How about writing a small HOWTO/DYI PGP communication for Mail.app and maybe other popular email clients?

I agree with you regarding the MacGPG plugin. It's a good piece of software and it's heading the right way. It'll be better when they include a "Generate your key" button.

On the Windows platforms, I didn't find anything better than the commercial PGP tools from PGP inc.

And yes, one MUST use PGP/GPG to protect even seemingly uninteresting information. The value of information depends of whom is looking at it.

Hi Saad,

you wrote:
> How about writing a small HOWTO/DYI PGP communication for Mail.app and maybe other popular email clients?

There is already a HOWTO. You might find it here: Configuring GnuPG (Mac OS X)

Alexander,

the howto is very nice, thank you for the link! Still I would not want to give it to my father like that. That's why my proposition is that we need people who know how to use a computer well to help less experienced users.

Once the key generation and installation of all parts is done with a little help, the use of GPG/PGP for encrypting and signing mails is very well in the reach of less technical users.

When installing all that gpg suite of plugins for them, do you tell people the basic ideas about who can snoop on email, what asymmetric encryption is and why they should print out a print out a revocation certificate? It would be very unhonest not to, but seemingly people have a really hard time understanding this stuff. So you might as well not.

If you have a very simple, tried-and-true explanation of this any French language major can understand, please post the link (and email me about it).

" Using the Terminal on the Mac"

Gee heaven forbid, if you don't know how to use the terminal on Mac you shouldn't be using a computer.

Johannes, yes, I explain these things. I do simplify a lot, and I have a lot of experience explaining/teaching complicated technical stuff to newbies. I use a lot of analogies and examples, but occasionally I just show how things work (e.g. showing a tcpdump or tcpflow output on a wireless network).

Not everything of that technical matter gets "stuck" in users minds. I do this to a.) get them motivated to use encryption and digital signatures and b.) because - as you say - it's the honest way of doing things. But I'm often surprised about how much non-technical people can understand when you take the time and patience to explain. Some people have a barrier inside them "I won't understand all that technical stuff anyway!", but once you are over that, a lot is possible.

No, I don't have a link with material to explain these concepts in simple terms. Lots of PGP documentation has the tendency to drift into technical matters at unexpected moments. I'm thinking about writing down the details of how I did it, something like a "teach PGP" howto.

Andrew: Your irony is easy to spot, it just lets open what exactly you criticize. As for the terminal and newbies, I wrote an article to give newbies a start into using the shell. That article can be found online (though in German) here: Einführung in die Unix-Shell für OS X Anfänger.

"Gee heaven forbid, if you don't know how to use the terminal on Mac you shouldn't be using a computer."

I f#$! hate this attitude. People are just NOT INTERESTED in "Learning Computers." They want to communicate, share media, etc. The computer should make it as easy as possible, and anyone should be able to use one effectively and safely.

The market hasn't done its job until there is an "Encrypt" checkbox the user can simply check (and stuff like a "You don't have this sender's public key! Ask for it?" warning when necessary).

There's a new protocol proposal called EmailXT that is looking promising. Not just another idea. A proof-of-concept application is already available, though very buggy, almost useless at this point IMHO. Something to watch...

I work for a small call center that takes phone orders for clients so as you can imagine all the customer's personal data such as addr, phone number, email, credit card numbers, etc. need to be secured through email. Unfornately we purchased PGP about a year ago and we still can't get it to work. I've been on their forum & also read all the PGP documentations but I am not technical saavy at all. We have one client who purchased PGP and we have his public key etc. but cannot get the darn thing to encrypt. When I checked the messaging log, it doesn't show any activity. The problem is I don't know where to start to get this going again. Any suggestions of where I can get this information?

Janet, I'm not really familiar with the commercial PGP product (using the open source GnuPG variant here). I think you should maybe look for professional support if this is a business critical thing to you (and it does sound like that).

That aside, a PGP program stubbornly refusing to encrypt something often points in the direction that maybe the public key from your client isn't signed by you. You have to "sign" his key, so your PGP program knows that you trust that key to be the proper key for that client. The manual should have some information about that.

On the other hand, I would expect a problem like that to result in an error message or an entry in a log file somewhere...