|
Size: 14059
Comment: Some formatting
|
Size: 14371
Comment: Add note about certificate verification.
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 34: | Line 34: |
| * Usage of the word "Certificate" is questionable if it has not been explained first as it has a non intutive meaning here and is also often called Public Key. Users might not know that word so it would not be optimal to only show options regarding Certificates on startup. |
|
| Line 37: | Line 40: |
| === The Crypto Pad === | === The Pad === |
| Line 39: | Line 42: |
| data I/O Widget the "Crypto Pad" (or just "Pad"). The "Crypto Pad" is in principle a TextEditor with an added File list. That can |
data I/O Widget the "Pad" (or just "Pad"). The "Pad" is in principle a TextEditor with an added File list. That can |
| Line 49: | Line 52: |
| To gracefully handle combined text and File messages the Crypto Pad will support | To gracefully handle combined text and File messages the Pad will support |
| Line 52: | Line 55: |
| If a directory is added the crypto pad will create a tarball of it. | If a directory is added the Pad will create a tarball of it. |
| Line 90: | Line 93: |
| * Start in Crypto Pad mode so that there immediately is some input area for data. * Make it visible through highlighting that the crypto pad is active. |
* Start in Pad mode so that there immediately is some input area for data. * Make it visible through highlighting that the Pad is active. |
| Line 98: | Line 101: |
| * By highlighting the crypto pad through a toggle button it is | * By highlighting the Pad through a toggle button it is |
| Line 100: | Line 103: |
| ** Shown to the user that something called Crypto Pad exists and where to find it. | ** Shown to the user that something called Pad exists and where to find it. |
| Line 120: | Line 123: |
| ** Maybe if launched from the crypto pad view the file selection dialog will show a hint: "You can also use the crypto pad to enter encrypted data" Variant B) The user entered some plaintext in the Crypto Pad. |
** Maybe if launched from the Pad view the file selection dialog will show a hint: "You can also use the Pad to enter encrypted data" Variant B) The user entered some plaintext in the Pad. |
| Line 126: | Line 129: |
| ** On this page a new "Place result in Crypto Pad" will be preselected. | ** On this page a new "Place result in Pad" will be preselected. |
| Line 137: | Line 140: |
| ** With support for crypto pad input we need to get an output filename also for this. So on next we | ** With support for Pad input we need to get an output filename also for this. So on next we |
| Line 148: | Line 151: |
| * Text Output option will be disabled and selected when Crypto Pad output is used. * New option "Place output in Crypto Pad" ** This will be enabled by default if the Crypto Pad was used for input. |
* Text Output option will be disabled and selected when Pad output is used. * New option "Place output in Pad" ** This will be enabled by default if the Pad was used for input. |
| Line 168: | Line 171: |
| So this is where he tries to import that file he recieved. | So this is where he tries to import that file he received. |
| Line 176: | Line 179: |
| So now Sign/Encrypt with OpenPGP Certificate is availabe and the text is gone. | **We might want to add another step here that explains about the need to verify a certificate and offers a shortcut to add a local signature to the certificate** So now Sign/Encrypt with OpenPGP Certificate is available and the text is gone. |
| Line 249: | Line 255: |
| longer be shown, instead the Crypto Pad will be activated with the plaintext | longer be shown, instead the Pad will be activated with the plaintext |
| Line 256: | Line 262: |
| Similar to Story 1 regarding input with two variants. Either input through the crypto pad or select | Similar to Story 1 regarding input with two variants. Either input through the Pad or select |
| Line 262: | Line 268: |
| The select output will allow you to select either crypto pad or an output folder or to place | The select output will allow you to select either Pad or an output folder or to place |
| Line 281: | Line 287: |
| * On success and crypto pad input the contents of the crypto pad are replaced by the decrypted | * On success and Pad input the contents of the Pad are replaced by the decrypted |
| Line 302: | Line 308: |
| {{empty-list.png}} |
Ideas for Kleopatra UI Improvements for Gpg4win-3.0.0
For the next major version of Gpg4win we want to mostly improve the initial contact with our user facing application. We also want to improve some common workflows and the dialogs used for that.
Here are some ideas / analysis to improve the "First start experience"
User stories
The ideas are based on these three User stories:
- User wants to encrypt data before sending it to someone.
- User wants to decrypt received data.
- User was asked for a PGP Certificate by someone else.
There are of course way more but these may be the most important use cases for the initial contact with Kleopatra.
If a user uses other software for Encryption and Kleopatra just for Certificate Management the initial contact is through the Mail Application. Each of these general stories can be split up in substories for the kind of data and communication channel but to keep things simple we just assume that data can mean:
- One or multiple files and folders.
- ASCII Armored text taken from an editor.
- Plaintext taken from an editor.
- A MIME Mail attachment.
