Replace Seahorse and OpenPGP Applet with Kleopatra

Why

An interesting insight from the interview with Daniel Moßbrucker is that our PGP tools are so scattered around the place and hard to discover that he added Kleopatra to his Additional Software thinking that it was not possible to generate a PGP key in Tails and encrypt/decrypt files.

After only some quick tests, it seems like Kleopatra could replace Seahorse, OpenPGP Applet, and the Nautilus integration. It also allows symmetric encryption.

I found other anecdotal evidence of people looking for something like Kleopatra in Tails, sometimes because they miss our other tools:

I also found 10 people who had Kleopatra in their Additional Software from WhisperBack reports in 2020 and 2021:

  • 2021Q4/Bug_report:e4f441d60001b6466fee1e92ec48bc09-tails-bugs@boum.org-_2021-11-21_1218.asc Satellite C55D-A
  • 2021Q1/Bug_report:6cdd05d84ed96976f4c2947158ecb5d5-tails-bugs@boum.org-_2021-02-12_1719.asc Satellite C55D-A
  • 2020Q4/Bug_report:128406ad6cc4be9befced6806f9cff1d-tails-bugs@boum.org-_2020-11-29_0610.asc HP Laptop 14-dk1xxx
  • 2020Q4/Bug_report:47caec911b29dd8e9cd45fc87ed4c34b-tails-bugs@boum.org-_2020-11-18_1215.asc HP Laptop 14-dk1xxx
  • 2020Q4/Bug_report:f8286cf48c032b6d98481bbdeb0f91cf-tails-bugs@boum.org-_2020-11-18_1217.asc HP Laptop 14-dk1xxx
  • 2021Q4/Bug_report:1d01d7fccf79da0a9b722996b889e007-tails-bugs@boum.org-_2021-12-05_1826.asc ROG Zephyrus G14 GA401IV_GA401IV
  • 2021Q4/Bug_report:c0d64df62b260592da49d55f47cbfef6-tails-bugs@boum.org-_2021-12-29_2326.asc ROG Zephyrus G14 GA401IV_GA401IV
  • 2021Q4/Bug_report:f9d3084e5d6f5ab39b80a663f88f3362-tails-bugs@boum.org-_2021-12-21_1310.asc ROG Zephyrus G14 GA401IV_GA401IV
  • 2021Q4/Bug_report:2058da9a7c5c80132173a6904c21251-tails-bugs@boum.org-_2021-12-29_2327.asc ROG Zephyrus G14 GA401IV_GA401IV
  • 2021Q1/Bug_report:4a578f934856b0b8a3b233486e7fbd6c-tails-bugs@boum.org-_2021-02-25_0654.asc M17xR4
  • 2020Q4/Bug_report:d966c1a46b1cb4a19538265d3fc2741e-tails-bugs@boum.org-_2020-12-04_1507.asc M17xR4
  • 2021Q3/Bug_report:675e81931735c84845c6ba4329b0324a-tails-bugs@boum.org-_2021-08-06_0325.asc VX6
  • 2021Q4/Bug_report:35df315d74903fd90fae94ad9fb44b85-tails-bugs@boum.org-_2021-11-08_2136.asc X200MA
  • 2021Q3/Bug_report:4fd0cad27ca4d87baabea200e46d376f-tails-bugs@boum.org-_2021-08-27_0135.asc Alienware Aurora R7
  • 2021Q3/Bug_report:c1bdb131ae460e6417e826e8658b00ba-tails-bugs@boum.org-_2021-07-15_1055.asc System Product Name
  • 2020Q4/Bug_report:85f207b60bee40c94be5d76dca8fb22e-tails-bugs@boum.org-_2020-12-21_0641.asc Acer Peppy 1.0
  • 2020Q1/Bug_report:d953d7d2bdad369892d0e9c090e52769-tails-bugs@boum.org-_2020-03-31_1354.asc MacBookPro12,1

An advantage of Kleopatra is that it seems to be the most popular PGP client for Windows as well since it's integrated in Gpg4Win: https://www.gpg4win.org/download.html.

