I am also not putting down the system that you guys created, it’s a great band-aid. However, it doesn’t solve the bigger issue of users being the weakest link in security.

Before being forced to use it, how many of these old business guys knew how to use their email? Or how to do 90% of the things they are doing now? They did it because they were told “this is how we do things and you will learn”. I wish this is what we would do with GPG/PGP.

I am not saying this is what businesses will do… and I know on the short term and even near future it sucks for the IT guys. However, I just think its one of those things society should be forcing on people.

@ Chris Wellons:

Wow… Thank you for doing the testing for me. :)

That “close” issue is definitely unintended. I think it happens because the window used to be independent, and I just recently made them into modal dialogs. I bet that the issue is related to this.

@ Travis McCrea:

The problem with GPG is that it is an overkill for most companies and there are major roadblocks to implementation. We tested it at my workplace and found out that:

1. Most Outlook plugins suck. It actually seemed more convenient to spend the money and buy PGP licenses than deal with support of the GPG and related tools

2. Only small percentage of employees grasped the whole concept of private/public keys. Most people complained that key management was a needless hassle.

3. None of our clients used GPG or PGP. Using it internally just within company seemed silly.

We ended up setting up a dedicated Zimbra server, and then forcing it to only accept SSL connections, and then migrated all the users to it using the Zimbra Outlook Connector. Now all communication within the company is encrypted via SSL and it is 100% transparent and invisible to the user.

Our clients use like a dozen of different solutions. Few use the AES feature in Winzip (forcing us to buy Winzip licenses, ugh..). One company uses some proprietary product that got bought out, and then shitcanned by McAfee and therefore is no longer maintained or updated (yaay security!) and a bunch use dedicated web portals apparently made by PGP with the lovely default attachment size of 6MB or less. It’s a mess.

https://www.yousendit.com/business This is more on our conversation from before, I know it uses a third party, but perhaps companies should make their own implimentation of this if they don’t feel comfortable with their service?

And I really like this… Considering I encourage everyone to switch to GPG and wish corporations forced it, I wont be using it (I don’t have much need anyway) but its a great project none-the-less.

An idea:
To make it easier for people, write 1) in front of the first line, 2) second line and add a 3rd line: 3) Recipient decrypts file. Or is that understood from the text?

/Mads

Ah, looking more closely, I see KEY and IV is the encrypted symmetric AES key and the private RSA key is stored away properly in a special key container. So they should be ok as-is.

Looks pretty sharp! Putting those descriptive images in there adds a lot. For nitpicking, I think there should be some better feedback about the generated key status. If a key has already been generated, indicate so in an obvious way. Maybe even hide away key generation so that it happens automatically the first time, and it’s not in plain view of the user any other time after that.

I cloned your repository and built on Linux with Mono’s xbuild. I know very little about Mono and .NET, so I don’t know why this is, but I noticed it doesn’t include any of the images. Other than that it runs fine,

Linux build, Linux run

One big point I noticed is that the key files it generated, KEY and IV, are globally readable (644) by default. Security applications (GnuPG, OpenSSH) always turn off all the other permissions (600) and refuse to use private keys stored in files readable by other users (other than root, obviously) — this is actually quite involved, checking directory permissions and ownership all the way down to /. I don’t know if .NET gives you a portable interface to fixing this, since it’s a unix-style permissions vs. Windows permissions thing.

Your build run in Mono has the images, though things quite aren’t aligned as well as your screenshot above– (and Mono managed to pick even uglier widgets than before.

Luke’s build, Linux run

There’s a slight behavior difference too. In your build, clicking “close” in one of the modal dialogs closes the entire program (unexpected behavior if you ask me), but the Mono build does not.

Of course this is all academic since the target audience doesn’t include any Linux users. :-) And you also said it requires .NET 3.5, which doesn’t include Mono.

IceBrain wrote:

“I’m a man, not a girl!”

You know, sad part is that I can actually envision someone saying that. :P

@ jambarama:

Thank you sir.

@ Tobi:

Nice! Mono is quite amazing piece of code. I never cease to be amazed how you can take a .NET project that was coded for and compiled on Windows and seamlessly run it on Mac or Linux.

It just goes to show that the only real reason why .NET is not a platform independent framework like Java, is because Microsoft does not want it to be. And it’s their right of course. But I’m amazed the open source community was able to build cross platform alternative. :)

Jey. Runs with Mono. (Tested in OS X)

Terrific little piece of code. Thanks!