LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Front page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The Grumpy Editor, graphical mail clients, and GPG

[Posted July 20, 2004 by corbet]

This article is part of the LWN Grumpy Editor series.
Your editor's review of graphical email clients drew a couple of complaints for having neglected to look at how those clients handle message encryption and authentication. There is a confession to be made here: your editor, despite having been an enthusiastic cypherpunks participant many years ago, despite believing that email should be encrypted whenever possible ("why communicate via postcards" and all that), and despite having pulled down copies of PGP back in the days when it really was important to get as many copies in circulation as possible, has made very little use of tools like PGP and (later) GPG. The need has not been pressing, and the hassle factor has been just a little too high.

Encrypted communications remain important, however. Perhaps, thinks your editor, the current crop of graphical email clients will have made life easier for those who want to use cryptographic technologies with mail. Thus this article, which examines the quality of crypto support in graphical email applications. Your editor has not forgotten his promise to look at non-graphical clients as well; that article will come before too long. Honest.

Email crypto overview

To properly set the context for a review of crypto support, it's necessary to cover some background material. Those experienced with using GPG with mail, and who don't feel inclined to heckle, can probably skip the following material.

There are two fundamental tasks which must be performed by a mail client which supports crypto:

  • Encryption: encoding the contents of a message so that only the designated recipient(s) can read it. Naturally, the client must also support decryption of incoming encrypted messages.

  • Authentication: confirming that a given message was really sent by the person it claims to be from. On the sending side, the client must be able to "sign" a message with an encrypted hash of its contents; the recipient must be able to decrypt the hash, confirm that it matches the message's contents and that it was encrypted with the sender's private key. If everything checks out, the recipient can have a high degree of confidence that the message was sent by the owner of the private key, and that it was not modified in transit.

These two functions are completely independent of each other. Plain-text messages can be (and often are) signed for authentication, while encrypted messages need not carry a signature.

There are various other functions the client can provide to help with cryptographic communications. At the top of the list, perhaps, is making it easy to send a public key to a correspondent, and to add a key received from elsewhere to the key ring.

There is another issue which must be kept in mind when dealing with cryptography and email: how the mail is to be formatted. There are two mechanisms in common use:

  • Inline "ascii armor" encoding. In this mode, GPG formats the message with some surrounding header information and the whole assembly is transmitted as a simple, text/plain message. This is how PGP did things back in the day when you had to download your copy from the bleeding-edge FIDO network; some mail clients still do things that way now.

  • MIME format, as described in RFC 3156. This format creates a multipart message, one of which contains the entire encrypted message (which can be a multipart MIME message in its own right).

In the modern world, one would think that the MIME format would be the way to go. As it turns out, however, different clients support different formats, and they do not all support both. As a result, you need to know which format your recipient expects if you want to exchange cryptographic messages. The more helpful mail clients can track that information for you.

Finally, it is worth mentioning the S/MIME specification, as found in RFC 2633. S/MIME uses X.509 PKIX certificates for key management; it does not use GPG. There is a certain amount of commercial pressure behind S/MIME; certainly the companies in the digital certificate business like the idea. In the free software community, at least, GPG usage appears to exceed S/MIME usage in a big way. This review will not concern itself with S/MIME other than mentioning it in passing.

Thunderbird

Thunderbird 0.7, out of the box, supports only S/MIME. The user who digs through the menus in search of GPG options will come up empty-handed. [Thunderbird]

When dealing with missing features in Thunderbird, the first response should always be "look for an extension." The relevant extension in this case is Enigmail; it provides what is, arguably, the best crypto support found in any free graphical application.

By default, Enigmail uses inline encoding for outgoing messages (except for those carrying attachments); that behavior can be changed on a per-message or permanent basis, however. Per-recipient preferences are supported; indeed, Enigmail can be configured to automatically sign and/or encrypt messages to specific recipients, and to use specific keys and formats. Keys can be obtained from public keyservers if desired. There is an operation for including a public key in an outgoing message. In general, Enigmail makes sending encrypted mail easy.

On the receiving side, things work just as nicely. Signed messages are automatically validated and marked as such. Decryption works as expected, though (by default), the user often has to explicitly ask it to download a full message from an IMAP server so that decryption can take place. Public keys can be extracted from incoming mail and saved to the keyring. The "import key" functionality is a little brittle, however; if the message containing the key has been signed, Enigmail will not be able to import it.

