Thanks for providing those instructions. Encryption is inherently complicated, but it seems to me that GPG is far more complicated than it should be. Extra complexity isn't just an inconvenience, it is precisely where mistakes and bugs and security breaches come from.
For example, GPG has an entire logic around photo IDs. I can see the logic of using photo ID's with some authentication mechanism, but this should be in conjunction with GPG, not built into the tool itself. GPG shouldn't have a concept of photos, it's complicated enough already. Just reading the amount of options in the man page suggests that gpg ought to be broken into smaller more easily digestible components.
So while I like to see wrappers around GPG (eg. Jason Donenfeld's `pass` password manager), I worry that the underlying complexity of GPG hides security holes that may surface in the future.
What do you mean by "encryption is inherently complicated"?
Conceptually, and thus in a cli frontend it should be pretty simple: you specify a message, a public key and a destination to encrypt, and then a ciphertext and a private key to decrypt. What is complicated?
Does it? It says how managing keys in public key cryptography is complicated. As also signing and verification, and x509 certificates rely on this then one might say they too are complicated - as is everything else that builds on asymmetric crypto. I.e why encryption specifically is complicated? (Or am I just dense and missing something? :))
The poster you replied to was clearly talking about end-to-end secure encryption being complicated. This means guarding against supply chain attacks, secure sharing of keys, verification and signatures, etc.
For example, GPG has an entire logic around photo IDs. I can see the logic of using photo ID's with some authentication mechanism, but this should be in conjunction with GPG, not built into the tool itself. GPG shouldn't have a concept of photos, it's complicated enough already. Just reading the amount of options in the man page suggests that gpg ought to be broken into smaller more easily digestible components.
So while I like to see wrappers around GPG (eg. Jason Donenfeld's `pass` password manager), I worry that the underlying complexity of GPG hides security holes that may surface in the future.