Bug 28261 - Option to store decrypted GPG email unencrypted locally.
Summary: Option to store decrypted GPG email unencrypted locally.
Alias: None
Product: kmail2
Classification: Applications
Component: crypto (show other bugs)
Version: unspecified
Platform: OpenSUSE Linux
: NOR wishlist with 507 votes (vote)
Target Milestone: ---
Assignee: kdepim bugs
: 46390 (view as bug list)
Depends on:
Blocks: 34681
  Show dependency treegraph
Reported: 2001-07-06 12:18 UTC by Unknown
Modified: 2018-10-30 12:09 UTC (History)
15 users (show)

See Also:
Latest Commit:
Version Fixed In:

filter for decrypting kmail messages (1.64 KB, text/plain)
2005-03-08 15:52 UTC, Ronny Standtke
fixed script (1.65 KB, text/plain)
2005-03-09 07:43 UTC, Ronny Standtke
An improved kmail filter to save decrypted mails locally (2.44 KB, text/plain)
2005-05-21 10:18 UTC, Tarek Loubani
A kmail filter to permanently decrypt GPG messages with the help of gpg-agent (2.28 KB, text/plain)
2005-10-29 04:41 UTC, Tarek Loubani
Python-based encryption script, similar to the others, but including the decoding of special characters (2.91 KB, application/octet-stream)
2013-12-27 13:14 UTC, Tobias N.

Note You need to log in before you can comment on or make changes to this bug.
Description 865news6855 2001-07-06 12:09:40 UTC
(*** This bug was imported into bugs.kde.org ***)

Package:           kmail
Version:           KDE 2.1.1 
Severity:          wishlist
Installed from:    SuSE RPMs
Compiler:          Not Specified
OS:                Linux
OS/Compiler notes: Not Specified

It would be really nice if KMail had the option to save decrypted GPG messages *unencrypted* on your local disk. This would make it a lot easier to browse and grep through your personal mail-archive withour having to decrypt every single messages.

For added security (which is not always necessary) on could save mail on an encrypted partition. But that is something different.

This feature is the only thing stopping me from using encrypted email on a regular basis.

Kind regards and TIA


(Submitted via bugs.kde.org)
Comment 1 Ingo Kl 2001-07-06 21:52:38 UTC
Hash: SHA1

On Friday 6. July 2001 14:09 
865news6855@vortex.physik.uni-konstanz.de wrote:
> It would be really nice if KMail had the option to save decrypted GPG
> messages *unencrypted* on your local disk. This would make it a lot
> easier to browse and grep through your personal mail-archive withour
> having to decrypt every single messages.

As a workaround which maybe only works with KMail from KDE2.2beta1 you 
can copy the message to the drafts folder then double click on it in 
order to open the message in the composer then save it again in the 
drafts folder (of course without encryption) and then save it to the 

> For added security (which is not always necessary) on could save mail
> on an encrypted partition. But that is something different.

Encrypted partitions are of course not KMail's concern. 

> This feature is the only thing stopping me from using encrypted email
> on a regular basis.

Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

Comment 2 Gilles Schintgen 2003-11-15 10:29:22 UTC
Hi, I'd also like to stress that this is really a missing feature. Not only would it allow easy handling (grepping, etc.) of all mails, it would also enable searching messages within kmail itself (bugs 34681, 62953). Of course, this wouldn't be an elegant or even acceptable solution of this problem. Yet, it would be an improvement for many people.
More generally, I'd say that many, if not most, people use gpg to ensure a secure transmission of their messages over an inherently insecure network. This is completely independent of local security, which for many people is already "good enough". However, the current inability of kmail to store mails unencrypted is a burden for everyone who only tries to secure the transmission, and not the local storing.
Furthermore the introduction of the Crypto API in kernel 2.6 simplifies the creation of encrypted partitions, even though the major distributions already support encrypted partitions in their graphical configuration utilities. I really don't like the idea of having potentially thousands of single encrypted files in my home directory. It's just too cumbersome. I also don't encrypt every single kword document. And if I'd like to, the best idea would be to have an encrypted filesystem, which is completely transparent to grep et al.
I'm glad to see that the kmail developers care very much about security, yet ignoring the users' needs isn't the way to go.
Kind regards
Comment 3 disclosed 2004-01-14 17:28:58 UTC
I agree with the previous post.
To encrypt a message is really as putting a letter in an envelope, whenever the reciever gets the message she trows the envelope away and saves the letter in a suitable way.
Not beeing able to save messages decrypted after i recieve them is the main reason why i use encryption very sparsely. i have copies of the keys, but still, if i happen to loose a key i also loose all old mails that came encrypted. this is obviously not good.

kind regards
Comment 4 Stephan Kulow 2004-05-18 21:21:35 UTC
Replaced 865news6855@vortex.physik.uni-konstanz.de with null@kde.org due to bounces by reporter
Comment 5 bo 2004-09-20 13:40:47 UTC
I just tried the workaround through the drafts folder, and it doesn't work anymore. I checked the setting, and the "Never sign/encrypt when saving as draft" is checked.

