Ooh, I know this one! I think. Doesn't Apple Mail have this built in? I go to Keychain Access, choose the option to generate a key. Two clicks. Head to Mail, encryption options are there. Now, to import his key. Do some googling on that.
Wait, what? Apple Mail supports S/MIME, not GPG. Competing standards strike again.
If the other person has S/MIME, Apple Mail does have a very easy experience. I can't speak for the merits of either security-wise.
Also, I think this is the sort of thing Keybase is good for. There's a level of indirection pasting into Keybase, but it's pretty easy to set up and (for non-Snowden levels of paranoia) makes it very easy to start sending encrypted mail to somebody else. The new Keybase chat is also an option.
I'm glad S/MIME gets a mention because I've always been skeptical of it based on the fact that everyone rallies behind PGP.
I recently failed to install gpg2 on freebsd (for some reason it barks at me and fails and I don't care enough to waste my time on it) and decided to give S/MIME a chance with a signed cert from comodo. (which was free, just to try)
I have to say though the experience is beyond reasonable, it's very easy to get to grips with. If you're using S/MIME, I see a little verified badge in my client, not only that, if I've receieved signed mail from you, I can reply with an encrypted document that only you can decrypt.
This works with CC's and everything. The CA cargo-cult crap definitely has a benefit when it comes to web-of-trust.
No, that's the beauty. Once you emailed a person your validated cert is saved in their outgoing keychain.
No more public key exchange. I checked and Thunderbird often checks the CRL for the certificate I have. I also checked revocation of that certificate and thunderbird shows a big warning about it being invalid. (although it doesn't specify expired or revoked).
GPG makes a big deal of doing its own thing and trying to avoid "standards" which they believe might be tainted? It's very unclear to me. For smart cards, GPG wants to own the card completely, and does not want to play with anybody else or use the existing PKCS standards.
So it turns out that the "standard" email encryption is actually S/MIME, and it works pretty much everywhere (non-webmail) out of the box, with fairly decent UI. It even works on iPhones.
Wait, what? Apple Mail supports S/MIME, not GPG. Competing standards strike again.
If the other person has S/MIME, Apple Mail does have a very easy experience. I can't speak for the merits of either security-wise.
Also, I think this is the sort of thing Keybase is good for. There's a level of indirection pasting into Keybase, but it's pretty easy to set up and (for non-Snowden levels of paranoia) makes it very easy to start sending encrypted mail to somebody else. The new Keybase chat is also an option.