Last I checked there isn't even a good UI to perform simple file encryption on most OSes. It's awful. There are huge holes in the market. I would pay for that.
That's because simple file encryption is really hard, and when it works well, you don't even notice that it's working. Encryption is completely invisible to common people. It's not like locking your money in a safe, where you can feel the heaviness of the door and hear the clank of the lock.
"It's not like locking your money in a safe, where you can feel the heaviness of the door and hear the clank of the lock."
I think the perfect is being the enemy of the good here.
Personally I would pay for a really good UI for doing that -- just encrypting files so I can stash them safely in cloud storage or transfer really sensitive stuff. I'd love to be able to right-click and encrypt/decrypt with a GPG public key or symmetric passphrase.
I have full disk encryption, but that's very coarse-grained. Unlock the machine and it's defeated. My hack right now is to use encrypted OS X .sparseimage files, but that's OS-specific and clunky. I also have these scripts:
They kind of suck but do the job in a platform-independent way. They could be made slightly better by trying to secure-erase the original source file, etc., but they work.
The other problem with invisible omnipresent encryption is that it lacks a quality that I call "situational awareness." I like knowing that something has in fact been encrypted. Seeing a file extension change, like gzipping a file, tells me that yes in fact something has happened.
A classic example I use of poor situational awareness in security is IPSec encryption setup between two boxes. The only way I know of to verify that the traffic is actually encrypted is to tcpdump the raw interface and look. The (piss-poor) IPSec tools do not really tell you this in a non-confusing straightforward way.
Talk to @adamcaudill on Twitter -- he's working on an encrypting camera app (photos are decrypted offline) and would probably love to collaborate on, e.g. frontends for gnupg or reop.
It's too far up the stack and too coarse-grained. If I save a file on my Mac, it is encrypted, but if I transfer it to Dropbox it is decrypted and then transferred.
Right now I solve this by using command line tools or encrypted .sparsebundle images. That sucks.
My thoughts are that we could really do with encryption being the default. If I upload a file via gmail, it should be encrypted with the recipients' public key. If I upload a file to Dropbox, it should be encrypted with my public key. Both should be overridable (e.g. public Dropbox link).
The key itself can be kept secure using hardware tokens for encryption/decryption/signing. The major problem with that seems to be access across multiple devices. Would it be possible to produce a wireless access token with a secure handshake that could be used for all devices?
I have no idea how we'd get there or how we'd convince people to go along with it.
Others have cited Mac options, and I know kleopatra is KDE has a context menu on every file to encrypt, which I just tried and it works fine with my pgp keys. Like three clicks. Even supports compression.
