KMail/Protected Headers

From KDE UserBase Wiki

KMail support Protected Headers for Cryptographic E-Mails. This means that we also send a signed/encrypted copy of headers and display the signed/encrypted headers if available and ignores the insecure headers. Currently, KMail doesn’t obfuscate the subject to not break current workflows. Those things will be improved later on.

It is transparent for users and no difference is shown for a user, but this feature is only enabled for Grantlee based header themes.

Developers information

If developers want to dig into encrypted headers, there are two places to look for the code. For sending it is the class MessageComposer::ProtectedHeadersJob: messagecomposer/src/job/protectedheaders.h


  • KMime::Content *content - mime part that will be encrypted/signed
  • KMime::Message *skeletonMessage - message the has all the headers, that will be unencrypted over the wire. The headers from this will be copied to `content`
  • bool protectedHeadersObvoscate - obfuscated the subject or not

ProtectedHeadersJob *pJob = new ProtectedHeadersJob;
QObject::connect(pJob, &ProtectedHeadersJob::finished, this, [d, pJob](KJob *job) {...});

For displaying the protected headers, first, the mail needs to get parsed within the MimeTreeParser. If the correct structure is used than the encrypted MimePart is added registered to override and unencrypted header. After that you can use MimeTreeParser::NodeHelper::hasMailHeader and other methods to ask the system to give you the correct header for and mail. This is done for Grantlee based header themes.