From bernhard at intevation.de Mon Apr 2 19:04:40 2007 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 2 Apr 2007 19:04:40 +0200 Subject: Usuability feedback (mainly) for KDE Kleopatra Message-ID: <200704021904.45127.bernhard@intevation.de> During the fifth kdepim meeting in Osnabr?ck this January I have gathered feedback about the KDE clients behavior about crypto. Beside that a real tutorial still is missing, the hypothesis was, that is was way to difficult to get S/MIME working with KMail. In the best tradition of doing real work, we sat down and went through it. Here is a valuable feedback document. I think we should try to improve the mentioned situation and at least discuss the feedback. Would it be good to create issues? If so, in which tracker? Best, Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- ?gypten Usability. Feedback mainly from Martin Konold during the KDEpim Osnabr?ck meeting Jan 2007. Also from Bernhard Reiter and Ingo Kl?cker. Mainly about the KDE gui, aka Kleopatra and KMail interactions. Tested against Debian Sarge Packages (proko2 2.1.6) with LANG=de_DE at euro. 2007-01-13 Mainly about key generation and the wizard for it. 1) Screen about personal data. a) it misses an explanation for the "*" that some attributes have. (It probably means: is MUST attribute) b) the CN should be explained better as it is unclear that most people would enter their christian and surname in there or whatever their CA's policy is. 2) Screen about "decentral key generation". a) "decentral" should be explained a bit further. b) The button that needs to be pressed before you can progress really breaks the flow. Maybe just using "next" would be better and saving one button c) It is odd that "back" is not allowed after key generation. d) The button for broken CAs leaves the user quite helpless, at least a tooltip is needed that gives a recommendation "Activate only if your CA explicitely demands this old format". 3) screen about parameters a) this output is useful to the common user, should be in a more useful format. It is internal and better would be a text representation. b) the Text "Bitte kontrollieren Sie das untenstehende Zertifikat" (please check the certificate below) is missleading as the parameters do not constitute a certificate not even clearly identifying one. 4) Wish: Aliases should be configured for the certificate right away. 5) During creating of the certification while three pinentry dialogs come up. The progresss dialog is somehow not really nice as the uppopping pinentry dialogs obstruct the flow and the progress dialog might look stopped. 6) Unreproducable, so just report for documentation a) At one point we could go to the "next" without having filled in an email address and then we could not go back to change it (I do not know anymore which screen it was and could not reproduce.) 7) Strange dirmngr started when sending of the request to ca at intevation.de. No idea why as the email itself was not signed nor encrypted nor anything, just the smime.p10 attachment. 2007-01-014 i) Wish: Importing keys should get a more detailed output. It is true that sometimes it is not clear what was imported. ii) Kleopatra: When selecting a range of keys and doing a "validation" the text in the lower status bar says "Schl?ssel holen ..." (Fetching keys...) This is missleading as there is no key fetched usually as far as I know, but the keychain is evaluated and the crls downloaded if necessary. iii) Configuration dirmngr: Some of those options should be rephrased positively, aka "allow LDAP" instead of "inhibit the use of LDAP". and then of course the default be marked. iv) Display of date. In German locale, some dates were still displayed in the iso format aka 2006-12-24, this should be localised. a) in the passphrase dialog for openpgp: please enter.. "erzeugt 2006-12-24", should be "erzeut 24.12.2006". b) in the message heads. a test with the version Kontact: 1.0 (proko2 branch after 2.1.6), Revision 645321. Debian Sarge (ppc) with KDE: 3.3.2 Qt: 3.3.4 shows that the date is okay, but it