[Gpg4win-users-en] FYI: Digital Security Software Bug Hunt at RightsCon

Webster Tom tom.webster at bwigroup.com
Tue Feb 18 17:09:17 CET 2014

I've used GPG4Win in one of my presentations about security interfaces: http://samurailink3.com/talks/making-security-shiny/
Be sure to check out the whole talk, I feel it is relevant to your question.

Here's the specific example for GPA: https://speakerdeck.com/samurailink3/making-security-shiny?slide=24


The GPGOL interface isn't very pleasant for end users (Windows 7 + Outlook 2010 + Hosted Exchange). Compare it to Enigmail on Mozilla Thunderbird (https://www.enigmail.net/home/index.php) or Outlook Privacy Plugin (https://code.google.com/p/outlook-privacy-plugin/). Those interfaces are easy to use for the 99% case and are don't give users the opportunity to hurt themselves easily (for example: sending an email with encrypted body text, without encrypting attachments).
My company in particular has need of an open-source GPG Outlook implementation, but can't use GPGOL because of interface/workflow issues. It's far too complex for users to send encrypted email with attachments.

Here's the current workflow in my situation:
1. Create new email, make sure to CC self (if you don't CC yourself, you won't be able to read the email, in Outlook 2010, there is no option to include your own public key).
2. Choose to encrypt email, manually select key for each user (it isn't automatic because of our hosted Exchange system).
3. Click to add and encrypt attachment, manually select key for each user, again.
4. Repeat step 3 for each attachment (of which there may be several).
5. Send email.

This workflow/interface is a huge issue for my users, and we've abandoned GPGOL for the moment. Hopefully we've set something up wrong and we can make things better, but for the moment we're looking at other solutions (even paid solutions).

The documentation seems out of date for GPGOL: http://www.gpg4win.org/doc/en/gpg4win-compendium_33.html

 - Tom Webster
 - Information Technology
 - +1.937.601.8484

-----Original Message-----
From: Gpg4win-users-en [mailto:gpg4win-users-en-bounces at wald.intevation.org] On Behalf Of Samir Nassar
Sent: Tuesday, February 18, 2014 10:47 AM
To: gpg4win-users-en at wald.intevation.org
Subject: [Gpg4win-users-en] FYI: Digital Security Software Bug Hunt at RightsCon


Some of my work involves training others on digital security and GPG4Win is one of the tools I use on Windows.

This year I'll be hosting a session at RightsCon in San Francisco which I am calling a "Digital Security Software Bug Hunt" to connect trainers, technologists, and funders to highlight bugs and issues in software designed for protecting users in order to make the software more accessible for those who are new to using digital security tools.

My personal goal is to find ways to convince funders that there is important work to be done in, what I consider to be, bread and butter of digital security software and that fixing software such as contained in GPG4Win is far more important than investing in t

I am reaching out to you gpg4win users to help me highlight what you consider pressing issues in the software collection that is GPG4Win.

Highlight an issue that you think needs improvement or fixing.
What kind of usability fixes need fixing, how, and what costs are involved?
Do you need and want better translations? Are you getting them?
What are some of the time and work costs to fix a feature or improve a workflow in something like Kleopatra or GPGOL?
Am I wasting your time? Maybe there isn't a problem at all.

About RightsCon: https://rightscon.org/about.php

Samir Nassar
samir at samirnassar.com
Communications Consultant
PGP Key: http://is.gd/0xFE679A908E997AB2

Gpg4win-users-en mailing list
Gpg4win-users-en at wald.intevation.org

More information about the Gpg4win-users-en mailing list