Bug 321970

Summary: create encrypted or signed data in PGP/MIME format
Product: [Applications] kgpg Reporter: Hauke Laging <hauke>
Component: generalAssignee: Rolf Eike Beer <kde>
Status: REPORTED ---    
Severity: wishlist CC: tverrbjelke
Priority: NOR    
Version: 2.9.1   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
URL: http://www.openpgp-schulungen.de/
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Hauke Laging 2013-07-04 21:34:23 UTC 
One of the problems for the widespread use of OpenPGP is the increasing usage of webmail. You can use PGP/Inline but who wants that? The acceptance of OpenPGP is not getting better by introducing charset problems and a technical break between the body text on the one hand and attachments on the other. But uploading secret keys to a mail server seems like a rather strange idea. Last resort, only if there is no alternative. Up to now there isn't. And even if you were willing to upload your secret key: The OpenPGP user base is so tiny that no mail provider will be interested in making big changes to its software. And noone wants the CPU load for asymmetric operations.

Part of the solution can be offered by the GnuPG GUIs which operate on plain text (cleartext signatures or ASCII armored encryption / signing). You could take the PGP/MIME code from the email clients and offer an output format which could directly be used for creating an email. Or the other way round: which would decrypt correctly (with respect to encoding and charset).

An example: "The following chars are German umlauts: äöüß"

This can be clearsigned by kgpg to

#################################################
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The following chars are German umlauts: äöüß
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBCAAGBQJR1eaCAAoJEEhrF6s/lq2OJJEIAIHOhDCAJQx9biAO3P1VWt4W
S17A2ndQcasVnpWl1tFmcfcFLGOvaQfD2arqzFeyYT8TDctnDbXA7EZEbNt1fLNs
/H+5I3ZO/Rnt/I8KMEECEkd4ExO6iYJwghM/Iwl4M7pxat/pcezb+rrWPwxtX76d
r793BF57eXcF+N+Rh1GBiBzvCiiobJJQike0y3iwJD7hPFHVUh1VO+oWCdMXVysi
uTUvesLNrBtwoVBShRYwgCeYjREOVZitzKaYrowekSVBvdm6oKRu4gyy5ePuoFZr
64QSVJNT9GM5QyhXaymqsfOQ81AWwAEBI+uSbOMvIg7NCawlcIGtr4nfaNQvk9c=
=Pyy2
-----END PGP SIGNATURE-----
#################################################

It should also offer this output:

#################################################
Content-Type: multipart/signed; boundary="nextPart1557147.9C9cLuqMqB"; micalg="pgp-sha256"; protocol="application/pgp-signature"


--nextPart1557147.9C9cLuqMqB
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"

VGhlIGZvbGxvd2luZyBjaGFycyBhcmUgR2VybWFuIHVtbGF1dHM6IMOkw7bDvMOfCg==

--nextPart1557147.9C9cLuqMqB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQFYBAABCABCBQJR1ea3OxpodHRwOi8vd3d3LmhhdWtlLWxhZ2luZy5kZS9vcGVu
cGdwL3BvbGljeV9fMHgxYTU3MWRmNS5odG1sAAoJEEhrF6s/lq2Of0oH/2Od3nBA
Z/oNAKO4tK+rlJ6B/5vLbAp8u3Oq7PlTJ28rdCPeCeuSQUOA1NW1sh7HYBQTmNR3
huV8scFwsDTyAdMQy+M8QPpDG267PZNElwvrqfI3Ws+ms9kMR5d+OcgDR5LOK96c
ZRykoQvnTevTWEqbDnIbjTB/bpMlhGPPgqCBMXHLiWx4f7rFEO+awfNnB2Neb7sw
PZ4MAq+9g+ZZZWojce5wT5mBtLhC4NNmHtp5KvCLm9ioVI9XIDuvGauW3bjQY1GB
uNQr16MKUwkTqJY+TpRK/0PQ/9WVFIJX1IdLUqkybtkHG6fmzA7M2HPScInDqhvW
TfcAqAsyPsjaMEk=
=S+Op
-----END PGP SIGNATURE-----

--nextPart1557147.9C9cLuqMqB--
#################################################

It would be very easy to adapt an existing webmail software (or write a new one) so that it could use such input correctly. With respect to the length my example does not use attachments. That could be a separate step, though (which would not affect the webmail software).

