GPGMail hidden settings

If the GPGMail default behavior does not fit your needs the following commands can be used in Terminal.app to adjust the settings.

Make sure to restart mail.app after applying any command. Should the changes not work, restart your mac and double check the command was entered correctly.

Get an overview of your current defaults

defaults read org.gpgtools.gpgmail

Define default security method

You like S/MIME better than OpenPGP and don't want to change the setting everytime?
We've got you covered.

The default security method is only selected if you a key/certificate for the sender mail address.
By default OpenPGP is used, but you can change that with the following defaults command

Set OpenPGP as default security method

defaults write org.gpgtools.gpgmail DefaultSecurityMethod -int 1

Set S/MIME as default security method

defaults write org.gpgtools.gpgmail DefaultSecurityMethod -int 2

Add a mapping for a missing UID to a public key

Visit the following KB-article: How to add an e-mail address to an existing public key

Enable debug logging

Important: Make sure to disable debug logging right after finishing your debug session. This is important since otherwise decrypted messages may be logged and the log files would stay on your hard drive. To delete the logs, delete the /private/var/log/system.log* files.

Enable Debugging

defaults write org.gpgtools.common DebugLog 1

Disable Debugging

defaults write org.gpgtools.common DebugLog 0

Disable handling of OpenPGP encrypted and signed messages

If for any reason you might not want GPGMail to handle your OpenPGP messages,
you can run the following command

To deactivate OpenPGP handling

defaults write org.gpgtools.gpgmail DisableOpenPGPForReading -bool YES

To re-activate OpenPGP handling

defaults write org.gpgtools.gpgmail DisableOpenPGPForReading -bool NO

Disable encryption to self

Per default all encrypted messages you send to your friends will additionally be encrypted using your own pub key. That is the default setting being used, because otherwise you wouldn't be able to read any of your encrypted messages in your sent folder.

However, there may be edge cases in which you might want to disable this option.

So if you really want to disable this setting please use the following command

defaults write org.gpgtools.gpgmail DoNotEncryptToSelf -bool YES

To enable it again

defaults write org.gpgtools.gpgmail DoNotEncryptToSelf -bool NO

Allow encrypted messages without signing key being available

By default GPGMail only allows to encrypt messages to recipients when a signing key for encrypt-to-self is available.

To allow encryption without having a signing key

defaults write org.gpgtools.gpgmail AllowEncryptEvenIfNoSigningKeyIsAvailable -bool YES

To disable and switch back to the default

defaults write org.gpgtools.gpgmail AllowEncryptEvenIfNoSigningKeyIsAvailable -bool NO

Enable PGP/Inline

Important: PGP/Inline only works on macOS 10.9-10.11 and is not (yet) supported on 10.12, 10.13. PGP/Inline is in experimental support. Can be used with plain text only, attachments are not supported.

PGP/MIME is the official standard way to send OpenPGP encrypted and signed messages.
GPGMail sticks to this standard to send your emails.

However some legacy mail applications, especially Windows mail applications don't support this
standard yet.

So if you really, really run into problems with GPGMail, you can try to enable PGP/Inline support.

defaults write org.gpgtools.gpgmail UseOpenPGPInlineToSend -bool YES

Switch back to the documented OpenPGP/MIME standard

defaults write org.gpgtools.gpgmail UseOpenPGPInlineToSend -bool NO