Assumption
- Certificate management is not the goal. It's needed to support encryption and verification but is not a goal in itself and should not be the only view in Kleopatra there should be more focus on Crypto "inside" Kleopatra.
- Usage of the word "Certificate" is questionable if it has not been explained first as it has a non intutive meaning here and is also often called Public Key. Users might not know that word so it would not be optimal to only show options regarding Certificates on startup.
Introducing new Concepts
The Pad
If certificate management is secondary we need a new primary view. This could be a data I/O Widget the "Pad" (or just "Pad"). The "Pad" is in principle a TextEditor with an added File list. That can be used for data IO. A bit like GPA's clipboard, but to gracefully handle files and text combined. You can also use it to import certificates.
It's a replacement for the "in place" clipboard actions which are not good as the user needs a second application to work with it. Also in place changing the clipboard contents feels unintuitive and is an uncommon concept.
MIME Support
To gracefully handle combined text and File messages the Pad will support MIME Messages. When encrypting plain text only it will create PGP messages. When files come into the mix PGP/MIME is used. If a directory is added the Pad will create a tarball of it. As an additional advantage it will enable you to work with Crypto MIME Message you have received in your web interface.
The file list will support drag&drop in both directions. The text edit might support saving, loading and printing of text files.
Disabled Actions
When an Action is disabled Kleopatra will place "Why is this disabled" buttons next to the action. Each button will bring up a short explanation above the disabled item with options to solve the problem. An extremely long "How does this work" or some kind of "Tell me more" coul be added in the dialogs that would open the according compendium entry.
This is mostly important initially where we will disable certificate actions until certificates are imported or generated.
Example: In the encrypt dialog initially (without any certificates) Encryption will be disabled with the "Why is this disabled" Icon explaining that you need the public certificate of a recipient for this and will offer to open the "import certificates from file" dialog. Afterwards the icon is gone there. Similarly an "Encrypt to self" and "Sign" will be disabled with such a button next to it.
Goal: The user should be able to get the idea "Ah I have to probably import that weird file someone who wanted to exchange encrypted messages with me sent me now".
Hints
Hint's will be short explanations or tips, like tooltips but not triggered by the mouse focus but by some point in time. E.g. the first time a dialog is shown or if a user repeatedly ignored something. The hints should be unobtrusive.
Examples: When you see the sign / encrypt certificate for the first time the sign area will get a tooltip "Signing ensures that your message can't be replaced by someone else." And then probably if you don't sign for 5 times or next week it will show again.
First steps with Kleopatra
- Start in Pad mode so that there immediately is some input area for data.
- Make it visible through highlighting that the Pad is active.
- Place Encrypt and Decrypt prominently on the toolbar. (Will replace Refresh View and Stop operations)
Rationale:
- By offering input areas at first we immediately animate the user to provide some data to Kleopatra.
- By highlighting the Pad through a toggle button it is
- Communicated that some mode is active.
- Shown to the user that something called Pad exists and where to find it.
- Invite the user to toggle it to get to the keylist.
- Stop operations should be at most an esoteric feature. It causes weird half valid states and is currently way to prominent. (e.g. when aborting a certificate refresh it will show only a subset of your certificates)
- Refresh view should happen automatic if necessary. Otherwise there is F5 as a well known shortcut to "Refresh something"
Mockup of the Pad View.
Story 1: User want's to encrypt some data
So we assume that the user "Willy" was told by "Johnny" already using PGP to encrypt a message to him. Johnny sent his Certificate along with a link to Gpg4win.
Variant A) The user just hits encrypt without entering things.
- Decrypt / Verify Files wizard will be shown as usual (select files)
- Maybe if launched from the Pad view the file selection dialog will show a hint: "You can also use the Pad to enter encrypted data"
Variant B) The user entered some plaintext in the Pad.
- The What do you want to do? Page will be shown.
- On this page a new "Place result in Pad" will be preselected.
Mockup for Variant B. Text entered in the Pad. Something that says Encrypt is visible so let's click on that.
The "What do you want to do?" Page
Some changes to this page:
- Remove archive name selection from this page
- With support for Pad input we need to get an output filename also for this. So on next we ask for an output filename if necessary. As we will prefill it with a default output location like the archive name currently this should be quick.
- Remove "Remove unencrypted original file when done" option
- Too much potential for data loss.
- Replace the three actions by:
- Text Output option will be disabled and selected when Pad output is used.
- New option "Place output in Pad"
- This will be enabled by default if the Pad was used for input.
- Simplify title, remove subtitle.
Encrypt with password will start the encryption when hitting next. Encrypt with OpenPGP certificates will be disabled if there are no certificates. The why is this disabled dialog will offer to import certificates now. Similar for X509.
Mockup: Sign / Encrypt without any imported certificates. (One of the (i) Icons should have been highlighted by a hint)
So Willy should realise that he does not really want to use a password as Johnny has sent him some file which might be called "Certificate" in this application and check why the other options are disabled.
