1. 12

    Let me contrast the author’s experience with my own. Note that I had a brain injury during this process that made me forget scripting and GPG plus hard to learn. I’m a nice test case for how hard things are. :)

    So, I looked into GPG. Holy shit there’s a ton of options and complexity. High-assurance security says subset to minimal thing that works for increased trustworthiness. I noticed it could encrypt files with others' public keys. The person that contacted me was able to receive attached files. Text editors only have so many 0-days left in them & are easy to sandbox. So, I decided on this protocol:

    1. Type the message into a text file.

    2. Type a cryptic command to encrypt it with that public key.

    3. Attach the file to a message to that person. Optionally doing this on a different box passed through a data diode if I was worried about GPG box compromised. Just using Linux for now.

    4. Receiving works other way where I download an encrypted file that I run a decryption command on.

    So, that’s simple. How to get started and what commands to use? I installed GPG first. One look at the man page made me hit Google instead. I found a cheat sheet, identified the minimal commands necessary, and compared them against the man page. Saw what seemed to be right stuff but that man page was horrible. Looked at a bunch of other sources online with varying trustworthiness to see if they had same commands. Seemed like I had the right ones. I was also warned the key gen phase could take a long time so I just ignored that usability problem that stomped the OP so much. I was warned after all.

    The key generated. Messages sent and received well. Only thing left was tediously typing my new buddy’s email into the box with every encryption. As others came up, I was having to remember more email addresses. Time to automate that shit with a front end that worked on any system I needed. Also, without remembering how to program.

    I recalled Python was easy. So, I’d need a data structure for a list of (alias, email) pairs, basic operations on text for maybe substitution, input, conditionals, ability to print them, and spawn function of some kind. Python reference gave me all I need which I tested each to be sure then composed them with tests. End result was a Python script with the list of alias/emails in it like a config file where I could just add people to the script itself. Then, I run the script on the text message with it asking which of a listed group of people to send it to. I type in number or name for it to run command automatically. Then, I verify by eye the new file looks like gibberish and attach it to the email.

    End result was that I had GPG for friends using it, I figured out how to use it with fair degree of trustworthiness, and I automated the annoying part with less than beginner’s knowledge of scripting. This shows GPG is way less hard than it appears to be. Although I sure could use a great front-end to smooth over all this. I’m sure any half-ass programmer could create one given what I did in that state. :)

    1. 1

      How many hours did you pour in to learning and perfecting your workflow?

      1. 1

        1-2 I think. That’s because I did the verification of Google results and relearning some scripting. The GPG cheat sheet was one of top results for Google on first search.