Enigmail will optionally remember a passphrase for a configurable period of time, and can be told to forget the passphrase. It also has an operation for the generation of keys within the client; this operation may make life easier for users who are completely unfamiliar with GPG, but, perhaps, it goes a little beyond what a mail client should be providing. There is a "view console" operation for advanced users who want to see exactly what GPG is saying.

Overall, Thunderbird with the Enigmail provides outstanding cryptographic support. One wonders why Thunderbird comes with S/MIME support built in, when the (presumably much more heavily used) GPG support must be added separately.

Sylpheed

[Sylpheed] Sylpheed has GPG support, though some distributions (e.g. Fedora) do not enable that support. The essential functionality is there, but the edges are rougher than with some other clients.

By default, Sylpheed will send in MIME format. It can be configured to use the inline format on a per-account basis, but there is no way to specify the encoding for an individual message, or on a per-user basis. Sylpheed encrypts outgoing mail for the recipient only; most other mail clients also encrypt for the sender, so that people can read their own mail.

On the receiving side, Sylpheed only understands MIME-format messages. If you send an inline-encoded, encrypted message to yourself with Sylpheed, it will be unable to read its own output. Sylpheed verifies signatures automatically, but does not make the result immediately apparent; see the screen shot for an example of what Sylpheed does when the signature does not check out. This client can be configured to pop up a window with result of each signature validation; it does make these results more evident, but requires the user to be forever dismissing popups. If you receive an encrypted message, the only way to know will be the passphrase prompt which pops up - Sylpheed does not mark the message as having been encrypted.

Sylpheed does not remember passphrases by default, but can be configured to do so, with a configurable timeout. It lacks a "forget the passphrase" operation, however. There is no provision for sending keys, or for importing keys from an incoming message.

In summary: Sylpheed has the features needed for cryptographic communications, but they could be a little better developed. The biggest shortcoming, probably, is the inability to receive inline-encoded messages from correspondents.

KMail

[Kmail] KMail has reasonably good GPG support built into it, with (as of version 1.6.2) one glaring omission: it cannot create or understand MIME-encoded, encrypted mail. When it receives such a message, it recognizes the problem and tells the user about it, but that is not entirely satisfying. KMail does have a special plugin mechanism for cryptographic plugins, and a PGP/MIME plugin does exist. The procedure for installing that plugin is seriously daunting, however, and one would guess that relatively few users go to that degree of trouble. Grabbing, configuring, and building half a dozen new libraries and reconfiguring GPG is an entirely different process than installing a Thunderbird extension. So, for the time being, for the majority of users, it must be said that KMail does not support PGP/MIME. KMail does, however, have support for old versions of PGP (as opposed to GPG), should that still be useful for anybody.

The composition interface works well, with the usual "encrypt" and "sign" options available from the toolbar. KMail has a nice option to "encrypt whenever possible," which means anytime it can find keys corresponding to the recipients. It is not quite as nice as per-recipient preferences, but probably does the right thing most of the time. Since KMail does not support PGP/MIME, it sends attachments in the clear - even if the message itself is supposed to be encrypted.

The receiving side works as it should. Signed and encrypted messages are marked in an impressively garish manner (see the screenshot); fortunately, it is possible to change the colors used.

If configured to do so, KMail will remember passphrases, but with no timeout and no "forget" operation. There is no mechanism to send or import keys. Your editor was also able to crash KMail several times while exercising the crypto operations, which is not a generally good thing. In general, KMail's GPG support gives the impression of being a work in progress. Once things stabilize and the new MIME code is integrated, KMail should have crypto support which is second to none.

Evolution

[Evolution] Evolution 1.5.9 comes with GPG support, though one has to dig a bit to set it up. The "settings" dialog makes no mention of it; one has to go into the edit screen for an individual mail account. S/MIME support can also be turned on in this way. Unlike the other mail clients reviewed here, Evolution requires the user to explicitly supply a key ID before it will work with GPG, and there is no nice widget for the selection of that ID.

Evolution only works with MIME-encoded messages; it cannot create or understand the inline format. Composition works as expected; there is no provision for per-recipient preferences or automatic encryption. Received mail is automatically verified and decrypted, and the results displayed prominently. There is also a button for obtaining detailed information, including the output from gpg (shown in the screenshot).

