Bad user experience

mactrix's Avatar


25 Jul, 2013 02:33 PM

You product's user experience on OS X is behind imagination. How should novice users ever use this when even experienced users stumble.

1. Thanks for making the active user account with its secret key in bold text. This is a true innovation to clearly identify the key in a list of 20 other keys. Seriously, why don't you separate the user's own account from all the rest in its own window or in a separated window?
2. Deleting the user account and Sec key gives you no chance to recover the Sec key. A better warning before deleting this account may help! Or is this solution just made by admins for admins?
3. Let's say you want to improve your security encryption and update from 1024 to 4096. Why can't you update your existing key? And if you need to create a new key from scratch why can't you delete your old key from the server so people won't use it anymore?
4. In general, when you start messing around with this, why can't you remove keys from the server, e.g. when you used a wrong email, etc.? Incredible how badly this is done.

  1. Support Staff 1 Posted by Steve on 25 Jul, 2013 03:13 PM

    Steve's Avatar

    Hi mactrix,

    first off: being usable is one of our main concerns. And we take all user feedback very seriously and are open to suggestions.

    Let's go through your points.

    1. In GPG Keychain Access there is an option on the bottom right. Tick that box and you will see all your sec keys ( Does that work for you?

    2. Better warnings are on our to-do already.

    3. You can't change existing keys because for that you'd need a signature and the signature would be coming from your weak first key, the trust to the strong key would be weak as well. Please see this KB-article about deleting keys on the key servers.

    4. see 3.

    All the best :)

  2. 2 Posted by mactrix on 25 Jul, 2013 04:05 PM

    mactrix's Avatar

    1. Yes, I saw that. Still I suggest to have the Secret Key displayed in a separate section of the window to not mix it with keys from other users.

    2. Good. Still, I know the pass phase for the Secret Key but cannot recover it after I accidentally removed it from the 'GPG Key Access' app. It's crazy that I cannot read encrypted emails even if I know the pass phrase for the Secret Key. Why can't I recover the Secret Key if I know the pass phrase?


  3. Support Staff 3 Posted by Steve on 25 Jul, 2013 04:16 PM

    Steve's Avatar
    1. Do you really think having a two window user interface instead of a single window would be more user friendly? But you got a point and we are aware that the entire GPG Keychain Access isn't a designers dream come true. We are considering options...

    2. If you could re-create the sec key by only having the passphrase, that would mean the whole two-key encryption concept would be flawed by design. The limitation you are criticizing is aktually a feature - meaning you need both the sec key and the passphrase. If one of the two is missing you can't decrypt.

    Best, steve

  4. 4 Posted by greg on 25 Jul, 2013 04:23 PM

    greg's Avatar

    IMO, for Mail usage, there shouldn't be any "Keychain"-type app.

    Users don't know what "sec" means.
    Users don't know what "pub" means.
    Users don't need to deal with a Keychain app at all. After installing they should be able to open Mail and setup everything from there.
    Users should never even see the word "key". WTF is a "key"?!? Computers keys are the things they type on, and what does that have to do with making their email "safe"?

    Users have some exposure to the concept of "identities" and "profiles". Use that metaphor instead.

  5. Support Staff 5 Posted by Luke Le on 25 Jul, 2013 06:04 PM

    Luke Le's Avatar

    Greg, the new GPGMail version will be working without even having GPG Keychain Access installed. And one of the next steps is to completely revamp GPGKeychainAccess and exactly find new metaphores for all of this.

    We've been thinking about this for a long time and have great ideas.
    Again, it just needs time to implement them.

  6. 6 Posted by greg on 25 Jul, 2013 06:10 PM

    greg's Avatar

    Luke: awesome! I'm glad to hear you guys are considering this already. I look forward to seeing the ideas put into action. If you ever want to bounce ideas off of me, feel free to contact me: contact {aT] I can help with technical questions and design decisions (Mac developer for many years now).

    replace {aT] with @, of course. :-p

  7. Support Staff 7 Posted by Luke Le on 25 Jul, 2013 06:11 PM

    Luke Le's Avatar

    Yeah, it's extremely frustrating for us that we aren't at that point yet, but do everything to finally catch up and revolutionize the use of OpenPGP.

    It's still some time, but we'll get there.

    Thanks for the offer!

  8. 8 Posted by mactrix on 25 Jul, 2013 09:48 PM

    mactrix's Avatar


    1. Not separate windows but information separated, e.g. in a split window.

    2. Ok, in this case the app should never allow to delete the sec key.

  9. Support Staff 9 Posted by Steve on 26 Jul, 2013 11:41 AM

    Steve's Avatar

    Mactrix, don't you think that the checkbox I mentioned earlier is sufficient? You can just keep it checked if you like to display keys sorted after their type.

    1. Interesting thought. We've been considering this already. It might make it into GPG Keychain Access. Usual ETA disclaimer: Not sure though when. :)

    Can I close this discussion?

  10. 10 Posted by mactrix on 26 Jul, 2013 11:48 AM

    mactrix's Avatar


    this is what happened: I wanted to add a friend and hundreds of similar names appeared in the search window. I selected my friend and did not uncheck all others which causes the import of all search results. I selected them all and deleted them and to start from scratch. This is how my Sec Key got deleted too. From that moment the ability to decrypt my own mails was lost. Whatever you decide to to, don't allow to delete your Sec Key so easily. Therefore I recommend to also separate the own account with the Sec Key from all other contacts.

  11. Support Staff 11 Posted by Steve on 26 Jul, 2013 01:44 PM

    Steve's Avatar

    OK, now I understand much better where you are coming from. We totally agree with you on this and have several open tickets covering this problem.

    Do you have further questions or can this discussion be closed?

    all the best,

  12. Steve closed this discussion on 15 Aug, 2013 08:04 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac