phrase every time is a serious hindrance which actually stops me doing this. I have no reason not to trust my flat mate or guests. If I were worried about that I could create separate accounts or use screen locks, which would be more helpful in any case. I am certainly not worried about what happens if corporate agents seize my hardware - that is just not a realistic concern for an average Jo-User and if it gets to that point you're probably fairly screwed already! I would find a decrypt-and-store feature extremely useful, and I think it would encourage greater use of secure transmission. What's the status on this? I'd just like to add a minor wish: if a mail is stored in decrypted form, some headers should be added that indicate if and how the message was encrypted/signed and so on. This metadata shouldn't be discarded. Created attachment 10026 [details]
filter for decrypting kmail messages
This is a simple perl script using kdialog and gpg to decrypt kmail messages
permanently.
Use Settings->Configure Filters...
Add a new Filter and rename it to anything you like, e.g. "permanent
decryption"
At the "Filter Actions" panel select "Pipe Through" in the combobox.
Use the file chooser button at the right side of the text field to select this
script.
At the advanced options panel only select "on manual filtering" and "Add this
filter to the Apply Filter menu"
Use a nice icon :-)
A new icon for this filter action should now be visible on your menubar. Just
select your encrypted mail and then click this button.
Please note that this script works for me and I give no guaranty for anything.
To be on the save side make a copy of your mail before decryption.
It would be much nicer if Kmail offers this functionality natively. This script
is just a kludge, no passwort caching, no internationalization, ...
Greetings
Ronny Standtke
Created attachment 10030 [details]
fixed script
The old version of the script only works if you start kmail from the command
line. I added a "--no-tty" to the gpg call. Now it should also work if you
start kmail/kontact by other means. Please dont forget to make the script
executable (chmod +x <script>).
Created attachment 11123 [details]
An improved kmail filter to save decrypted mails locally
Ronny Standtke has submitted a wonderful script for saving decrypted mails in
kmail. However, there were a few errors, and so here I submit a "new" version:
1. Passwords with any "funny" characters didn't work. Changed '"' to ''' to
accommodate
2. The UI was in German. I added English strings and a relatively easy way to
switch back and forth ($lang = "en"; or $lang = "de";)
Hope it helps..
Tarek : )
Created attachment 13201 [details]
A kmail filter to permanently decrypt GPG messages with the help of gpg-agent
This kmail filter is the same as the last filter I submitted, but uses
gpg-agent instead of the kdialog input. The goal of this script is to make it
so that one does not always have to re-enter the password.
Note: Users MUST have gpg-agent working!
tarek : )
For the last script I submitted, I have just noticed that one thing that is necessary is for "use-agent" to be enabled in "gpg.conf" (usually in ~/.gnupg/gpg.conf). This is as simple as adding "use-agent" to the file or uncommenting it if already there. tarek : ) > It would be really nice if KMail had the option to save decrypted GPG
> messages *unencrypted* on your local disk.
I agree with you -- if anyone needs local protection one should use partition encryption. Basic rule -- don't duplicate functionality (to absurd when somebody has encrypted partition and stores encrypted mails ;-) ).
BUT... it would be nice if KMail encrypted outgoing mail just before sending and ONLY for sending. As it was said -- mail encryption is an envelope! Nothing more. Now I cannot make any changes in mail even it is still put in "outbox" folder. What's more -- I cannot look at my old sent mails.
Hope to see that fixed soon :-).
Kind regards,
I totally agree with this. I'm trying to use encryption as a default for my outgoing mails, but it's a real hassel to have all stored mails in encrypted form. And, additionally, it really doesn't make any sense. As has been pointed out here several times, it is not the taks of kmail to encrypt data on my local partition but to handle mail in transfer! Would really be very helpful if this will be fixed soon!! Best regards and thanks for all the work, Michael This is excactly what I want! Messages should be decrypted once when first opened (then the user could determine whether the information is too sensitive to keep stored in their inbox too!), and then stored permanetly decrypted on the local system. Note that there might be problems with this and IMAP. The local client would have to store decrypted sent and received messages, but the external IMAP server would have to store the same messages encrypted. Or?... Encryption is useful when the messages is transfered over the internett. It is not nescesary or useful (for most users) to store emails encrypted on local systems. This would also eliminate the issues related to "what if OpenPG failes in the future; and you would not be able to access your old emails?" argument for not using encryption. i want that feature too, but i want to be able to trigger it in the controls... but it would be really very useful. and technically it is no problem... i think this feature is absolutly necessary. That IMAP problem could be reduced to "not store decryped remote". Personally I store local copys of Mail from the IMAP folders and clean up on the Server from time to time. This would be an easy way. I suggest the first thing to be fixed is storing sent mail unencrypted. No being able to read mail I get an answer to, because it doesn't contain quotes is some kind of embarrassing... Is this still valid in KMail2? Please comment or close, thanks in advance. Reassigning to kmail2 meanwhile. This report is not about saving resp. exporting the contents of a GPG-encrypted message somewhere on the disk, so in the age of Akonadi, this means "storing" the message in unencrypted state. Therefore, I'm rewording the summary a bit. In any case, this definitely still applies to kmail2, but needs to be implemented in Akonadi, possibly moving encryption libraries and handling to Akonadi. IMHO this requires quite large architectural changes though, but would be worth it. Might be a nice GSOC project. Created attachment 84295 [details]
Python-based encryption script, similar to the others, but including the decoding of special characters
The other scripts posted here, did not work for me, due to special characters in the mail ('=20' and '=3D' for space and '='). So I have written a python (v2.7) script that additionally does this special-character-repacement. The rest is very similar to the other scripts, i.e. it uses kdialog and gpg as external tools.
Just for info: I am using KMail 4.11.3 (on Kubuntu) I contacted Tobias re the script and he was very helpful - unfortunately it no longer works, it seems that the GPG encrypted is no longer inline but an attachment. I looked the Internet up and down, but save the Mutt way there appears to be no solution for this. I'd love to move my family to GPG encrypted email, but can't. Have there been any developments since the last posts on this list? Best Phillip I'm encrypting emails for sending them. How I save them on my local disk is a completely different question. I'd really be glad to have my encrypted emails _decrypted_ in kmail, the ones I sended and the ones I received and decrypted. So, to the maintainers of kmail: thank you for all the work! But please implement this feature... This bug has not been resolved for more than 15 years. Sigh. Actually - this is more important than one might understand at first look. Apart from some big countries like USA, goverment issued personal ID's are quite often equipped with X.509 certificates and it's not that far that you could encrpyt your messages using PKI keys. PKI makes it a whole lot easier as you don't need to worry how the recipient gets his/her certificate. That said, all personal ID based certificates employ some sort of HSM (hardware security module, a smartcard chip) which means, that owner, or not even the issuer can't get private keys out of the card - those public key pairs are generated on the chip. This leads to the conlusion, that even the PKI cards solve the key distribution problem and lower the bar to encrpyt your emails using it, they create a long term problem, that recipient cannot open his/her own messages once the certificates become outdated/invalid - typically in five or so years. Hence it would be very important to have a generic method to strip whatever encryption from incoming messages for long term archiving/saving. The same applies more or less to PGP/GPG keys, you can always loose them. Not sure if the 'best before' date applies there as well. I think it does. And here is the list (trust service status list) of all EU countries that have issued such personal certificate PKI system: http://tlbrowser.tsl.website/tools/index.jsp |