I was a tad surprised by the Financial Ombudsman service, as they tried replying to me, but sent a very long email on setting up a pass phrase with a link to their site so they could send me secure emails. It was a long and complicated email, and I had not spotted the bit about PGP right at the end to be honest. They fail in making the email so long to be honest, but are clearly trying to cater for people that have no clue on PGP first, hence fooling me slightly. I wonder if it can be a tad more concise and still be effective.
I replied saying basically that my PGP is on key servers, the key ID, and attaching my public key to the email. That was over two weeks ago (well, we had Christmas I guess).
Today I get an encrypted and signed email! This is where it gets slightly amusing as the email says :-
I've heard back from our IT department today who have said they're unable to open the attachment in the format it's been sent.
Well, the attachment was my PGP public key which, err, they are now using to send me the encrypted email.
After some email exchanges it is becoming apparent that the people you are emailing with don't see the PGP, they see plain text that says it was signed, for example. They get a tad confused by attachments it seems. They do not realise they are sending signed and encrypted emails. When I said "well done" for using my key, they are confused... I tried to explain.
So second slight failing is that they could do with a bit more training for the people that use the system.
However, top marks for a system that considers the financial information being exchanged by email to be sensitive and making use of existing encryption systems like PGP (and possibly some others by the look of it, hence the long initial email). This is a good sign...