On 8/26/2025 11:57 PM, Robert J. Hansen via Gnupg-users wrote:
then the pubkey must be manually imported but I believe it's just
another command?
I don't mean to give offense, really, but that's pretty much exactly
the attitude that for so many years kept UNIX as a fringe player.
First off, whenever anyone says "it's just another command," 90% of
the time they're wrong. Hackers and geeks massively underestimate the
amount of interaction routine tasks take. Let's look at what your
solution involves:
1. Learn bash well enough to understand whether you need to put
this command in .profile, .bashrc, .bash_profile, or wherever.
(bash has an embarrassing number of configuration files which
are read under very slightly different conditions.)
2. Edit the appropriate configuration file to add this command
3. Remember to reload your configuration file
4. Run ssh-import-id-protonmail
5. ssh-import-id-protonmail gives a path: remember that path for
the next step
6. gpg --import (the path given in step 5)
7. rm (the path given in step 5)
Steps 1-3 only need to be done once; steps 4-7 need to be done each time.
I don't doubt that your solution works great for you! For technically
sophisticated users it makes a lot of sense.
But there's also something to be said for:
1. Download an installer package
2. Double-click on it
3. At the command prompt, type "egon [email protected]"
... and have everything else done automagically. For non-technical
users, steps 1-2 are easier than steps 1-3 in the bash version, and
step 3 is easier than steps 4-7 of the bash version.
The heart of good UX is to reduce the amount of user intervention
that's necessary to achieve routine tasks. If you want to get
someone's certificate from Proton Mail, that should literally be a
one-liner that only requires you to remember the person's email address.
I don't much care whether someone uses "gpg --locate-key
[email protected]" or "egon [email protected]". I do care that we
make it as easy as possible for non-technical users, and make the
experience streamlined. :)
I believe the logic with gpg --auto-key-retrieve is to automatically
download keys for anyone
you receive signed mail from, upon first encountering their gpg
signature, no need to
schedule commands every time you log on to your workstation or
terminal. While
--auto-key-import is a built-in egon-like mechanism that only does
anything if you request a
key of someone not already in your local keyring. All these options
need is for the proton
WKD server to be listed in gnupg.conf along with other popular WKD
servers (or a public
meta-server that queries the others for you, provided you trust the WKD
server operators
to not gather traffic analysis data about whose key each IP address is
searching for).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