reads in S/MIME as Die Nachricht wurde von CN=Bernhard Reiter,O=Intevation GmbH,C=DE auf 02.03.2007 14:29 mit dem Schl?ssel 0x8749F05371C3410C signiert. it should be "am 02.03.2007" v) Display of received signed smime email: When the email address deviates from the one in the certificate a) "Achtung: Die E-Mail-Adresse des Absenders wurde nicht in dem certificate gespeichert," [..] "certificate" should be translated. b) The message is green, though it contains a warning "Attention:". Maybe we could make this part of the message colored differently so the warning can be seen more clearly. I am suggesting a colored frame around the warning, but inside the green frame, because after all you are trusting the key. vi) KMail, Display of received smime email: It always says "message" while it sometimes actually is a message part. Example: send an email, attach two files and only sign the second one (but not the total email). The resulting email has one signed message part in the middle, but this one is green and its frame has "signed Message" in it. Should be "message part". -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1310 bytes Desc: not available Url : /pipermail/attachments/20070402/fabe5ad7/attachment-0001.bin From georg.emberger at gmx.at Fri Apr 13 13:40:31 2007 From: georg.emberger at gmx.at (Georg Emberger) Date: Fri, 13 Apr 2007 13:40:31 +0200 Subject: autochange of signs Message-ID: <200704131340.31944.georg.emberger@gmx.at> Hy all, I have a question - if I am writing an eMail in KMail and I want to change some signs automatically (germans have their strange "Umlaute" like ? ? ?... they should be changed to some international AE OE or UE) - how I can manage it? From Outlook I know, there is such a thing like "autokorrektur" in KMail it is not possible... is there annother possibility? Greetings from Graz, -- Georg Emberger From bernhard at intevation.de Fri Apr 13 17:53:22 2007 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri, 13 Apr 2007 17:53:22 +0200 Subject: autochange of signs In-Reply-To: <200704131340.31944.georg.emberger@gmx.at> References: <200704131340.31944.georg.emberger@gmx.at> Message-ID: <200704131753.29974.bernhard@intevation.de> Hi Georg, On Friday 13 April 2007 13:40, Georg Emberger wrote: > I have a question - if I am writing an eMail in KMail and I want to change > some signs automatically (germans have their strange "Umlaute" like ? ? > ?... they should be changed to some international AE OE or UE) - how I can > manage it? > > From Outlook I know, there is such a thing like "autokorrektur" in KMail it > is not possible... is there annother possibility? best is to ask this the KMail people. One way to do it is the https://mail.kde.org/mailman/listinfo/kdepim-users mailinglists. Best, Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1310 bytes Desc: not available Url : /pipermail/attachments/20070413/553ceeef/attachment.bin From wk at gnupg.org Fri Apr 13 18:08:16 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 13 Apr 2007 18:08:16 +0200 Subject: autochange of signs In-Reply-To: <200704131340.31944.georg.emberger@gmx.at> (Georg Emberger's message of "Fri\, 13 Apr 2007 13\:40\:31 +0200") References: <200704131340.31944.georg.emberger@gmx.at> Message-ID: <87lkgwcl5b.fsf@wheatstone.g10code.de> On Fri, 13 Apr 2007 13:40, georg.emberger at gmx.at said: > I have a question - if I am writing an eMail in KMail and I want to change > some signs automatically (germans have their strange "Umlaute" like ? ? ?... > they should be changed to some international AE OE or UE) - how I can manage You should never do that! The times of plain 7 bit ASCII are loooooong ago. For about two decades transparent 8 bit encoding has been implemented nearly everywhere. The encoding used is Latin-1 (ISO-8859-1) and sufficient for all Western Europe languages. MIME is also pretty old and defines standard ways of encoding all kinds of encodings. The most common case is quoted-printable encoding and all MUAs today handle this really well. In fact since a few years the UTF-8 encoding is gaining more and more acceptance and all modern mailers use this as default. UTF-8 is the clean way of encoding all character sets as it is a way of encoding Unicode - UTF-8 is upward compatible to plain old ASCI (ISO-646). Remember that there are only a few hundred million people who can get around with ASCII; but some billions need to use a more complex characters set. If you still want to butcher our Umlauts, you may run sed over the text. Something like: sed 's/?