Port to gpgme only.

QGpgme and Gpgmepp are not readily available, the cmake files buggy, the
buildsystem horrendous and generally just difficult to build on windows.
Given that all they are is a wrapper around gpgme, we're better of
without all the indirections.

What we loose is:
* QGpgme moved the work to separate threads (but we then blocked
anyways), something that we can just do in our own code should we want to.
* QGpgme has a function to prettify dn's that was used to show the
signer. Also something we could bring back should we need to (don't know
where it is useful atm.)

Ported messagepart to gpgme

Almost there

Moved the crypto bits to a separate file

All gpg code is in one place.

All tests passing

Use error codes

Cleanup

18 files changed, 692 insertions, 479 deletions

diff --git a/framework/src/CMakeLists.txt b/framework/src/CMakeLists.txt
index e975e61e..a07bdb75 100644
--- a/framework/src/CMakeLists.txt
+++ b/framework/src/CMakeLists.txt
@@ -4,8 +4,7 @@ find_package(KF5Mime 4.87.0 CONFIG REQUIRED)
 find_package(KF5CalendarCore CONFIG REQUIRED)
 find_package(Sink 0.6.0 CONFIG REQUIRED)
 find_package(KAsync CONFIG REQUIRED)
-find_package(QGpgme CONFIG REQUIRED)
-find_package(Gpgmepp CONFIG REQUIRED)
+find_package(Gpgme REQUIRED)
 find_package(KF5Codecs CONFIG REQUIRED)
 find_package(KF5Contacts CONFIG REQUIRED)
 
@@ -73,8 +72,7 @@ target_link_libraries(kubeframework
     KF5::Codecs
     KF5::Contacts
     KAsync
-    QGpgme
-    Gpgmepp
+    gpgme
 )
 install(TARGETS kubeframework DESTINATION ${KDE_INSTALL_TARGETS_DEFAULT_ARGS})
 
diff --git a/framework/src/domain/composercontroller.cpp b/framework/src/domain/composercontroller.cpp
index fc436003..88c0c839 100644
--- a/framework/src/domain/composercontroller.cpp
+++ b/framework/src/domain/composercontroller.cpp
@@ -36,7 +36,7 @@
 #include "mime/mailcrypto.h"
 #include "async.h"
 
-std::vector<MailCrypto::Key> &operator+=(std::vector<MailCrypto::Key> &list, const std::vector<MailCrypto::Key> &add)
+std::vector<Crypto::Key> &operator+=(std::vector<Crypto::Key> &list, const std::vector<Crypto::Key> &add)
 {
     list.insert(std::end(list), std::begin(add), std::end(add));
     return list;
@@ -133,11 +133,11 @@ public:
         mb.fromUnicodeString(addressee);
 
         SinkLog() << "Searching key for: " << mb.address();
-        asyncRun<std::vector<MailCrypto::Key>>(this,
+        asyncRun<std::vector<Crypto::Key>>(this,
             [mb] {
-                return MailCrypto::findKeys(QStringList{} << mb.address(), false, false);
+                return Crypto::findKeys(QStringList{} << mb.address(), false, false);
             },
-            [this, addressee, id](const std::vector<MailCrypto::Key> &keys) {
+            [this, addressee, id](const std::vector<Crypto::Key> &keys) {
                 if (!keys.empty()) {
                     if (keys.size() > 1) {
                         SinkWarning() << "Found more than one key, encrypting to all of them.";
@@ -227,10 +227,10 @@ void ComposerController::findPersonalKey()
 {
     auto identity = getIdentity();
     SinkLog() << "Looking for personal key for: " << identity.address();
-    asyncRun<std::vector<MailCrypto::Key>>(this, [=] {
-            return MailCrypto::findKeys(QStringList{} << identity.address(), true);
+    asyncRun<std::vector<Crypto::Key>>(this, [=] {
+            return Crypto::findKeys(QStringList{} << identity.address(), true);
         },
-        [this](const std::vector<MailCrypto::Key> &keys) {
+        [this](const std::vector<Crypto::Key> &keys) {
             if (keys.empty()) {
                 SinkWarning() << "Failed to find a personal key.";
             } else if (keys.size() > 1) {
@@ -419,23 +419,23 @@ void ComposerController::recordForAutocompletion(const QByteArray &addrSpec, con
     }
 }
 
-std::vector<MailCrypto::Key> ComposerController::getRecipientKeys()
+std::vector<Crypto::Key> ComposerController::getRecipientKeys()
 {
-    std::vector<MailCrypto::Key> keys;
+    std::vector<Crypto::Key> keys;
     {
-        const auto list = toController()->getList<std::vector<MailCrypto::Key>>("key");
+        const auto list = toController()->getList<std::vector<Crypto::Key>>("key");
         for (const auto &l: list) {
             keys.insert(std::end(keys), std::begin(l), std::end(l));
         }
     }
     {
-        const auto list = ccController()->getList<std::vector<MailCrypto::Key>>("key");
+        const auto list = ccController()->getList<std::vector<Crypto::Key>>("key");
         for (const auto &l: list) {
             keys.insert(std::end(keys), std::begin(l), std::end(l));
         }
     }
     {
-        const auto list = bccController()->getList<std::vector<MailCrypto::Key>>("key");
+        const auto list = bccController()->getList<std::vector<Crypto::Key>>("key");
         for (const auto &l: list) {
             keys.insert(std::end(keys), std::begin(l), std::end(l));
         }
@@ -463,17 +463,17 @@ KMime::Message::Ptr ComposerController::assembleMessage()
         };
     });
 
-    MailCrypto::Key attachedKey;
-    std::vector<MailCrypto::Key> signingKeys;
+    Crypto::Key attachedKey;
+    std::vector<Crypto::Key> signingKeys;
     if (getSign()) {
-        signingKeys = getPersonalKeys().value<std::vector<MailCrypto::Key>>();
+        signingKeys = getPersonalKeys().value<std::vector<Crypto::Key>>();
         Q_ASSERT(!signingKeys.empty());
         attachedKey = signingKeys[0];
     }
-    std::vector<MailCrypto::Key> encryptionKeys;
+    std::vector<Crypto::Key> encryptionKeys;
     if (getEncrypt()) {
         //Encrypt to self so we can read the sent message
-        auto personalKeys = getPersonalKeys().value<std::vector<MailCrypto::Key>>();
+        auto personalKeys = getPersonalKeys().value<std::vector<Crypto::Key>>();
 
         attachedKey = personalKeys[0];
 
diff --git a/framework/src/domain/composercontroller.h b/framework/src/domain/composercontroller.h
index 8a831ed5..0d12fcce 100644
--- a/framework/src/domain/composercontroller.h
+++ b/framework/src/domain/composercontroller.h
@@ -65,7 +65,7 @@ class KUBE_EXPORT ComposerController : public Kube::Controller
     KUBE_CONTROLLER_PROPERTY(KMime::Message::Ptr, ExistingMessage, existingMessage)
     KUBE_CONTROLLER_PROPERTY(Sink::ApplicationDomain::Mail, ExistingMail, existingMail)
 
-    KUBE_CONTROLLER_PROPERTY(/*std::vector<MailCrypto::Key>*/QVariant, PersonalKeys, personalKeys)
+    KUBE_CONTROLLER_PROPERTY(/*std::vector<Crypto::Key>*/QVariant, PersonalKeys, personalKeys)
     KUBE_CONTROLLER_PROPERTY(bool, FoundPersonalKeys, foundPersonalKeys)
 
     KUBE_CONTROLLER_LISTCONTROLLER(to)
@@ -109,7 +109,7 @@ private:
     void setMessage(const QSharedPointer<KMime::Message> &msg);
     void addAttachmentPart(KMime::Content *partToAttach);
     KMime::Message::Ptr assembleMessage();
-    std::vector<MailCrypto::Key> getRecipientKeys();
+    std::vector<Crypto::Key> getRecipientKeys();
 