I was about to add my vote to this one, but I would perfer it in a slightly different way. I have mail here that I want to keep encrypted in the folder - mails with passwords for example - and I have some where only the transport over the net was the reason for the encryption. To solve this, I would propose a button or link or ?? where I can choose to decrypt the mail once and for all.

Technically this would mean replacing the original mail with the unencrypted mail. Or even cooler: Replacing it with a new mime mail, where you have two mime parts - one being the original mail, and the other the decrypted mail. Don't know if this would be overkill, though.

But just having the possibility of the decrypt once and for all on a per message base would be really nice.
Comment 6 Till Adam 2004-10-24 22:04:07 UTC
*** Bug 46390 has been marked as a duplicate of this bug. ***
Comment 7 Martin Traverse 2005-01-11 17:46:24 UTC
I concur with what is being said here. I would like to use encryption to transmit messages securely, but not being able to browse messages without using my private key and pass-phrase every time is a serious hindrance which actually stops me doing this.

I have no reason not to trust my flat mate or guests. If I were worried about that I could create separate accounts or use screen locks, which would be more helpful in any case. I am certainly not worried about what happens if corporate agents seize my hardware - that is just not a realistic concern for an average Jo-User and if it gets to that point you're probably fairly screwed already!

I would find a decrypt-and-store feature extremely useful, and I think it would encourage greater use of secure transmission.
Comment 8 Gilles Schintgen 2005-01-28 15:08:37 UTC
What's the status on this?
I'd just like to add a minor wish: if a mail is stored in decrypted form, some headers should be added that indicate if and how the message was encrypted/signed and so on. This metadata shouldn't be discarded.
Comment 9 Ronny Standtke 2005-03-08 15:52:51 UTC
Created attachment 10026 [details]
filter for decrypting kmail messages

This is a simple perl script using kdialog and gpg to decrypt kmail messages

Use Settings->Configure Filters...
Add a new Filter and rename it to anything you like, e.g. "permanent
At the "Filter Actions" panel select "Pipe Through" in the combobox.
Use the file chooser button at the right side of the text field to select this
At the advanced options panel only select "on manual filtering" and "Add this
filter to the Apply Filter menu"
Use a nice icon :-)

A new icon for this filter action should now be visible on your menubar. Just
select your encrypted mail and then click this button.

Please note that this script works for me and I give no guaranty for anything.
To be on the save side make a copy of your mail before decryption.

It would be much nicer if Kmail offers this functionality natively. This script
is just a kludge, no passwort caching, no internationalization, ...


Ronny Standtke
Comment 10 Ronny Standtke 2005-03-09 07:43:04 UTC
Created attachment 10030 [details]
fixed script

The old version of the script only works if you start kmail from the command
line. I added a "--no-tty" to the gpg call. Now it should also work if you
start kmail/kontact by other means. Please dont forget to make the script
executable (chmod +x <script>).
Comment 11 Tarek Loubani 2005-05-21 10:18:55 UTC
Created attachment 11123 [details]
An improved kmail filter to save decrypted mails locally

Ronny Standtke has submitted a wonderful script for saving decrypted mails in
kmail. However, there were a few errors, and so here I submit a "new" version:

1. Passwords with any "funny" characters didn't work. Changed '"' to ''' to
2. The UI was in German. I added English strings and a relatively easy way to
switch back and forth ($lang = "en"; or $lang = "de";)

Hope it helps..

Tarek : )
Comment 12 Tarek Loubani 2005-10-29 04:41:42 UTC
Created attachment 13201 [details]
A kmail filter to permanently decrypt GPG messages with the help of gpg-agent

This kmail filter is the same as the last filter I submitted, but uses
gpg-agent instead of the kdialog input. The goal of this script is to make it
so that one does not always have to re-enter the password.

Note: Users MUST have gpg-agent working!

tarek : )
Comment 13 Tarek Loubani 2005-11-28 05:15:57 UTC
For the last script I submitted, I have just noticed that one thing that is necessary is for "use-agent" to be enabled in "gpg.conf" (usually in ~/.gnupg/gpg.conf). This is as simple as adding "use-agent" to the file or uncommenting it if already there.

tarek : )
Comment 14 Maciej Pilichowski 2006-02-12 17:35:10 UTC
> It would be really nice if KMail had the option to save decrypted GPG
> messages *unencrypted* on your local disk.

I agree with you -- if anyone needs local protection one should use partition encryption. Basic rule -- don't duplicate functionality (to absurd when somebody has encrypted partition and stores encrypted mails ;-) ).

BUT... it would be nice if KMail encrypted outgoing mail just before sending and ONLY for sending. As it was said -- mail encryption is an envelope! Nothing more. Now I cannot make any changes in mail even it is still put in "outbox" folder. What's more -- I cannot look at my old sent mails.
Hope to see that fixed soon :-).

