Add support for exporting documents/messages

[eloquence]

As a journalist, I want to be able to export all messages and files associated with a source, so that I can handle archival and other post-submission work as I see fit.

"Export" in this case means creating a copy, e.g., on a USB drive.

There are two types of export workflows we should support:

• exporting a single file
• exporting an entire source (all messages/files)

Ideally we should support both in the first iteration, but if we have to compromise, we can start with single file export.

[eloquence]

Should export be in encrypted form; if so, what key should be used?

[eloquence]

Per discussion with @redshiftzero, the export would not be in encrypted form for 0.1.0alpha. If/when we support YubiKey/NitroKey type devices for journalists' private keys, we may want to use that key as well for secure export functionality.

The user experience here still looks pretty complicated (show dialog asking user to insert device and attach it to VM; attempt to access device; if successful, copy files; ask user to detach the device). Are there ways we could simplify that experience, e.g., by having the VM request permission to access an inserted device, rather than the user having to manually grant it?

[eloquence]

Preliminary prototype by @ninavizz for what the export wizard could look like:

https://projects.invisionapp.com/share/B5OKY9YRN7H#/screens/325612328

The first test we've run of this workflow suggests that users may not intuitively understand that this is a wizard with multiple steps. They may attempt to complete the process by clicking "Drive attached" before they've stepped through all the required instructions.

Some ideas for how this could be re-worked:

• Remove the "Drive attached" button from the wizard until the final step
• When the user clicks the "Drive attached" button, it would take you to a screen something like this:
  "Attempting to detect safe USB drive :spinner.gif:"

If this times out, we show a warning/error and invite the user to try again by following the steps.

If the user clicks the "Don't show instructions" checkbox, it would immediately go to that screen.

Does that seem workable? Are there other ways we could make this simpler for the user?

[ninavizz]

The wireframes (in the prototype) show literally my first stab at sketching-out the workflow. Totally open to more ideas! Also looking forward to refining it as things progress. :)

[ninavizz]

See latest prototype/wireframes for this, here: https://github.com/freedomofpress/securedrop-ux/wiki/Qubes-Journalist-Workstation#production-things

[eloquence]

We've decided to remove this from the alpha goals. For the purposes of the audit, we will merely document the intended workflow for export, so the auditors can give us feedback on whether this seems architecturally sound.

[eloquence]

Per discussion in freedomofpress/securedrop-workstation#84 we're increasingly thinking that this should take the form of a disposable export VM.

The workflow could be similar to a shopping basket, where the client lets you collect an arbitrary number of documents which then can be exported into a USB-connected disposable VM.

This could include optional pre-processing steps such as conversion of PDF files to trusted PDFs (see #235).

[eloquence]

See freedomofpress/securedrop-ux#57 (comment) for the agreed upon export flow.

[eloquence]

Closing in favor of more clearly scoped #526 and follow-up issues.