Promoting GnuPG support for Okular and addition to Gpg4win

Andre Heinecke aheinecke at gnupg.org
Tue May 16 11:52:01 BST 2023 

Hi Team,

over the past months we have worked on integrating Okular with the Software 
GnuPG. We do not think that there are any hurdles left that would keep us 
releasing it with the marker experimental in the next release so we can be 
more public about announcing the plans. 

Attached is a "blogish" or Press Release style draft which I would love to get 
some assistance with. It is of course in our interest to promote our product a 
bit, but this is featured a bit too prominent in the article and could be 
toned down. Esp. for something like a dot story.
Websites etc. are not really a sales channel for us.

But it would be nice to get the point across that there will be an easy to 
purchase version of Okular. Because for some it is really important that they 
have a responsible supplier for each of their installed Software things and so 
they shy away from Open Source. Esp. in the Government it is often times 
easier to just request to buy a license of something that you already have a 
contract with then to get something like Okular installed from the Windows 
Store.

And of course this gives all the voices in government an additional incentive 
to stick to their "we prefer Open Source" words and actually use it. Since 
there can be no longer the excuse that this is just "hobbist software". :)

The Gpg4win integration will also just lead to 150-300k Downloads a month. At 
least as long as we mark it as experimental it will not be installed by 
default, though.


I have also sent a mail to okular-devel to detail our release plans a bit:
https://mail.kde.org/pipermail/okular-devel/2023-May/044426.html


This is the first time for me asking KDE-Promo for assistance so what is the 
process here? Will you open a phabricator ticket where I can then attach 
screenshots?

I can provide a beta of our current installer for Windows and demo 
certificates. And screenshots of course. The source code is anyway public. The 
only thing which I currently cannot provide is a beta of our Appimage. I'll 
try to get around to that this week but our Windows release has priority.


Thanks in advance and best Regards,
Andre

-- 
GnuPG.com - a brand of g10 Code, the GnuPG experts.

g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608, www.g10code.com.

GnuPG e.V., Rochusstr. 44, D-40479 Düsseldorf.  VR 11482 Düsseldorf
Vorstand: W.Koch, B.Reiter, A.Heinecke        Mail: board at gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779.   Tel: +49-211-28010702
-------------- next part --------------
# First draft of an announcement regarding Okular in Gpg4win
# probably a bit too long for publication.


Okular to be added to Gpg4win / GnuPG VS-Desktop

With the Gpg4win 4.2.0 release in May, Okular will be added as an optional
component to the Gpg4win installer, in preparation to a later addition
to GnuPG VS-Desktop. This variant of Okular will feature direct integration
with GnuPG.

---> GnuPG VS-Desktop / Company introduction.

g10 Code GmbH is the company behind the matured Open Source workhorse
GnuPG. Recently we were able to convert this into a commercially successful
product with "GnuPG VS-Desktop", which consists mostly of GnuPG and
Kleopatra as the fronted. Together with an Outlook plugin on Windows and
the usual, excellent, KMail integration on Linux. Previously a recipient of
donations, g10 Code is now able to start giving back to the community and recently
became a patron of KDE.

GnuPG VS-Desktop is not only approved for officially restricted
file and mail encryption in Germany (Verschlusssachen ? nur für den Dienstgebrauch), but
also in Europe and across the NATO for EU/NATO RESTRICTED documents. It
has a large customer base with hundreds of thousands installations
already across Europe and is easily purchasable in Germany
through either the large public sector IT suppliers or a framework contract with the
federal government.

The free of charge community versions of these packages (without the approval) are
available for Windows under www.gpg4win.org and https://gnupg.org/download/ (Look for
the AppImage).

---> Okular in General

Okular is probably the best open source document viewer there is. Due to its modular
architecture it combines the achievements of several document handling projects in
a single, accessible interface. It has recently been awarded the "Blue Angel" for
eco friendly software.

KDE Promo -> Please expand here :)

We consider Okular to have the highest security standards already, but to reduce
the attack surface even further our packaging will contain a stripped
down edition of Okular that only comes with PDF support and no support
for any active content. [1]

The fully featured Okular from the Windows Store will be promoted by the GnuPG edition
and recommended to anyone seeking the best User Experience.

Added Okular in GnuPG VS-Desktop will come free of charge to our customers. And
enable many people in the industry and public sector to have a supported alternative to their
Adobe reader installed on their systems. Gpg4win with its dominant market share for
file and mail encryption should also greatly promote Okular as an alternative
document viewer for Windows.

---> Why Okular with GnuPG

Since 2021 Okular got support to sign PDFs with Mozilla NSS. This was great already since
before we had to use a proprietary tool on a Windows VM to sign existing PDFs. And
while the laws behind it took effect over the last decade [2] signing PDFs has become more
and more important esp. with the increase in remote work in recent years.

With GnuPG we bring support of our whole backend with all the algorithms available.
Quite important in Europe as this includes support for the preferred Brainpool ECC curves in
Europe as an alternative to the NIST curves.

And where Mozilla might need proprietary PKCS#11 bridges to smartcards GnuPG has completely
open source support for a multitude of smartcards.
And of course we consider the certificate management in Kleopatra to be much nicer and that
it gives users and Administrators much better control about the acceptable certificate authorities.

---> Status and plans

For now we plan to include our edition of Okular in Gpg4win, marked as experimental for the first
release, and we consider this more of a technical demonstration for early adopters
and a basis for future work.

It works, but the User Experience is not really where we think it should be. Especially
the support for qualified signatures and their promotion is lacking, which we consider a core
feature for business and power users.

With added feedback we will continue to improve the support and integration, both in the
backend and in Okular. With a strong focus of stability and reliability accross
the board.

While it is possible with GnuPG to create a self-signed S/MIME certificate based on an
OpenPGP key you will still need an S/MIME certificate as these are the only ones considered
legal. But as there can be usecases e.g. for internal signatures for OpenPGP, too we might
consider to make this easier and better integrated in the future.




1: Anecdote: We have customers that redirect incoming PDFs by Mail, e.g. from Applicants to
a throwaway Virtual Machine, open it there, let it make screenshots of each page and then
resend the pictures instead of the PDF document to the original recipient.

2: https://en.wikipedia.org/wiki/Qualified_electronic_signature
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 5655 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-promo/attachments/20230516/bd612b0b/attachment.sig>

More information about the kde-promo mailing list