/ae/g; s/?/oe/g; s/?/ue/g' Gnus has a way to run external commands like sed over its message buffer; I guess Kmail has such a feature too. Salam-Shalom, Werner From kloecker at kde.org Fri Apr 13 20:45:34 2007 From: kloecker at kde.org (Ingo =?utf-8?q?Kl=C3=B6cker?=) Date: Fri, 13 Apr 2007 20:45:34 +0200 Subject: autochange of signs In-Reply-To: <87lkgwcl5b.fsf@wheatstone.g10code.de> References: <200704131340.31944.georg.emberger@gmx.at> <87lkgwcl5b.fsf@wheatstone.g10code.de> Message-ID: <200704132045.38810@erwin.ingo-kloecker.de> On Friday 13 April 2007 18:08, Werner Koch wrote: > On Fri, 13 Apr 2007 13:40, georg.emberger at gmx.at said: > > I have a question - if I am writing an eMail in KMail and I want to > > change some signs automatically (germans have their strange > > "Umlaute" like ? ? ?... they should be changed to some > > international AE OE or UE) - how I can manage > [snip] > > If you still want to butcher our Umlauts, you may run sed over the > text. Something like: > > sed 's/?/ae/g; s/?/oe/g; s/?/ue/g' > > Gnus has a way to run external commands like sed over its message > buffer; I guess Kmail has such a feature too. Actually, KMail doesn't have such a feature. (You can run a script on the already sent message, but not on the to-be-sent message.) Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20070413/e839fce7/attachment.pgp From georg.emberger at gmx.at Sat Apr 14 07:46:50 2007 From: georg.emberger at gmx.at (Georg Emberger) Date: Sat, 14 Apr 2007 07:46:50 +0200 Subject: autochange of signs In-Reply-To: <87lkgwcl5b.fsf@wheatstone.g10code.de> References: <200704131340.31944.georg.emberger@gmx.at> <87lkgwcl5b.fsf@wheatstone.g10code.de> Message-ID: <200704140746.50904.georg.emberger@gmx.at> Thank your for answering, I decidet nothing to change. It is simply so, that you find sometimes in www text who is not correct encodet... I thought to make letters, text ect. preserved for eternitys it would be usefull to take a basic code. Georg Am Freitag, 13. April 2007 schrieb Werner Koch: > On Fri, 13 Apr 2007 13:40, georg.emberger at gmx.at said: > > I have a question - if I am writing an eMail in KMail and I want to > > change some signs automatically (germans have their strange "Umlaute" > > like ? ? ?... they should be changed to some international AE OE or UE) - > > how I can manage > > You should never do that! > > The times of plain 7 bit ASCII are loooooong ago. For about two decades > transparent 8 bit encoding has been implemented nearly everywhere. The > encoding used is Latin-1 (ISO-8859-1) and sufficient for all Western > Europe languages. MIME is also pretty old and defines standard ways of > encoding all kinds of encodings. The most common case is > quoted-printable encoding and all MUAs today handle this really well. > > In fact since a few years the UTF-8 encoding is gaining more and more > acceptance and all modern mailers use this as default. UTF-8 is the > clean way of encoding all character sets as it is a way of encoding > Unicode - UTF-8 is upward compatible to plain old ASCI (ISO-646). > Remember that there are only a few hundred million people who can get > around with ASCII; but some billions need to use a more complex > characters set. > > If you still want to butcher our Umlauts, you may run sed over the > text. Something like: > > sed 's/?/ae/g; s/?/oe/g; s/?