symmetric email encryption

Hauke Laging mailinglisten at
Fri Jul 18 17:20:27 CEST 2014

Am Fr 18.07.2014, 15:40:34 schrieb Ingo Klöcker:

> >  And, quite important: It would not require serious
> > development effort as this possibility is built-in with GnuPGP.
> I think you underestimate the development effort.

That is easily possible. But what would have to be done (at least)?

a) You need a new button.

b) Pressing this button would replace

--recipient 0x12345678 --encrypt



in gpg terms – I am not familiar with gpgme but for obvious reasons it 
has to be quite similar.

> Besides, AFAIK, there is no standard for this.

Of course, there is. Otherwise you would not be asked for a symmetric 
password for certain messages, would you?

"gpg --symmetric" is not a GnuPG extension. The OpenPGP RfC covers the 
case of "symmetric" encryption (which still is hybrid).

> > Is there any reason *not* to support symmetric-only encryption in a
> > mail client?
> There are plenty of reasons.

I would be satisfied with a single one.

> I already mentioned the lack of a standard.


> Then there's the problem of key exchange which you
> completely ignore.

Which I can easily ignore as it is out of the scope of message handling. 
How have users ever successfully exchanged encrypted ZIP archives 
without ZIP providing an infrastructure for key exchange...? Why does 
OpenPGP cover symmetric encryption without providing an infrastructure 
for symmetric key exchange...?

Users are capable of exchanging sheets of paper or having phone calls. 
The typical ways for safe fingerprint exchange are safe enough for 
password exchange, too.

This is not about offering a great new concept to the public but about 
making an already existing (on the file level) and easily understandable 
feature available for email with very little effort.

> Related to this, you did not answer Robert's
> question "if you already have a secure channel over which you can
> send a key, why not just use that channel for your communications?".

I not only read it but I think that I gave a quite precise reply to 

> Instead of support for symmetric encryption I'd rather love to see

There are many features which would be nice to have. What do you think 
how many orders of magintude this one is more effort to implement than 
my proposal?

Crypto für alle:
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140718/fc781bf9/attachment.sig>

More information about the Gnupg-users mailing list