The necessary software is freely available from several open source mail clients (or their add-ons) with OpenPGP support. Nothing has to be reinvented, this should be a rather simple development task. One might consider whether it makes more sense to make this a KMail feature instead of a KGpg feature. That would probably be even easier to implement but:

1) Not every KDE user uses KMail as mail client. But every KDE user has KGpg available or can access it easily. Even if someone uses KMail and not KGpg (but gpa or ... even kleopatra) this would be an easy solution. And if KGpg offers this feature then gpa and the rest will probably add it, too.

2) There are more mail clients than GnuPG GUIs thus is is probably less work to let them handle this.

It may be a good idea not to implement this completely within KGpg but to write a small console helper program which gets text (and file) input and produces the wanted MIME output. It should be easy to call such a helper program from KGpg but the advantage would be that other GUIs could simply take over this helper program and could implement this feature with more or less no effort at all.

Reproducible: Always
Comment 1 Tverr Bjelke 2013-08-11 12:29:46 UTC 
I am not sure if I understand it properly...

Usecase
------------
I want to send a mail to someone "adressee".
Use my webmailer, via browser, using my KDE Computer, send gpg-encrypted message to "adressee", for which I have the pubkey, listed in my kgpg tool.

 * So I start/open my kgpg
 * click "generate ascii-armored-mail-body" (new feature, using the proposed tobewritten konsolenapp)
 * then select the proper key of  "adressee"
 * copy&paste or type my cleartext message to be encrypted into a textfield or alternative open  textfile containing my cleartext message.
 * click "encrypt now" -> encrypted result is in clipboard
 * open my webmailer in browser, (login etc)
 * select "new mail to ...", get email adress of "adressee"
 * write proper subject and paste the clipboard stuff into the body.

To recieve such mail, any mailclient using gpg should be able to decrypt properly.

Is that the new feature you propose?
Comment 2 Rolf Eike Beer 2013-08-11 13:14:41 UTC 
KGpg can already the text in clipboard, or you can use it's built-in editor. So I don't think any change is required.

And reading and composing signed and encrypted mails with e.g. KMail is working fine.
Comment 3 Hauke Laging 2013-08-11 13:21:26 UTC 
(In reply to comment #1)

>  * click "generate ascii-armored-mail-body"

That would probably not be the wording as this is NOT just about mail bodies (like PGP/Inline is). It would rather be "create PGP/MIME"


>  * copy&paste or type my cleartext message to be encrypted into a textfield
> or alternative open  textfile containing my cleartext message.

And maybe add files as attachments.


>  * open my webmailer in browser, (login etc)
>  * select "new mail to ...", get email adress of "adressee"
>  * write proper subject and paste the clipboard stuff into the body.

Of course, a selection like "paste PGP/MIME" (or more general: "paste MIME") would be necessary in the browser, too.


> To recieve such mail, any mailclient using gpg should be able to decrypt
> properly.

This is not just about encryption but about signatures, too. I am afraid with mail clients NOT supporting PGP/MIME the decryption (or reading and verifying signed data) would be more difficult. But it would be better with supporting clients.

The KMail address book allows you to set the PGP encoding (inline vs. MIME) for each contact. The webmail people could do the same and warn you if you try to send PGP/MIME to someone who has been configured as inline recipient.

> Is that the new feature you propose?

Yes.
Comment 4 Hauke Laging 2013-08-11 13:26:07 UTC 
(In reply to comment #2)
> KGpg can already the text in clipboard, or you can use it's built-in editor.
> So I don't think any change is required.
> 
> And reading and composing signed and encrypted mails with e.g. KMail is
> working fine.

You have misunderstood what this is about.

There is no problem if you use a real mail client (supporting PGP/MIME, e.g. KMail).

This is ONLY about webmail and improving its possibilities. It requires changes both with webmail and with the OpenPGP tools. But the webmail people will not even consider changing their systems as long as there are no tools available which allow their users to copy&paste PGP/MIME code.