Ideas for Kleopatra UI Improvements for Gpg4win-3.0.0

For the next major version of Gpg4win we want to mostly improve the initial contact with our user facing application. We also want to improve some common workflows and the dialogs used for that.

Here are some ideas / analysis to improve the "First start experience"


During Installation we want to show the user where to Access the Applications. E.g. show the Kleopatra Icon and name to associate Kleopatra with Gpg4win. Also a picture of the Windows Explorer menu with the new entry for GpgEX highlighted. Finally (if a user has selected GpgOL) a picture of where GpgOL can be found in Outlook.


Many users might not start with Kleopatra but rather

User stories (First Contact)

The ideas are based on these three User stories:

  1. User was asked for a PGP Certificate by someone else.
  2. User wants to encrypt data before sending it to someone.
  3. User wants to decrypt received data.

There are of course way more but these may be the most important use cases for the initial contact with Kleopatra.

If a user uses other software for Encryption and Kleopatra just for Certificate Management the initial contact is through the Mail Application. Each of these general stories can be split up in substories for the kind of data and communication channel but to keep things simple we just assume that data can mean:


Introducing new Concepts

The Pad

If certificate management is secondary we need a new primary view. This could be a data I/O Widget the "Pad" (or just "Pad"). The "Pad" is in principle a TextEditor with an added File list. That can be used for data IO. A bit like GPA's clipboard, but to gracefully handle files and text combined. You can also use it to import certificates.

It's a replacement for the "in place" clipboard actions which are not good as the user needs a second application to work with it. Also in place changing the clipboard contents feels unintuitive and is an uncommon concept.

MIME Support

To gracefully handle combined text and File messages the Pad will support MIME Messages. When encrypting plain text only it will create PGP messages. When files come into the mix PGP/MIME is used. If a directory is added the Pad will create a tarball of it. As an additional advantage it will enable you to work with Crypto MIME Message you have received in your web interface.

The file list will support drag&drop in both directions. The text edit might support saving, loading and printing of text files.

Disabled Actions

When an Action is disabled Kleopatra will place "Why is this disabled" buttons next to the action. Each button will bring up a short explanation above the disabled item with options to solve the problem. An extremely long "How does this work" or some kind of "Tell me more" coul be added in the dialogs that would open the according compendium entry.

This is mostly important initially where we will disable certificate actions until certificates are imported or generated.

Example: In the encrypt dialog initially (without any certificates) Encryption will be disabled with the "Why is this disabled" Icon explaining that you need the public certificate of a recipient for this and will offer to open the "import certificates from file" dialog. Afterwards the icon is gone there. Similarly an "Encrypt to self" and "Sign" will be disabled with such a button next to it.

Goal: The user should be able to get the idea "Ah I have to probably import that weird file someone who wanted to exchange encrypted messages with me sent me now".


Hint's will be short explanations or tips, like tooltips but not triggered by the mouse focus but by some point in time. E.g. the first time a dialog is shown or if a user repeatedly ignored something. The hints should be unobtrusive.

Examples: When you see the sign / encrypt certificate for the first time the sign area will get a tooltip "Signing ensures that your message can't be replaced by someone else." And then probably if you don't sign for 5 times or next week it will show again.

First steps with Kleopatra




Creation of MIME messages is probably not an important enough use case for the effort to implement it. A mime Read that shows decrypted files like attachments is more important for the webmail usecase.

Mockup of the Pad View.

Story 1: User was asked for a PGP Certificate by someone else

On First Start when no secret Keys are Known Kleopatra will not show the Main Window but instead the Certificate Creation Wizard with a page before it that will allow to import an existing secret key.

Changes to certificate creation wizard


Current Results page offers too many unrelated Options. It should show where the GNUPGHOME directory is with a note that this directory contains all important information and should be backed up. After creation an export of the Certificate will be offered.

Story 2: User want's to encrypt some data

So we assume that the user "Willy" was told by "Johnny" already using PGP to encrypt a message to him. Johnny sent his Certificate along with a link to Gpg4win.

Variant A) The user just hits encrypt without entering things.

Variant B) The user entered some plaintext in the Pad.


Mockup for Variant B. Text entered in the Pad. Something that says Encrypt is visible so let's click on that.

The "What do you want to do?" Page

Note: After more deliberation we are now trying to unify the sign / encryption page to one wizard page where the operation is based on the selected certificates / options and with a new E-Mail centric certificate selection.

See: For the development task.

Below Mockups are still valid to show the "Why is this disabled" pattern:


Mockup: Sign / Encrypt without any imported certificates. (One of the (i) Icons should have been highlighted by a hint)

So Willy should realize that he does not really want to use a password as Johnny has sent him some file which might be called "Certificate" in this application and check why the other options are disabled.


So this is where he tries to import that file he received.


That seems to have worked


We might want to add another step here that explains about the need to verify a certificate and offers a shortcut to add a local signature to the certificate

So now Sign/Encrypt with OpenPGP Certificate is available and the text is gone.


The "For whom do you want to encrypt?" Page


Certificate generation

So lets hope Willy realizes that he wants to encrypt to himself, too and selects "Generate Certficate and Secret Key"

We can skip the Protocol selection page, as we already know from the Context that an OpenPGP Certificate is wanted.


Simple Name, EMail Question.

Changes here are:

The "Summary" page of your keygen request is dropped and the next is the pinentries and then waiting for the key.


Result page is the same.



In case it was encrypted to file the filename will be shown in the usual "Results" Page. and the option to "open containing folder" (instead of the Show Details link that is useless now)

If the input came from the pad. After successful encryption the results page will no longer be shown, instead the Pad will be activated with the plaintext replaced by the encrypted content.


Story 2: User want's to decrypt received data.

Similar to Story 1 regarding input with two variants. Either input through the Pad or select a file.

Choose operations to be performed

This page will be replaced by operations on the Result page (The user already slected the operation -> Decrypt / Verify). There it will allow you to an output folder or to place. After showing the decryption and Verification result decrypted files next to encrypted ones (which is the default for encryption).

It will also offer to extract an archive.

The previous "Input file is a detached signature" will be handled automatically as gpgme will offer this kind of classification. Only if there is no obvious data candidate for the detached signature the user will be asked in a filedialog for that file.


This is most important for the user story. As decryption will likely fail if she just tried to decrypt something which was not encrypted to her.

It should be hinted for just encrypted results (not signed) That their Authenticity can't be checked. So that users generally get the idea that signing might be a good thing.

Results not really part of the user story:


Pinentry feels irritating on first contact with multiple pop ups. It should be changed to

KleopatraUi3 (last edited 2016-04-27 13:11:37 by AndreHeinecke)