     QScopedPointer<Completer> mRecipientCompleter;
     QScopedPointer<Selector> mIdentitySelector;
diff --git a/framework/src/domain/mime/CMakeLists.txt b/framework/src/domain/mime/CMakeLists.txt
index 1e55e461..9b4da136 100644
--- a/framework/src/domain/mime/CMakeLists.txt
+++ b/framework/src/domain/mime/CMakeLists.txt
@@ -1,9 +1,9 @@
 add_library(mailcrypto STATIC
     mailcrypto.cpp
+    crypto.cpp
 )
 target_link_libraries(mailcrypto
     Qt5::Core
     KF5::Mime
-    QGpgme
-    Gpgmepp
+    gpgme
 )
diff --git a/framework/src/domain/mime/attachmentmodel.cpp b/framework/src/domain/mime/attachmentmodel.cpp
index 45013f85..95a65d81 100644
--- a/framework/src/domain/mime/attachmentmodel.cpp
+++ b/framework/src/domain/mime/attachmentmodel.cpp
@@ -219,7 +219,7 @@ bool AttachmentModel::importPublicKey(const QModelIndex &index)
     const auto part = static_cast<MimeTreeParser::MessagePart *>(index.internalPointer());
     Q_ASSERT(part);
     auto pkey = part->node()->decodedContent();
-    auto result = MailCrypto::importKey(pkey);
+    auto result = Crypto::importKey(pkey);
 
