|
Size: 12230
Comment: Analysis of possible ui improvements and ideas for this
|
Size: 14358
Comment: A word to my assumption about certificats and empty list screenshot.
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 34: | Line 34: |
| * Usage of the word "Certificate" is questionable if it has not been explained first as it has a non intutive meaning here and is also often called Public Key. Users might not know that word so it would not be optimal to only show options regarding Certificates on startup. |
|
| Line 61: | Line 64: |
| action. Each button will bring up a dialog with a short explanation and offer to do something about it. An extremely long "How does this work" or some kind of "Tell me more" can be added in the dialogs that will open the compendium for it. |
action. Each button will bring up a short explanation above the disabled item with options to solve the problem. An extremely long "How does this work" or some kind of "Tell me more" coul be added in the dialogs that would open the according compendium entry. |
| Line 107: | Line 111: |
| {{initial-screen.png}} Mockup of the Pad View. |
|
| Line 109: | Line 116: |
| The basic idea here is that someone told the user "Please use Gpg4win to send this to me encrypted. I've attached my public key (users don't say certificate ;-) )" |
So we assume that the user "Willy" was told by "Johnny" already using PGP to encrypt a message to him. Johnny sent his Certificate along with a link to Gpg4win. |
| Line 122: | Line 130: |
{{sig-enc-1.png}} Mockup for Variant B. Text entered in the Pad. Something that says Encrypt is visible so let's click on that. |
|
| Line 141: | Line 154: |
| * Simplify title, remove subtitle. | |
| Line 145: | Line 159: |
{{sig-enc-without-certs.png}} Mockup: Sign / Encrypt without any imported certificates. (One of the (i) Icons should have been highlighted by a hint) So Willy should realise that he does not really want to use a password as Johnny has sent him some file which might be called "Certificate" in this application and check why the other options are disabled. {{sig-enc-import.png}} So this is where he tries to import that file he recieved. {{sig-enc-import1.png}} That seems to have worked {{sig-enc-import2.png}} So now Sign/Encrypt with OpenPGP Certificate is availabe and the text is gone. {{sig-enc-import3.png}} |
|
| Line 175: | Line 212: |
| {{select-certs-horrible-layout.png}} Horrible mockup. The dialog would not look by that but the amount of Time I was willing to spend fiddling with mockups was limited. You should get the idea that both encrypt to self and sign will again have the "Why is this disabled" buttons with explanations and the option to generate a key pair. ==== Certificate generation ==== So lets hope Willy realizes that he wants to encrypt to himself, too and selects "Generate Certficate and Secret Key" We can skip the Protocol selection page, as we already know from the Context that an OpenPGP Certificate is wanted. {{keygen.png}} Simple Name, EMail Question. Changes here are: * Title now is "Generate Certificate and Secret Key" * Comment was removed * EMail is optional * "Real Name" is now just name. (This dialog previously told users "Real Name is required") The "Summary" page of your keygen request is dropped and the next is the pinentries and then waiting for the key. {{keygen1.png}} Result page is the same. {{keygen2.png}} |
|
| Line 176: | Line 248: |
| The user is shown the result. In case it was encrypted to file the filename will be shown | In case it was encrypted to file the filename will be shown in the usual "Results" Page. |
| Line 179: | Line 251: |
| If the input came from the pad. After finish the Crypto Pad will be activated with the plaintext | If the input came from the pad. After successful encryption the results page will no longer be shown, instead the Crypto Pad will be activated with the plaintext |
| Line 181: | Line 254: |
{{sig-enc-result.png}} |
|
| Line 230: | Line 305: |
| {{empty-list.png}} |
|
| Line 232: | Line 309: |
| * Only Name and E-Mail can be entered * E-Mail should not be required * Additional E-Mails should be addable * The "Review Certificate Parameters" page should be removed if there were no changes made in the advanced options dialog. |
(See Story 1) |
Ideas for Kleopatra UI Improvements for Gpg4win-3.0.0
For the next major version of Gpg4win we want to mostly improve the initial contact with our user facing application. We also want to improve some common workflows and the dialogs used for that.
Here are some ideas / analysis to improve the "First start experience"
User stories
The ideas are based on these three User stories:
- User wants to encrypt data before sending it to someone.
- User wants to decrypt received data.
- User was asked for a PGP Certificate by someone else.
There are of course way more but these may be the most important use cases for the initial contact with Kleopatra.
If a user uses other software for Encryption and Kleopatra just for Certificate Management the initial contact is through the Mail Application. Each of these general stories can be split up in substories for the kind of data and communication channel but to keep things simple we just assume that data can mean:
- One or multiple files and folders.
- ASCII Armored text taken from an editor.
- Plaintext taken from an editor.
- A MIME Mail attachment.