Evolution will, when told to do so, remember a passphrase "until the end of the session." Selecting "forget passwords" on the "Actions" menu will cause it to forget the passphrase. There is no provision for sending or importing public keys. All told, Evolution has all of the features one really needs to use GPG with email, and not a whole lot more.

Balsa

[Balsa] Balsa comes with reasonably complete GPG support. It understands both MIME and inline format; it creates encrypted and signed mail in MIME format by default, but that can be changed on a per-message basis. There is no provision for per-recipient preferences.

Composition works as usual. If you attempt to send an encrypted message with attachments in inline format, Balsa will warn you that the attachments will be sent in the clear. There is an "always encrypt" option which causes the send to fail if no public key exists in the keyring for the recipient; there is no keyserver capability.

Decryption and signature verification are performed automatically. Encrypted messages are not marked as such. Signature information, instead, is appended to the text of the message. If signature verification fails, a popup window alerts the user to the fact.

Balsa does not remember passphrases, so the user must get used to typing it in often.

Overall, Balsa provides the functionality that one really needs. As is generally the case with Balsa, it feels less slick than with some of the other graphical mailers, but the necessary capabilities are there.

Summary

Moreso than some other subjects reviewed by your editor, this one boils down well to a summary table. So, here it is:

Client Send Receive Recip. Import Auto Passphrase
InlineMIME InlineMIME prefs key encrypt Keep Forget S/MIME
Balsa Y Y Y Y n n Y n n n
Evolution n Y n Y n n n Y Y Y
KMail Y n Y n n n Y Y n n
Sylpheed Y Y n Y n n n Y n n
Thunderbird Y Y Y Y Y Y Y Y Y Y

Looking at the table, it is evident that all of the graphical mail clients reviewed have implemented support for GPG-encrypted and signed messages. That is a good start. The sad thing is that, due the the existence of two different standards, these clients cannot all interoperate with each other. Given the history of the old format, and the clear superiority of the new format (which is more flexible, less dependent on GPG in particular, and can encrypt attachments), it really seems that a proper client should, at this time, support both.

These issues will eventually be worked out. Even before then, however, relatively transparent and easy encryption and authentication have been put into the hands of millions of users worldwide. That can only be a good thing.

(Log in to post comments)

The Grumpy Editor, graphical mail clients, and GPG

Posted Jul 20, 2004 3:16 UTC (Tue) by ronaldcole (guest, #1462) [Link]

Being a VM/Mailcrypt under Emacs user for a decade, I've quite a few inline-encrypted email saved. So take a guess at why I eschew Evolution... Now that I'm aware of Thunderbird, perhaps I'll take a look. Thanks for the grumpy articles!

Kmail and PGP/MIME

Posted Jul 20, 2004 4:58 UTC (Tue) by rfunk (subscriber, #4054) [Link]

I agree that the steps to make Kmail work with PGP/MIME are daunting.
However, it's less daunting to make the receiving side work than the
sending side. So right now I have Kmail configured to understand any PGP
mail sent to me, whether it's inline or MIME, but I can only send inline.
(The problem with sending boils down to entering the passphrase through a
gpg-agent that hadn't actually been released yet last I checked, and
wouldn't be very convenient to use anyway.)

I'm very much looking forward to PGP/MIME support (both sending and
receiving) being built into Kmail rather than being an add-on.

Kmail and PGP/MIME

Posted Jul 20, 2004 20:42 UTC (Tue) by dd9jn (subscriber, #4459) [Link]

You are right, the installation of the gnupg 2 line of code (gnupg-1.9 will eventually end up as gnupg 2) is not as easy as the standard gpg. One problem seems to be that I have been pretty conservative and flagged the gnupg 1.9 branch as "experimental". This is not really the truth but more a consession for the 1.2 branch (tagged "stable") and the 1.3 branch (tagged "development"). A suggestion for a better tag is welcome.

gnupg 1.9 is really usable and part of the EPROSS release done by the German BSI (they need the S/MIME part of it). One thing which is not yet really stable is the gpg part (i.e. the classic OpenPGP) of gnupg-1.9 - however it gets installed as gpg2 and will peacefully coexists with any other gpg.

Even old gpgs (1.2.4 or 1.3.6) can make use of the gpg-agent. Given the problems people have with it, today I added a new configure option to allow building just the agent. I hope this will make it easier for distributions to package just gpg-agent so that all gpg aware tools can make use of the passphrase caching and don't need to care about the passphrase dialog at all.

