Bytebuster is right to a certain extent assuming you have a person able to learn the best method is to teach them a little bit about thngs.
The next most friendly method would be to host your own https page. If you are concerned about the files leaking enable the https server only when you are working with that person and have a password/session protected directory that you give them the password to over the phone, have it a random password that you create at that time and is long enough that normal password hacking would not break the password any time soon. Using an active page to allow upload/download like asp or php etc. Would allow short term sharing of files. The encryption could be set to the same level as what is used to process credit cards and changing the access password just before you turn it on for the session makes it so its not easily broken before your done.
The other way I could see is something like using cacert to make them a new free client certificate. With some planning and good directions you could do more or less what you were originally thinking.
The biggest thing is just document the heck out of what you want to do with the users I work with I probably hit 1 in 120 or so that I just cant explain through. Usually the problem there is they wont stop long enough to do what is needed.
If this is for end users then probably a client certificate type thing would work best. There is a reasonable amount of infastructure already in place able to use client certs. you just need a trusted repository for client certs to be managed many email programs web browsers and such already have things in place to use client certs to access encrypted items.
1If you have no knowledge about the software installed on Bobs computer and you cannot expect him to install additional software, then I'm afraid that there is no portable way. Even a password protected ZIP file might fail if no archiver is installed. – Marco – 2012-07-23T09:10:52.710
2Some archivers have an option to create self-extracting file which will prompt the user if the file is also password protected. I think one of them is 7-Zip. No sure about WinZip. I'm sure there are others. One problem it that can be difficult to email someone an executable file. Dropbox does not have that problem. – martineau – 2012-07-23T11:01:53.950
1I'd say the way to do this is through Education. I mean, you say Bob wouldn't know anything about cryptography, and cannot be asked to install software... but you left out the parameter that Bob can't be instructed in how to do either of these necessary things either. So, you either use a method that doesn't require Bob to learn anything (Mail him a CD, etc.) or instruct him as to how to deal with file transfers and cryptography. – Bon Gart – 2012-07-23T13:42:38.897
3I also think it's simpler to spend an hour with Bob to teach him on basic aspects of security (which he would use in the future) than blaming on his lack of knowledge. – bytebuster – 2012-08-14T14:14:51.680
1@bytebuster, +1. I agree as long as Bob and Alice are related personally. Consider the case in which Bob is one of Alice's customers. She just cannot explain security to each and every Bob she works for. – Dacav – 2012-08-14T18:04:56.240
@Dacav, yes it takes lots of time and not everyone can afford it. On the other hand, if Alice does that, she would get a very loyal customer. Not that bad. – bytebuster – 2012-08-14T18:29:36.027