Ideas for Kleopatra UI Improvements for Gpg4win-3.0.0

For the next major version of Gpg4win we want to mostly improve the initial contact with our user facing application. We also want to improve some common workflows and the dialogs used for that.

Here are some ideas / analysis to improve the "First start experience"

Installer

During Installation we want to show the user where to Access the Applications. E.g. show the Kleopatra Icon and name to associate Kleopatra with Gpg4win. Also a picture of the Windows Explorer menu with the new entry for GpgEX highlighted. Finally (if a user has selected GpgOL) a picture of where GpgOL can be found in Outlook.

Dialogs

Many users might not start with Kleopatra but rather

User stories (First Contact)

The ideas are based on these three User stories:

1. User was asked for a PGP Certificate by someone else.
2. User wants to encrypt data before sending it to someone.
3. User wants to decrypt received data.

There are of course way more but these may be the most important use cases for the initial contact with Kleopatra.

If a user uses other software for Encryption and Kleopatra just for Certificate Management the initial contact is through the Mail Application. Each of these general stories can be split up in substories for the kind of data and communication channel but to keep things simple we just assume that data can mean:

• One or multiple files and folders.
• ASCII Armored text taken from an editor.
• Plaintext taken from an editor.
• A MIME Mail attachment.

Assumption

• Certificate management is not the goal. It's needed to support encryption and verification but is not a goal in itself and should not be the only view in Kleopatra there should be more focus on Crypto "inside" Kleopatra.
• Usage of the word "Certificate" is questionable if it has not been explained first as it has a non intutive meaning here and is also often called Public Key. Users might not know that word so it would not be optimal to only show options regarding Certificates on startup.

Introducing new Concepts

The Pad

If certificate management is secondary we need a new primary view. This could be a data I/O Widget the "Pad" (or just "Pad"). The "Pad" is in principle a TextEditor with an added File list. That can be used for data IO. A bit like GPA's clipboard, but to gracefully handle files and text combined. You can also use it to import certificates.

It's a replacement for the "in place" clipboard actions which are not good as the user needs a second application to work with it. Also in place changing the clipboard contents feels unintuitive and is an uncommon concept.

MIME Support

To gracefully handle combined text and File messages the Pad will support MIME Messages. When encrypting plain text only it will create PGP messages. When files come into the mix PGP/MIME is used. If a directory is added the Pad will create a tarball of it. As an additional advantage it will enable you to work with Crypto MIME Message you have received in your web interface.

The file list will support drag&drop in both directions. The text edit might support saving, loading and printing of text files.

Disabled Actions

When an Action is disabled Kleopatra will place "Why is this disabled" buttons next to the action. Each button will bring up a short explanation above the disabled item with options to solve the problem. An extremely long "How does this work" or some kind of "Tell me more" coul be added in the dialogs that would open the according compendium entry.

This is mostly important initially where we will disable certificate actions until certificates are imported or generated.

Example: In the encrypt dialog initially (without any certificates) Encryption will be disabled with the "Why is this disabled" Icon explaining that you need the public certificate of a recipient for this and will offer to open the "import certificates from file" dialog. Afterwards the icon is gone there. Similarly an "Encrypt to self" and "Sign" will be disabled with such a button next to it.

Goal: The user should be able to get the idea "Ah I have to probably import that weird file someone who wanted to exchange encrypted messages with me sent me now".

Hints

Hint's will be short explanations or tips, like tooltips but not triggered by the mouse focus but by some point in time. E.g. the first time a dialog is shown or if a user repeatedly ignored something. The hints should be unobtrusive.

Examples: When you see the sign / encrypt certificate for the first time the sign area will get a tooltip "Signing ensures that your message can't be replaced by someone else." And then probably if you don't sign for 5 times or next week it will show again.

First steps with Kleopatra

• Start in Pad mode so that there immediately is some input area for data.
• Make it visible through highlighting that the Pad is active.
• Place Encrypt and Decrypt prominently on the toolbar. (Will replace Refresh View and Stop operations)

Rationale:

• By offering input areas at first we immediately animate the user to provide some data to Kleopatra.
• By highlighting the Pad through a toggle button it is
  • Communicated that some mode is active.
  • Shown to the user that something called Pad exists and where to find it.
  • Invite the user to toggle it to get to the keylist.
• Stop operations should be at most an esoteric feature. It causes weird half valid states and is currently way to prominent. (e.g. when aborting a certificate refresh it will show only a subset of your certificates)
• Refresh view should happen automatic if necessary. Otherwise there is F5 as a well known shortcut to "Refresh something"

Note:

Creation of MIME messages is probably not an important enough use case for the effort to implement it. A mime Read that shows decrypted files like attachments is more important for the webmail usecase.

Mockup of the Pad View.

