Jump to content

Easy Encryption

From KDE Community Wiki
Revision as of 22:31, 25 August 2016 by Elvis Angelaccio (talk | contribs) (Initial work)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Status of Easy (Symmetric) Encryption

KDE's vision ("A world in which everyone has control over their digital life and enjoys freedom and privacy") includes also privacy, thus it would be great if our users were able to easily encrypt their files.

This page aims to discuss possible implementations.

Requirements

  • Users should be able to encrypt a file with a single click, e.g. Right Click -> Encrypt in Dolphin.
  • Symmetric Encryption with a strong and peer-reviewed cipher algo (e.g. AES256)
  • Users should be able to encrypt on a computer and decrypt on another one (and viceversa). Operating systems and desktop environments may be different.

Existing solutions and their drawbacks

  • Distributions may automatically provide full-disk encryption upon installation. This is good, but what if Alice wants to send an encrypted file to Bob? Full-disk encryption won't help for that.
  • gpg provides excellent symmetric encryption capabilities and it's cross-desktop/cross-platform, but requires knowlegde of the command line client.
  • KGpg provides an Encrypt action in Dolphin's context-menu, as front-end for gpg. However, asymmetric encryption is preferred and it's not easy to reach the symmetric one in the dialog that shows up.

A possibly better solution

This PoC is a tiny front-end for gpg that nicely integrates symmetric encryption with Dolphin. It uses gpgme and provides Encrypt and Decrypt actions in Dolphin's context menu. The users only has to type the passphrase. As a downside, it requires that pinentry-program /usr/bin/pinentry-qt be set in gpg-agent.conf in order to show a user-friendly dialog for passwords input. This is something that distributions should make sure to setup.