GPG Mail hidden settings

Sometimes the defaults in GPG Mail don't fit your specific needs. The following commands can be used in Terminal app to find the setup you need.

Make sure to restart Mail app after applying any command. Should the changes not work, restart your mac and double check the command was entered correctly.

Get an overview of your current defaults

defaults read org.gpgtools.gpgmail

Define default security method

You prefer S/MIME over OpenPGP and don't want to constantly switch the security method in every new draft? We've got you covered.

The default security method is only selected if a key or certificate for the sender email address and the recipient exists.
OpenPGP is the default but you can switch to S/MIME by applying the following command

Set OpenPGP as default security method

defaults write org.gpgtools.gpgmail DefaultSecurityMethod -int 1

Set S/MIME as default security method

defaults write org.gpgtools.gpgmail DefaultSecurityMethod -int 2

Add a mapping for a missing UID to a public key

Visit the following KB-article: How to add an e-mail address to an existing public key

Enable debug logging

Important: Make sure to disable debug logging right after finishing your debug session. This is important since otherwise decrypted messages may be logged and the log files would stay on your hard drive. To delete the logs, delete the /private/var/log/system.log* files.

Enable Debugging

defaults write org.gpgtools.common DebugLog 1

Disable Debugging

defaults write org.gpgtools.common DebugLog 0

Disable option to store password in macOS keychain

GPG Suite defaults to store OpenPGP passwords in macOS keychain. If you prefer to never store your OpenPGP passwords in macOS keychain, use the following setting. The option to store your password will be removed from the pinentry dialog and the setting in System Preferences > GPG Suite > Settings > Password will be disabled.

To disable storing OpenPGP passwords in macOS keychain

defaults write org.gpgtools.common DisableKeychain -bool yes

To re-enable storing OpenPGP passwords in macOS keychain

defaults delete org.gpgtools.common DisableKeychain

Disable handling of OpenPGP encrypted and signed messages

If for any reason you might not want GPG Mail to handle your OpenPGP messages,
you can run the following command

To deactivate OpenPGP handling

defaults write org.gpgtools.gpgmail DisableOpenPGPForReading -bool YES

To re-activate OpenPGP handling

defaults write org.gpgtools.gpgmail DisableOpenPGPForReading -bool NO

Disable encryption to self

Per default all encrypted messages you send to your friends will additionally be encrypted using your own pub key. That is the default setting being used, because otherwise you wouldn't be able to read any of your encrypted messages in your sent folder.

However, there may be edge cases in which you might want to disable this option.

So if you really want to disable this setting please use the following command

defaults write org.gpgtools.gpgmail DoNotEncryptToSelf -bool YES

To enable it again

defaults write org.gpgtools.gpgmail DoNotEncryptToSelf -bool NO

Allow encrypted messages without signing key being available

By default GPG Mail only allows to encrypt messages to recipients when a signing key for encrypt-to-self is available.

To allow encryption without having a signing key

defaults write org.gpgtools.gpgmail AllowEncryptEvenIfNoSigningKeyIsAvailable -bool YES

To disable and switch back to the default

defaults write org.gpgtools.gpgmail AllowEncryptEvenIfNoSigningKeyIsAvailable -bool NO

Deprecated: PGP/Inline

PGP/Inline worked on macOS 10.9 - 10.11 and has been deprecated on macOS 10.12 and newer. PGP/MIME is the official and only documented way of sending OpenPGP encrypted and signed messages. GPG Mail sticks to this standard.

To learn more about the deficits of Inline/PGP we recommend this note of Daniel Kahn Gillmore: Inline PGP signatures considered harmful and the GnuPG FAQ entry covering the topic.