Story 1: User was asked for a PGP Certificate by someone else

On First Start when no secret Keys are Known Kleopatra will not show the Main Window but instead the Certificate Creation Wizard with a page before it that will allow to import an existing secret key.

Changes to certificate creation wizard

• Hide S/MIME a bit more. Default is PGP and S/MIME is more for users with IT Support.
• Remove comment field and overview pages.
• Support multiple e-mail addresses.

Result

Current Results page offers too many unrelated Options. It should show where the GNUPGHOME directory is with a note that this directory contains all important information and should be backed up. After creation an export of the Certificate will be offered.

Story 2: User want's to encrypt some data

So we assume that the user "Willy" was told by "Johnny" already using PGP to encrypt a message to him. Johnny sent his Certificate along with a link to Gpg4win.

Variant A) The user just hits encrypt without entering things.

• Decrypt / Verify Files wizard will be shown as usual (select files)
  • Maybe if launched from the Pad view the file selection dialog will show a hint: "You can also use the Pad to enter encrypted data"

Variant B) The user entered some plaintext in the Pad.

• The What do you want to do? Page will be shown.
  • On this page a new "Place result in Pad" will be preselected.

Mockup for Variant B. Text entered in the Pad. Something that says Encrypt is visible so let's click on that.

The "What do you want to do?" Page

Note: After more deliberation we are now trying to unify the sign / encryption page to one wizard page where the operation is based on the selected certificates / options and with a new E-Mail centric certificate selection.

See: https://phabricator.kde.org/T2348 For the development task.

Below Mockups are still valid to show the "Why is this disabled" pattern:

Mockup: Sign / Encrypt without any imported certificates. (One of the (i) Icons should have been highlighted by a hint)

So Willy should realize that he does not really want to use a password as Johnny has sent him some file which might be called "Certificate" in this application and check why the other options are disabled.

So this is where he tries to import that file he received.

That seems to have worked

We might want to add another step here that explains about the need to verify a certificate and offers a shortcut to add a local signature to the certificate

So now Sign/Encrypt with OpenPGP Certificate is available and the text is gone.

The "For whom do you want to encrypt?" Page

See: https://phabricator.kde.org/T2348

Certificate generation

So lets hope Willy realizes that he wants to encrypt to himself, too and selects "Generate Certficate and Secret Key"

We can skip the Protocol selection page, as we already know from the Context that an OpenPGP Certificate is wanted.

Simple Name, EMail Question.

Changes here are:

• Title now is "Generate Certificate and Secret Key"
• Comment was removed
• EMail is optional
• "Real Name" is now just name. (This dialog previously told users "Real Name is required")

The "Summary" page of your keygen request is dropped and the next is the pinentries and then waiting for the key.

Result page is the same.

Results

In case it was encrypted to file the filename will be shown in the usual "Results" Page. and the option to "open containing folder" (instead of the Show Details link that is useless now)

If the input came from the pad. After successful encryption the results page will no longer be shown, instead the Pad will be activated with the plaintext replaced by the encrypted content.

Story 2: User want's to decrypt received data.

Similar to Story 1 regarding input with two variants. Either input through the Pad or select a file.

Choose operations to be performed

This page will be replaced by operations on the Result page (The user already slected the operation -> Decrypt / Verify). There it will allow you to an output folder or to place. After showing the decryption and Verification result decrypted files next to encrypted ones (which is the default for encryption).

It will also offer to extract an archive.

The previous "Input file is a detached signature" will be handled automatically as gpgme will offer this kind of classification. Only if there is no obvious data candidate for the detached signature the user will be asked in a filedialog for that file.

Results

This is most important for the user story. As decryption will likely fail if she just tried to decrypt something which was not encrypted to her.

• On error an improved error dialog is shown. If the error is that for all recipients no secret key was available it will offer to import a secret key and try again. Additionally it should be hinted that she has to generate a certificate and send it to the sender of the message. Including a link to the compendium explaining the basics of public key cryptography.

• On success and Pad input the contents of the Pad are replaced by the decrypted content.
• On success and file input the output filenames / folder will be shown the data is moved to that location only when closing the dialog. This should allow users to make informed decisions (based on verification result) when overwriting files.

It should be hinted for just encrypted results (not signed) That their Authenticity can't be checked. So that users generally get the idea that signing might be a good thing.

Results not really part of the user story:

• Verification results with unknown validity will show more details about the trust to the certificate and will contain a hint how to certify a certificate.
• Verification results with unknown certificates will enable the user to look up the certificate on a public server.

Pinentry

Pinentry feels irritating on first contact with multiple pop ups. It should be changed to

• offer to repeat the passphrase below instead of a second dialog (already done for pinentry 0.9.8)
• quality bar should be a bit more intelligent so that it not just defines 10 characters to 100%. This is unusual to users which are used to more intelligent quality bars that jump e.g. once the first special character is added.