/ue/g' > > Gnus has a way to run external commands like sed over its message > buffer; I guess Kmail has such a feature too. > > > Salam-Shalom, > > Werner From kloecker at kde.org Wed Apr 18 21:40:28 2007 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Wed, 18 Apr 2007 21:40:28 +0200 Subject: Fwd: KMail does not decrypt SMIME Message-ID: <200704182140.32202@erwin.ingo-kloecker.de> Hi! I'm forwarding your message to gpa-dev at gnupg.org where the GnuPG experts reside. Regards, Ingo ---------- Forwarded Message ---------- Subject: KMail does not decrypt SMIME Date: Tuesday 17 April 2007 21:39 From: M Hoeller To: kmail-devel at kde.org Hello, I have a problem to decrypt Mails which are encrypted with SMIME / x.509. I have: successfully set up OpenPGP to en- and decrypt and have validated this with others. Also I can sign and encrypt mails with my x.509 certificat from CAcert.org. Others can decrypt the mails I have encrypted and signed. BUT i can not decrypt mails which others have encrypted with x.509. I always get the message: message decryption failed: unsupported algorithm RC2. I have attatched the log from gpgsm. I use gpgsm 1.9.22 which does not support RC2 due to patent issues, and RC2 is outdated anyway. I have KMail 1.9.6 with kde 3.5.6 release 64.1 and a openSUSE 10.2. Since one of the senders use Thunderbird 1.5.0.10 I come to the impression that it is NOT that I receive RC2 (Thunderbird in this version does not send RC2 but 3DES afaik). On the other hand gpgsm throws the error only when the algorithm is truely indentyvied: Look at the error handling code: ? ? ? ? ? ? ? rc = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); ? ? ? ? ? ? ? log_error ("unsupported algorithm `%s'\n", algoid? algoid:"?"); ? ? ? ? ? ? ? if (algoid && !strcmp (algoid, "1.2.840.113549.3.2")) ? ? ? ? ? ? ? ? log_info (_("(this is the RC2 algorithm)\n")); How everI have also to look at my configuration and this is still a miracle to me. Is there some where step by step how to install / check kmail/kleopatra and the gpgME setup? I have used guessing to set up and this is never good. On the other hand I did not find a good source of information. It would be really great if someone could, please. Post a quick list of what to check. One of the questions is if I should use the dirmgr or gpg-agent? I also commit that I have poor knowledge here and that I want to get this improved, though I really did not find single place which describes how the things link to gether. Here is the data I am refering to: User-Agent: Thunderbird 1.5.0.10 (X11/20070306) MIME-Version: 1.0 X-Enigmail-Version: 0.94.0.0 OpenPGP: id=BDD13B90; url=http://tinyurl.com/5d8mm Content-Type: application/x-pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7m" Content-Description: S/MIME Encrypted Message gpgsm log: 4 - 2007-04-16 21:32:46 gpgsm[7623.0x8084a98] DBG: <- DECRYPT 4 - 2007-04-16 21:32:46 gpgsm[7623]: unsupported algorithm `1.2.840.113549.3.2' 4 - 2007-04-16 21:32:46 gpgsm[7623]: (Dies ist der RC-2 Algorithmus) 4 - 2007-04-16 21:32:46 gpgsm[7623.0x8084a98] DBG: -> S ERROR decrypt.algorithm 50331732 1.2.840.113549.3.2 4 - 2007-04-16 21:32:46 gpgsm[7623.0x8084a98] DBG: -> S DECRYPTION_FAILED 4 - 2007-04-16 21:32:46 gpgsm[7623]: message decryption failed: Nicht unterst?tztes Verfahren 4 - 2007-04-16 21:32:46 gpgsm[7623.0x8084a98] DBG: -> ERR 50331732 Nicht unterst?tztes Verfahren 4 - 2007-04-16 21:32:47 gpgsm[7623.0x8084a98] DBG: <- BYE Thanks a lot and have a nice day Michael _______________________________________________ KMail developers mailing list KMail-devel at kde.org https://mail.kde.org/mailman/listinfo/kmail-devel ------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20070418/e6ae1163/attachment.pgp From bernhard at intevation.de Thu Apr 19 11:08:37 2007 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu, 19 Apr 2007 11:08:37 +0200 Subject: Fwd: KMail does not decrypt SMIME In-Reply-To: <200704182140.32202@erwin.ingo-kloecker.de> References: <200704182140.32202@erwin.ingo-kloecker.de> Message-ID: <200704191108.40787.bernhard@intevation.de> On Wednesday 18 April 2007 21:40, Ingo Kl?cker wrote: > I'm forwarding your message to gpa-dev at gnupg.org where the GnuPG experts > reside. > ---------- Forwarded Message ---------- > Subject: KMail does not decrypt SMIME > Date: Tuesday 