symmetric email encryption

Ingo Klöcker kloecker at kde.org
Fri Jul 18 15:40:34 CEST 2014 

On Friday 18 July 2014 02:03:24 Hauke Laging wrote:
> Hello,
> 
> is there any OpenPGP mail client which supports symmetric encryption?

KMail does not. At least, KMail does not support creating such messages. 
It's possible that KMail would be able to read such messages since the 
decryption is delegated to gpgme. And for the odd message (containing an 
inline PGP MESSAGE block) sent to this list gpg-agent asks for a 
symmetric encryption password when I open the message in KMail.


> I think that would be a nice feature for recipients who don't have an
> asymmetric key (those 99%). Many new communication systems have a
> fallback option for symmetric encryption in case the preferred way is
> unavailable. And, quite important: It would not require serious
> development effort as this possibility is built-in with GnuPGP.

I think you underestimate the development effort. Besides, AFAIK, there 
is no standard for this.


> Anyone
> using Linux (and a mail client with OpenPGP support) could use that
> directly. The others would just have to install e.g. Gpg4win and
> Enigmail but would not have to configure it.
> 
> Is there any reason *not* to support symmetric-only encryption in a
> mail client?

There are plenty of reasons. I already mentioned the lack of a standard. 
Then there's the problem of key exchange which you completely ignore. 
Related to this, you did not answer Robert's question "if you already 
have a secure channel over which you can send a key, why not just use 
that channel for your communications?".


Instead of support for symmetric encryption I'd rather love to see 
automatic asymmetric encryption to be added to mail clients: OpenPGP 
keys are created and uploaded to some key server automatically, and they 
are looked up and used automatically (e.g. with trust-on-first-sight 
similar to SSH keys) when sending a message. I'd prefer this to be done 
in an opt-out fashion, i.e. unless the user explicitly tells the mail 
client not to do it, the mail client would simply do it.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140718/03d65854/attachment.sig>

More information about the Gnupg-users mailing list