So this is where he tries to import that file he received.
That seems to have worked
We might want to add another step here that explains about the need to verify a certificate and offers a shortcut to add a local signature to the certificate
So now Sign/Encrypt with OpenPGP Certificate is available and the text is gone.
The "For whom do you want to encrypt?" Page
So we assume the user has now selected where the output should go, and imported the certificate from her recipient.
In the dialog we additionally shown two similar check boxes, with a text and a single certificate selection widget (like the one from the e-mail cert selection) behind it.
- Encrypt to self
- Protect authenticity (Sign)
- Only Sign, don't encrypt
All these will be disabled initially when no secret key is available. The "Why is this disabled" should allow you now to generate a certificate. (Not sure how to do this with S/MIME)
If encrypt to self is not selected we will show up a Dialog on next. This is similar behavior to now but will allow you to generate a certificate. This makes sense to keep as an annoying dialog because it is not intuitive that you can't decrypt messages you have encrypted by yourself. The dialog can have a KDE Style "Never show this dialog again" to support use cases where users don't want to keep their secret key on the same system as Kleopatra is running on.
Only Sign will disable the recipient selection widgets and encrypt to self action. This is basically where you choose "sign only"
(An "own" certificate is a certificate with a secret key that is ultimately trusted) For S/MIME it is any certificate with secret key that is certified by a trusted CA.
The Keylisting for recipient selection will only show OpenPGP or S/MIME certificates depending on the selected operation.
Horrible mockup. The dialog would not look by that but the amount of Time I was willing to spend fiddling with mockups was limited.
You should get the idea that both encrypt to self and sign will again have the "Why is this disabled" buttons with explanations and the option to generate a key pair.
Certificate generation
So lets hope Willy realizes that he wants to encrypt to himself, too and selects "Generate Certficate and Secret Key"
We can skip the Protocol selection page, as we already know from the Context that an OpenPGP Certificate is wanted.
Simple Name, EMail Question.
Changes here are:
- Title now is "Generate Certificate and Secret Key"
- Comment was removed
- EMail is optional
- "Real Name" is now just name. (This dialog previously told users "Real Name is required")
The "Summary" page of your keygen request is dropped and the next is the pinentries and then waiting for the key.
Result page is the same.
Results
In case it was encrypted to file the filename will be shown in the usual "Results" Page. and the option to "open containing folder" (instead of the Show Details link that is useless now)
If the input came from the pad. After successful encryption the results page will no longer be shown, instead the Pad will be activated with the plaintext replaced by the encrypted content.
Story 2: User want's to decrypt received data.
Similar to Story 1 regarding input with two variants. Either input through the Pad or select a file.
Choose operations to be performed
This page will be replaced by "Select output" (The user already slected the operation -> Decrypt / Verify). The select output will allow you to select either Pad or an output folder or to place decrypted files next to encrypted ones (which is the default for encryption).
It will also offer to extract an archive.
The previous "Input file is a detached signature" will be handled automatically as gpgme will offer this kind of classification. Only if there is no obvious data candidate for the detached signature the user will be asked in a filedialog for that file. It's unimportant for this user story.
Results
This is most important for the user story. As decryption will likely fail if she just tried to decrypt something which was not encrypted to her.
- On error an improved error dialog is shown. If the error is that for all recipients no secret key was available it will offer to import a secret key and try again. Additionally it should be hinted that she has to generate a certificate and send it to the sender of the message. Including a link to the compendium explaining the basics of public key cryptography.
- On success and Pad input the contents of the Pad are replaced by the decrypted content.
- On success and file input the filenames / folder will be shown with an option "Open containing folder"
It should be hinted for just encrypted results (not signed) That their Authenticity can't be checked. So that users generally get the idea that signing might be a good thing.
Results not really part of the user story:
- Verification results with unknown validity will show more details about the trust to the certificate and will contain a hint how to certify a certificate.
- Verification results with unknown certificates will enable the user to look up the certificate on a public server.
Story 3: User was asked for a PGP Certificate by someone else
If Kleopatra does not know any certificates the keylist widget will be replaced by a new widget that contain the text that no certificates are known and will offer to Generate a Certificate. This will launch the certificate creation wizard.
Changes to certificate creation wizard
(See Story 1)
Pinentry
Pinentry feels irritating on first contact with multiple pop ups. It should be changed to
- offer to repeat the passphrase below instead of a second dialog
- quality bar should be a bit more intelligent so that it not just defines 10 characters to 100%. This is unusual to users which are used to more intelligent quality bars that jump e.g. once the first special character is added.
Result
Current Results page should be ok for this story. The choices are a bit complicated as the user has to think what to do next. After closing we should place a hint on the "Export Certificate button" to highlight how to export your certificate.