A common usecase for one of our customers is that they take an archive, extract it, edit a file in it and then re-encrypt that folder.

The wish is that it should be easier to then select the recipients that the original archive was extracted to.

To discuss this and collect ideas this issue is intended which we might then split into subtasks.

My current Idea is the following:

1. Add a checkbox in the file encrypt dialog, in the signing group "include recipient certificates" probably even default on.
2. This should then add a (file attribute hidden) recipients.kgrp" file with the recipient keys and include it in the archive. So all recipient certificates are included in the encrypted file.
   1. The recipients.kgrp is a fixed name and shall be signed, too.
3. Add an option with default on: "Select original recipients if possible."
   1. This will verify the signature of the specially named .kgrp file and if it the signature is valid import the keys from the file.
   2. The keys will then be prefilled as recipients when the folder is re encrypted.

--> The validity of the keys would not be affected. So an untrusted / non compliant icon would be shown for untrusted certificates.

For single files I am thinking of placing a a hidden file with the recipients next to the file. So with test.docx you would have a hidden "test.docx.rcps" lying next to the decrypted text. Docx and the other behavior simiarly with archives.