GPGMail: gpg.conf group feature not working (was: Wrong encryption when sending to mailing lists)

Dieter's Avatar


03 Feb, 2017 02:07 PM

While being so excited that we finally have a Sierra compatible GPGtools suite, a few Macs here have been upgraded to Sierra.

Unfortunately we now seeing issues when sending encrypted emails to mailing lists, which get resolved on the server but required keys are resolved via local "group" definitions in the "gpg.conf" file.

It seems some recipients can decrypt and some others cannot. Also it seems as would the mail be encrypted with the senders public key even he is not on the mailing list.

I'm talking about the 2017.1b2 as well as of the nightly 1762n.

Anybody else seeing this too ?

keep on with the good work !

  1. 1 Posted by Dieter on 03 Feb, 2017 02:27 PM

    Dieter's Avatar

    my versions

    macOS          10.12.3    16D32
    GPG Suite      2016.12b1    30n (b4ade30)
    GPMail         2.7b2      1195n (b51a6cd)
    GPG Keychain   1.3.3b1    1253n (72995dc)
    GPGServices    1.11        920n (872e77d)
    MacGPG2        2.0.30      885n (b6073ed)
    GPGPreferences 2.0.2b1     915n (3ae9a19)
    Libmacgpg      0.7         778n (d981f08)
    pinentry       0.9.7        17n (b75069d)
  2. 2 Posted by Dieter on 07 Feb, 2017 09:06 AM

    Dieter's Avatar

    Still no one else seeing that issue ?

    Here an example:

    I have the public keys of 3 recipients ( userA - userC ) in my keyring: 0xAABBCCDD 0xBBCCDDEE 0xCCDDEEFF

    On the email server I have an alias "[email blocked]: [email blocked],[email blocked],[email blocked]"

    In my gpg.conf I have the following entry:

    group [email blocked]=0xAABBCCDD 0xBBCCDDEE 0xCCDDEEFF

    Now, when sending an email to "[email blocked]" the lock icon gets blue ( so it find the group record in the gpg.conf ) and I can send out the mail to the list.

    However, on the receiver end the mail appears to be encrypted with "my" key (even I'm not member of the lust!) and 0xBBCCDDEE only !! The other two cannot read it.

    Any idea ?

    GPGMail 2.7b2 1199n ( from nightly GPG_Suite-1766n.dmg )

    Many thanks for you help

  3. 3 Posted by Dieter on 08 Feb, 2017 04:32 PM

    Dieter's Avatar

    I have downloaded and compiled the latest GPGMail from GIT.

    After debugging through it, it seem that it does not support multiple keys for a single email address anymore ( group feature in gpg.conf ), but just picks (randomly!?) one from the defined lists and encrypts the email with it. This is a complete show stopper for us.

    Are there any plans to implement that again ?


  4. Support Staff 4 Posted by Luke Le on 08 Feb, 2017 04:42 PM

    Luke Le's Avatar

    Hi Dieter,

    thank you very much for bringing this to our attention.
    The feature will definitely be implemented again.
    Since nothing in the codebase should have changed for that particular feature, it's curious to see it no longer works, but we'll have a look into it.

  5. 5 Posted by Dieter on 01 Mar, 2017 09:58 AM

    Dieter's Avatar

    Any news on that ?

    I just tried the latest Nightly (1779n) and it still does not support "groups" in gpg.conf.


  6. Support Staff 6 Posted by Steve on 01 Mar, 2017 07:32 PM

    Steve's Avatar

    Hi Dieter,

    no, not yet. We will update this discussion as soon as there is a fix.

    All the best,

  7. 7 Posted by Dieter on 30 Mar, 2017 04:08 PM

    Dieter's Avatar

    Any progress on the topic ?

    Every time I need to send a mail to the whole company ( which a admin has to do from time to time ) or other email lists, I need to startup "MailMate" to send it, because this seems to deal with "gpg groups" just fine :-/


  8. Support Staff 8 Posted by Steve on 01 Apr, 2017 05:12 PM

    Steve's Avatar

    Sorry, not yet. This bug is on the list for the near term future. We'll let you know when a fix is available.

  9. 9 Posted by Dieter on 16 Jun, 2017 09:46 AM

    Dieter's Avatar

    Hi Steve,
    any news or timeline for a fix of the mentioned issue ?

    I know, at the moment you have fire on all corners, but for us it's still very critical to send GPG encrypted mails to email aliases / groups. Most of us still run El-Cap because of the issue and the ones who moved to Sierra use either Thunderbird/Enigmail or MailMate.

    I really would love to see a solution for us and stay with the great GPGtools plugin you created rather than moving away.


  10. Support Staff 10 Posted by Steve on 21 Jun, 2017 04:15 PM

    Steve's Avatar

    Hi Dieter,

    the timeline is that this week the work on trying to fix this very issue will continue. It's really hard to say how soon we will publish the next beta, but we are not holding anything back artificially.

    This problem is one of two blockers and as soon as those are down we will release the next beta.

    Kind regards,

  11. 11 Posted by Dieter on 22 Jun, 2017 09:30 AM

    Dieter's Avatar

    Thanks Steve.

