K-9: Add Option to disable encrypting/signing by default

Technically a duplicate of #1743 but that one was closed for veering wildly off-topic.

Please stick to the topic. Raising issues like what options are available re encryption/signing is not for here.

Hi,
the switch from AGP to OpenKeychain just bit me too. K9 now won't encrypt emails: this is the error message: "No keys configured for signing, please check your settings".

But I don't want to GPG-sign my emails, I only want to send GPG encrypted emails. K9+OpenKeychain now (seem) to require the keypair to be on the Android phone. I'm not sure I want my secret key on a phone.

With AGP this was not a problem. You could simply encrypt it for the recipient, and send it off.

This is with OpenKeychain 4.2 and K9 5.202

@dingesista This is not an issue with OpenKeychain vs APG. It’s a design decision in K-9. @Valodim is supposed to write a blog post about it some time soon.

The use case people seem to have seems to be "I don't want to have my signing key on my phone". I wonder if there is a way to handle this situation with a mobile-specific signing subkey.

Sending messages without signing seems like a fine tradeoff on the sender side because it's so super convenient and doesn't have any apparent disadvantages, but it's a horrible cryptographic choice that has dire consequences for the pgp ecosystem.

I have my key on an NFC token but I don't want to use it for every mail.
I sign/encrypt only very important Mails.
And currently I have gpg completely disabled in k9 due to the described issue.

@Valodim Specific signing key is not suitable for all use case. For instance, I don’t trust my phone with it, and I would rather prevent any issue in that direction by not having subkeys at all on my phones than rely on the fact I can revoke this specific subkey. But I, for one, would definitively live without GPG support in K-9. The current state is almost fine for me excepted for the fact I have to move the slider on every mail I send (because I selected OpenKeychain but no key).

Also, just by curiosity, can hardware crypto modules issue subkeys for such use or is the better thing support for those modules in OpenKeychain anyway?

@Valodim et al, thanks for your responses. I can only hope that there will be an option soon to encrypt without signing. I've had to stop sending emails from K9. I can elaborate on my use case: I am (was) used to share simple emails mostly with URLS to myself and a handful of contacts - using my and their public key to encrypt these emails for (only) the recipient. I don’t know how this has, as Vincent suggests, dire cryptographic consequences - I’m seriously interested to reading your explanation. My aim is to encrypt each and every email to contacts with PGP/GPG keys.

It feels like we're getting off topic again. In my opinion this issue should be about a configurable default value for the encryption slider.

Maybe its better when "Encrypt if possible" decides not to encrypt the mail when there is no signing key.?

At the moment, when I write a message to someone whos public key is in my keystore, k-9 always tries to encrypt and I have to turn the "Encrypt if possible"-switch to the left manually.
I only sometimes want to encrypt mails, not as default.

There is no other way I can find to disable this behaviour, as by removing the key(/s of this contact), disable the Cryptography by choosing "None" in the OpenPGP app or to freeze/uninstall OpenKeychain.
Neither of this is comfortable.
At the moment I disabled Cryptography ("none").

Did I miss something in the settings and this is not the design of it? Seems not optimal.
Thanks.

You perfectly described what happens to me. In fact, when I use mobile
terminals I use encryption but since I cannot install decrypting software
on the pc I use in my workplace, emails I receive in this case, to be
visible, must be in the clear. The app, so far, forces decisions everytime
while in a different configuration it should suffice to select if and only
if someone wants encryption.
Hoping they will solve the issue.

>

Maybe somebody knows where exactly in the code the default setting is set, so maybe one could compile a version with default unencrypted?
I searched now in:
/k-9/k9mail/src/main/java/com/fsck/k9/activity/compose/CryptoSettingsDialog.java
and found some method:
CryptoSettingsDialog
and found something like:
ARG_CURRENT_MODE
or
current_mode
But it is not enough for my knowledge to change the default.
Maybe some of the cketties could hint it?
Thank

I thought about it and I think if the last setting could just be saved this would be the best.
So if someone often needs it, he wouldnt need to change the switch. At the moment there is the default and no saved setting.

Ouff. I found it.
The hardcoded setting is in the RecipientPresenter.java in Line 81:
private CryptoMode currentCryptoMode = CryptoMode.OPPORTUNISTIC;
this is the path:
k9mail/k-9/k9mail/src/main/java/com/fsck/k9/activity/compose/RecipientPresenter.java
OPPORTUNISTIC means to encrypt if a key is available. I set this to:
private CryptoMode currentCryptoMode = CryptoMode.DISABLE;
and any new mail with a recipient where I have a key is set to not encrypt by default.
I can set it then manually to encrypt or encrypt and sign (called: PRIVATE / CryptoMode.PRIVATE)
But best would be, I think now, to use the last setting, because often I mail many times to one person and it is then normally each time encrypted or none. But maybe there is a better way.

I for myself now compile a version without the default encryption.
EDIT: works :)

That's great!!

When will we see this is in a release?

I assume this change has made it into the release, because that's how my K-9 behaves recently. I have to think of activating encryption every time. I am not happy about it. I preferred the former default behaviour.
The title of this post was "add option to ..." (which is a good idea), not "change default", (which is what was implemented in https://github.com/k9mail/k-9/commit/5bc61258d1c864297a7e5bfe625cfa81f635bafc).

you can enable mutual mode, which will cause k-9 to encrypt to other people who have enabled this setting. please see here for a rationale

Aha, thanks for the answer. I don't really get Autocrypt yet and 5.5 is not yet on FDroid, but I see this change has not been a spontaneous action by a single user. Somebody seems to have thought a while about this.