symmetric email encryption
Hauke Laging
mailinglisten at hauke-laging.de
Fri Jul 18 17:20:27 CEST 2014
Am Fr 18.07.2014, 15:40:34 schrieb Ingo Klöcker:
> > And, quite important: It would not require serious
> > development effort as this possibility is built-in with GnuPGP.
>
> I think you underestimate the development effort.
That is easily possible. But what would have to be done (at least)?
a) You need a new button.
b) Pressing this button would replace
--recipient 0x12345678 --encrypt
by
--symmetric
in gpg terms – I am not familiar with gpgme but for obvious reasons it
has to be quite similar.
> Besides, AFAIK, there is no standard for this.
Of course, there is. Otherwise you would not be asked for a symmetric
password for certain messages, would you?
"gpg --symmetric" is not a GnuPG extension. The OpenPGP RfC covers the
case of "symmetric" encryption (which still is hybrid).
http://tools.ietf.org/html/rfc4880#section-5.3
> > Is there any reason *not* to support symmetric-only encryption in a
> > mail client?
>
> There are plenty of reasons.
I would be satisfied with a single one.
> I already mentioned the lack of a standard.
Yeah
> Then there's the problem of key exchange which you
> completely ignore.
Which I can easily ignore as it is out of the scope of message handling.
How have users ever successfully exchanged encrypted ZIP archives
without ZIP providing an infrastructure for key exchange...? Why does
OpenPGP cover symmetric encryption without providing an infrastructure
for symmetric key exchange...?
Users are capable of exchanging sheets of paper or having phone calls.
The typical ways for safe fingerprint exchange are safe enough for
password exchange, too.
This is not about offering a great new concept to the public but about
making an already existing (on the file level) and easily understandable
feature available for email with very little effort.
> Related to this, you did not answer Robert's
> question "if you already have a secure channel over which you can
> send a key, why not just use that channel for your communications?".
I not only read it but I think that I gave a quite precise reply to
that.
> Instead of support for symmetric encryption I'd rather love to see
There are many features which would be nice to have. What do you think
how many orders of magintude this one is more effort to implement than
my proposal?
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140718/fc781bf9/attachment.sig>
More information about the Gnupg-users
mailing list