Page MenuHome GnuPG

automatically turn on/offer encryption if recipients' keys are known
Closed, ResolvedPublic

Description

As very little of my recipients use encryption, I normally do remember to turn on encryption for them. But sometimes I forget. Encryption always preselected is much more of a problem.

So I'd like an algorithm that checks if all recipients' keys are known and automatically turns on/offers encryption. And turns it off again if the recipients are changed to non-key ones.

If this is too difficult, I'd like an algorithm that checks just the first recipient once and turns on/offers encryption if that recipient's key is known. This would work in 99% of my cases. I guess this makes my request new if I missed an old request for the same thing.

Details

Version
Gpg4win 3.1.1; gpgol.dll 2.1.2 beta 5

Event Timeline

JJworx updated the task description. (Show Details)
aheinecke triaged this task as Wishlist priority.
aheinecke added a subscriber: aheinecke.

Yes, this is actually pretty high on the wishlist but AFAIK there was not yet a task for this.

We want to improve automatic encryption more so this makes a lot of sense.

aheinecke changed the task status from Open to Testing.Jul 4 2018, 8:16 AM

This is implemented now and can be turned of in the new config dialog.

Hi Andre,

sorry, as a user I'm not sure what that means. Should I test it (which
beta) or is that intern to Intevation?

Jochen

Am 04.07.2018 um 08:17 schrieb aheinecke (Andre Heinecke):

aheinecke changed the task status from "Open" to "Testing".
aheinecke added a comment.

This is implemented now and can be turned of in the new config dialog.

*TASK DETAIL*
https://dev.gnupg.org/T3999

*EMAIL PREFERENCES*
https://dev.gnupg.org/settings/panel/emailpreferences/

*To: *aheinecke

*Cc: *aheinecke, JJworx, Mak, gp_ast

This is an automated email from the GnuPG development hub. If you have
registered in the past at https://bugs.gnupg.org/ your account was
migrated automatically. You can visit https://dev.gnupg.org/ to set a
new password and update your email preferences.

Hi,

changing to testing is our marker for "done in code but not fully tested / released". It helps to keep an overview of the issues which are "done" for the next release.

If I would like you as a user to test I will mention it explicitly which version you could use for testing. Currently there is not yet a public version released with the code for this.

Best Regards,
Andre

Hi,

I downloaded GPGwin v3.1.3 beta 20 today. The automatic key fetching fails in my case because we have no WKS. Never heard of that before.

I see no way of setting up such a service at work. First a significant number of people should use GPG. Automation would be good. A vicious cycle...

Can I enter my email & the email of trusted colleagues / contacts into some kind of public (your?) WKS? Can this be done automatically from Kleopatra?

Best regards,

Jochen

No you can not use an "external" Web Key Directory. The point is that the provider (your domain) should be the source of the keys as it already manages the mail account. ( For more info see: https://wiki.gnupg.org/WKD )

For key discovery we might add additional sources in the future, e.g. Mailvelopes authenticating key server but we don't really like the centralization of something like that.

But can't I simply use the keys in my local keyring?

Am 08.08.2018 um 09:33 schrieb aheinecke (Andre Heinecke):

aheinecke added a comment.

No you can not use an "external" Web Key Directory. The point is that
the provider (your domain) should be the source of the keys as it
already manages the mail account. ( For more info see:
https://wiki.gnupg.org/WKD )

For key discovery we might add additional sources in the future, e.g.
Mailvelopes authenticating key server but we don't really like the
centralization of something like that.

*TASK DETAIL*
https://dev.gnupg.org/T3999

*EMAIL PREFERENCES*
https://dev.gnupg.org/settings/panel/emailpreferences/

*To: *aheinecke

*Cc: *aheinecke, JJworx, Mak, gp_ast

This is an automated email from the GnuPG development hub. If you have
registered in the past at https://bugs.gnupg.org/ your account was
migrated automatically. You can visit https://dev.gnupg.org/ to set a
new password and update your email preferences.

Sure, this should work, local keys are preferred.

Doesn't it work as expected with your local keys?

no. Outlook 2013 reproducably crashes on sending and won't toggle
encryption on.

Am 08.08.2018 um 12:24 schrieb aheinecke (Andre Heinecke):

aheinecke added a comment.

Sure, this should work, local keys are preferred.

Doesn't it work as expected with your local keys?

