We have GOT TO make things simpler

Tony Lane codeguro at gmail.com
Wed Oct 2 01:55:04 CEST 2019

Hash: SHA512

With all due respect... NO.
It is not wise to impede on the power-users who use GPG due to the availability of the various configurations that brought us here in the first place.

On 9/30/19 9:43 AM, Roland Siemons wrote:[snip]
> 4/ Here is my proposal:
> 4.1/ Stimulate that people use a GUI like GPA or Kleopatra. Not Enigmail, although it offers the same, but it offers too much for beginners. Email integration comes after people have a basic understanding. Please do appreciate if people only want to be able to prepare encrypted documents for sending them as attachments.
This is not an issue with GnuPG. GnuPG is a back-end utility that front-end applications (like GUIs) interface to. Go to your vendor of choice that interfaces with GPG and complain to them about the complexity their interface. As far as GPG goes, it does exactly what it's supposed to. It's a command-line utility. Its raw interface is not supposed to be exposed to the kind of user you're expecting.

> 4.2/ Ensure that, when generating a keypair, GnuPG creates one directory "Secretkeys", and one directory "Publickeys". Make GnuPG to store the public part and the secret part separately in those directories. If GnuPG needs also keypairs in a single file, store that under Secretkeys.Keys are stored in a keyring database. You're not supposed to export them by copying files over in this way. You use the command-line utility to import or export your public keys.
For instance, the following command exports all of your signed public keys in PGP format:
gpg -a --export
...or you can export a specific key by suffixing that last command with the key (or name or email some other identifier) that you want to export. Exporting private keys is done the same way. Exporting the trust database can be done this way as well, albeit with different options.
> 4.5/ Get rid of the options to NOT publish keys on keyservers. Just work the opt-in alternative: If you want to publish to keyservers, make that a separate action that requires some effort.AFAIK, distributing keys to keyservers already takes a separate action. Unless there's some other command I'm not aware about, the only way I see to distribute keys to some keyserver is with the following command:
gpg --send-keys $KEY_IDENTIFIER


More information about the Gnupg-users mailing list