Page MenuHome GnuPG
Create Task
Maniphest T3999

automatically turn on/offer encryption if recipients' keys are known
Closed, ResolvedPublic
Actions

Description

As very little of my recipients use encryption, I normally do remember to turn on encryption for them. But sometimes I forget. Encryption always preselected is much more of a problem.

So I'd like an algorithm that checks if all recipients' keys are known and automatically turns on/offers encryption. And turns it off again if the recipients are changed to non-key ones.

If this is too difficult, I'd like an algorithm that checks just the first recipient once and turns on/offers encryption if that recipient's key is known. This would work in 99% of my cases. I guess this makes my request new if I missed an old request for the same thing.

Details

Version
Gpg4win 3.1.1; gpgol.dll 2.1.2 beta 5

Revisions and Commits

rO GpgOL
rO4213ac0986d7 Set UUID when auto toggling secure
rO3774434014b9 Fix flicker when locate threads are running
rO60b331568188 Simplify isMailResolvable and accept keygen
rOc8f46557da70 Implement auto secure feature
rO9f132ff7cbc2 Prepare keycache for autoencryption
rOe26e6b58b48e Locks and more locks

Related Objects
Search...

Event Timeline

JJworx created this task.May 29 2018, 12:55 PM
JJworx updated the task description. (Show Details)
werner added a project: gpgol.May 30 2018, 11:43 AM
aheinecke claimed this task.Jun 1 2018, 9:23 AM
aheinecke triaged this task as Wishlist priority.
aheinecke added a subscriber: aheinecke.

Yes, this is actually pretty high on the wishlist but AFAIK there was not yet a task for this.

We want to improve automatic encryption more so this makes a lot of sense.

aheinecke added a parent task: T4029: Gpg4win 3.1.3.Jun 19 2018, 8:57 AM
aheinecke removed a parent task: T4029: Gpg4win 3.1.3.Jun 20 2018, 7:39 AM
aheinecke added a subtask: T4029: Gpg4win 3.1.3.
aheinecke added a commit: rOe26e6b58b48e: Locks and more locks.Jun 20 2018, 2:03 PM
aheinecke added a commit: rO9f132ff7cbc2: Prepare keycache for autoencryption.
aheinecke mentioned this in T4037: Autosigning mails doesn't work when answering / forwarding.Jun 21 2018, 10:31 AM
aheinecke added a commit: rOc8f46557da70: Implement auto secure feature.Jun 21 2018, 11:19 AM
aheinecke added a commit: rO60b331568188: Simplify isMailResolvable and accept keygen.Jun 21 2018, 1:14 PM
aheinecke added a commit: rO3774434014b9: Fix flicker when locate threads are running.
aheinecke added a commit: rO4213ac0986d7: Set UUID when auto toggling secure.
aheinecke mentioned this in T3944: GpgOL: Qt based config dialog.Jun 25 2018, 8:35 AM
aheinecke changed the task status from Open to Testing.Jul 4 2018, 8:16 AM

This is implemented now and can be turned of in the new config dialog.

JJworx added a comment.Jul 4 2018, 8:51 AM

Hi Andre,

sorry, as a user I'm not sure what that means. Should I test it (which
beta) or is that intern to Intevation?

Jochen

Am 04.07.2018 um 08:17 schrieb aheinecke (Andre Heinecke):

aheinecke changed the task status from "Open" to "Testing".
aheinecke added a comment.

This is implemented now and can be turned of in the new config dialog.

*TASK DETAIL*
https://dev.gnupg.org/T3999

*EMAIL PREFERENCES*
https://dev.gnupg.org/settings/panel/emailpreferences/

*To: *aheinecke

*Cc: *aheinecke, JJworx, Mak, gp_ast

This is an automated email from the GnuPG development hub. If you have
registered in the past at https://bugs.gnupg.org/ your account was
migrated automatically. You can visit https://dev.gnupg.org/ to set a
new password and update your email preferences.

aheinecke added a comment.Jul 4 2018, 9:09 AM

Hi,

changing to testing is our marker for "done in code but not fully tested / released". It helps to keep an overview of the issues which are "done" for the next release.

If I would like you as a user to test I will mention it explicitly which version you could use for testing. Currently there is not yet a public version released with the code for this.

Best Regards,
Andre

JJworx added a comment.Aug 8 2018, 7:45 AM

Hi,

I downloaded GPGwin v3.1.3 beta 20 today. The automatic key fetching fails in my case because we have no WKS. Never heard of that before.

I see no way of setting up such a service at work. First a significant number of people should use GPG. Automation would be good. A vicious cycle...

Can I enter my email & the email of trusted colleagues / contacts into some kind of public (your?) WKS? Can this be done automatically from Kleopatra?

Best regards,

Jochen
aheinecke added a comment.Aug 8 2018, 9:33 AM

No you can not use an "external" Web Key Directory. The point is that the provider (your domain) should be the source of the keys as it already manages the mail account. ( For more info see: https://wiki.gnupg.org/WKD )

For key discovery we might add additional sources in the future, e.g. Mailvelopes authenticating key server but we don't really like the centralization of something like that.

JJworx added a comment.Aug 8 2018, 10:39 AM

But can't I simply use the keys in my local keyring?

Am 08.08.2018 um 09:33 schrieb aheinecke (Andre Heinecke):

aheinecke added a comment.

No you can not use an "external" Web Key Directory. The point is that
the provider (your domain) should be the source of the keys as it
already manages the mail account. ( For more info see:
https://wiki.gnupg.org/WKD )

For key discovery we might add additional sources in the future, e.g.
Mailvelopes authenticating key server but we don't really like the
centralization of something like that.

