Autocrypt internal data in Akonadi

Ingo Klöcker kloecker at kde.org
Mon Aug 31 10:07:53 BST 2020 

Hi Sandro,

On Montag, 31. August 2020 00:40:50 CEST Sandro Knauß wrote:
> I want to implement [Autocrpyt] support in KMail. I need to store the
> internal state of Autocrypt per peer. But I'm not sure what is the best way
> to do it.

Do you know about GnuPG's plans for automated encryption?
https://wiki.gnupg.org/AutomatedEncryption

> The data I need to store is per email address [1]:
> * last_seen (timestamp)
> * autocrypt_timestamp (timestamp)
> * public_key (public key material)
> * prefer_encrypt (boolean)
> * gossip_timestamp (timestamp)
> * gossip_key (public key material)
> 
> All those data need to be updated, when a new email is processed.

I'm wondering whether it wouldn't be better if this data was stored by GnuPG 
rather than by the client. I think, the last_seen timestamp is already stored 
by GnuPG as part of TOFU.

> Okay the one side I already quite familiar with to write a plugin for
> mimetreeparser to extract the data to push them datastore.
> 
> But what is the datastore?

See above. Did you consider GnuPG? Did you talk to Andre Heinecke who will 
need the same for GpgOL? I'd appreciate if we joined forces on this.

Independent of the possibility for joining forces I'm wondering whether using 
Akonadi as datastore for this data is a good idea.

> A new autorcrypt resource and implement the new
> data as AkonadiAttribute? The AkonadiAttribute is the better solution, as
> this allows that resources, that they can support to sync this data in
> future.

Since this data can be highly sensitive, I think, that the synchronization 
must be end-to-end encrypted. Therefore, I'm skeptical about using Akonadi for 
synching this data using normal Akonadi synchronization features that do not 
guarantee confidentiality.

> Or use a Contact Resource and overload KContacts:Addressee to store
> the data in the X-AUTOCYPT-BLABLA and use Akonadi Search to index this
> resource to find the correct entry to update, when processing the mail. But
> both seem not fitting 100%, so maybe you have better ideas, how to store
> the data in Akonadi.

I'd prefer to let GnuPG handle the storage. I may be able to help with this. 
If using GnuPG is not an option, then I'd prefer a storage that is independent 
of Akonadi. A future end-to-end-encrypted synchronization could still be 
implemented using Akonadi at a later point in time.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20200831/cb5f14d8/attachment.sig>

More information about the kde-pim mailing list