Usability of OpenSSL vs GNUPG

Brian Exelbierd bex at
Sun Dec 15 17:41:30 CET 2019


On Sun, Dec 15, 2019, at 2:05 AM, Dave via Gnupg-users wrote:
> I’ve been playing around some with OpenSSL recently, and it seems to me 
> that the OpenSSL command structure is rather convoluted. I’ve read a 
> number of articles, blog posts, etc. that criticize GNUPG and even make 
> the case that people should stop using it, in large part because of 
> concerns around the GNUPG command structure and general usability. 

Most of the criticism I have seen is that it is difficult for the target users of a specific use case to use gpg effectively to protect themselves.  This is things like message/email encryption/verification.

> Yet 
> I can’t recall encountering any similar complaints about OpenSSL. I 
> find this somewhat curious, and am wondering if there are OpenSSL 
> detractors out there that I simply haven’t come across or if the 
> OpenSSL command structure isn’t as complicated as it seems to me. Or if 
> it seems to others that OpenSSL doesn’t get the same level of criticism 
> as GNUPG does for usability, although the tools seem to offer a 
> generally similar user experience. 

I haven't seen OpenSSL pitched as the GPG replacement here, possibly for the reasons you cite.  Mostly I see, use application X (Signal, etc.) and don't believe email can reasonably be secured without ALL parties being "experts" at GPG.  The one use case no one seems to have a replacement for is "encrypt this file on disk for me to use later."

> I suppose that OpenSSL is geared toward a very technical and 
> security-aware user base, who aren’t likely to complain about usability 
> issues – while GNUPG is a tool that could be used by all sorts of 
> users, some of whom are definitely not technically inclined or 
> interested in details of information security. That alone could explain 
> the difference, I suppose. But I’m wondering if anyone has any other 
> thoughts around this topic.

My understanding is that most people encounter OpenSSL configured by someone else who is presumably a technical expert.

What usecases do you have in mind?



> Thanks,
> Dave
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list