Blog > PGP encryption for Kube

PGP encryption for Kube

Secure and confidential communication is an important requirement for a society, and something, I think, we should provide to as many people as possible.
A popular mechanism to achieve this is to use public-key cryptography, which allows a person to encrypt a message to a persons key, so that only the intended recipient can decrypt the message. This means that even if an attacker would get his hands on the encrypted message, without the key, it’s only useless gibberish.

As one of the primary usecases of Kube is communication, it should also support you in doing so in a secure and confidential fashion.


Using a desktop client allows you to encrypt your messages before you even connect to any server, and thus helps improving security before you even connect to any network. So even if the server should be compromised, all an attacker could get to are your encrypted messages, with your key safely stored on your own personal device.

The composer with encryption settings.

For Kube all encryption is based on GnuPG (the implementation of OpenPGP (RFC4880)), thus building on tested and proven technology.

No key management, for now anyways

A major aspect of encrypted communication is certainly keymanagement, that is, ensuring you have the keys for other parties you want to communicate with available, as well as managing your own key(s). This is traditionally where most solutions fall short in usability and why encryption often seems harder to use than it should be, so certainly something that we’d like to improve eventually.

However, in this first version we forgo keymanagement, and completely rely on GnuPG for it. There are various tools available to create a personal key, fetch other participants keys and manage trust of keys, all that Kube does is search for locally available keys that match the given email address.

We don’t have the key for doe@example.org it seems…

Once the keys are set-up though, using encrypted communication is effortless. All you have to do is set a checkbox in the composer and your communication will be encrypted.

When encrypting, recipient keys are looked-up up by email-address, and the message is encrypted to all found keys. When encrypting you will only be able to send the message if  a key was found for all recipients, otherwise the send button will be disabled and an open lock icon will identify the recipient for which no key was found.

If your personal key is not found (looked up by your email-address), then both encryption and signing will be disabled.

A warning is displayed if your personal key could not be found.

Try it

If you want to try it just update to the latest flatpak.

For more info about Kube, please head over to About Kube.