Kind regards,
Comment 15 Neuer_User 2006-04-13 09:55:47 UTC
I totally agree with this. I'm trying to use encryption as a default for my outgoing mails, but it's a real hassel to have all stored mails in encrypted form. And, additionally, it really doesn't make any sense. As has been pointed out here several times, it is not the taks of kmail to encrypt data on my local partition but to handle mail in transfer!

Would really be very helpful if this will be fixed soon!!

Best regards and thanks for all the work,

Comment 16 Daniel Aleksandersen 2007-06-08 14:06:08 UTC
This is excactly what I want!

Messages should be decrypted once when first opened (then the user could determine whether the information is too sensitive to keep stored in their inbox too!), and then stored permanetly decrypted on the local system.

Note that there might be problems with this and IMAP. The local client would have to store decrypted sent and received messages, but the external IMAP server would have to store the same messages encrypted. Or?...

Encryption is useful when the messages is transfered over the internett. It is not nescesary or useful (for most users) to store emails encrypted on local systems.

This would also eliminate the issues related to "what if OpenPG failes in the future; and you would not be able to access your old emails?" argument for not using encryption.
Comment 17 buginfo 2008-08-29 03:27:22 UTC
i want that feature too, but i want to be able to trigger it in the controls... but it would be really very useful. and technically it is no problem...
Comment 18 stefan 2008-09-22 21:03:49 UTC
i think this feature is absolutly necessary.

That IMAP problem could be reduced to "not store decryped remote". Personally I store local copys of Mail from the IMAP folders and clean up on the Server from time to time. This would be an easy way.

I suggest the first thing to be fixed is storing sent mail unencrypted. No being able to read mail I get an answer to, because it doesn't contain quotes is some kind of embarrassing...

Comment 19 Anne-Marie Mahfouf 2011-11-30 16:13:50 UTC
Is this still valid in KMail2? Please comment or close, thanks in advance.

Reassigning to kmail2 meanwhile.
Comment 20 Bernd Oliver Sünderhauf 2012-12-03 11:05:03 UTC
This report is not about saving resp. exporting the contents of a GPG-encrypted message somewhere on the disk, so in the age of Akonadi, this means "storing" the message in unencrypted state. Therefore, I'm rewording the summary a bit.
In any case, this definitely still applies to kmail2, but needs to be implemented in Akonadi, possibly moving encryption libraries and handling to Akonadi. IMHO this requires quite large architectural changes though, but would be worth it.
Might be a nice GSOC project.
Comment 21 Tobias N. 2013-12-27 13:14:48 UTC
Created attachment 84295 [details]
Python-based encryption script, similar to the others, but including the decoding of special characters

The other scripts posted here, did not work for me, due to special characters in the mail ('=20' and '=3D' for space and '='). So I have written a python (v2.7) script that additionally does this special-character-repacement. The rest is very similar to the other scripts, i.e. it uses kdialog and gpg as external tools.
Comment 22 Tobias N. 2013-12-27 13:16:59 UTC
Just for info: I am using KMail 4.11.3 (on Kubuntu)
Comment 23 Phillip 2015-02-14 23:13:45 UTC
I contacted Tobias re the script and he was very helpful - unfortunately it no longer works, it seems that the GPG encrypted is no longer inline but an attachment.

I looked the Internet up and down, but save the Mutt way there appears to be no solution for this. I'd love to move my family to GPG encrypted email, but can't.

Have there been any developments since the last posts on this list?

Comment 24 Alexander 2016-05-14 20:01:16 UTC
I'm encrypting emails for sending them. How I save them on my local disk is a completely different question. 

I'd really be glad to have my encrypted emails _decrypted_ in kmail, the ones I sended and the ones I received and decrypted.

So, to the maintainers of kmail: thank you for all the work! But please implement this feature...
Comment 25 Alexander 2017-03-03 11:38:20 UTC
This bug has not been resolved for more than 15 years. Sigh.
Comment 26 Juha Tuomala 2017-03-03 12:30:49 UTC
Actually - this is more important than one might understand at first look.

Apart from some big countries like USA, goverment issued personal ID's are quite often equipped with X.509 certificates and it's not that far that you could encrpyt your messages using PKI keys. PKI makes it a whole lot easier as you don't need to worry how the recipient gets his/her certificate.

That said, all personal ID based certificates employ some sort of HSM (hardware security module, a smartcard chip) which means, that owner, or not even the issuer can't get private keys out of the card - those public key pairs are generated on the chip. This leads to the conlusion, that even the PKI cards solve the key distribution problem and lower the bar to encrpyt your emails using it, they create a long term problem, that recipient cannot open his/her own messages once the certificates become outdated/invalid - typically in five or so years.

Hence it would be very important to have a generic method to strip whatever encryption from incoming messages for long term archiving/saving. The same applies more or less to PGP/GPG keys, you can always loose them. Not sure if the 'best before' date applies there as well. I think it does.
Comment 27 Juha Tuomala 2017-03-03 12:33:23 UTC
And here is the list (trust service status list) of all EU countries that have issued such personal certificate PKI system: