Page MenuHome GnuPG
Create Task
Maniphest T7202

Kleopatra: Allow "combined" sign & encrypt of text in Notepad for S/MIME certificates
Open, LowPublic
Actions

Description

In the Notepad it should be possible to sign&encrypt the text with S/MIME certificates.

This idea came up while discussing the merge request https://invent.kde.org/pim/kleopatra/-/merge_requests/176.

Currently, for S/MIME certificates the Notepad allows Sign or Encrypt, but Sign&Encrypt isn't possible. Therefore, the UI for selecting the signing and encryption certificates disables the selection of encryption certificates if the Sign checkbox is checked and vice versa. Technically, I see no reason for this. If a text in the Notepad can be signed with S/MIME and can be encrypted with S/MIME then it's also possible to first encrypt the text with S/MIME and then sign the (armored) result with S/MIME. Recipients will be able to reverse this easily.

I think it would be best if the combined signing and encryption would be handled by a GpgME job (probably best with an S/MIME-specific "copy" of QGpgMESignEncryptJob).

Related Objects
Search...

Event Timeline

ikloecker created this task.Jul 17 2024, 9:59 AM
aheinecke triaged this task as Low priority.Jul 23 2024, 2:37 PM
aheinecke added a subscriber: aheinecke.

We had discussed this several times in the past as this is similar for files. Like you could do an opaque signing and encrypt for files, the same you can do it for text here. But as I remember it the end result was mostly that since the proper solution would be for GnuPG to support that T2435: gpgsm combined sign and encrypt it should be done in GnuPG proper. And we really did not have any real usecase of S/MIME file and text encryption since S/MIME was even more then OpenPGP about Mails for the Gpg4win users.

But nowadays I see things differently, as we have multipart/signed wrapped by multpart/encrypted and do decrypt and verify in two steps for mail, I do not see why this should not be the same for Files and clipboard data. Still I would say this has low priority since we don't really have complaints about this and there is always the Option to use PGP anyway :-P

ikloecker closed subtask T7203: GpgME: Implement S/MIME-specific variant of QGpgMESignEncryptJob as Wontfix.Jul 23 2024, 5:37 PM