I am convinced that the recent work done at the CVS Kmail will result in an outstanding support for PGP/MIME, that old inline PGP and S/MIME.

Kmail and PGP/MIME

Posted Jul 24, 2004 10:33 UTC (Sat) by jmayer (subscriber, #595) [Link]

Well, things become even less daunting if your vendor does a proper job:
I'm running Suse 9.1 and they added the plugins already. Now, that's quite
easy to install :) So what I'd have liked to see would have been not just
an
'n' in that table but, where applicable of course, a 'n(y)' for those who
have the plugins installed. It would have resulted in a fairer comparison,
given that Thunderbird was rated with extensions - where I'd like to see a
'n(y)' as well, btw.

The Grumpy Editor, graphical mail clients, and GPG

Posted Jul 20, 2004 5:01 UTC (Tue) by shahms (subscriber, #8877) [Link]

If you leave the GPG ID field blank, Evolution will attempt to use the email address of the sender; manually specifying it is not required, but allowed if your name or email address don't match the GPG ID you want to use.

Import Key

Posted Jul 20, 2004 5:03 UTC (Tue) by rfunk (subscriber, #4054) [Link]

I never use (or miss) "import key" functionality, since I have gpg
configured to automatically fetch keys from a keyserver if I don't
already have the necessary key, and I use command-line gpg for key
manipulation.

The biggest problem I've found with the auto-fetch is that it blocks the
whole mailer. For most long-running operations Kmail is good at
separating the UI from the long operation and showing a progress/cancel
control, but for the key fetch it totally blocks without even being able
to redraw (same as the way sylpheed does for just about everything).

The Grumpy Editor, graphical mail clients, and GPG

Posted Jul 20, 2004 8:11 UTC (Tue) by dlang (✭ supporter ✭, #313) [Link]

the biggest reason for people needeing S/MIME support is that they need to interact with people who live in the corporate world where PGP support is only available in an expensive, hard to get licesnce (hard to get becouse the ownership of PGP has changed hands so much that it's hard ro figure out where to go to get a license and what license to get when you get there) GPG is free, but doesn't always have nice interactions with propriatary mail clients.

however all of these propriatary clients include S/MIME support, and while they would prefer you to buy certs from someone, they work just fine with certs produced by OpenSSL. as such it's frequently far easier for companies to deploy S/MIME then PGP/GPG and if you need to talk with them securely you need to adapt to their choice of software (you may not like this fact, but it's real. this is the same reason that OpenOffice is so important becouse it accepts the microsoft formats rather then just useing a batter format)

The Grumpy Editor, graphical mail clients, and GPG

Posted Jul 21, 2004 17:56 UTC (Wed) by sandymac (guest, #22424) [Link]

I use S/MIME because it's easier to use. In the Win32 world most mail clients support it and most
users who don't care about signatures/encryption don't even notice it's there.

When I used to use PGP/MIME a third of the time I emailed a non-geek I'd get an email back
informing me they couldn't open the attachment and I should resend the email. Until PGP is more
user friendly to recipients I'm going to stick with S/MIME. While I prefer the way PGP works, S/
MIME is "good enough"(TM) for my needs.

I don't really mean to make a plug but I know Thawte has a free S/MIME cert service and their
root cert comes with the default install of many clients. Unfortunately the more open ones such
as cacert.org don't come with default installs.

gpg is so slow :-(

Posted Jul 20, 2004 22:32 UTC (Tue) by lakeland (subscriber, #1157) [Link]

I use kmail from kde 3.3, so I don't have the problem our editor referred
to. However, I find gpg unbearably slow, so the lack of threading in
kmail leads to a long wait. In extreme cases, I have had kmail freeze for
ten minutes before finally coming and telling me somebody's key is
maginally trusted, while one minute is fairly normal. Midway through this
check I cannot (short of running kill) get control of my email program
back.

Now, you could say this is my fault for having too many keys on my
keyring. You'd be right, in a way. But IMO it should only penalise my
signature checks, it shouldn't interfere with just reading the mail. Since
I don't know if other programs support threading, I don't know if kmail
scores worse than others in this regard.

A while ago (two years?) there was an experimental branch of kmail with
threading support for gpg, but it never got incorporated into the
mainline. Ah well, I'm trying out gpg 1.9 now to see if it is any
faster...

