Let me explain some of my travails trying to use PGP with Thunderbird:
The install of T-Bird wasn't too bad
The install of OpenPGP was not easy but I managed it. The instructions on the site were not all that clear and for an out-of-date version, but YouTube helped out a lot. My mom, the business owners, or a computer science teacher at Central High School simply do not have time to do this. This could be streamlined.
The making of keys and storing of data was totally obtuse, fortunately, the wizard guided me through a lot of it. This could be streamlined.
Now sending a message is where it gets tough. OpenPGP says that I have to use [shift]+"left-click" on the Write button in T-bird to make sure the html won't be used so the PGP message will de-crypted correctly. This is non-sense. Why is this happening?
Ok now assuming I have a plain text email I have to hit [ctrl]+[shift]+[s] and [ctrl]+[shift]+[e] to sign and encrypt. BS. This needs to be better. Just a pop-up and type in the pass-phrase (brilliant wording, btw, phrase makes this so clear it has to be many words long my mom can understand this).
Ok now my buddy can't read it because I did not send him a public key? What the hell are those? Why do I care? I thought I put in my pass-phrase? Didn't he? What is going on?
I sort this out, I find the public key and send it over. Now he can read it. But wait I have another buddy that I have to do this with. Where were those options in the menus again?
There needs to be a button that remembers if I sent the public key to them, sends it if I did not, and then automatically tells their email client that I don't have theirs and gets theirs with permission from them.
Awww, fuck it... the NSA can probably crack this anyway.
It's even worse than you think, because several of the things you said in there don't actually make sense. It sounds like you possibly didn't manage to get the message encrypted at all, just signed.
And how you exchange public keys matters a great deal -- if you just send them over email, you haven't actually achieved any meaningful security.
So yes. The entire process is a usability nightmare.
Let me explain some of my travails trying to use PGP with Thunderbird:
The install of T-Bird wasn't too bad
The install of OpenPGP was not easy but I managed it. The instructions on the site were not all that clear and for an out-of-date version, but YouTube helped out a lot. My mom, the business owners, or a computer science teacher at Central High School simply do not have time to do this. This could be streamlined.
The making of keys and storing of data was totally obtuse, fortunately, the wizard guided me through a lot of it. This could be streamlined.
Now sending a message is where it gets tough. OpenPGP says that I have to use [shift]+"left-click" on the Write button in T-bird to make sure the html won't be used so the PGP message will de-crypted correctly. This is non-sense. Why is this happening?
Ok now assuming I have a plain text email I have to hit [ctrl]+[shift]+[s] and [ctrl]+[shift]+[e] to sign and encrypt. BS. This needs to be better. Just a pop-up and type in the pass-phrase (brilliant wording, btw, phrase makes this so clear it has to be many words long my mom can understand this).
Ok now my buddy can't read it because I did not send him a public key? What the hell are those? Why do I care? I thought I put in my pass-phrase? Didn't he? What is going on?
I sort this out, I find the public key and send it over. Now he can read it. But wait I have another buddy that I have to do this with. Where were those options in the menus again?
There needs to be a button that remembers if I sent the public key to them, sends it if I did not, and then automatically tells their email client that I don't have theirs and gets theirs with permission from them.
Awww, fuck it... the NSA can probably crack this anyway.