What do you like best?
- Steady workhorse encryption, available on every/any platform.
- Can automated and used to sign tings like data from sensors, processes, etc.
- Doesn't require an expensive enterprise tool suite to run and can even be embedded inside applications.
What do you dislike?
- Key discovery is limited and hard to use. To be fair this isn't a limitation of GPG per-sec, but rather a baked in limitation/legacy of the distributed key repositories created in the 1990s..
- Depending on the target platform the key management interface can be less than intuitive
- any external integrations (such a monitoring for usage, requests for keys, etc) are external to GnuPG and you would have to build such integrations yourself.
- Not a lot security vendors allow integration of 3rd party encryption applications, so you can find yourself having to invent workarounds if your package doesn't support GnuPG.
Recommendations to others considering the product
If you need to implement security in you apps (I,.e., to ensure data integrity) or want an encryption solution that is not bound to a commercial software provider GnuPG is a good solution. Having said that, it should be implemented by people who have some experience in securing systems and services as there is critical information that must be installed along side GnuGP such as private keys; the security of these is critical else there is not security.
What business problems are you solving with the product? What benefits have you realized?
Sending info securely or guaranteeing the integrity of data with or without support of traditional corporate products