Status of Easy (Symmetric) Encryption
KDE's vision ("A world in which everyone has control over their digital life and enjoys freedom and privacy") includes also privacy, thus it would be great if our users were able to easily encrypt their files.
This page aims to discuss possible implementations.
- Users should be able to encrypt a file with a single click, e.g. Right Click -> Encrypt in Dolphin.
- Symmetric Encryption with a strong and peer-reviewed cipher algo (e.g. AES256)
- Users should be able to encrypt on a computer and decrypt on another one (and viceversa). Operating systems and desktop environments may be different.
Analysis of existing solutions
Distributions may automatically provide full-disk encryption upon installation to their users.
- Pro: full-disk encryption is good (e.g. when a laptop is stolen)
- Cons: what if Alice wants to send an encrypted file to Bob? Full-disk encryption won't help for that.
- Pro: gpg provides excellent symmetric encryption capabilities
- Pro: cross-desktop and cross-platform.
- Cons: requires knowlegde of the command line client.
KGpg is a graphical front-end for gpg. It provides an Encrypt File action in Dolphin's context-menu
- Pro: all the good things about gpg
- Pro: encryption progress is nicely reported through the KJob api
- Cons: asymmetric encryption is preferred while the symmetric one is hidden by default.
- Cons: it requires that
pinentry-program /usr/bin/pinentry-qt(or pinentry-gtk) be set in gpg-agent.conf in order to show a user-friendly dialog for passwords input. This is something that distributions should make sure to setup.
A possibly better solution
This PoC is a tiny front-end for gpg that only does symmetric encryption. It uses gpgme and provides Encrypt and Decrypt actions in Dolphin's context menu.
- Pro: users only have to type the passphrase.
- Pro: less dependencies than KGpg
- Cons: the pinentry thing also applies here
- Cons: no progress report through KJob (for now)