As someone who trains human rights defenders and journalists on this stuff...I couldn't agree more. Often things end up being an unfortunate tradeoff between trying to get PGP working for people and having to settle for something less. Particularly in the developing world, which lower computer literacy rates - this is a significant problem.
To be fair, at least Whisper Systems and the Guardian Project are doing great work to try to make encryption in various implementations work better for the average user. And let's be fair, groups like these and the LiberationTech community runs on a shoestring in comparison to even one large commercial tool.
For people like this I write a simple shell script that abstracts away all the complexities and shitty UI. Never tried working directly with libgcrypt, I just let the regular gpg application handle it. Decrypting incoming mail automatically, checking to make sure outgoing is encrypted before sending and even regenerating keys and signing them is just a few shell commands you can script away. Projects like Tails should have this instead of big clunky GUIs.
It's a hacky shell script for OSX to make the process almost invisible to the user without using in-house mail servers or writing network facing daemons. When users launch their mail app it also launches the script (and mail console applescript) that command line fetches mail, decrypts and inserts into mail.app db, looks through msgs for new public keys and extracts them, updates contacts automatically with GoogleCL and gpgtools, then starts offline mail client to view/reply as they normally would. The script then fetches outgoing mail, gpgtools encrypts it according to destination, verifies it and sends.
GPG key ID is automatically inserted into contacts https://code.google.com/p/googlecl/ so when the user deletes a contact the script reads the KeyID and removes it from the keyring as well. It had to be Google contacts it wasn't my decision. Nobody wanted to change their mail app workflow and they couldn't figure out gpgtools/gpg suite so this poor scheme was devised but it works.
The janky part comes when the script checks mail console logs to detect no connection errors when users req to fetch new mail (and suppress popup notifications of this) so they don't have to push a second button to do it outside set intervals that fetch automatically. For some reason it was important that no other buttons existed to fetch new mail. There's probably a Claws Mail plugin that can be written to accomplish all this too if users were willing to switch apps, mutt will do most of it automatically and can be abstracted to make it invisible, or script OpenSMTPD to do this.
I was thinking the opposite--most shell scripts seem to exist to show off arcane knowledge rather than document a task in the most straightforward way possible.
To be fair, at least Whisper Systems and the Guardian Project are doing great work to try to make encryption in various implementations work better for the average user. And let's be fair, groups like these and the LiberationTech community runs on a shoestring in comparison to even one large commercial tool.