Egon
Jakob Bohm
jb-gnumlists at wisemo.com
Fri Aug 29 16:52:11 CEST 2025
On 8/26/2025 11:57 PM, Robert J. Hansen via Gnupg-users wrote:
>> then the pubkey must be manually imported but I believe it's just
>> another command?
> I don't mean to give offense, really, but that's pretty much exactly
> the attitude that for so many years kept UNIX as a fringe player.
>
> First off, whenever anyone says "it's just another command," 90% of
> the time they're wrong. Hackers and geeks massively underestimate the
> amount of interaction routine tasks take. Let's look at what your
> solution involves:
>
> 1. Learn bash well enough to understand whether you need to put
> this command in .profile, .bashrc, .bash_profile, or wherever.
> (bash has an embarrassing number of configuration files which
> are read under very slightly different conditions.)
> 2. Edit the appropriate configuration file to add this command
> 3. Remember to reload your configuration file
> 4. Run ssh-import-id-protonmail
> 5. ssh-import-id-protonmail gives a path: remember that path for
> the next step
> 6. gpg --import (the path given in step 5)
> 7. rm (the path given in step 5)
>
> Steps 1-3 only need to be done once; steps 4-7 need to be done each time.
>
> I don't doubt that your solution works great for you! For technically
> sophisticated users it makes a lot of sense.
>
> But there's also something to be said for:
>
> 1. Download an installer package
> 2. Double-click on it
> 3. At the command prompt, type "egon name at protonmail.com"
>
> ... and have everything else done automagically. For non-technical
> users, steps 1-2 are easier than steps 1-3 in the bash version, and
> step 3 is easier than steps 4-7 of the bash version.
>
> The heart of good UX is to reduce the amount of user intervention
> that's necessary to achieve routine tasks. If you want to get
> someone's certificate from Proton Mail, that should literally be a
> one-liner that only requires you to remember the person's email address.
>
> I don't much care whether someone uses "gpg --locate-key
> name at protonmail.com" or "egon name at protonmail.com". I do care that we
> make it as easy as possible for non-technical users, and make the
> experience streamlined. :)
>
I believe the logic with gpg --auto-key-retrieve is to automatically
download keys for anyone
you receive signed mail from, upon first encountering their gpg
signature, no need to
schedule commands every time you log on to your workstation or
terminal. While
--auto-key-import is a built-in egon-like mechanism that only does
anything if you request a
key of someone not already in your local keyring. All these options
need is for the proton
WKD server to be listed in gnupg.conf along with other popular WKD
servers (or a public
meta-server that queries the others for you, provided you trust the WKD
server operators
to not gather traffic analysis data about whose key each IP address is
searching for).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the Gnupg-users
mailing list