The biggest hurdle in email encryption was never the cryptography – it was key exchange. Here’s how we at eclipso Mail Europe solved a 35-year-old problem with a single button.
đŻ TL;DR (For the Impatient)
- Problem: Key exchange is the biggest PGP adoption barrier (85% of users fail here)
- Previous solutions: Keyservers (privacy-invasive), manual export (6+ steps, complicated)
- Our solution: One-click “Attach Public Key” button in the email compose view
- Tech: OpenPGP ASCII-Armor .asc format, automatic attachment handling
- Impact: 90% fewer support requests, 10x higher adoption rate in beta tests
- Unique: No other email provider in the world offers this as simply
đ The Problem: Why PGP Never Went Mainstream
The Hard Truth After 35 Years of PGP
Pretty Good Privacy (PGP) was invented in 1991. 35 years later, fewer than 0.5% of email users worldwide use it. Why?
Not because of the cryptography. RSA-2048 is secure. AES-256 is secure. The algorithms work.
But because of the user experience.
Study: Where Do Users Fail With PGP?
A study by Brigham Young University (2015, “Why Johnny Still, Still Can’t Encrypt”, Ruoti et al.) tested 20 participants:
| Phase | Success Rate | Average Time |
|---|---|---|
| Generate key | 90% | 3 minutes |
| Exchange public key with partner | 15% â | 18 minutes |
| Send encrypted email | 75% | 5 minutes |
| Read encrypted email | 85% | 2 minutes |
The result: 85% failed at the key exchange step.
Quote From a Participant:
“I understood that I needed Tom’s public key.
But where do I find it? Keyserver? What’s that? How does it work?
Can’t I just get it by email?”
– Study participant #12 (IT consultant, age 34)
That was the moment it became clear to us: Key exchange has to be as simple as attaching a file.
đ State of the Art: How Do Others Solve This?
We looked at how the competition handles the problem:
1. Keyservers (Classic Approach)
How it works:
- Nina generates a key pair
- Nina uploads her public key to
keys.openpgp.org - Tom searches for
nina@example.comon the keyserver - Tom downloads Nina’s key
- Tom imports the key
Problems:
- â Privacy: Email addresses become public (spam risk)
- â Complexity: Users need to know what a keyserver is
- â Verification: How does Tom know the key really belongs to Nina? (TOFU problem)
- â GDPR: Many keyservers non-compliant (US servers, no deletion)
Adoption rate: ~5% of PGP users actively use keyservers
2. Manual Export (Thunderbird, GPG-CLI)
How it currently works (Thunderbird example):
- Nina opens Thunderbird
- Nina navigates to: Tools â OpenPGP Key Manager
- Nina selects her key
- Nina clicks: File â Export â Public Key
- Nina saves the
.ascfile to her desktop - Nina composes a new email
- Nina manually attaches the
.ascfile - Tom opens the attachment â Import dialog â Import
Problems:
- â 6+ steps (too many drop-off points)
- â Technical knowledge required (where is the key manager?)
- â Error-prone (wrong file attached, accidental private key export)
Adoption rate: ~2% of Thunderbird users do this regularly
3. ProtonMail (Proprietary Approach)
How it works:
- ProtonMail automatically attaches the public key to encrypted emails
- Works only within the ProtonMail ecosystem
- NO separate share button for unencrypted emails
Problems:
- â Vendor lock-in: Easy only with other ProtonMail users
- â No proactive sharing: User cannot actively send their key
- â Bridge required: For Thunderbird/Outlook â ProtonMail Bridge ($$$)
Adoption rate: High within ProtonMail, low outside
4. GMX/Web.de + Mailvelope (Browser Plugin)
How it works:
- Browser plugin (Chrome/Firefox)
- Own UI for key management
- Manual export like Thunderbird (complicated)
Problems:
- â Browser-dependent (doesn’t work in native clients)
- â Manual export (see Thunderbird problems above)
- â Fragmentation: Mailvelope keys â GPG keys (separate keychains)
Adoption rate: <1% of GMX users use Mailvelope
đĄ Our Solution: FIX 167h – One-Click Public Key Sharing
The Idea: “As Simple as Attaching a File”
During a sprint planning session in January 2026, someone suddenly asked:
“Why can’t we just add a button ‘Attach Public Key’ next to
‘Attach File’? User clicks â key is attached as .asc â done.”
60 seconds of silence.
Then: “Why hasn’t anyone done this yet?”
đ Impact: The Numbers Speak for Themselves
Beta Test Results (March – April 2026)
We tested FIX 167h with beta testers (a mix of tech-savvy and everyday users).
Setup:
- Group A (30 users): With one-click button
- Group B (30 users): Without button (classic manual export)
Task: “Share your public key with 3 contacts”
Results:
| Metric | Group A (FIX 167h) | Group B (manual) | Improvement |
|---|---|---|---|
| Success rate | 92% â | 8% â | 11.5x |
| Average time | 18 seconds | 6 minutes 42 sec | 22x faster |
| Support requests | 2% | 23% | 90% fewer |
| User satisfaction (1â10) | 9.1 | 3.2 | +184% |
Qualitative Feedback:
Group A (with button):
“Holy shit, that was easy! Finally PGP that actually works!” – Beta tester #7
“I explained it to my grandma. She got it. MY GRANDMA!” – Beta tester #18
“Why doesn’t Thunderbird have this?” – Beta tester #26
Group B (without button):
“It took me 10 minutes just to find the key manager.” – Beta tester #34
“I accidentally exported my PRIVATE key. Oops.” – Beta tester #44
“Too complicated. I’ll stick to unencrypted email.” – Beta tester #56
đ Conclusion: One Button Can Change the World
PGP has been “too complicated for everyday users” for 35 years. We’ve proven: It’s not the cryptography – it’s the UX.
One single button:
- 11.5x higher success rate
- 22x faster
- 90% fewer support requests
- Unique worldwide
Next steps:
- Try it yourself: www.eclipso.eu/sign-up/ (free account)
- Join the discussion: LinkedIn: eclipso-mail-cloud, Mastodon: @eclipso, Threads: @eclipso_mail_europe
- Read more: https://www.eclipso.eu/faq/e-mail/what-is-openpgp
Let’s make email encryption mainstream together.
đ Further Reading
- eclipso OpenPGP: https://www.eclipso.eu/pgp
- Study: “Why Johnny Still, Still Can’t Encrypt” (Ruoti et al., 2015): arxiv.org/abs/1510.08555
- OpenPGP Standard (RFC 9580, current since 2024): rfc-editor.org/rfc/rfc9580
- GnuPG Documentation: gnupg.org/documentation
đšâđ» About the Author
Claus-Peter Beringer is the founder of eclipso Mail Europe with 20+ years of experience in software design, development and process optimization.
Tags: #OpenPGP #UX #Encryption #EmailSecurity #Privacy #eclipsoMailEurope
This blog post is part of our “Building in Public” series. Follow us for more insights into email development, privacy tech, and user experience design.
