Add email address to an existing public key or map all email address of certain company domain to use one public key
In some edge cases, it can become necessary to add an email address to an existing public key. For example when you have a public key of a friend but by now, your friend uses another email address. You still want to send an encrypted message, but even after refreshing the key from the key servers, the new email address is not in his key.
Add email address to existing public key
- open Terminal
- copy / paste the following command
defaults write org.gpgtools.common KeyMapping -dict-add 'email' fingerprint
(fingerprint must not contain any spaces) - replace email and fingerprint with the values of the key you want to change the mapping for
- to verify if the key mapping did work enter
defaults read org.gpgtools.common KeyMapping
Map all emails of a certain company domain to use a certain public key
Some companies share one public key with their employees so that it can be helpful to map an entire domain to use a certain key. To do that use the following command
defaults write org.gpgtools.common KeyMapping -dict-add *@domain.com fingerprint
Replace email and fingerprint with the appropriate values (fingerprint must not contain any spaces)
Restart Mail.app to ensure the changes will be reflected. Note: this change will not be visible in GPG Keychain, nonetheless you are now able to encrypt to the new email address using the existing key.
Remove mapping
- open new finder window
- press Shift + CMD + G (⇧⌘G) and paste
~/Library/Preferences/org.gpgtools.common.plist
- edit the file to remove specific mappings or delete the file to remove all mapping
See also
- How to use the group feature to encrypt content to multiple public keys by using a single address
- Add more email addresses (User IDs) to your existing key