Usability of OpenSSL vs GNUPG

Damien Goutte-Gattat dgouttegattat at
Sun Dec 15 19:49:17 CET 2019

On Sat, Dec 14, 2019 at 08:05:04PM -0500, Dave via Gnupg-users wrote:
>I can’t recall encountering any similar complaints about OpenSSL.  I
>find this somewhat curious, and am wondering if there are OpenSSL
>detractors out there that I simply haven’t come across

OpenSSL definitely has its detractors. They were for example very vocal 
back in 2014 in the aftermath of the Heartbleed bug.

>OpenSSL command structure isn’t as complicated as it seems to me.

For what I have seen, most of the criticisms against OpenSSL are 
directed at the code and/or the API rather than at the command line 
tools. This may reflect the fact that OpenSSL is probably more often 
used as a programming library than as a set of command line tools. That 
being said I have seen complaints about the command line OpenSSL tools 
as well.

(I’ve heard a crypto-nerd once telling me that the only way to correctly 
generate a certificate signing request using OpenSSL’s req command was 
to type the command while sitting in a demonic circle after having 
sacrificed at least a dozen of chickens—or two dozens if the CSR is for 
a ECC certificate.)

>I suppose that OpenSSL is geared toward a very technical and
>security-aware user base, who aren’t likely to complain about usability

I am not sure I’d buy that. All the criticisms I have seen against 
either GnuPG or OpenSSL came from very technical-minded people.

By contrast, in my experience non-technical people showing up at 
cryptoparties are very much willing to use the software as it is, 
learning what they need to learn instead of complaining that the 
software should be simple enough that they shouldn’t have to learn 

(Of course those are the people motivated enough to attend a 
cryptoparty. They may not reflect the larger group of users.)


- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list