     bool success = true;
     QString message;
diff --git a/framework/src/domain/mime/crypto.cpp b/framework/src/domain/mime/crypto.cpp
new file mode 100644
index 00000000..9722dba8
--- /dev/null
+++ b/framework/src/domain/mime/crypto.cpp
@@ -0,0 +1,442 @@
+/*
+    Copyright (c) 2009 Constantin Berzan <exit3219@gmail.com>
+    Copyright (C) 2010 Klarälvdalens Datakonsult AB, a KDAB Group company, info@kdab.com
+    Copyright (c) 2010 Leo Franchi <lfranchi@kde.org>
+    Copyright (c) 2017 Christian Mollekopf <mollekopf@kolabsys.com>
+
+    This library is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Library General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or (at your
+    option) any later version.
+
+    This library is distributed in the hope that it will be useful, but WITHOUT
+    ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+    FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
+    License for more details.
+
+    You should have received a copy of the GNU Library General Public License
+    along with this library; see the file COPYING.LIB.  If not, write to the
+    Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+    02110-1301, USA.
+*/
+#include "crypto.h"
+
+#include "framework/src/errors.h"
+
+#include <gpgme.h>
+
+#include <QDebug>
+#include <QDateTime>
+
+#include <future>
+#include <utility>
+
+using namespace Crypto;
+
+QDebug operator<< (QDebug d, const Key &key)
+{
+    d << key.fingerprint;
+    return d;
+}
+
+QDebug operator<< (QDebug d, const Error &error)
+{
+    d << error.errorCode();
+    return d;
+}
+
+struct Data {
+    Data(const QByteArray &buffer)
+    {
+        const bool copy = false;
+        const gpgme_error_t e = gpgme_data_new_from_mem(&data, buffer.constData(), buffer.size(), int(copy));
+        if (e) {
+            qWarning() << "Failed to copy data?" << e;
+        }
+    }
+
+    ~Data()
+    {
+        gpgme_data_release(data);
+    }
+    gpgme_data_t data;
+};
+
+static gpgme_error_t checkEngine(CryptoProtocol protocol)
+{
+    gpgme_check_version(0);
+    const gpgme_protocol_t p = protocol == CMS ? GPGME_PROTOCOL_CMS : GPGME_PROTOCOL_OpenPGP;
+    return gpgme_engine_check_version(p);
+}
+
+static std::pair<gpgme_error_t, gpgme_ctx_t> createForProtocol(CryptoProtocol proto)
+{
+    if (auto e = checkEngine(proto)) {
+        qWarning() << "GPG Engine check failed." << e;
+        return std::make_pair(e, nullptr);
+    }
+    gpgme_ctx_t ctx = 0;
+    if (auto e = gpgme_new(&ctx)) {
+        return std::make_pair(e, nullptr);
+    }
+
+    switch (proto) {
+        case OpenPGP:
+            if (auto e = gpgme_set_protocol(ctx, GPGME_PROTOCOL_OpenPGP)) {
+                gpgme_release(ctx);
+                return std::make_pair(e, nullptr);
+            }
+        break;
+        case CMS:
+            if (auto e = gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS)) {
+                gpgme_release(ctx);
+                return std::make_pair(e, nullptr);
+            }
+        break;
+        default:
+            Q_ASSERT(false);
+            return std::make_pair(1, nullptr);
+    }
+    return std::make_pair(GPG_ERR_NO_ERROR, ctx);
+}
+
+
+struct Context {
+    Context(CryptoProtocol protocol = OpenPGP)
+    {
+        gpgme_error_t code;
+        std::tie(code, context) = createForProtocol(protocol);
+        error = Error{code};
+    }
+
+    ~Context()
+    {
+        gpgme_release(context);
+    }
+
+    operator bool() const
+    {
+        return !error;
+    }
+    Error error;
+    gpgme_ctx_t context;
+};
+
+
+static QByteArray toBA(gpgme_data_t out)
+{
+    size_t length = 0;
+    auto data = gpgme_data_release_and_get_mem (out, &length);
+    auto outdata = QByteArray{data, static_cast<int>(length)};
+    gpgme_free(data);
+    return outdata;
+}
+
+static std::vector<Recipient> copyRecipients(gpgme_decrypt_result_t result)
+{
+    std::vector<Recipient> recipients;
+    for (gpgme_recipient_t r = result->recipients ; r ; r = r->next) {
+        recipients.push_back({QByteArray{r->keyid}, {r->status}});
+    }
+    return recipients;
+}
+
+static std::vector<Signature> copySignatures(gpgme_verify_result_t result)
+{
+    std::vector<Signature> signatures;
+    for (gpgme_signature_t is = result->signatures ; is ; is = is->next) {
+        Signature sig;
+        sig.fingerprint = QByteArray{is->fpr};
+        sig.creationTime.setTime_t(is->timestamp);
+        sig.summary = is->summary;
+        sig.status = {is->status};
+        sig.validity = is->validity;
+        sig.validity_reason = is->validity_reason;
+        signatures.push_back(sig);
+    }
+    return signatures;
+}
+
+
+VerificationResult Crypto::verifyDetachedSignature(CryptoProtocol protocol, const QByteArray &signature, const QByteArray &text)
+{
+    Context context{protocol};
+    if (!context) {
+        qWarning() << "Failed to create context " << context.error;
+        return {{}, context.error};
+    }
+    auto ctx = context.context;
+
+    auto err = gpgme_op_verify(ctx, Data{signature}.data, Data{text}.data, 0);
+    gpgme_verify_result_t res = gpgme_op_verify_result(ctx);
+    return {copySignatures(res), {err}};
+}
+
+VerificationResult Crypto::verifyOpaqueSignature(CryptoProtocol protocol, const QByteArray &signature, QByteArray &outdata)
+{
+    Context context{protocol};
+    if (!context) {
+        qWarning() << "Failed to create context " << context.error;
+        return VerificationResult{{}, context.error};
+    }
+    auto ctx = context.context;
+
+    gpgme_data_t out;
+    const gpgme_error_t e = gpgme_data_new(&out);
+    Q_ASSERT(!e);
+    auto err = gpgme_op_verify(ctx, Data{signature}.data, 0, out);
+
+    VerificationResult result{{}, {err}};
+    if (gpgme_verify_result_t res = gpgme_op_verify_result(ctx)) {
+        result.signatures = copySignatures(res);
+    }
+
+    outdata = toBA(out);
+    return result;
+}
+
+std::pair<DecryptionResult,VerificationResult> Crypto::decryptAndVerify(CryptoProtocol protocol, const QByteArray &ciphertext, QByteArray &outdata)
+{
+    Context context{protocol};
+    if (!context) {
+        qWarning() << "Failed to create context " << context.error;
+        return std::make_pair(DecryptionResult{{}, context.error}, VerificationResult{{}, context.error});
+    }
+    auto ctx = context.context;
+
+    gpgme_data_t out;
+    if (gpgme_error_t e = gpgme_data_new(&out)) {
+        qWarning() << "Failed to allocated data" << e;
+    }
+    auto err = gpgme_op_decrypt_verify(ctx, Data{ciphertext}.data, out);
+    if (err) {
+        qWarning() << "Failed to decrypt and verify" << Error{err};
+    }
+
+    VerificationResult verificationResult{{}, {err}};
+    if (gpgme_verify_result_t res = gpgme_op_verify_result(ctx)) {
+        verificationResult.signatures = copySignatures(res);
+    }
+
+    DecryptionResult decryptionResult{{}, {err}};
+    if (gpgme_decrypt_result_t res = gpgme_op_decrypt_result(ctx)) {
+        decryptionResult.recipients = copyRecipients(res);
+    }
+
+    outdata = toBA(out);
+    return std::make_pair(decryptionResult, verificationResult);
+}
+
+ImportResult Crypto::importKeys(CryptoProtocol protocol, const QByteArray &certData)
+{
+    Context context{protocol};
+    if (!context) {
+        qWarning() << "Failed to create context " << context.error;
+        return {0, 0, 0};
+    }
+    if (auto err = gpgme_op_import(context.context, Data{certData}.data)) {
+        qWarning() << "Import failed";
+        return {0, 0, 0};
+    }
+    if (auto result = gpgme_op_import_result(context.context)) {
+        return {result->considered, result->imported, result->unchanged};
+    } else {
+        return {0, 0, 0};
+    }
+}
+
+static KeyListResult listKeys(CryptoProtocol protocol, const std::vector<const char*> &patterns, bool secretOnly, int keyListMode)
+{
+    Context context{protocol};
+    if (!context) {
+        qWarning() << "Failed to create context " << context.error;
+        return {{}, context.error};
+    }
+    auto ctx = context.context;
+
+    gpgme_set_keylist_mode(ctx, keyListMode);
+
+    KeyListResult result;
+    result.error = {GPG_ERR_NO_ERROR};
+    if (patterns.size() > 1) {
+        qWarning() << "Listing multiple patterns";
+        if (auto err = gpgme_op_keylist_ext_start(ctx, const_cast<const char **>(patterns.data()), int(secretOnly), 0)) {
+            qWarning() << "Error while listing keys";
+            result.error = {err};
+        }
+    } else if (patterns.size() == 1) {
+        qWarning() << "Listing one patterns " << patterns.data()[0];
+        if (auto err = gpgme_op_keylist_start(ctx, patterns.data()[0], int(secretOnly))) {
+            qWarning() << "Error while listing keys";
+            result.error = {err};
+        }
+    } else {
+        qWarning() << "Listing all";
+        if (auto err = gpgme_op_keylist_start(ctx, 0, int(secretOnly))) {
+            qWarning() << "Error while listing keys";
+            result.error = {err};
+        }
+    }
+
+
+    while (true) {
+        gpgme_key_t key;
+        if (auto e = gpgme_op_keylist_next(ctx, &key)) {
+            break;
+        }
+        Key k;
+        if (key->subkeys) {
+            k.keyId = QByteArray{key->subkeys->keyid};
+            k.shortKeyId = k.keyId.right(8);
+            k.fingerprint = QByteArray{key->subkeys->fpr};
+        }
+        for (gpgme_user_id_t uid = key->uids ; uid ; uid = uid->next) {
+            k.userIds.push_back(UserId{QByteArray{uid->name}, QByteArray{uid->email}, QByteArray{uid->uid}});
+        }
+        k.isExpired = key->expired;
+        result.keys.push_back(k);
+    }
+    gpgme_op_keylist_end(ctx);
+    return result;
+}
+
+/**
+ * Get the given `key` in the armor format.
+ */
+Expected<Error, QByteArray> Crypto::exportPublicKey(const Key &key)
+{
+    Context context;
+    if (!context) {
+        return makeUnexpected(Error{context.error});
+    }
+
+    gpgme_data_t out;
+    const gpgme_error_t e = gpgme_data_new(&out);
+    Q_ASSERT(!e);
+
+    qDebug() << "Exporting public key:" << key.keyId;
+    if (auto err = gpgme_op_export(context.context, key.keyId, 0, out)) {
+        return makeUnexpected(Error{err});
+    }
+
+    return toBA(out);
+}
+
+Expected<Error, QByteArray> Crypto::signAndEncrypt(const QByteArray &content, const std::vector<Key> &encryptionKeys, const std::vector<Key> &signingKeys)
+{
+    Context context;
+    if (!context) {
+        return makeUnexpected(Error{context.error});
+    }
+
+    for (const auto &signingKey : signingKeys) {
+        //TODO do we have to free those again?
+        gpgme_key_t key;
+        if (auto e = gpgme_get_key(context.context, signingKey.fingerprint, &key, /*secret*/ false)) {
+            qWarning() << "Failed to retrive signing key " << signingKey.fingerprint << e;
+        } else {
+            gpgme_signers_add(context.context, key);
+        }
+    }
+
+    gpgme_key_t * const keys = new gpgme_key_t[encryptionKeys.size() + 1];
+    gpgme_key_t * keys_it = keys;
+    for (const auto &k : encryptionKeys) {
+        gpgme_key_t key;
+        if (auto e = gpgme_get_key(context.context, k.fingerprint, &key, /*secret*/ false)) {
+            qWarning() << "Failed to retrive key " << k.fingerprint << e;
+        } else {
+            *keys_it++ = key;
+        }
+    }
+    *keys_it++ = 0;
+
+    gpgme_data_t out;
+    const gpgme_error_t e = gpgme_data_new(&out);
+    Q_ASSERT(!e);
+
+    gpgme_error_t err = !signingKeys.empty() ?
+        gpgme_op_encrypt_sign(context.context, keys, GPGME_ENCRYPT_ALWAYS_TRUST, Data{content}.data, out) :
+        gpgme_op_encrypt(context.context, keys, GPGME_ENCRYPT_ALWAYS_TRUST, Data{content}.data, out);
+    delete[] keys;
+    if (err) {
+        qWarning() << "Encryption failed:" << Error{err};
+        return makeUnexpected(Error{err});
+    }
+
+    return toBA(out);
+;
+}
+
+Expected<Error, std::pair<QByteArray, QString>>
+Crypto::sign(const QByteArray &content, const std::vector<Key> &signingKeys)
+{
+    Context context;
+    if (!context) {
+        return makeUnexpected(Error{context.error});
+    }
+
+    for (const auto &signingKey : signingKeys) {
+        //TODO do we have to free those again?
+        gpgme_key_t key;
+        if (auto e = gpgme_get_key(context.context, signingKey.fingerprint, &key, /*secret*/ false)) {
+            qWarning() << "Failed to retrive signing key " << signingKey.fingerprint << e;
+        } else {
+            gpgme_signers_add(context.context, key);
+        }
+    }
+
+    gpgme_data_t out;
+    const gpgme_error_t e = gpgme_data_new(&out);
+    Q_ASSERT(!e);
+
+    if (auto err = gpgme_op_sign(context.context, Data{content}.data, out, GPGME_SIG_MODE_DETACH)) {
+        qWarning() << "Signing failed:" << Error{err};
+        return makeUnexpected(Error{err});
+    }
+
+
+    const QByteArray algo = [&] {
+        if (gpgme_sign_result_t res = gpgme_op_sign_result(context.context)) {
+            for (gpgme_new_signature_t is = res->signatures ; is ; is = is->next) {
+                return QByteArray{gpgme_hash_algo_name(is->hash_algo)};
+            }
+        }
+        return QByteArray{};
+    }();
+    // RFC 3156 Section 5:
+    // Hash-symbols are constructed [...] by converting the text name to lower
+    // case and prefixing it with the four characters "pgp-".
+    const auto micAlg = (QString("pgp-") + algo).toLower();
+
+    return std::pair<QByteArray, QString>{toBA(out), micAlg};
+}
+
+ImportResult Crypto::importKey(const QByteArray &pkey)
+{
+    return importKeys(OpenPGP, pkey);
+}
+
+std::vector<Key> Crypto::findKeys(const QStringList &patterns, bool findPrivate, bool remote)
+{
+    QByteArrayList list;
+    std::transform(patterns.constBegin(), patterns.constEnd(), std::back_inserter(list), [] (const QString &s) { return s.toUtf8(); });
+    std::vector<char const *> pattern;
+    std::transform(list.constBegin(), list.constEnd(), std::back_inserter(pattern), [] (const QByteArray &s) { return s.constData(); });
+    pattern.push_back(0);
+
+    const KeyListResult res = listKeys(OpenPGP, pattern, findPrivate, remote ? GPGME_KEYLIST_MODE_EXTERN : GPGME_KEYLIST_MODE_LOCAL);
+    if (res.error) {
+        qWarning() << "Failed to lookup keys: " << res.error;
+        return {};
+    }
+    qDebug() << "got keys:" << res.keys.size();
+    for (const auto &key : res.keys) {
+        qDebug() << "isexpired:" << key.isExpired;
+        for (const auto &userId : key.userIds) {
+            qDebug() << "userID:" << userId.email;
+        }
+    }
+    return res.keys;
+}
+
diff --git a/framework/src/domain/mime/crypto.h b/framework/src/domain/mime/crypto.h
new file mode 100644
index 00000000..fa79785a
--- /dev/null
+++ b/framework/src/domain/mime/crypto.h
@@ -0,0 +1,123 @@
+/*
+    Copyright (c) 2016 Christian Mollekopf <mollekopf@kolabsys.com>
+
+    This library is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Library General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or (at your
+    option) any later version.
+
+    This library is distributed in the hope that it will be useful, but WITHOUT
+    ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+    FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
+    License for more details.
+
+    You should have received a copy of the GNU Library General Public License
+    along with this library; see the file COPYING.LIB.  If not, write to the
+    Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+    02110-1301, USA.
+*/
+
+#pragma once
+
+#include "framework/src/errors.h"
+
+#include <QByteArray>
+#include <QVariant>
+
+#include <functional>
+#include <memory>
+#include <gpgme.h>
+#include <QDateTime>
+
+namespace Crypto {
+
+enum CryptoProtocol {
+    UnknownProtocol,
+    OpenPGP,
+    CMS
+};
+
+
+struct UserId {
+    QByteArray name;
+    QByteArray email;
+    QByteArray id;
+};
+
+struct Key {
+    QByteArray keyId;
+    QByteArray shortKeyId;
+    QByteArray fingerprint;
+    bool isExpired = false;
+    std::vector<UserId> userIds;
+};
+
+struct Error {
+    gpgme_error_t error;
+    gpgme_err_code_t errorCode() const {
+        return gpgme_err_code(error);
+    }
+    operator bool() const
+    {
+        return error != GPG_ERR_NO_ERROR;
+    }
+};
+
+struct Signature {
+    QByteArray fingerprint;
+    gpgme_sigsum_t summary;
+    Error status;
+    gpgme_validity_t validity;
+    gpgme_error_t validity_reason;
+    QDateTime creationTime;
+};
+
+struct VerificationResult {
+    std::vector<Signature> signatures;
+    Error error;
+};
+
+struct Recipient {
+    QByteArray keyId;
+    Error status;
+};
+
+struct DecryptionResult {
+    std::vector<Recipient> recipients;
+    Error error;
+};
+
+struct KeyListResult {
+    std::vector<Key> keys;
+    Error error;
+};
+
+
+std::vector<Key> findKeys(const QStringList &filter, bool findPrivate = false, bool remote = false);
+
+Expected<Error, QByteArray> exportPublicKey(const Key &key);
+struct ImportResult {
+    int considered;
+    int imported;
+    int unchanged;
+};
+ImportResult importKeys(CryptoProtocol protocol, const QByteArray &certData);
+ImportResult importKey(const QByteArray &key);
+
+/**
+ * Sign the given content and returns the signing data and the algorithm used
+ * for integrity check in the "pgp-<algorithm>" format.
+ */
+Expected<Error, std::pair<QByteArray, QString>>
+sign(const QByteArray &content, const std::vector<Key> &signingKeys);
+Expected<Error, QByteArray> signAndEncrypt(const QByteArray &content, const std::vector<Key> &encryptionKeys, const std::vector<Key> &signingKeys);
+
+std::pair<DecryptionResult,VerificationResult> decryptAndVerify(CryptoProtocol protocol, const QByteArray &ciphertext, QByteArray &outdata);
+VerificationResult verifyDetachedSignature(CryptoProtocol protocol, const QByteArray &signature, const QByteArray &outdata);
+VerificationResult verifyOpaqueSignature(CryptoProtocol protocol, const QByteArray &signature, QByteArray &outdata);
+};
+
+Q_DECLARE_METATYPE(Crypto::Key);
+
+QDebug operator<< (QDebug d, const Crypto::Key &);
+QDebug operator<< (QDebug d, const Crypto::Error &);
diff --git a/framework/src/domain/mime/mailcrypto.cpp b/framework/src/domain/mime/mailcrypto.cpp
index a7f3772a..e429a212 100644
--- a/framework/src/domain/mime/mailcrypto.cpp
+++ b/framework/src/domain/mime/mailcrypto.cpp
@@ -22,22 +22,7 @@
 #include "mailcrypto.h"
 
 #include "framework/src/errors.h"
-
-#include <QGpgME/DataProvider>
-#include <QGpgME/EncryptJob>
-#include <QGpgME/ExportJob>
-#include <QGpgME/ImportFromKeyserverJob>
-#include <QGpgME/ImportJob>
-#include <QGpgME/Protocol>
-#include <QGpgME/SignEncryptJob>
-#include <QGpgME/SignJob>
-
-#include <gpgme++/data.h>
-#include <gpgme++/encryptionresult.h>
-#include <gpgme++/global.h>
-#include <gpgme++/importresult.h>
-#include <gpgme++/keylistresult.h>
-#include <gpgme++/signingresult.h>
+#include "crypto.h"
 
 #include <QDebug>
 
@@ -45,22 +30,8 @@
 #include <utility>
 
 using namespace MailCrypto;
+using namespace Crypto;
 
-QDebug operator<< (QDebug d, const MailCrypto::Key &key)
-{
-    d << key.key.primaryFingerprint();
-    return d;
-}
-
-static std::vector<GpgME::Key> toGpgME(const std::vector<Key> keys)
-{
-    std::vector<GpgME::Key> list;
-    std::transform(keys.begin(), keys.end(), std::back_inserter(list), [] (const Key &key) { return key.key; });
-    return list;
-}
-
-// replace simple LFs by CRLFs for all MIME supporting CryptPlugs
-// according to RfC 2633, 3.1.1 Canonicalization
 static QByteArray canonicalizeContent(KMime::Content *content)
 {
     // if (d->format & Kleo::InlineOpenPGPFormat) {
@@ -125,29 +96,6 @@ static QByteArray canonicalizeContent(KMime::Content *content)
 }
 
 /**
- * Get the given `key` in the armor format.
- */
-Expected<Error, QByteArray> exportPublicKey(const Key &key)
-{
-    // Not using the Qt API because it apparently blocks (the `result` signal is never
-    // triggered)
-    std::unique_ptr<GpgME::Context> ctx(GpgME::Context::createForProtocol(GpgME::OpenPGP));
-    ctx->setArmor(true);
-
-    QGpgME::QByteArrayDataProvider dp;
-    GpgME::Data data(&dp);
-
-    qDebug() << "Exporting public key:" << key.key.shortKeyID();
-    auto error = ctx->exportPublicKeys(key.key.keyID(), data);
-
-    if (error.code()) {
-        return makeUnexpected(Error{error});
-    }
-
-    return dp.data();
-}
-
-/**
  * Create an Email with `msg` as a body and `key` as an attachment.
  *
  * Will create the given structure:
@@ -178,7 +126,7 @@ appendPublicKey(std::unique_ptr<KMime::Content> msg, const Key &key)
     {
         keyAttachment->contentType()->setMimeType("application/pgp-keys");
         keyAttachment->contentDisposition()->setDisposition(KMime::Headers::CDattachment);
-        keyAttachment->contentDisposition()->setFilename(QString("0x") + key.key.shortKeyID() + ".asc");
+        keyAttachment->contentDisposition()->setFilename(QString("0x") + key.shortKeyId + ".asc");
         keyAttachment->setBody(publicKeyData);
     }
 
@@ -192,44 +140,6 @@ appendPublicKey(std::unique_ptr<KMime::Content> msg, const Key &key)
     return result;
 }
 
-Expected<Error, QByteArray> encrypt(const QByteArray &content, const std::vector<Key> &encryptionKeys)
-{
-    QByteArray resultData;
-
-    const QGpgME::Protocol *const proto = QGpgME::openpgp();
-    std::unique_ptr<QGpgME::EncryptJob> job(proto->encryptJob(/* armor = */ true));
-    const auto result = job->exec(toGpgME(encryptionKeys), content, /* alwaysTrust = */ true, resultData);
-
-    if (result.error().code()) {
-        qWarning() << "Encryption failed:" << result.error().asString();
-        return makeUnexpected(Error{result.error()});
-    }
-
-    return resultData;
-}
-
-Expected<Error, QByteArray> signAndEncrypt(const QByteArray &content,
-    const std::vector<Key> &signingKeys, const std::vector<Key> &encryptionKeys)
-{
-    QByteArray resultData;
-
-    const QGpgME::Protocol *const proto = QGpgME::openpgp();
-    std::unique_ptr<QGpgME::SignEncryptJob> job(proto->signEncryptJob(/* armor = */ true));
-    const auto result = job->exec(toGpgME(signingKeys), toGpgME(encryptionKeys), content, /* alwaysTrust = */ true, resultData);
-
-    if (result.first.error().code()) {
-        qWarning() << "Signing failed:" << result.first.error().asString();
-        return makeUnexpected(Error{result.first.error()});
-    }
-
-    if (result.second.error().code()) {
-        qWarning() << "Encryption failed:" << result.second.error().asString();
-        return makeUnexpected(Error{result.second.error()});
-    }
-
-    return resultData;
-}
-
 /**
  * Create a message part like this (according to RFC 3156 Section 4):
  *
@@ -295,11 +205,7 @@ Expected<Error, std::unique_ptr<KMime::Content>>
 createEncryptedEmail(KMime::Content *content, const std::vector<Key> &encryptionKeys,
     const Key &attachedKey, const std::vector<Key> &signingKeys = {})
 {
-    auto contentToEncrypt = canonicalizeContent(content);
-
-    auto encryptionResult = signingKeys.empty() ?
-                                encrypt(contentToEncrypt, encryptionKeys) :
-                                signAndEncrypt(contentToEncrypt, signingKeys, encryptionKeys);
+    auto encryptionResult = signAndEncrypt(canonicalizeContent(content), encryptionKeys, signingKeys);
 
     if (!encryptionResult) {
         return makeUnexpected(Error{encryptionResult.error()});
@@ -317,33 +223,6 @@ createEncryptedEmail(KMime::Content *content, const std::vector<Key> &encryption
 }
 
 /**
- * Sign the given content and returns the signing data and the algorithm used
- * for integrity check in the "pgp-<algorithm>" format.
- */
-Expected<Error, std::pair<QByteArray, QString>>
-sign(const QByteArray &content, const std::vector<Key> &signingKeys)
-{
-    QByteArray resultData;
-
-    const QGpgME::Protocol *const proto = QGpgME::openpgp();
-    std::unique_ptr<QGpgME::SignJob> job(proto->signJob(/* armor = */ true));
-    const auto result = job->exec(toGpgME(signingKeys), content, GpgME::Detached, resultData);
-
-    if (result.error().code()) {
-        qWarning() << "Signing failed:" << result.error().asString();
-        return makeUnexpected(Error{result.error()});
-    }
-
-    auto algo = result.createdSignature(0).hashAlgorithmAsString();
-    // RFC 3156 Section 5:
-    // Hash-symbols are constructed [...] by converting the text name to lower
-    // case and prefixing it with the four characters "pgp-".
-    auto micAlg = (QString("pgp-") + algo).toLower();
-
-    return std::pair<QByteArray, QString>{resultData, micAlg};
-}
-
-/**
  * Create a message part like this (according to RFC 3156 Section 5):
  *
  * + `multipart/signed`
@@ -438,66 +317,3 @@ MailCrypto::processCrypto(std::unique_ptr<KMime::Content> content, const std::ve
     }
 }
 
-void MailCrypto::importKeys(const std::vector<Key> &keys)
-{
-    const QGpgME::Protocol *const backend = QGpgME::openpgp();
-    Q_ASSERT(backend);
-    auto *job = backend->importFromKeyserverJob();
-    job->exec(toGpgME(keys));
-}
-
-MailCrypto::ImportResult MailCrypto::importKey(const QByteArray &pkey)
-{
-    const auto *proto = QGpgME::openpgp();
-    std::unique_ptr<QGpgME::ImportJob> job(proto->importJob());
-    auto result = job->exec(pkey);
-    return {result.numConsidered(), result.numImported(), result.numUnchanged()};
-}
-
-static GpgME::KeyListResult listKeys(const QStringList &patterns, bool secretOnly, int keyListMode, std::vector<Key> &keys)
-{
-    QByteArrayList list;
-    std::transform(patterns.constBegin(), patterns.constEnd(), std::back_inserter(list), [] (const QString &s) { return s.toUtf8(); });
-    std::vector<char const *> pattern;
-    std::transform(list.constBegin(), list.constEnd(), std::back_inserter(pattern), [] (const QByteArray &s) { return s.constData(); });
-    pattern.push_back(0);
-
-    GpgME::initializeLibrary();
-    auto ctx = QSharedPointer<GpgME::Context>{GpgME::Context::createForProtocol(GpgME::OpenPGP)};
-    ctx->setKeyListMode(keyListMode);
-    if (const GpgME::Error err = ctx->startKeyListing(pattern.data(), secretOnly)) {
-        return GpgME::KeyListResult(0, err);
-    }
-
-    GpgME::Error err;
-    do {
-        keys.push_back( Key{ctx->nextKey(err)});
-    } while ( !err );
-
-    keys.pop_back();
-
-    const GpgME::KeyListResult result = ctx->endKeyListing();
-    ctx->cancelPendingOperation();
-    return result;
-}
-
-std::vector<Key> MailCrypto::findKeys(const QStringList &filter, bool findPrivate, bool remote)
-{
-    std::vector<Key> keys;
-    GpgME::KeyListResult res = listKeys(filter, findPrivate, remote ? GpgME::Extern : GpgME::Local, keys);
-    if (res.error()) {
-        qWarning() << "Failed to lookup keys: " << res.error().asString();
-        return {};
-    }
-    qWarning() << "got keys:" << keys.size();
-
-    for (auto i = keys.begin(); i != keys.end(); ++i) {
-        qWarning() << "key isnull:" << i->key.isNull() << "isexpired:" << i->key.isExpired();
-        qWarning() << "key numuserIds:" << i->key.numUserIDs();
-        for (uint k = 0; k < i->key.numUserIDs(); ++k) {
-            qWarning() << "userIDs:" << i->key.userID(k).email();
-        }
-    }
-
-    return keys;
-}
diff --git a/framework/src/domain/mime/mailcrypto.h b/framework/src/domain/mime/mailcrypto.h
index c9247859..6f19063d 100644
--- a/framework/src/domain/mime/mailcrypto.h
+++ b/framework/src/domain/mime/mailcrypto.h
@@ -22,42 +22,19 @@
 #include "framework/src/errors.h"
 
 #include <KMime/Message>
-#include <gpgme++/key.h>
 
 #include <QByteArray>
 #include <QVariant>
 
 #include <functional>
 #include <memory>
+#include "crypto.h"
 
 namespace MailCrypto {
 
-struct Key {
-    GpgME::Key key;
-};
-
-struct Error {
-    GpgME::Error key;
-};
-
-Expected<Error, std::unique_ptr<KMime::Content>>
-processCrypto(std::unique_ptr<KMime::Content> content, const std::vector<Key> &signingKeys,
-    const std::vector<Key> &encryptionKeys, const Key &attachedKey);
-
-std::vector<Key> findKeys(const QStringList &filter, bool findPrivate = false, bool remote = false);
-
-void importKeys(const std::vector<Key> &keys);
-
-struct ImportResult {
-    int considered;
-    int imported;
-    int unchanged;
-};
-
-ImportResult importKey(const QByteArray &key);
+Expected<Crypto::Error, std::unique_ptr<KMime::Content>>
+processCrypto(std::unique_ptr<KMime::Content> content, const std::vector<Crypto::Key> &signingKeys,
+    const std::vector<Crypto::Key> &encryptionKeys, const Crypto::Key &attachedKey);
 
 }; // namespace MailCrypto
 
-Q_DECLARE_METATYPE(MailCrypto::Key);
-
-QDebug operator<< (QDebug d, const MailCrypto::Key &);
diff --git a/framework/src/domain/mime/mailtemplates.cpp b/framework/src/domain/mime/mailtemplates.cpp
index ac2b2b72..c7ae481e 100644
--- a/framework/src/domain/mime/mailtemplates.cpp
+++ b/framework/src/domain/mime/mailtemplates.cpp
@@ -1027,8 +1027,8 @@ static KMime::Types::Mailbox::List stringListToMailboxes(const QStringList &list
 KMime::Message::Ptr MailTemplates::createMessage(KMime::Message::Ptr existingMessage,
     const QStringList &to, const QStringList &cc, const QStringList &bcc,
     const KMime::Types::Mailbox &from, const QString &subject, const QString &body, bool htmlBody,
-    const QList<Attachment> &attachments, const std::vector<MailCrypto::Key> &signingKeys,
-    const std::vector<MailCrypto::Key> &encryptionKeys, const MailCrypto::Key &attachedKey)
+    const QList<Attachment> &attachments, const std::vector<Crypto::Key> &signingKeys,
+    const std::vector<Crypto::Key> &encryptionKeys, const Crypto::Key &attachedKey)
 {
     auto mail = existingMessage;
     if (!mail) {
diff --git a/framework/src/domain/mime/mailtemplates.h b/framework/src/domain/mime/mailtemplates.h
index a894d120..0188120b 100644
--- a/framework/src/domain/mime/mailtemplates.h
+++ b/framework/src/domain/mime/mailtemplates.h
@@ -38,5 +38,5 @@ namespace MailTemplates
     void forward(const KMime::Message::Ptr &origMsg, const std::function<void(const KMime::Message::Ptr &result)> &callback);
     QString plaintextContent(const KMime::Message::Ptr &origMsg);
     QString body(const KMime::Message::Ptr &msg, bool &isHtml);
-    KMime::Message::Ptr createMessage(KMime::Message::Ptr existingMessage, const QStringList &to, const QStringList &cc, const QStringList &bcc, const KMime::Types::Mailbox &from, const QString &subject, const QString &body, bool htmlBody, const QList<Attachment> &attachments, const std::vector<MailCrypto::Key> &signingKeys = {}, const std::vector<MailCrypto::Key> &encryptionKeys = {}, const MailCrypto::Key &attachedKey = {});
+    KMime::Message::Ptr createMessage(KMime::Message::Ptr existingMessage, const QStringList &to, const QStringList &cc, const QStringList &bcc, const KMime::Types::Mailbox &from, const QString &subject, const QString &body, bool htmlBody, const QList<Attachment> &attachments, const std::vector<Crypto::Key> &signingKeys = {}, const std::vector<Crypto::Key> &encryptionKeys = {}, const Crypto::Key &attachedKey = {});
 };
diff --git a/framework/src/domain/mime/mimetreeparser/CMakeLists.txt b/framework/src/domain/mime/mimetreeparser/CMakeLists.txt
index b35bd958..c3f317ee 100644
--- a/framework/src/domain/mime/mimetreeparser/CMakeLists.txt
+++ b/framework/src/domain/mime/mimetreeparser/CMakeLists.txt
@@ -2,9 +2,8 @@ set(CMAKE_CXX_VISIBILITY_PRESET default)
 
 find_package(Qt5 COMPONENTS REQUIRED Core Gui)
 find_package(KF5Mime 4.87.0 CONFIG REQUIRED)
-find_package(QGpgme CONFIG REQUIRED)
-find_package(Gpgmepp CONFIG REQUIRED)
 find_package(KF5Codecs CONFIG REQUIRED)
+find_package(Gpgme REQUIRED)
 