*TASK DETAIL*
https://dev.gnupg.org/T3999

*EMAIL PREFERENCES*
https://dev.gnupg.org/settings/panel/emailpreferences/

*To: *aheinecke

*Cc: *aheinecke, JJworx, Mak, gp_ast

This is an automated email from the GnuPG development hub. If you have
registered in the past at https://bugs.gnupg.org/ your account was
migrated automatically. You can visit https://dev.gnupg.org/ to set a
new password and update your email preferences.

aheinecke added a comment.Aug 8 2018, 12:24 PM

Sure, this should work, local keys are preferred.

Doesn't it work as expected with your local keys?

JJworx added a comment.Aug 9 2018, 7:39 AM

no. Outlook 2013 reproducably crashes on sending and won't toggle
encryption on.

Am 08.08.2018 um 12:24 schrieb aheinecke (Andre Heinecke):

aheinecke added a comment.

Sure, this should work, local keys are preferred.

Doesn't it work as expected with your local keys?

*TASK DETAIL*
https://dev.gnupg.org/T3999

*EMAIL PREFERENCES*
https://dev.gnupg.org/settings/panel/emailpreferences/

*To: *aheinecke

*Cc: *aheinecke, JJworx, Mak, gp_ast

This is an automated email from the GnuPG development hub. If you have
registered in the past at https://bugs.gnupg.org/ your account was
migrated automatically. You can visit https://dev.gnupg.org/ to set a
new password and update your email preferences.

aheinecke added a comment.Aug 9 2018, 8:36 AM

The crash on send should be avoidable by checking "Disable async encryption" in the options.
Yesterday I got a new OL 2013 test system with which I can reproduce the crash. So that will be fixed or worked around for the next release.

I'm curious though why it does not toggle encryption automatically if this is enabled in the option. If you have a certified key for each recipient it should toggle.

It won't automatically use keys with unknown validity (technically no keys with not at least marginal validity) if they were not obtained by WKD.

If I remember correctly you are using "Always Sign" setting? This might be the problem as the "Always Sign / Encrypt" options are currently treated as manual crypto selection and override the automatism. It would probably make sense to change that so that encrypt is additionally selected automatically if always sign is set.

JJworx added a comment.Aug 9 2018, 9:40 AM

The option you mean is "Disable non-blocking encrypt / sign", correct?
It's english in the german dialogue, btw.

I only have uncertified keys here, guess I'll have to certify them after
all. So that's why the automatic setting failed. I can tell you more
tomorrow.

In the future I'd change the ribbon, so the toggle in sign / encrypt is
automatically visible.

Am 09.08.2018 um 08:36 schrieb aheinecke (Andre Heinecke):

aheinecke added a comment.

The crash on send should be avoidable by checking "Disable async
encryption" in the options.
Yesterday I got a new OL 2013 test system with which I can reproduce
the crash. So that will be fixed or worked around for the next release.

I'm curious though why it does not toggle encryption automatically if
this is enabled in the option. If you have a certified key for each
recipient it should toggle.

It won't automatically use keys with unknown validity (technically no
keys with not at least marginal validity) if they were not obtained by
WKD.

If I remember correctly you are using "Always Sign" setting? This
might be the problem as the "Always Sign / Encrypt" options are
currently treated as manual crypto selection and override the
automatism. It would probably make sense to change that so that
encrypt is additionally selected automatically if always sign is set.

*TASK DETAIL*
https://dev.gnupg.org/T3999

*EMAIL PREFERENCES*
https://dev.gnupg.org/settings/panel/emailpreferences/

*To: *aheinecke

*Cc: *aheinecke, JJworx, Mak, gp_ast

This is an automated email from the GnuPG development hub. If you have
registered in the past at https://bugs.gnupg.org/ your account was
migrated automatically. You can visit https://dev.gnupg.org/ to set a
new password and update your email preferences.

JJworx added a comment.Aug 13 2018, 10:58 AM

With certified keys the automation is working as expected.

Am 09.08.2018 um 08:36 schrieb aheinecke (Andre Heinecke):

aheinecke added a comment.

The crash on send should be avoidable by checking "Disable async
encryption" in the options.
Yesterday I got a new OL 2013 test system with which I can reproduce
the crash. So that will be fixed or worked around for the next release.

I'm curious though why it does not toggle encryption automatically if
this is enabled in the option. If you have a certified key for each
recipient it should toggle.

It won't automatically use keys with unknown validity (technically no
keys with not at least marginal validity) if they were not obtained by
WKD.

If I remember correctly you are using "Always Sign" setting? This
might be the problem as the "Always Sign / Encrypt" options are
currently treated as manual crypto selection and override the
automatism. It would probably make sense to change that so that
encrypt is additionally selected automatically if always sign is set.

*TASK DETAIL*
https://dev.gnupg.org/T3999

*EMAIL PREFERENCES*
https://dev.gnupg.org/settings/panel/emailpreferences/

*To: *aheinecke

*Cc: *aheinecke, JJworx, Mak, gp_ast

This is an automated email from the GnuPG development hub. If you have
registered in the past at https://bugs.gnupg.org/ your account was
migrated automatically. You can visit https://dev.gnupg.org/ to set a
new password and update your email preferences.

aheinecke added a comment.Aug 28 2018, 4:25 PM

With -beta24 the crash on send should also be gone. I've removed the option for the workaround as I expect that it is no longer necessary. (Yeah I'm an Optimist :-P )

aheinecke closed this task as Resolved.Sep 4 2018, 9:00 AM

Gpg4win-3.1.3 was released.

The need for certify will be lessened once we have "automatic trust" ( T4124 ) which is something for the next or one of the next releases.

aheinecke closed subtask T4029: Gpg4win 3.1.3 as Resolved.Sep 4 2018, 9:24 AM