We plan to implement good support for gpg based encryption throughout the application.
The main parts are:
- Account setup: Initially just allow the user to import is gpg key, eventually provide key creation as well.
- Composer: Support encryption and signing mails. Indicate on all addresses whether we have a key available for them. Drafts that are marked as encrypted should also be stored in an encrypted way.
- Addressbook: Show available keys for addressees and allow setting the default key to use.
- Reader: Indicate whether the email is signed/encrypted, whether the key is trusted or not, and whether the key is known to be broken or not.
Keys that we find in mails will be imported by default, but not automatically fully trusted implementing a similar mechanism like EasyGPG and and PEP.
The public key of the user should automatically be attached to all mails, so other contacts will be able to establish a secure connection after a first communication roundtrip.
Initially we will not encrypt by default because it is a potential data-loss scenario. If we start doing that we should also take care of:
- Teaching the user what it means if he looses his key
- Suggest a key-backup strategy
- Suggest a key sharing strategy across devices
Otherwise we will silently break the multi-device usecase and risk that the user looses access to all his encrypted email.