I have been signing my email for the last couple of years. I do this because I want to promote a world where people have cryptographic keys as a matter of course. In a world like that, I could send encrypted email to my contacts, and not have anybody being able to snoop on my correspondence.
Unfortunately, this is not an easy task. I use Kmail, because it is the only mailer that I actually like. When it work, it does things exactly the way I want them. When you have to change things, it is often a very difficult task.
So, when Kmail reported that my certificate for signing email was about to run out, it triggered a chain of tasks before I had a new certificate in place. I had signed up for a free certificate from CAcert.org. Fortunately they use my email address for identification. Then I went through the circus of generating a new password for my account. CAcert requires a password with lower case, capitals, digits and special characters. I have no clue what my old one was, or where I wrote it down.
Updating the cert was a breeze, and downloading it in my Iceweasel (Firefox) was also simple. Unfortunately, the backup/export from Iceweasel wasn't importable in Kleopatra. After reading web pages for a while, I realized that using Konqueror would give a different result.
I download the cert and now I can import it into Kleopatra. Great joy!
Unfortunately, I'm not done. Kmail desn't know that I have a new cert. I have to go into the settings of Kmail and point to a new cert, which is just identified with a different hexadecimal ID. Since I just had 2, it was easy to pick the other one. They seem to be hard to remove, so I'll probably have a chore the day I have half a dozen.
So, in summary, I have had to do 4 steps to get a new cert:
1. Generate one at Cacert.org
2. Download it using Konqueror, a browser I normally don't use
3. Manually import it into Kleopatra (don't forget to remove the downloaded file, or to stash it in a safe place)
4. Manually update Kmail
This is not user friendy, humane or usable. I do this once every 6 months, because my cert expires. This is often enough that the job should be made easy. It is also seldom enough that I forget the steps between times and have the same chore every time I have to do this.
What I'd like to see is a plugin module for Kmail, that perfoms all the steps. Takes my password for CAcert from my kde wallet, logs in to CAcert, updates the password, downloads it, stashes it into Kleopatra and updates Kmail to use the new certs.
Before it becomes this simple, cryptographic keys will never become popular.
No comments:
Post a Comment