*TASK DETAIL*
https://dev.gnupg.org/T3999

*EMAIL PREFERENCES*
https://dev.gnupg.org/settings/panel/emailpreferences/

*To: *aheinecke

*Cc: *aheinecke, JJworx, Mak, gp_ast

This is an automated email from the GnuPG development hub. If you have
registered in the past at https://bugs.gnupg.org/ your account was
migrated automatically. You can visit https://dev.gnupg.org/ to set a
new password and update your email preferences.

The crash on send should be avoidable by checking "Disable async encryption" in the options.
Yesterday I got a new OL 2013 test system with which I can reproduce the crash. So that will be fixed or worked around for the next release.

I'm curious though why it does not toggle encryption automatically if this is enabled in the option. If you have a certified key for each recipient it should toggle.

It won't automatically use keys with unknown validity (technically no keys with not at least marginal validity) if they were not obtained by WKD.

If I remember correctly you are using "Always Sign" setting? This might be the problem as the "Always Sign / Encrypt" options are currently treated as manual crypto selection and override the automatism. It would probably make sense to change that so that encrypt is additionally selected automatically if always sign is set.

The option you mean is "Disable non-blocking encrypt / sign", correct?
It's english in the german dialogue, btw.

I only have uncertified keys here, guess I'll have to certify them after
all. So that's why the automatic setting failed. I can tell you more
tomorrow.

In the future I'd change the ribbon, so the toggle in sign / encrypt is
automatically visible.

Am 09.08.2018 um 08:36 schrieb aheinecke (Andre Heinecke):

aheinecke added a comment.

The crash on send should be avoidable by checking "Disable async
encryption" in the options.
Yesterday I got a new OL 2013 test system with which I can reproduce
the crash. So that will be fixed or worked around for the next release.

I'm curious though why it does not toggle encryption automatically if
this is enabled in the option. If you have a certified key for each
recipient it should toggle.

It won't automatically use keys with unknown validity (technically no
keys with not at least marginal validity) if they were not obtained by
WKD.

If I remember correctly you are using "Always Sign" setting? This
might be the problem as the "Always Sign / Encrypt" options are
currently treated as manual crypto selection and override the
automatism. It would probably make sense to change that so that
encrypt is additionally selected automatically if always sign is set.

*TASK DETAIL*
https://dev.gnupg.org/T3999

*EMAIL PREFERENCES*
https://dev.gnupg.org/settings/panel/emailpreferences/

*To: *aheinecke

*Cc: *aheinecke, JJworx, Mak, gp_ast

This is an automated email from the GnuPG development hub. If you have
registered in the past at https://bugs.gnupg.org/ your account was
migrated automatically. You can visit https://dev.gnupg.org/ to set a
new password and update your email preferences.

With certified keys the automation is working as expected.

Am 09.08.2018 um 08:36 schrieb aheinecke (Andre Heinecke):

aheinecke added a comment.

The crash on send should be avoidable by checking "Disable async
encryption" in the options.
Yesterday I got a new OL 2013 test system with which I can reproduce
the crash. So that will be fixed or worked around for the next release.

I'm curious though why it does not toggle encryption automatically if
this is enabled in the option. If you have a certified key for each
recipient it should toggle.

It won't automatically use keys with unknown validity (technically no
keys with not at least marginal validity) if they were not obtained by
WKD.

If I remember correctly you are using "Always Sign" setting? This
might be the problem as the "Always Sign / Encrypt" options are
currently treated as manual crypto selection and override the
automatism. It would probably make sense to change that so that
encrypt is additionally selected automatically if always sign is set.

*TASK DETAIL*
https://dev.gnupg.org/T3999

*EMAIL PREFERENCES*
https://dev.gnupg.org/settings/panel/emailpreferences/

*To: *aheinecke

*Cc: *aheinecke, JJworx, Mak, gp_ast

This is an automated email from the GnuPG development hub. If you have
registered in the past at https://bugs.gnupg.org/ your account was
migrated automatically. You can visit https://dev.gnupg.org/ to set a
new password and update your email preferences.

With -beta24 the crash on send should also be gone. I've removed the option for the workaround as I expect that it is no longer necessary. (Yeah I'm an Optimist :-P )

Gpg4win-3.1.3 was released.

The need for certify will be lessened once we have "automatic trust" ( T4124 ) which is something for the next or one of the next releases.