1. 4

    GPG definitely needs a proper CLI. This blog post is way too long for something that needs to be trivial to do.

    Is there any good GPG wrapper out there? A simple, easily auditable bash script should do the trick. I wonder why I never came across oneā€¦

    1. 3

      keybase.io is such a thing, or at least that’s the hope. It’s a challenge because they’re trying to do multiple things: simplifying keysigning/web-of-trust, simplifying encryption/decryption commands while making this all web-accessible but still allowing for the command line frontends you’re talking about.

      you should take a gander, it’s a novel idea but it loses the subtlety that this article describes. Subkeys are a complicated idea, heck, even per-machine ssh keys are still complicated enough that gitolite devotes an entire part of its manual to ‘ssh basics’. i don’t think it’s any surprise that subkeys in ssh are even more nuanced to the point of seeming opaque.

      gpgtools for the mac is a good stab at a frontend, but there’s so many nuances and religious decisions that go into “informed gpg usage” that it’s almost worth thinking about whether a frontend could satisfy them all. that’s sorta a cop-out, but i don’t think the lack of a good frontend (even on the command line) is for lack of trying.