 # target_include_directories does not handle empty include paths
 include_directories(${GPGME_INCLUDES})
@@ -49,8 +48,8 @@ target_link_libraries(kube_otp
 
 target_link_libraries(kube_otp
     PRIVATE
-    QGpgme
-    Gpgmepp
+    gpgme
+    mailcrypto
     KF5::Codecs
     Qt5::Gui
 )
diff --git a/framework/src/domain/mime/mimetreeparser/autotests/CMakeLists.txt b/framework/src/domain/mime/mimetreeparser/autotests/CMakeLists.txt
index f0b1f5f5..e67884e0 100644
--- a/framework/src/domain/mime/mimetreeparser/autotests/CMakeLists.txt
+++ b/framework/src/domain/mime/mimetreeparser/autotests/CMakeLists.txt
@@ -15,7 +15,7 @@ macro(add_mimetreeparser_unittest _source)
     ecm_add_test(${_source} util.cpp setupenv.cpp
         TEST_NAME ${_name}
         NAME_PREFIX "mimetreeparser-"
-        LINK_LIBRARIES kube_otp Qt5::Test KF5::Mime Gpgmepp
+        LINK_LIBRARIES kube_otp Qt5::Test KF5::Mime gpgme
     )
 endmacro ()
 
@@ -24,7 +24,7 @@ macro(add_mimetreeparser_class_unittest _source _additionalSource)
     ecm_add_test(${_source} ${_additionalSource}
         TEST_NAME ${_name}
         NAME_PREFIX "mimetreeparser-"
-        LINK_LIBRARIES kube_otp Qt5::Test KF5::Mime Gpgmepp
+        LINK_LIBRARIES kube_otp Qt5::Test KF5::Mime gpgme
     )
 endmacro ()
 
@@ -37,7 +37,7 @@ macro(add_mimetreeparser_crypto_unittest _source)
         kube_otp
         Qt5::Test
         KF5::Mime
-        Gpgmepp
+        gpgme
     )
     add_gpg_crypto_test(${_name} mimetreeparser-${_name})
 endmacro ()
diff --git a/framework/src/domain/mime/mimetreeparser/messagepart.cpp b/framework/src/domain/mime/mimetreeparser/messagepart.cpp
index 2fd4f496..4bed80da 100644
--- a/framework/src/domain/mime/mimetreeparser/messagepart.cpp
+++ b/framework/src/domain/mime/mimetreeparser/messagepart.cpp
@@ -27,102 +27,12 @@
 
 #include <KMime/Content>
 
-#include <QGpgME/DN>
-#include <QGpgME/DataProvider>
-
-#include <gpgme++/context.h>
-#include <gpgme++/data.h>
-#include <gpgme++/verificationresult.h>
-#include <gpgme++/key.h>
-#include <gpgme++/keylistresult.h>
-#include <gpgme++/decryptionresult.h>
-#include <gpgme++/importresult.h>
-#include <gpgme.h>
-
+#include <crypto.h>
 
 #include <QTextCodec>
-#include <sstream>
 
 using namespace MimeTreeParser;
-
-static GpgME::Data fromBA(const QByteArray &ba)
-{
-    return {ba.data(), static_cast<size_t>(ba.size()), false};
-}
-
-
-static GpgME::Protocol toGpgMe(CryptoProtocol p)
-{
-    switch (p) {
-        case UnknownProtocol:
-            return GpgME::UnknownProtocol;
-        case CMS:
-            return GpgME::CMS;
-        case OpenPGP:
-            return GpgME::OpenPGP;
-    }
-    return GpgME::UnknownProtocol;
-}
-
-static QSharedPointer<GpgME::Context> gpgContext(CryptoProtocol protocol)
-{
-    GpgME::initializeLibrary();
-    auto error = GpgME::checkEngine(toGpgMe(protocol));
-    if (error) {
-        qWarning() << "Engine check failed: " << error.asString();
-    }
-    auto ctx = QSharedPointer<GpgME::Context>(GpgME::Context::createForProtocol(toGpgMe(protocol)));
-    Q_ASSERT(ctx);
-    return ctx;
-}
-
-static GpgME::VerificationResult verifyDetachedSignature(CryptoProtocol protocol, const QByteArray &signature, const QByteArray &text)
-{
-    return gpgContext(protocol)->verifyDetachedSignature(fromBA(signature), fromBA(text));
-}
-
-static GpgME::VerificationResult verifyOpaqueSignature(CryptoProtocol protocol, const QByteArray &signature, QByteArray &outdata)
-{
-    QGpgME::QByteArrayDataProvider out;
-    GpgME::Data wrapper(&out);
-    const auto result = gpgContext(protocol)->verifyOpaqueSignature(fromBA(signature), wrapper);
-    outdata = out.data();
-    return result;
-}
-
-
-static std::pair<GpgME::DecryptionResult,GpgME::VerificationResult> decryptAndVerify(CryptoProtocol protocol, const QByteArray &ciphertext, QByteArray &outdata)
-{
-    QGpgME::QByteArrayDataProvider out;
-    GpgME::Data wrapper(&out);
-    const std::pair<GpgME::DecryptionResult,GpgME::VerificationResult> res = gpgContext(protocol)->decryptAndVerify(fromBA(ciphertext), wrapper);
-    outdata = out.data();
-    return res;
-}
-
-static void importKeys(CryptoProtocol protocol, const QByteArray &certData)
-{
-    gpgContext(protocol)->importKeys(fromBA(certData));
-}
-
-static GpgME::KeyListResult listKeys(CryptoProtocol protocol, const char *pattern, bool secretOnly, std::vector<GpgME::Key> &keys) {
-    auto ctx = gpgContext(protocol);
-    if (const GpgME::Error err = ctx->startKeyListing(pattern, secretOnly)) {
-        return GpgME::KeyListResult( 0, err );
-    }
-
-    GpgME::Error err;
-    do {
-        keys.push_back( ctx->nextKey(err));
-    } while ( !err );
-
-    keys.pop_back();
-
-    const GpgME::KeyListResult result = ctx->endKeyListing();
-    ctx->cancelPendingOperation();
-    return result;
-}
-
+using namespace Crypto;
 
 //------MessagePart-----------------------
 MessagePart::MessagePart(ObjectTreeParser *otp, const QString &text, KMime::Content *node)
@@ -771,10 +681,7 @@ SignedMessagePart::SignedMessagePart(ObjectTreeParser *otp,
 {
     mMetaData.isSigned = true;
     mMetaData.isGoodSignature = false;
-    //FIXME
-    // mMetaData.keyTrust = GpgME::Signature::Unknown;
     mMetaData.status = tr("Wrong Crypto Plug-In.");
-    mMetaData.status_code = GPGME_SIG_STAT_NONE;
 }
 
 SignedMessagePart::~SignedMessagePart()
@@ -792,99 +699,65 @@ bool SignedMessagePart::isSigned() const
     return mMetaData.isSigned;
 }
 
-static int signatureToStatus(const GpgME::Signature &sig)
-{
-    switch (sig.status().code()) {
-    case GPG_ERR_NO_ERROR:
-        return GPGME_SIG_STAT_GOOD;
-    case GPG_ERR_BAD_SIGNATURE:
-        return GPGME_SIG_STAT_BAD;
-    case GPG_ERR_NO_PUBKEY:
-        return GPGME_SIG_STAT_NOKEY;
-    case GPG_ERR_NO_DATA:
-        return GPGME_SIG_STAT_NOSIG;
-    case GPG_ERR_SIG_EXPIRED:
-        return GPGME_SIG_STAT_GOOD_EXP;
-    case GPG_ERR_KEY_EXPIRED:
-        return GPGME_SIG_STAT_GOOD_EXPKEY;
-    default:
-        return GPGME_SIG_STAT_ERROR;
-    }
-}
 
-QString prettifyDN(const char *uid)
+static QString prettifyDN(const char *uid)
 {
-    return QGpgME::DN(uid).prettyDN();
+    // We used to use QGpgME::DN::prettyDN here. But I'm not sure what we actually need it for.
+    return QString::fromUtf8(uid);
 }
 