    Looking forward for the next release.


  12. Support Staff 12 Posted by Steve on 22 Jun, 2017 08:56 PM

    Steve's Avatar

    Believe me, same here :)

  13. Steve closed this discussion on 18 Aug, 2017 10:36 AM.

  14. Steve re-opened this discussion on 23 Aug, 2017 11:23 AM

  15. Support Staff 13 Posted by Steve on 23 Aug, 2017 11:23 AM

    Steve's Avatar

    Dieter wrote the following in a new discussion:

    Not sure why this discussion got closed. The related problem has definitely not being fixed yet !
    Any more information would be very welcome.

    Hi Dieter,

    you should be able to re-open your own discussions. Was that not possible for the existing discussion?

    The fact that the discussion is closed does not mean the problem is fixed. Here's the standard text we usually add when connecting a discussion with a ticket:

    We have a ticket for this problem. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll stay in the loop and get notified as soon as we have news. Feel free to open a new discussions should you run into further problems or need assistance.

    I closed the discussion since there was nothing to add from our side. We do re-open discussions to let users know as soon as a ticket is fixed and the fix can be tested.

    All the best,

  16. 14 Posted by Dieter on 23 Aug, 2017 11:30 AM

    Dieter's Avatar


    I'd like to comment that the issue exists in the "stable", "beta" and "nightly" branches when running them on Sierra. I only opened the discussion in the "beta" list, but testing every "nightly" as well. So far w/o success.

    Keep up the good work !!

  17. Support Staff 15 Posted by Steve on 23 Aug, 2017 11:31 AM

    Steve's Avatar

    Yeah that is expected. If it would work in nightly, the issue would be fixed and we would have notified you about the fix. Then you can (if you want) test the fix in nightly and it will be shipped in the upcoming beta.

    Should this discussion get closed, you should always be able to re-open. And we will also re-open to inform you as soon as there is a fix to be tested.

  18. Support Staff 16 Posted by Steve on 25 Aug, 2017 12:30 PM

    Steve's Avatar

    Hi Dieter,

    good news: this issue has been fixed. If you want to test the fix, please download our latest nightly GPG Suite. That page also has sig and SHA1 to verify the download.

    Please let us know if it works as expected for you.

    Best, steve

    Disclaimer: This is a development version which has not been thoroughly tested yet, so bugs or crashes are to be expected. Thanks for helping us test this fix.

  19. 17 Posted by Dieter on 25 Aug, 2017 12:38 PM

    Dieter's Avatar


    after installing nightly 1951n , i tried to send an encrypted email to a 2-user email alias. the crashed before the mail was sent out.

    attached the crash report.


  20. 18 Posted by Dieter on 25 Aug, 2017 12:46 PM

    Dieter's Avatar


    Sending unencrypted mails works.

    Sending encrypted mails to single addresses also crashes.

  21. Support Staff 19 Posted by Steve on 25 Aug, 2017 12:50 PM

    Steve's Avatar

    Thanks a lot for your quick response and helping us out to test the fix.

    This is interesting. During the internal test we could not manage to trigger a crash using the group feature.

    Is the crash reproducible if you repeat the steps?

    Can you tell us your macOS version as well as if you are using any additional plugins in

    Are you also using an s/mime cert besides your OpenPGP key?

    Thanks for your help in debugging this.

  22. 20 Posted by Dieter on 25 Aug, 2017 12:53 PM

    Dieter's Avatar

    And one more addition:

    Sending signed mails to individuals works.
    Sending encrypted AND signed mails to individuals WORKS.

    Sending signed mails to groups works.
    Sending encrypted mails to groups crashes.
    Sending encrypted AND signed mails to groups DOES WORK !

  23. 21 Posted by Dieter on 25 Aug, 2017 12:57 PM

    Dieter's Avatar

    As you can see in the crash report, I'm using "Mac OS X 10.12.6 (16G29)"

    No additional plugins for are installed.

    I also do have S/MIME certs, but not for the users/groups I have tested.

    The crash is reproducible: 100%

  24. Support Staff 22 Posted by Steve on 25 Aug, 2017 01:06 PM

    Steve's Avatar

    Reproduced here. Thanks, we'll get back to you as soon as we have news.

  25. 23 Posted by Dieter on 25 Aug, 2017 01:08 PM

    Dieter's Avatar


    For me it works fine if I always "sign" the encrypted email too.


  26. Support Staff 24 Posted by Steve on 25 Aug, 2017 06:33 PM

    Steve's Avatar

    Dieter, could you please test GPG Suite 2017.1 (1952n) from
    and check if that behaves as expected.

  27. 25 Posted by Dieter on 25 Aug, 2017 07:09 PM

    Dieter's Avatar

    Looks pretty good. All tests I did were successful.

    Big "thumbs up" !!

  28. Support Staff 26 Posted by Steve on 25 Aug, 2017 07:10 PM

    Steve's Avatar

    Perfect. Glad, this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    The fix will be included in the next beta release.

    Best, steve

  29. Steve closed this discussion on 25 Aug, 2017 07:10 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac