Easy Encryption

From KDE Community Wiki
Revision as of 22:32, 26 August 2016 by Elvis Angelaccio (talk | contribs) (Mention also openssl)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Status of Easy (Symmetric) Encryption

KDE's vision ("A world in which everyone has control over their digital life and enjoys freedom and privacy") includes also privacy, thus it would be great if our users were able to easily encrypt their files.

This page aims to discuss possible implementations.

Requirements

  • Users should be able to encrypt a file with a single click, e.g. Right Click -> Encrypt in Dolphin.
  • Symmetric Encryption with a strong and peer-reviewed cipher algo (e.g. AES256)
  • Users should be able to encrypt on a computer and decrypt on another one (and viceversa). Operating systems and desktop environments may be different.

Analysis of existing solutions

Full-disk encryption

Distributions may automatically provide full-disk encryption upon installation to their users.

  • Pro: full-disk encryption is good (e.g. when a laptop is stolen).
  • Cons: what if Alice wants to send an encrypted file to Bob? Full-disk encryption won't help for that.

GPG

  • Pro: gpg provides excellent symmetric encryption capabilities.
  • Pro: cross-desktop and cross-platform.
  • Cons: requires knowlegde of the command line client.

OpenSSL

  • Pro: another cross-platform tool that does symmetric encryption.
  • Cons: less secure than gpg. See [1].
  • Cons: requires knowlegde of the command line client.

KGpg

KGpg is a graphical front-end for gpg. It provides an Encrypt File action in Dolphin's context-menu

  • Pro: all the good things about gpg.
  • Pro: encryption progress is nicely reported through the KJob api.
  • Cons: asymmetric encryption is preferred while the symmetric one is hidden by default.
  • Cons: it requires that pinentry-program /usr/bin/pinentry-qt (or pinentry-gtk) be set in gpg-agent.conf in order to show a user-friendly dialog for passwords input. This is something that distributions should make sure to setup.

A possibly better solution

This PoC is a tiny front-end for gpg that only does symmetric encryption. It uses gpgme and provides Encrypt and Decrypt actions in Dolphin's context menu.

  • Pro: users only have to type the passphrase.
  • Pro: all the good things about gpg.
  • Pro: less dependencies than KGpg.
  • Cons: the pinentry thing also applies here.
  • Cons: no progress report through KJob (for now).