17 April 2007 21:39 > From: M Hoeller > To: kmail-devel at kde.org > I have a problem to decrypt Mails which are encrypted with SMIME / > x.509. > > I have: successfully set up OpenPGP to en- and decrypt and have > validated this with others. > > Also I can sign and encrypt mails with my x.509 certificat from > CAcert.org. Others can decrypt the mails I have encrypted and signed. > > BUT i can not decrypt mails which others have encrypted with x.509. > I always get the message: message decryption failed: unsupported > algorithm RC2. I have attatched the log from gpgsm. > > I use gpgsm 1.9.22 which does not support RC2 due to patent issues, > and RC2 is outdated anyway. I have KMail 1.9.6 with kde 3.5.6 release > 64.1 and a openSUSE 10.2. > > Since one of the senders use Thunderbird 1.5.0.10 I come to the > impression that it is NOT that I receive RC2 (Thunderbird in this > version does not send RC2 but 3DES afaik). > On the other hand gpgsm throws the error only when the algorithm is > truely indentyvied: > > Look at the error handling code: > ? ? ? ? ? ? ? rc = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); > ? ? ? ? ? ? ? log_error ("unsupported algorithm `%s'\n", algoid? > algoid:"?"); > ? ? ? ? ? ? ? if (algoid && !strcmp (algoid, "1.2.840.113549.3.2")) > ? ? ? ? ? ? ? ? log_info (_("(this is the RC2 algorithm)\n")); > > > How everI have also to look at my configuration and this is still a > miracle to me. > > Is there some where step by step how to install / check > kmail/kleopatra and the gpgME setup? I have used guessing to set up > and this is never good. On the other hand I did not find a good > source of information. To further track down this problem, you should try to seperate the the problem between frontend (KMail) and cryptoback end. Try to save the smime.p7m that you have got to a file with KMail and then decode it with gpgsm --decrypt -v on the command line. If this does also not work, you know that KMail is out of the picture. > One of the questions is if I should use the dirmgr or gpg-agent? Both. gpg-agent does the secret key work and might cache your passphrase for instance. dirmngr fetches the public certification revocation lists. > I also commit that I have poor knowledge here and that I want to get > this improved, though I really did not find single place which > describes how the things link to gether. http://www.gnupg.org/aegypten/ (and aegpyten2). > > Here is the data I am refering to: > > User-Agent: Thunderbird 1.5.0.10 (X11/20070306) > MIME-Version: 1.0 > X-Enigmail-Version: 0.94.0.0 > OpenPGP: id=BDD13B90; url=http://tinyurl.com/5d8mm > Content-Type: application/x-pkcs7-mime; name="smime.p7m" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; filename="smime.p7m" > Content-Description: S/MIME Encrypted Message > > gpgsm log: > > 4 - 2007-04-16 21:32:46 gpgsm[7623.0x8084a98] DBG: <- DECRYPT > 4 - 2007-04-16 21:32:46 gpgsm[7623]: unsupported algorithm > `1.2.840.113549.3.2' > 4 - 2007-04-16 21:32:46 gpgsm[7623]: (Dies ist der RC-2 Algorithmus) The problem could be on the Thunderbird side as well, if they do not use rc-2, why are they using this oid? Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1310 bytes Desc: not available Url : /pipermail/attachments/20070419/455bcbc4/attachment-0001.bin From wk at gnupg.org Thu Apr 19 14:02:04 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 19 Apr 2007 14:02:04 +0200 Subject: Fwd: KMail does not decrypt SMIME In-Reply-To: <200704182140.32202@erwin.ingo-kloecker.de> ("Ingo =?utf-8?Q?Kl=C3=B6cker=22's?= message of "Wed\, 18 Apr 2007 21\:40\:28 +0200") References: <200704182140.32202@erwin.ingo-kloecker.de> Message-ID: <874pncr2rn.fsf@wheatstone.g10code.de> On Wed, 18 Apr 2007 21:40, kloecker at kde.org said: > I'm forwarding your message to gpa-dev at gnupg.org where the GnuPG experts > reside. This problem has already been discussed on gnupg-users and by private mail. It is a TB problem which sends RC2 encoded messages - despite what the TB developers claim. No need to open yet another channel. Shalom-Salam, Werner