Assumption
- Certificate management is not the goal. It's needed to support encryption and verification but is not a goal in itself and should not be the only view in Kleopatra there should be more focus on Crypto "inside" Kleopatra.
- Usage of the word "Certificate" is questionable if it has not been explained first as it has a non intutive meaning here and is also often called Public Key. Users might not know that word so it would not be optimal to only show options regarding Certificates on startup.
Introducing new Concepts
The Crypto Pad
If certificate management is secondary we need a new primary view. This could be a data I/O Widget the "Crypto Pad" (or just "Pad"). The "Crypto Pad" is in principle a TextEditor with an added File list. That can be used for data IO. A bit like GPA's clipboard, but to gracefully handle files and text combined. You can also use it to import certificates.
It's a replacement for the "in place" clipboard actions which are not good as the user needs a second application to work with it. Also in place changing the clipboard contents feels unintuitive and is an uncommon concept.
MIME Support
To gracefully handle combined text and File messages the Crypto Pad will support MIME Messages. When encrypting plain text only it will create PGP messages. When files come into the mix PGP/MIME is used. If a directory is added the crypto pad will create a tarball of it. As an additional advantage it will enable you to work with Crypto MIME Message you have received in your web interface.
The file list will support drag&drop in both directions. The text edit might support saving, loading and printing of text files.
Disabled Actions
When an Action is disabled Kleopatra will place "Why is this disabled" buttons next to the action. Each button will bring up a short explanation above the disabled item with options to solve the problem. An extremely long "How does this work" or some kind of "Tell me more" coul be added in the dialogs that would open the according compendium entry.
This is mostly important initially where we will disable certificate actions until certificates are imported or generated.
Example: In the encrypt dialog initially (without any certificates) Encryption will be disabled with the "Why is this disabled" Icon explaining that you need the public certificate of a recipient for this and will offer to open the "import certificates from file" dialog. Afterwards the icon is gone there. Similarly an "Encrypt to self" and "Sign" will be disabled with such a button next to it.
Goal: The user should be able to get the idea "Ah I have to probably import that weird file someone who wanted to exchange encrypted messages with me sent me now".
Hints
Hint's will be short explanations or tips, like tooltips but not triggered by the mouse focus but by some point in time. E.g. the first time a dialog is shown or if a user repeatedly ignored something. The hints should be unobtrusive.
Examples: When you see the sign / encrypt certificate for the first time the sign area will get a tooltip "Signing ensures that your message can't be replaced by someone else." And then probably if you don't sign for 5 times or next week it will show again.
First steps with Kleopatra
- Start in Crypto Pad mode so that there immediately is some input area for data.
- Make it visible through highlighting that the crypto pad is active.
- Place Encrypt and Decrypt prominently on the toolbar. (Will replace Refresh View and Stop operations)
Rationale:
- By offering input areas at first we immediately animate the user to provide some data to Kleopatra.
- By highlighting the crypto pad through a toggle button it is
- Communicated that some mode is active.
- Shown to the user that something called Crypto Pad exists and where to find it.
- Invite the user to toggle it to get to the keylist.
- Stop operations should be at most an esoteric feature. It causes weird half valid states and is currently way to prominent. (e.g. when aborting a certificate refresh it will show only a subset of your certificates)
- Refresh view should happen automatic if necessary. Otherwise there is F5 as a well known shortcut to "Refresh something"
Mockup of the Pad View.
Story 1: User want's to encrypt some data
So we assume that the user "Willy" was told by "Johnny" already using PGP to encrypt a message to him. Johnny sent his Certificate along with a link to Gpg4win.
Variant A) The user just hits encrypt without entering things.
- Decrypt / Verify Files wizard will be shown as usual (select files)
- Maybe if launched from the crypto pad view the file selection dialog will show a hint: "You can also use the crypto pad to enter encrypted data"
Variant B) The user entered some plaintext in the Crypto Pad.
- The What do you want to do? Page will be shown.
- On this page a new "Place result in Crypto Pad" will be preselected.
Mockup for Variant B. Text entered in the Pad. Something that says Encrypt is visible so let's click on that.
The "What do you want to do?" Page
Some changes to this page:
- Remove archive name selection from this page
- With support for crypto pad input we need to get an output filename also for this. So on next we ask for an output filename if necessary. As we will prefill it with a default output location like the archive name currently this should be quick.
- Remove "Remove unencrypted original file when done" option
- Too much potential for data loss.
- Replace the three actions by:
- Text Output option will be disabled and selected when Crypto Pad output is used.
- New option "Place output in Crypto Pad"
- This will be enabled by default if the Crypto Pad was used for input.
- Simplify title, remove subtitle.
Encrypt with password will start the encryption when hitting next. Encrypt with OpenPGP certificates will be disabled if there are no certificates. The why is this disabled dialog will offer to import certificates now. Similar for X509.
