Gpg4win Wishlist

This page is intended for feature ideas and descriptions that could be implemented in the future. Linked from Wishlist, also see ImprovingSecurity

Crypto in general

x509: access windows certstores

Windows already has a "keystore" for x509 certificates, for some settings it would be good if this store could be read in from Gpg4win (the components dirmngr and gpgsm).

long shot email idea: encrypt as message/rfc822

The headers of emails may contain more information than many people would like to reveal. A standard conforming method to send these emails is to just attach the full email as message/rfc822 type and encrypt the result. Email client with MIME support will already display it. So they only missing link is to add a convention that the subject line and reciepients of the attached email will be used and display when an email is read. Would be nice to try this concept and implement it in Free Software clients like mutt, Kontact Mail, claws, (a fork of) Thunderbird.

add GnuPG as "cryptographic service provider" (CSP) and MIME/filter

see https://msdn.microsoft.com/en-us/library/aa380245.aspx, https://msdn.microsoft.com/en-us/library/bb931380.aspx. Needs more evaluation. Could possibly enable other application to access some GnuPG features.

GPA

Make it easier to create of keys larger than 3072 bits?

Some people wish that Gpg4win/GPA should make it easier to create RSA keys with more than 3072bits, especially 4096 bit keys that seem to be popular for new certs in some circles. If so, it would be done in the advanced configuration "create new key" input GUI. Others believe that 2048 bit is a sane default, for the discussion see LargeKeys.

Kleopatra

Also see KleopatraHackability.

Guide first time users

When starting Kleopatra for the first time on Windows it currently starts up with an empty Window and users may felt lost or may not know what do to next. Kleopatra should give users an idea what to do next, e.g. generated a certificate or configure some keyservers.

Improved Smart Card handling

GUI for Revocation certificates

Kleopatra should allow you to generate and publish a revocation certifcate for your certificates.

Additional localizations

Kleopatra is KDE Software and thus available in 50 Languages. There could be optional "Language pack downloads" made available for those languages or at least for all the languages that the Gpg4win installer supports.

Better certificate selection dialog

The selection dialog could be improved. The default view should be very simple, but showing something that motivates people to look into the second and third layer of information. Ideally the display of the first two layers should be integrated in the email application.

  1. Layer: Just a graded information how well the fit of certificates is.
  2. Layer: Showing the accumulated information per email address.
  3. Layer: Showing the default information per email, address like encryption method, last contact via the certification, trustlevel, grade of algorithms.
  4. Hide untrusted (expired) keys by default and only show them on request.

Ability to decrypt files that do not have the .gpg extension in their filename

As of Feb 2014, trying to decrypt a file without the .gpg extension results in the somewhat missleading error message "Could not determine whether this is an S/MIME or an OpenPGP signature - maybe it is not a signature at all?"

Report hints

Trying to import a certificate with an MD5 has signed user id fails because "gpg: Note: signatures using the MD5 algorithm are rejected", it seems this "note" is not displayed, but it should so the user can diagnose this case. post on users-list

Integration in the gpg4win build system

Qt / Kleopatra should be compiled from sources when creating the gpg4win package. See KleopatraHackability

Clipboard: Integrated Sign&Encrypt support

User may want to use the clipboard for encrypting and signing text (as it is possible with files) to be able to secure confidentiality and integrity. For a description of user problems with Gpg4win 2.2.4 see https://wald.intevation.org/forum/forum.php?thread_id=1488&forum_id=21&group_id=11.

Clipboard: Support through command line argument

You can define system wide shortcuts on Windows that start a program with some command line arguments. This could be used to create a shortcut to encrypt / decrypt your clipboard. Ideally these shortcuts would be configurable in Kleopatra itself. But it might be a cool feature for advanced users that we could document in the compendium. The time needed to implement this would be less then a day as it would be just adding some command line arguments. And a workflow that includes shortcuts to encrypt / decrypt could be useful.

Clipboard: Add support for files

Currently kleopatra only offers the clipboard options if text is in the clipboard. While tecnically this is currently necessary (as the jobs for "non-mime" mails are used in the clipboard implementation) technically there should be no reason why this shouln'd work with files too.

GpgOl

Note: Microsoft dropped the exchange client extension interface that GpgOl used in Outlook 2010. Because of this there are now basically two Versions of GpgOl one for Outlook 2010 and later Versions and another one for Outlook 2003 - 2007. Please mark feature ideas for those versions with an (Ol 2010+)

PGP/MIME (Ol 2010+)

Yes that one,.. The big problem here is that Outlook and Exchange mangle the MIME structure and we have to use tricks to correctly implement it. Full support for PGP/mime in an Outlook and Exchange environment might even be impossible. Another problem are restrictions on the way how we can display decrypted and/or verified Data in a way that is secure and user friendly.

In Body Sign/Encrypt (OpenPGP) (Ol 2010+)

For the basic support it would be nice if there was an option to combine the sign encrypt options to create a combined PGP Message. This feature would only be available for OpenPGP (similar as with the clipboard).

Support for 64bit Outlook (Ol 2010+)

Compile, package and test a version of GpgOL for 64bit versions of Outlook. Probably Outlook 2013 as this seem to be more widespread.

Pinentry

GpgEX

Website / Documentation

Explain the processes on Windows

.. so that people know what processes run there and why they are running. Best way would be a diagram. (For example see this wald post where a more explanation would be useful.).

Howto to make x509 root certificates trusted

Similiar to the hints linked from X.509, but specific for a modern Gpg4win. (Will probably need an update once GnuPG 2.1 is packaged.)

General

Installer

Improved Encoding handling

File extension handling:

Gpg4win should register file extensions like .asc .gpg .pk7 etc. and open an appropriate Software / Dialog to handle those files when they are double clicked in the Windows explorer. FWIW, gpgme now has an identify feature which works similar to file(1) by looking at the content of a file. As of now it is able to detect binary CMS message and armored PGP messages. We should extend that to binary PGP messages.

Comprehensive Video Tutorials

It would be nice to have a set of clear and short Video tutorials that explain a single use case. With the idea that you can link to those if you want to send someone a short "User friendly" explanation how they can securely communicate with you. Some ideas:

Or Webinars

It seems some people would benefit from an interactive walkthrough to some of the usually stages. Or an interactive question and answer session with screencast (== webinar/webworkshop? :) )

Remove necessity to reboot in the installer

The Gpg4win installer should get a proper handling of running processes and make sure that everything is killed correctly when updating / uninstalling so that the Windows 98'ish "Reboot Now" will usally not anymore happen. (May be a bad idea if we need to close the file explorer.)

Display the GnuPG engine logo more prominently

There are probably few places where the GnuPG logo should be visible in addition in Gpg4win. The idea behind this is that GnuPG can do many things and Gpg4win should point out that it is fully included and strengthen GnuPG's recognition.

Ready for distributions via app-store or digital distribution platforms?

Digital distributions platforms like Steam or the Windows v>=8.1 app-store can help with

It makes sense to check what would need to be done to distribute Gpg4win over wide spread digital distribution platforms. This usually includes a technical, a financial and a licensing/condition part that need to be clarified.

Gpg4win/Wishlist (last edited 2015-11-20 08:03:53 by bernhard)