In Identity settings -> Cryptography, there already is "Automatically sign messages" checkbox. I would argue that we should add "Automatically encrypt messages" as well and that's what the checkbox in the Account Wizard would enable.

The global option "Automatically encrypt messages whenever possible" in KMail settings -> Security -> Composing, should IMO be removed in favor of the per-identity option. Same goes with "Always sign" option - we would set the "Automatically sign messages" for the particular identity and possibly remove the option from KMail global settings.

Is the silent profile something that is configured globally in gnupg config file, or is it something that is enabled by application as needed (calling something like GnuPG::Core::enableSilentProfile(true) on application start)? If it's a config file, then I'd wait with merging the whole thing until you are done with T3124 (because otherwise I'd have to have a more complicated migration path once the gnupg feature is ready). Otherwise we can merge now (well, once I write it :-)) and only add the code to enable the gnupg silent profile once you implement it.

Yes having this configured for identites makes sense. Something like automatically encrypt we can configure per identity. What we can't configure per identity (by gnupg's current design) are gnupg's settings.

The silent profile is something that will be configured globally. With the rationale that users that want a silent gnupg won't care much about usage in other applications or on the command line. And that more "advanced" case (command line use) is catered to by the use of either another homedir for "more protected use".

We will need to have a feature check anyway as we can't create a hard KMail dependency on a super recent GnuPG Version like 2.1.14. The GpgME::hasFeature2 (although i dislike the API) mechanism could be useful for this.

Something like

if (GpgME::hasFeature2(0, GpgME::SilentProfile))
 ...