= Components 
** Status: Work in progress **

The software components we plan to change or consider as part of the contract:
* email clients (Kontact Mail and Thunderbird with Enigmail as example for others)
* GnuPG backend
* a service located at the email service provider
* central fallback server
* classic certificate ("key") server



== How should an improved email client work?
User A wants to send a signed/encrypted email to user B. A has only the email address of B. A's email client gets the OpenPGP (public) certificate from B's email service provider (step 1+2) which is used to encrypt the email to B.

{{easygpg-send-email.png}}
[[attachment:easygpg-send-email.pdf|PDF]] [[attachment:easygpg-send-email.svg|SVG]]

== How should an improved GnuPG backend work?
User A wants to send a signed/encrypted email to user B. The email client of A needs the certificate of B. The client asks via GpgME [1a] or directly via gpg command [1b] for the certificate with the email address of B. Gpg checks if the certificate is already in the local store of public keys [2]. If not, the Dirmngr is called [3] to ask the Email Service Provider of B [4a]. If there is no certificate the Dirmngr asks the fallback server [4b]. Only if [4a] and [4b] have no results for the requested email address the classic certificate ("key") servers are used to find a matching certificate for B [4c]. If Dirmngr gets a certificate for B it is sent back to gpg command [5] which imports it into the public key store and sends it back to the email client [7]. Now the email client can encrypt the email to B.

{{easygpg-backend.png}}
[[attachment:easygpg-backend.pdf|PDF]] [[attachment:easygpg-backend.svg|SVG]]