Email Focus

David Shaw
Mon Dec 10 21:32:01 2001

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 10, 2001 at 05:38:56AM -0500, Richard B. Tilley (Brad) wrote:
> I have read the information at I found it very interesting,
> but it left me wondering _why_ openpgp is used primarily for email when it
> can be (and is) used for many other things. I like using GNUpg, but I
> seldom ever use it for email. I use GNUpg to encrypt files (lots of
> files), and the encryption works well, but it is not as user-friendly or
> as easy for this purpose as it is for email.=20
> For instance, I posted the topic about recursive directory encryption a
> few days ago. GNUpg doesn't have this ability. I would love to be able to
> gpg -e -s -u Richard --Recursive Name_Of_Directory. Under Windows2000, I
> use PGPFreeware and it performs recursive encryption. Why can't GNUpg do
> the same?
> Here are the facts:=20
> I've been on the list for several months now, and have
> found it very helpful... although much of it is over my head (I do not
> program, I administer Linux systems and occasionaly write shell scripts).
> I run Linux servers and Windows desktops. GNUpg works great on Linux. PGP
> works better on Windows. I would like to see GNUpg used more widely as I
> strongly agree with open-source, but I have to admit that much of
> open-source is _not_ designed for the average office worker who finds it
> difficult to use MS Word.=20

You are up against a different design methodology.  Most programs in
the unix-ish world were built to do one job, and do it (hopefully)
perfectly.  For example, 'ls' lists files.  It has around a zillion
options to list them in different ways, but fundamentally, ls lists

GnuPG encrypts files.  It could be argued that it would be nice to
encrypt directories, but in the Unix-ish way of thinking, that is not
GnuPG's job.  After all, why build in a miniature directory lister, if
the user can just use ls, which is presumably perfect?

There are infinite shades of gray between the "one program does all",
and "each program does one task only" ideas.  You need to weigh the
various issues (KISS, program complexity, ease of use, potential for
bugs, difficulty to maintain, etc.) and decide.  I'm currently working
on photo ID support for GnuPG.  When I need to display a picture, I
call an external program to do it rather than do it myself.  For this
case, it was clear that the "display a picture" functionality did not
belong in GnuPG.

All that said, I think a --recursive flag in GnuPG is not
unreasonable.  It does raise the question: what does it mean to
encrypt a directory?  Do you want to end up with one big file that
contains the contents of the directory, or a directory full of
encrypted files?  (I'd say the second - the first is what "tar" is


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6c-cvs (GNU/Linux)