-void SignedMessagePart::sigStatusToMetaData(const GpgME::Signature &signature)
+void SignedMessagePart::sigStatusToMetaData(const Signature &signature)
 {
-    GpgME::Key key;
-    mMetaData.status_code = signatureToStatus(signature);
-    mMetaData.isGoodSignature = mMetaData.status_code & GPGME_SIG_STAT_GOOD;
+    mMetaData.isGoodSignature = signature.status & GPG_ERR_NO_ERROR;
     // save extended signature status flags
-    auto summary = signature.summary();
-    mMetaData.keyMissing = summary & GpgME::Signature::KeyMissing;
-    mMetaData.keyExpired = summary & GpgME::Signature::KeyExpired;
-    mMetaData.keyRevoked = summary & GpgME::Signature::KeyRevoked;
-    mMetaData.sigExpired = summary & GpgME::Signature::SigExpired;
-    mMetaData.crlMissing = summary & GpgME::Signature::CrlMissing;
-    mMetaData.crlTooOld = summary & GpgME::Signature::CrlTooOld;
-
-    if (mMetaData.isGoodSignature && !key.keyID()) {
+    auto summary = signature.summary;
+    mMetaData.keyMissing = summary & GPGME_SIGSUM_KEY_MISSING;
+    mMetaData.keyExpired = summary & GPGME_SIGSUM_KEY_EXPIRED;
+    mMetaData.keyRevoked = summary & GPGME_SIGSUM_KEY_REVOKED;
+    mMetaData.sigExpired = summary & GPGME_SIGSUM_SIG_EXPIRED;
+    mMetaData.crlMissing = summary & GPGME_SIGSUM_CRL_MISSING;
+    mMetaData.crlTooOld = summary & GPGME_SIGSUM_CRL_TOO_OLD;
+
+    Key key;
+    if (mMetaData.isGoodSignature) {
         // Search for the key by its fingerprint so that we can check for trust etc.
-        std::vector<GpgME::Key> found_keys;
-        auto res = listKeys(mProtocol, signature.fingerprint(), false, found_keys);
-        if (res.error()) {
-            qCDebug(MIMETREEPARSER_LOG) << "Error while searching key for Fingerprint: " << signature.fingerprint();
-        }
-        if (found_keys.size() > 1) {
+        const auto keys =  findKeys({signature.fingerprint});
+        if (keys.size() > 1) {
             // Should not happen
-            qCDebug(MIMETREEPARSER_LOG) << "Oops: Found more then one Key for Fingerprint: " << signature.fingerprint();
+            qCDebug(MIMETREEPARSER_LOG) << "Oops: Found more then one Key for Fingerprint: " << signature.fingerprint;
         }
-        if (found_keys.empty()) {
+        if (keys.empty()) {
             // Should not happen at this point
-            qCWarning(MIMETREEPARSER_LOG) << "Oops: Found no Key for Fingerprint: " << signature.fingerprint();
+            qCWarning(MIMETREEPARSER_LOG) << "Oops: Found no Key for Fingerprint: " << signature.fingerprint;
         } else {
-            key = found_keys[0];
+            key = keys[0];
         }
     }
 
-    if (key.keyID()) {
-        mMetaData.keyId = key.keyID();
-    }
+    mMetaData.keyId = key.keyId;
     if (mMetaData.keyId.isEmpty()) {
-        mMetaData.keyId = signature.fingerprint();
-    }
-    auto keyTrust = signature.validity();
-    mMetaData.keyIsTrusted = keyTrust & GpgME::Signature::Full || keyTrust & GpgME::Signature::Ultimate;
-    if (key.numUserIDs() > 0 && key.userID(0).id()) {
-        mMetaData.signer = prettifyDN(key.userID(0).id());
-    }
-    for (uint iMail = 0; iMail < key.numUserIDs(); ++iMail) {
-        // The following if /should/ always result in TRUE but we
-        // won't trust implicitely the plugin that gave us these data.
-        if (key.userID(iMail).email()) {
-            QString email = QString::fromUtf8(key.userID(iMail).email());
-            // ### work around gpgme 0.3.QString text() const Q_DECL_OVERRIDE;x / cryptplug bug where the
-            // ### email addresses are specified as angle-addr, not addr-spec:
-            if (email.startsWith(QLatin1Char('<')) && email.endsWith(QLatin1Char('>'))) {
-                email = email.mid(1, email.length() - 2);
-            }
-            if (!email.isEmpty()) {
-                mMetaData.signerMailAddresses.append(email);
-            }
+        mMetaData.keyId = signature.fingerprint;
+    }
+    mMetaData.keyIsTrusted = signature.validity == GPGME_VALIDITY_FULL || signature.validity == GPGME_VALIDITY_ULTIMATE;
+    if (!key.userIds.empty()) {
+        mMetaData.signer = prettifyDN(key.userIds[0].id);
+    }
+    for (const auto &userId : key.userIds) {
+        QString email = QString::fromUtf8(userId.email);
+        // ### work around gpgme 0.3.QString text() const Q_DECL_OVERRIDE;x / cryptplug bug where the
+        // ### email addresses are specified as angle-addr, not addr-spec:
+        if (email.startsWith(QLatin1Char('<')) && email.endsWith(QLatin1Char('>'))) {
+            email = email.mid(1, email.length() - 2);
+        }
+        if (!email.isEmpty()) {
+            mMetaData.signerMailAddresses.append(email);
         }
     }
 
-    if (signature.creationTime()) {
-        mMetaData.creationTime.setTime_t(signature.creationTime());
-    } else {
-        mMetaData.creationTime = QDateTime();
-    }
+    mMetaData.creationTime = signature.creationTime;
     if (mMetaData.signer.isEmpty()) {
-        if (key.numUserIDs() > 0 && key.userID(0).name()) {
-            mMetaData.signer = prettifyDN(key.userID(0).name());
+        if (!key.userIds.empty()) {
+            mMetaData.signer = prettifyDN(key.userIds[0].name);
         }
         if (!mMetaData.signerMailAddresses.empty()) {
             if (mMetaData.signer.isEmpty()) {
@@ -924,18 +797,13 @@ void SignedMessagePart::startVerificationDetached(const QByteArray &text, KMime:
     }
 
     mMetaData.isSigned = false;
-    //FIXME
-    // mMetaData.keyTrust = GpgME::Signature::Unknown;
     mMetaData.status = tr("Wrong Crypto Plug-In.");
-    mMetaData.status_code = GPGME_SIG_STAT_NONE;
 
     if (!signature.isEmpty()) {
-        auto result = verifyDetachedSignature(mProtocol, signature, text);
-        setVerificationResult(result, false, text);
+        setVerificationResult(verifyDetachedSignature(mProtocol, signature, text), false, text);
     } else {
         QByteArray outdata;
-        auto result = verifyOpaqueSignature(mProtocol, text, outdata);
-        setVerificationResult(result, false, outdata);
+        setVerificationResult(verifyOpaqueSignature(mProtocol, text, outdata), false, outdata);
     }
 
     if (!mMetaData.isSigned) {
@@ -943,11 +811,11 @@ void SignedMessagePart::startVerificationDetached(const QByteArray &text, KMime:
     }
 }
 
-void SignedMessagePart::setVerificationResult(const GpgME::VerificationResult &result, bool parseText, const QByteArray &plainText)
+void SignedMessagePart::setVerificationResult(const VerificationResult &result, bool parseText, const QByteArray &plainText)
 {
-    auto signatures = result.signatures();
+    auto signatures = result.signatures;
     // FIXME
-    // mMetaData.auditLogError = result.error();
+    // mMetaData.auditLogError = result.error;
     if (!signatures.empty()) {
         mMetaData.isSigned = true;
         sigStatusToMetaData(signatures.front());
@@ -994,10 +862,7 @@ EncryptedMessagePart::EncryptedMessagePart(ObjectTreeParser *otp,
     mMetaData.isGoodSignature = false;
     mMetaData.isEncrypted = false;
     mMetaData.isDecryptable = false;
-    //FIXME
-    // mMetaData.keyTrust = GpgME::Signature::Unknown;
     mMetaData.status = tr("Wrong Crypto Plug-In.");
-    mMetaData.status_code = GPGME_SIG_STAT_NONE;
 }
 
 EncryptedMessagePart::~EncryptedMessagePart()
@@ -1055,59 +920,61 @@ bool EncryptedMessagePart::okDecryptMIME(KMime::Content &data)
 
     const QByteArray ciphertext = data.decodedContent();
     QByteArray plainText;
-    const auto res = decryptAndVerify(mProtocol, ciphertext, plainText);
-    const GpgME::DecryptionResult &decryptResult = res.first;
-    const GpgME::VerificationResult &verifyResult = res.second;
-    mMetaData.isSigned = verifyResult.signatures().size() > 0;
+    DecryptionResult decryptResult;
+    VerificationResult verifyResult;
+    std::tie(decryptResult, verifyResult) = decryptAndVerify(mProtocol, ciphertext, plainText);
+    mMetaData.isSigned = verifyResult.signatures.size() > 0;
 
