Page MenuHome GnuPG

KMail: Enable checking if OpenPGP encryption is possible by default
Open, WishlistPublic


To get a better crypto usability and show it to more people, MUAs shall check by default if recipients of an emai offer to encrypt to them (by WKD). KMail should change the default and migrate existing accounts (with opt-out).

Here is the upstream report, please discuss details there: (Enable checking if OpenPGP encryption is possible by default)

Event Timeline

Linked from

And here is the list of points to check for good usability, we are talking about C3 (WKD-ready),

aheinecke triaged this task as Wishlist priority.Jul 21 2023, 8:53 AM
aheinecke added a subscriber: aheinecke.

I am not really a fan of this. I can respect this as a wish but it is currently not my vision. What you are really asking is basically that we lead the private users into sending encrypted mails without knowing that they are doing it. This will lead to frustrated users who then blame KMail for their bad user experience.

The user experience of encrypted mails especially in the multi device world we live in and with Backups etc. is just not there. With Gpg4win and GpgOL I see it differently because users there have to explicitly decide that they download Gpg4win and start with encryption. For KMail though GnuPG is always available. Times have changed, private communication in the familiy and for non technical end users is much better handled by messengers. That does not mean that encrypted Mail is dead or so, not at all. But in my opinion and around me people use Mail mostly work work and then the workplace should take care of encryption and and encryption settings, this can give a good user experience. As the workplace then takes care of backups etc.
But "forcing" encryption on users that don't explicitly enable it is not the way forward in my opinion. For signing / sharing public keys etc. this is different. I think we might enable that, but a private user without an administrator should explicitly decide to use encryption and not be "tricked" into it by software.

And any admin worth a pinch of salt can easily change this setting across their organization.

in our study we've found that personal users often did not know that their software is capable of sending encrypted email. I blieve that most of them want a protected communication by default. (I may have seen surveys about this at some time as well.) If the recipient has published their public key, they are indicating that they can receive encrypted email.

Messenger have the major drawback that they are not interoperable and often not decentral. The user experience of modern decentral messengers e.g. based on the Matrix protocol leaves a lot to be desired.

Technically KMail would need to locally save the unencrypted email version, at long as the local user does not have a keypair.

The design of enabling crypto by default is following user experience rules of making a function exploreable.