GPG support
Open, NormalPublic
Actions

Description

We plan to implement good support for gpg based encryption throughout the application.
The main parts are:

Account setup: Initially just allow the user to import is gpg key, eventually provide key creation as well.
Composer: Support encryption and signing mails. Indicate on all addresses whether we have a key available for them. Drafts that are marked as encrypted should also be stored in an encrypted way.
Addressbook: Show available keys for addressees and allow setting the default key to use.
Reader: Indicate whether the email is signed/encrypted, whether the key is trusted or not, and whether the key is known to be broken or not.

Keys that we find in mails will be imported by default, but not automatically fully trusted implementing a similar mechanism like EasyGPG and and PEP.
The public key of the user should automatically be attached to all mails, so other contacts will be able to establish a secure connection after a first communication roundtrip.

Initially we will not encrypt by default because it is a potential data-loss scenario. If we start doing that we should also take care of:

Teaching the user what it means if he looses his key
Suggest a key-backup strategy
Suggest a key sharing strategy across devices

Otherwise we will silently break the multi-device usecase and risk that the user looses access to all his encrypted email.

Related Objects
Search...

Status	Assigned	Task
Open	None	T7658 Autocrypt support
Open	None	T5914 GPG support
Open	None	T6990 Account setup key creation
Open	None	T6991 Addressbook: key selection
Resolved	cmollekopf	T6992 Composer: Send encrypted mails
Resolved	cmollekopf	T6993 Composer: Send signed mails
Resolved	cmollekopf	T6994 Composer: attach own key when sending a mail
Resolved	cmollekopf	T6289 mesage viewer. encrypted/signed visualisation
Resolved	rnicole	T6995 Messageviewer: Option to import attached key
Duplicate	None	T6881 GPG Keymanagement of other users
Resolved	cmollekopf	T7484 Disable checkboxes if personal key/or recipients keys are missing and display warning
Resolved	cmollekopf	T7489 Check key for trust and validity before use.

cmollekopf created this task.Apr 20 2017, 6:04 AM

Potential key backup strategy:

Derive the key from a sufficiently long password using an algorithm such as PBKDF2 (See enchive --derive: https://github.com/skeeto/enchive)
The key can then be regenerated from the same password and as such it can be:
- backed-up a notebook
- copied to other devices by copying it manually (or using a barcode scanner)
While backing up that passphrase will again result in a potential weakness (depending on where you store it), it might also provide an easy & secure way for backup and transfer.