-    if (verifyResult.signatures().size() > 0) {
+    if (verifyResult.signatures.size() > 0) {
         //We simply attach a signed message part to indicate that this content is also signed
         auto subPart = SignedMessagePart::Ptr(new SignedMessagePart(mOtp, QString::fromUtf8(plainText), mProtocol, mFromAddress, nullptr, nullptr));
         subPart->setVerificationResult(verifyResult, true, plainText);
         appendSubPart(subPart);
     }
 
-    if (decryptResult.error() && mMetaData.isSigned) {
+    if (decryptResult.error && mMetaData.isSigned) {
         //Only a signed part
         mMetaData.isEncrypted = false;
         mDecryptedData = plainText;
         return true;
     }
 
-    if (mMetaData.isEncrypted && decryptResult.numRecipients() > 0) {
-        mMetaData.keyId = decryptResult.recipient(0).keyID();
+    if (mMetaData.isEncrypted && decryptResult.recipients.size()) {
+        mMetaData.keyId = decryptResult.recipients.at(0).keyId;
     }
 
-    if (!decryptResult.error()) {
+    if (!decryptResult.error) {
         mDecryptedData = plainText;
         setText(QString::fromUtf8(mDecryptedData.constData()));
     } else {
-        mMetaData.isEncrypted = decryptResult.error().code() != GPG_ERR_NO_DATA;
-        mMetaData.errorText = QString::fromLocal8Bit(decryptResult.error().asString());
-
-        std::stringstream ss;
-        ss << decryptResult << '\n' << verifyResult;
-        qWarning() << "Decryption failed: " << ss.str().c_str();
-
-        bool passphraseError =  decryptResult.error().isCanceled() || decryptResult.error().code() == GPG_ERR_NO_SECKEY;
-
-        auto noSecKey = true;
-        foreach (const GpgME::DecryptionResult::Recipient &recipient, decryptResult.recipients()) {
-            noSecKey &= (recipient.status().code() == GPG_ERR_NO_SECKEY);
-        }
-        if (!passphraseError && !noSecKey) {          // GpgME do not detect passphrase error correctly
+        const auto errorCode = decryptResult.error.errorCode();
+        mMetaData.isEncrypted = errorCode != GPG_ERR_NO_DATA;
+        qWarning() << "Failed to decrypt : " << decryptResult.error;
+
+        const bool noSecretKeyAvilable = [&] {
+            foreach (const auto &recipient, decryptResult.recipients) {
+                if (!(recipient.status.errorCode() == GPG_ERR_NO_SECKEY)) {
+                    return false;
+                }
+            }
+            return true;
+        }();
+        bool passphraseError = errorCode == GPG_ERR_CANCELED || errorCode == GPG_ERR_NO_SECKEY;
+        //We only get a decryption failed error when we enter the wrong passphrase....
+        if (!passphraseError && !noSecretKeyAvilable) {
             passphraseError = true;
         }
 
-        if(noSecKey) {
+        if(noSecretKeyAvilable) {
             mError = NoKeyError;
             mMetaData.errorText = tr("Could not decrypt the data. ") + tr("No key found for recepients.");
         } else if (passphraseError) {
             mError = PassphraseError;
+            // mMetaData.errorText = QString::fromLocal8Bit(decryptResult.error().asString());
         } else {
             mError = UnknownError;
-            mMetaData.errorText = tr("Could not decrypt the data. ")
-                                  + tr("Error: %1").arg(mMetaData.errorText);
+            mMetaData.errorText = tr("Could not decrypt the data. ");
+            //                         + tr("Error: %1").arg(QString::fromLocal8Bit(decryptResult.error().asString()));
         }
         return false;
     }
diff --git a/framework/src/domain/mime/mimetreeparser/messagepart.h b/framework/src/domain/mime/mimetreeparser/messagepart.h
index 3c07ca88..c576699e 100644
--- a/framework/src/domain/mime/mimetreeparser/messagepart.h
+++ b/framework/src/domain/mime/mimetreeparser/messagepart.h
@@ -23,6 +23,7 @@
 #include "util.h"
 #include "enums.h"
 #include "partmetadata.h"
+#include <crypto.h>
 
 #include <KMime/Message>
 
@@ -32,13 +33,6 @@
 class QTextCodec;
 class PartPrivate;
 
-namespace GpgME
-{
-class ImportResult;
-class VerificationResult;
-class Signature;
-}
-
 namespace KMime
 {
 class Content;
@@ -55,11 +49,10 @@ class MultiPartAlternativeBodyPartFormatter;
 class SignedMessagePart;
 class EncryptedMessagePart;
 
-enum CryptoProtocol {
-    UnknownProtocol,
-    OpenPGP,
-    CMS
-};
+using Crypto::CryptoProtocol;
+using Crypto::CryptoProtocol::CMS;
+using Crypto::CryptoProtocol::OpenPGP;
+using Crypto::CryptoProtocol::UnknownProtocol;
 
 class MessagePart : public QObject
 {
@@ -366,8 +359,8 @@ public:
     QString htmlContent() const Q_DECL_OVERRIDE;
 
 private:
-    void sigStatusToMetaData(const GpgME::Signature &signature);
-    void setVerificationResult(const GpgME::VerificationResult &result, bool parseText, const QByteArray &plainText);
+    void sigStatusToMetaData(const Crypto::Signature &signature);
+    void setVerificationResult(const Crypto::VerificationResult &result, bool parseText, const QByteArray &plainText);
 
 protected:
     CryptoProtocol mProtocol;
diff --git a/framework/src/domain/mime/mimetreeparser/partmetadata.h b/framework/src/domain/mime/mimetreeparser/partmetadata.h
index 44a9cf7e..583eb454 100644
--- a/framework/src/domain/mime/mimetreeparser/partmetadata.h
+++ b/framework/src/domain/mime/mimetreeparser/partmetadata.h
@@ -37,7 +37,6 @@ public:
     QByteArray keyId;
     bool keyIsTrusted = false;
     QString status;  // to be used for unknown plug-ins
-    int status_code; // to be used for i18n of OpenPGP and S/MIME CryptPlugs
     QString errorText;
     QDateTime creationTime;
     QString decryptionError;
diff --git a/framework/src/domain/mime/mimetreeparser/tests/CMakeLists.txt b/framework/src/domain/mime/mimetreeparser/tests/CMakeLists.txt
index 9937ab06..fcb1988a 100644
--- a/framework/src/domain/mime/mimetreeparser/tests/CMakeLists.txt
+++ b/framework/src/domain/mime/mimetreeparser/tests/CMakeLists.txt
@@ -15,12 +15,11 @@ target_link_libraries(mimetreeparsertest
     Qt5::Core
     Qt5::Test
     KF5::Mime
-    Gpgmepp
-    QGpgme
+    gpgme
 )
 
 ecm_add_test(gpgerrortest.cpp
     TEST_NAME "gpgerrortest"
     NAME_PREFIX "mimetreeparser-"
-    LINK_LIBRARIES Qt5::Core Qt5::Test kube_otp Gpgmepp QGpgme
+    LINK_LIBRARIES Qt5::Core Qt5::Test kube_otp gpgme
 )
diff --git a/framework/src/domain/mime/tests/mailtemplatetest.cpp b/framework/src/domain/mime/tests/mailtemplatetest.cpp
index 75debd75..20ea8c5e 100644
--- a/framework/src/domain/mime/tests/mailtemplatetest.cpp
+++ b/framework/src/domain/mime/tests/mailtemplatetest.cpp
@@ -356,7 +356,7 @@ private slots:
         QString body = "body";
         QList<Attachment> attachments;
 
-        auto keys = MailCrypto::findKeys({}, true, false);
+        auto keys = Crypto::findKeys({}, true, false);
         auto result = MailTemplates::createMessage({}, to, cc, bcc, from, subject, body, false, attachments, keys, {}, keys[0]);
 
         QVERIFY(result);
@@ -398,7 +398,7 @@ private slots:
         QString body = "body";
         QList<Attachment> attachments = {{"name", "filename", "mimetype", true, "inlineAttachment"}, {"name", "filename", "mimetype", false, "nonInlineAttachment"}};
 
-        auto result = MailTemplates::createMessage({}, to, cc, bcc, from, subject, body, false, attachments, MailCrypto::findKeys({}, true, false));
+        auto result = MailTemplates::createMessage({}, to, cc, bcc, from, subject, body, false, attachments, Crypto::findKeys({}, true, false));
 
         QVERIFY(result);
         QCOMPARE(result->subject()->asUnicodeString(), subject);