Am I correct that the reason for the speed up is that it can use a second CPU's engine. If there is a real performance improvement here, we should add this for example using a --compatibility-flag. This way we can gather experience and eventually make it the default. The compatibility flags won't introduce an API incompatibility.

I found this important to do because the SHA-256 results from your test looked extremly slow.

For comparison here are my benchmark results on the same system. Once on Linux 64 bit and once on W32 and once with W64. All runs are native to exclude any virtualization issues.

Updated the patch:

I see little value in viewing emails in Okular. People often want to reply to emails so they need an email client anyway. Or shall Okular get a composer and save the composed email (of course with signing and encryption) to disk so that people can give their reply to their correspondents on a USB stick because that's more secure than using an email server? I suppose it makes sense for spies. ;-)

Thanks! I thought about that when I saw Werner's change in gpg, but would probably have forgotten to actually change it in Kleopatra.

Yes, this might make sense to have a library for the core parsing / reparsing part and then maybe some widgets in Libkleo that could be used to show the information. So that we could in theory create a small executable that just instantiates a libkleo widget to show a MIME mail and Kleopatra could use that then, too. But for clients like Kalendar which don't necessarily use QWidgets it is porbably better to have this split out.

Note: The gpgsm engine of GpgME supports the offline flag (which maps to --disable-dirmngr) only for keylist operations. gpgsm_import doesn't even have an engine_flags argument.

works, I did not encounter the issue following the description

works. So gpgtar obviously knows about the filenames now, too

as this task is for a technical restructuring task, which is obviously done and works, closing this ticket.

Note that Kleopatra has code that should take care of removing a left-over file. See also T6530#172608.

works, the processes are stopped.
For the removal of the unfinished archive on cancelling encryption see T6584.

I also thought that it might be useful to set the subject as filename (not the mime filename but the encrypted PGP filename)

On the command line:

gpgtar -v --status-fd 2 -er Ted -s -o tt.tar.gpg tiefer_test

leaves a .tar.gpg file behind, too, if

• you kill it with CTRL-C
• if you call it without -s and stop the gpgtar.exe process in the task manager
• if you call it with -s and give the correct password

This does not seem to work as I understood it. Just naively adding a setEncoding(GPGME::MimeEncoding) on the output GPGME Data object resulted in an empty file. So this needs a bit more analysis.

I'm wondering why I don't see something like

org.kde.pim.kleopatra: slotResult Removing output file ... after error or cancel

in the debug output. It should be output whenever the signing and/or encryption job ended with a non-zero error code and the output file exists. (See commit on 22 June).

On Windows the process is stopped but you end up with a too small archive.
If you cancel immediately (presumably as long as the file still has size 0) it is removed, though.

I did a little bit of testing with okular, and it kind of gives similar numbers.

In T6199#172571, @CarlSchwan wrote:

I started working on it. Current progress, I managed to move the mimetreeparser/partmodel from kalendar to libkleo and removed the few akonadi bits.

This will still more work to bring back the massive amount of unit tests. I'm also seriously considering to instead of moving this code to libkleo to instead create a new library with this and then have Kleopatra, kalendar, kube use it (and kmail too in the future but that would require a lot more work).

This is a patch for master (which uses nPth for gpg):

I'm trying to use a thread for computation of hashing. It works, but no performance gain, due to nPth.
I do:

npth_unprotect ();
gcry_md_write (mfx->md, mfx->buf, mfx->written);
npth_protect ();

to expect hashing is done in parallel.

Thanks. Wouldn't that require OpenLDAP on every system with gnupg?

Kleopatra should autodetect email messages if passed on the command line or opened via the file dialog. I think Kleopatra should accept any email even if not encrypted. I'm not so sure whether Kleopatra should become an application that offers its service for any email messages if there are proper MIME types for MIME-encrypted or MIME-signed emails.

In T6199#172571, @CarlSchwan wrote:

This will still more work to bring back the massive amount of unit tests. I'm also seriously considering to instead of moving this code to libkleo to instead create a new library with this and then have Kleopatra, kalendar, kube use it (and kmail too in the future but that would require a lot more work).

I started working on it. Current progress, I managed to move the mimetreeparser/partmodel from kalendar to libkleo and removed the few akonadi bits.

Ready for testing. I could view a signed PDF and verify the signature with the gpg backend, but other things may not work because of missing dependencies.

It turned out that my pinentry reported "fully canceled" on Cancel (see T6491: Pinentry-Qt: Password prompt for each subkey if password change is cancelled) which made gpg output nothing.

Tested and works now for me as expected. Thanks.

The original reporter mentioned that this only occurs when called from kleo. But let me recheck.

Also done for 2.2.

Actually it has been fixed for the PBES2 case in 2.2 and 2.4. PBES2 is used with AES128 and AES256. I doubt that there is any value in adding such support for the legacy RC2 and 3DES methods.

Same for the backport to 2.2 which uses the same test suite.

This has long been implemented due to the backport of the P12 parser and the recent rewrite of it.

gpg --export-secret-subkeys --armor 704769B8D5C15319A27C74BBB47052506607DA6E confirms that gpg 2.4.1-beta21 outputs nothing if the password entry is canceled.

Of course, it's about right clicking the encryption subkey. That's what I tested. Anyway, cancel wasn't handled properly. Now it is.

In T5755#172514, @ikloecker wrote:

I cannot reproduce the problem with Cancel. When I try this, I get the error "The result of the export is empty." and nothing is written to disk. I'm using GnuPG 2.4.

Anyway, handling of cancel was indeed missing.

Just a quick caveat: Save all attachments works really bad with complex message structures. If we now offer the option to delete all attachments after saving them this could have desastrous effects, i.e. the user could end up with unusable MIME-parts on their disk. I don't remember when I noticed this. Maybe with attached email messages, maybe with signed/encrypted messages, maybe with a combination of both.

The expiry checker checks for expiry. It doesn't and shouldn't do anything else.

I cannot reproduce the problem with Cancel. When I try this, I get the error "The result of the export is empty." and nothing is written to disk. I'm using GnuPG 2.4.

We should make building with LDAP mandatory.

It seemed I was wrong that it is due to buffering.
In the use case of --sign and --encrypt, hashing is done with IOBUF's 64KiB buffer (already).

I observed the benchmark by libgcrypt (Windows emulation 32-bit on Debian):