A downside is that it's a KDE application and would pull out tons of new dependencies. I'm building an image to see the actual impact: https://jenkins.tails.boum.org/job/build_Tails_ISO_feature-18875-kleopatra/lastBuild/.

The resulting USB image is 16 MB (1.4%) bigger than 4.28.

This would solve the following tickets:

Not bad for 16 MB 😉

We could also replace Seahorse and OpenPGP Applet by Kleopatra for 1-2 years, see how frequently it is used, and remove it afterwards and recommend people to install it using the Additional Software instead. It would be a smoother transition than removing Seahorse and OpenPGP Applet and asking people to use Additional Software all at once. Having some kind of telemetry or an updated survey could help us know whether it's worth it to keep Kleopatra included on the long run after that transition period.

To Do

Next steps are tracked on !792 (merged).

Checklist before we decided to actually do this:

  • Test supported use cases on devel
    • Rationale: what's written on the box suggests feature parity; let's verify it actually works 😄
    • Note: All this works on Tails 4.x
    • Symmetric encryption of text
    • Symmetric decryption of text
    • Asymmetric encryption of text
    • Asymmetric decryption of text
    • Symmetric encryption of file
    • Symmetric decryption of file
    • Asymmetric encryption of file
    • Asymmetric decryption of file
    • Download verification
    • Key generation
    • Import public key
    • Export public key
    • Import private key
    • Export private key
    • Search key on keyserver
    • Publish key on keyserver
    • Download key from keyserver
  • Check health of the upstream project 👍
    • Rationale: let's not discover in a year that nobody is fixing bugs there
    • Git history suggests it's mostly a one-person show with occasional contributions from a few other people.
    • In general, hefee sees the project as active and working. hefee thinks they have also quite a nice budget to care about Kleopatra.
    • It is the default key managenment tool for Windows, it is bundled into Gpg4Win
    • Andre and Ingo are paid by g10code
    • Kleopatra development is mostly done via: https://dev.gnupg.org/ and also bugs from GPG4Win end up there and not in https://bugs.kde.org - Kleopatra was a KDE only project and got a lot of interest by gnupg - several libraries moved from KDE to gnupg (the Qt bindings, the C++binding inside GPGME)
    • gpg was selected to be usable for classified files by German authorities and there is quite some momentum/money around GPG4Win.
    • 184 open bug reports, no idea if any of those affect the use cases we support
  • Check health of Debian maintenance
    • All recent work has been done by someone who had grabbed all KDE packaging and was since removed from Debian. Since then the team is in recovery mode.
    • No commit in Git since months.
    • hefee used to be involved in the packaging and is currently cleaning up the development scripts to make it easier for others to do their (former) job.
    • The problem with shipping Kleopatra is, that the KDE team also needs to ship a big bundle of packages called KDE PIM. KDE PIM in general is in the cleanup mode, so they do not give ABI stability at the moment. So all the 60 repositories need to be uploaded together. See https://qt-kde-team.pages.debian.net/applications-18.08-build-deps.html to get an idea. hefee hopes it will work out, that they really install a team of maintainers that can do the packaging. Mostly packaging a new version is running the scripts, but it still takes some time ;)
    • Ubuntu and Debian share the same repos (with other branches) and share the work. But for some reason, Ubuntu has 21.12, while as of 2022-03-16, sid still ships 21.08 while 21.12 was released months ago.
    • There is also (KDE Neon)[https://neon.kde.org/] that shares the same repos. KDE Neon is Ubuntu based distro focusing on building packages from all KDE repos master branch.
    • Bugs like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003458 were not forwarded upstream. hefee confirms that's a symptom of a lack of capacity on the KDE maintenance team.
  • Check popularity
  • Check impact on memory usage
    • Rationale: this could make us run KDE background services or something
  • Check security model
    • The reason I wrote this is: IIRC I've read somewhere that there's a backend. We should check if that's the case, and if so, which apps can talk to the backend. E.g. we don't want to give Tor Browser access to the OpenPGP keyring via Kleopatra. -- intrigeri
Edited by intrigeri