Corrin

gpg is so slow :-(

Posted Jul 21, 2004 6:45 UTC (Wed) by dd9jn (subscriber, #4459) [Link]

I guess you either have an ElGamal signing key in your keyring or a large keyring. gpg needs to rebuild its view of the Web of Trust at certain times and that may take quite long. You can avoid this by adding "no-auto-check-trustdb" to gpg.conf and run a nightly cron job of "gpg --batch --check-trustdb".

non-MIME deprecated OpenPGP (formerly called "inline")

Posted Jul 21, 2004 0:34 UTC (Wed) by ber (subscriber, #2142) [Link]

Actually any MIME aware email client SHOULD support PGP/MIME
as written in the OpenPGP RFC.
The old method really poses problems and should better
be described as "non-MIME deprecated OpenPGP" to make this clear.

The huge problem why many people resort to this deprecated format
is that non MIME clients (like Outlook) cannot display the text/plain
contents or the attachemts then.

KMail can do PGP/MIME and S/MIME since 2 years

Posted Jul 21, 2004 0:41 UTC (Wed) by ber (subscriber, #2142) [Link]

The Ägypten project added S/MIME (and PGP/MIME support) to KMail
during 2001-2002. It took a while until it made it into the official KDE releases and the setup was not easy then. Still the modular design (involving GPG) with the gpg-agent is a bit more secure than direct calls of gpg.
The design made it possible to use KMail with crypto integrated circuit cards (aka smartcards) to have fully qualified signatures according to the German
regulations.

The upcoming KDE will have
the results of the Ägypten2 Project (www.gnupg.org/aegypten2):
No "plug-ins" anymore and a lot more GUI functionality to deal with S/MIME certificates and the setup.

The Grumpy Editor, graphical mail clients, and GPG

Posted Jul 22, 2004 23:40 UTC (Thu) by wookey (subscriber, #5501) [Link]

The table for balsa has an 'n' for 'import key'. Perhaps I misunderstand its meaning, but one of the things I noticed when using balsa was that if you got a signed message from someone who's key you didn't have, it has a nice button marked 'get key for this sender' or similar. Click on that and now it tells you that the message checked out, rather than telling you that it couldn't confirm the signature.

So for me that means balsa has exrememly simple GPG key import support - the sort that means any fool can use it.

I've only used balsa for a few messages and test purposes, so I could be confused about all this...

Evolution and GPG

Posted Jul 23, 2004 1:18 UTC (Fri) by dwmw2 (subscriber, #2063) [Link]

You forgot to mention that Evolution will lock up for minutes at a time, without even bothering to render the plain text of a signed email, while GPG downloads keys from keyservers, checks its trustdb, etc.

Not an exercise in good UI design, that one -- almost as good as the way it downloads a multi-megabyte application/octet-stream attachment before showing you the text part of the message too. Another of the cases where you often end up starting pine to read your email while waiting for Evo... :)

The Grumpy Editor, graphical mail clients, and GPG

Posted Jul 23, 2004 22:49 UTC (Fri) by gargamel (guest, #10918) [Link]

Thunderbird support S/MIME as this is what most corporate Public Key
Infrastructure (PKI) installations are based on. The last figures I saw
stated that the market share of (G)PGP is 60% while S/MIME has 40%, the
main difference being that private people and small companies normally
don't use S/MIME, while large enterprises prefer S/MIME.

The reason for large companies preferring S/MIME is that you don't have
to build a "web of trust". Instead CIOs (Chief Information Officers)
prefer to rely on Certification Authorities (CA) for authentication and
validity of certificates.

So when you receive a certificate in (G)PGP you have to trust *somebody*
that he/she is the person he/she claims to be. In S/MIME a CA (like
Verisign, eg) digitally signs the certificate of your communication
partner. The CA grants for the authenticity of certificates and the true
identity of your communication partner.

Another reason for large enterprises to trust Verisign and other CAs more
than people they already know, is that CIOs like to spend money on things
they could have free of charge... (like Operating Systems etc...) ;-)

Alex

importing keys

Posted Jul 29, 2004 8:56 UTC (Thu) by mooobo (guest, #23547) [Link]

Hi,

actually there's no advanced keyhandling in kmail because there is
this nice kgpg. Ever noticed the lock icon in your system tray? Click on
it and query your keyserver as long (and blocking) as you like.

... waiting for Ägypten.

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds