Who am II co-founded
BitOasis as a (former) CTO. As far as I know we were the first wallet to use multisig with keys distributed among different entities (us/co-signer/backup) without bothering the user to store a private key. Our open sourced multisig wallet:
multisig-core and
multisig-recovery.
See my
PyCoin contributions here.
Why most PGP solutions suckWe used PGP at BitOasis to encrypt sensitive email. For most people, PGP is a pain in the ass.
Non-critical info would often go unencrypted because you don't want to bother the other guy by encrypting it.
If we didn't use PGP for MOST email, it's no wonder others don't use PGP for ANY email. It's too cumbersome.
What I've done about itI made PGP work just the same as normal email, so that non-technical people can use it. I released my child a few days ago as
CryptUP. It's a Chrome plugin and works with Gmail, because that's what I (and a lot of people) use. It's compatible with any other PGP solution though.
Where I need your feedback - improving decade old pains with PGP
Public key managementI'll use Ethereum as a pubkey database for CryptUP users, under the hood. Users' pubkey fingerprints will get submitted to Ethereum blockchain, instead of outdated systems like
http://pgp.mit.edu/. Ethereum blockchain can then be queried with
DNSChain eliminating man-in-the-middle attacks on exchange of key fingerprints.
The users don't need to know about the Ethereum stuff. It'll just work and I'll pay for the fees, it's a few cents per user.
Public key fingerprint verificationSecurity of PGP relies on this, but NOBODY does this. Without knowing you talk to the right person, PGP is a placebo. I'll implement fingerprint-to-image converter, where instead of comparing letters and numbers (which nobody will do), I will be displaying a set of icons for contact you talk to. Imagine 4-5 icons per fingerprint, eg: horse, frog, car, sun. It's much easier for humans to notice a discrepancy in icons then "0D5688EBF3102BE7".
Let me know what you thinkAs is, I think (and people tell me)
CryptUP is the easiest to use PGP plugin. Setup, conversations, attachments, it just does what you expect your standard email to do, plus encrypted.
Let me know your thoughts, it's available here:
https://chrome.google.com/webstore/detail/cryptup-encrypt-gmail-wit/bnjglocicdkmhmoohhfkfkbbkejdhdgcAnd the source code is here:
https://github.com/tomholub/cryptup-chrome
