GPG Mail: I'm prompted for password, but mail never seems to sign
Hi, I just installed GPGTools as I am excited to integrate with Mac Mail. Unfortunately, while I do get prompted for my GPG password when sending a message, the message itself does not appear to be signed at least not in clear text. Is there a way to have the message remain in clear text so the signature doesn’t get stripped?
Expected
I expected that when I signed a message, the signature block would be inserted in the message text.
macOS 10.14.5 18F132
GPG Suite 2018.5 2368 (6f26711)
GPG Mail 3.0.1 1330 (807c323e) 30 trial days remaining
GPG Keychain 1.4.6 1514 (560b5a9)
GPG Services 1.11.6 1056 (ad0c960)
MacGPG 2.2.10 921 (b487092)
GPG Suite Preferences 2.1.4 1077 (ad934a9)
Libmacgpg 0.8.7 895 (78f424a)
pinentry 1.1.0 10 (1ff8803)
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 27 May, 2019 03:01 PM
Hi Steve,
welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.
Could you send us a screenshot of the draft you are sending (just create a signed test message to yourself) and then the same message once it has been received by you.
If you indeed send a signed message, you should see, that that message is signed in the Security Information for that message in Mail.app. Is that not the case?
GPG Mail is defaulting to PGP/MIME so the text block for the signature, which you seem to be expecting will never show.
The format you are referring to, is called PGP/Inline and is an undocumented non-standard format. That leads to several problems, thus we default to PGP/MIME.
While PGP/MIME allows to encrypt attachments, OpenPGP/Inline currently does not. Also, you are limited to text only. Any formatting will be ignored.
To learn more about the deficits of Inline/PGP we recommend this note of Daniel Kahn Gillmore: Inline PGP signatures considered harmful. This is the GnuPG FAQ entry covering the issue.
Let me know if this answers your question.
All the best,
Steve
2 Posted by Steve Sawczyn on 28 May, 2019 01:52 AM
Steve, thanks so much for the reply. This makes perfect sense and upon further checking, I can see in the security section that my messages are in fact getting signed. Thanks also for sending over the FAQ links, I definitely appreciate the extra context.
Thanks again,
Steve
Support Staff 3 Posted by Steve on 29 May, 2019 02:16 PM
Just in case you want to learn more about OpenPGP: This KB-article explains the basics of public key cryptography. It's a long text but worth the time.
Glad this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best,
Steve
Steve closed this discussion on 29 May, 2019 02:16 PM.