Mockup: Sign / Encrypt without any imported certificates. (One of the (i) Icons should have been highlighted by a hint)
So Willy should realise that he does not really want to use a password as Johnny has sent him some file which might be called "Certificate" in this application and check why the other options are disabled.
So this is where he tries to import that file he recieved.
That seems to have worked
So now Sign/Encrypt with OpenPGP Certificate is availabe and the text is gone.
The "For whom do you want to encrypt?" Page
So we assume the user has now selected where the output should go, and imported the certificate from her recipient.
In the dialog we additionally shown two similar check boxes, with a text and a single certificate selection widget (like the one from the e-mail cert selection) behind it.
- Encrypt to self
- Protect authenticity (Sign)
- Only Sign, don't encrypt
All these will be disabled initially when no secret key is available. The "Why is this disabled" should allow you now to generate a certificate. (Not sure how to do this with S/MIME)
If encrypt to self is not selected we will show up a Dialog on next. This is similar behavior to now but will allow you to generate a certificate. This makes sense to keep as an annoying dialog because it is not intuitive that you can't decrypt messages you have encrypted by yourself. The dialog can have a KDE Style "Never show this dialog again" to support use cases where users don't want to keep their secret key on the same system as Kleopatra is running on.
Only Sign will disable the recipient selection widgets and encrypt to self action. This is basically where you choose "sign only"
(An "own" certificate is a certificate with a secret key that is ultimately trusted) For S/MIME it is any certificate with secret key that is certified by a trusted CA.
The Keylisting for recipient selection will only show OpenPGP or S/MIME certificates depending on the selected operation.
Horrible mockup. The dialog would not look by that but the amount of Time I was willing to spend fiddling with mockups was limited.
You should get the idea that both encrypt to self and sign will again have the "Why is this disabled" buttons with explanations and the option to generate a key pair.
Certificate generation
So lets hope Willy realizes that he wants to encrypt to himself, too and selects "Generate Certficate and Secret Key"
We can skip the Protocol selection page, as we already know from the Context that an OpenPGP Certificate is wanted.
Simple Name, EMail Question.
Changes here are:
- Title now is "Generate Certificate and Secret Key"
- Comment was removed
- EMail is optional
- "Real Name" is now just name. (This dialog previously told users "Real Name is required")
The "Summary" page of your keygen request is dropped and the next is the pinentries and then waiting for the key.
Result page is the same.
Results
In case it was encrypted to file the filename will be shown in the usual "Results" Page. and the option to "open containing folder" (instead of the Show Details link that is useless now)
If the input came from the pad. After successful encryption the results page will no longer be shown, instead the Crypto Pad will be activated with the plaintext replaced by the encrypted content.
Story 2: User want's to decrypt received data.
Similar to Story 1 regarding input with two variants. Either input through the crypto pad or select a file.
Choose operations to be performed
This page will be replaced by "Select output" (The user already slected the operation -> Decrypt / Verify). The select output will allow you to select either crypto pad or an output folder or to place decrypted files next to encrypted ones (which is the default for encryption).
It will also offer to extract an archive.
The previous "Input file is a detached signature" will be handled automatically as gpgme will offer this kind of classification. Only if there is no obvious data candidate for the detached signature the user will be asked in a filedialog for that file. It's unimportant for this user story.
Results
This is most important for the user story. As decryption will likely fail if she just tried to decrypt something which was not encrypted to her.
- On error an improved error dialog is shown. If the error is that for all recipients no secret key was available it will offer to import a secret key and try again. Additionally it should be hinted that she has to generate a certificate and send it to the sender of the message. Including a link to the compendium explaining the basics of public key cryptography.
- On success and crypto pad input the contents of the crypto pad are replaced by the decrypted content.
- On success and file input the filenames / folder will be shown with an option "Open containing folder"
It should be hinted for just encrypted results (not signed) That their Authenticity can't be checked. So that users generally get the idea that signing might be a good thing.
Results not really part of the user story:
- Verification results with unknown validity will show more details about the trust to the certificate and will contain a hint how to certify a certificate.
- Verification results with unknown certificates will enable the user to look up the certificate on a public server.
Story 3: User was asked for a PGP Certificate by someone else
If Kleopatra does not know any certificates the keylist widget will be replaced by a new widget that contain the text that no certificates are known and will offer to Generate a Certificate. This will launch the certificate creation wizard.
Changes to certificate creation wizard
(See Story 1)
Pinentry
Pinentry feels irritating on first contact with multiple pop ups. It should be changed to
- offer to repeat the passphrase below instead of a second dialog
- quality bar should be a bit more intelligent so that it not just defines 10 characters to 100%. This is unusual to users which are used to more intelligent quality bars that jump e.g. once the first special character is added.
Result
Current Results page should be ok for this story. The choices are a bit complicated as the user has to think what to do next. After closing we should place a hint on the "Export Certificate button" to highlight how to export your certificate.