bug: photo shown of sender of all messages previewed in any folder

kiniry's Avatar


02 Aug, 2013 11:20 AM

I'm using the latest 2.0 release (build 505) on a latest OS X release (10.8.4).

When I click on my Sent mailbox Mail.app opens up my own photo (as it is included in my public key) N times where N is the number of emails sent signed by my key (i.e., hundreds).

I suggest that the photo embedded in a public key should only be shown if (a) it is not the current user and perhaps (b) when requested.

  1. Support Staff 1 Posted by Luke Le on 02 Aug, 2013 11:23 AM

    Luke Le's Avatar

    Hi kiniry,

    we've just released a new version of GPG Suite 3 days ago which might fix this exact problem.
    Please download it from https://s3.amazonaws.com/gpgtools/GPG%20Suite%20-%202013.07.31.dmg
    and let us know if that fixes your problem.


  2. 2 Posted by kiniry on 02 Aug, 2013 11:31 AM

    kiniry's Avatar

    The problem still exists. On running Mail.app after the install a half dozen photos of myself popped up as there are messages in my Inbox CCed to myself that are signed.

  3. Support Staff 3 Posted by Luke Le on 02 Aug, 2013 11:36 AM

    Luke Le's Avatar

    Hmm… then I have to ask, what exactly do you mean by photos pop up?
    Could you maybe create a quick video for us using Quicktime?
    That might help us to better understand the problem

  4. 4 Posted by kiniry on 02 Aug, 2013 11:48 AM

    kiniry's Avatar

    I have debugged the situation. In my gpg.conf I included this line:

    verify-options show-photos

    Thus, every time GPG is triggered (either manually by me or automatically by your plugin) to verify a signature it runs GPG's photo-viewer defined app, which is my case is just "open %I". Disabling this option makes things behave better.

    I suggest that this issue be added to your Knowledge Base.

    (FWIW, my GPG Keychain Access will no longer run after installing your point release. See the attached photo for the modal popup.)

  5. Support Staff 5 Posted by Luke Le on 02 Aug, 2013 12:19 PM

    Luke Le's Avatar

    Ah ok, this of course explains the situation.
    It indeed makes sense to add this to the knowledge base.

    As for the GKA problem, we've only recently added a much stronger check against tampering, but wondering why it's acting up in your case.
    Did this happen immediately after you opened it after the installtion?

  6. Luke Le closed this discussion on 02 Aug, 2013 12:19 PM.

  7. Luke Le re-opened this discussion on 02 Aug, 2013 12:19 PM

  8. 6 Posted by kiniry on 02 Aug, 2013 12:33 PM

    kiniry's Avatar

    Yes, it happened immediately after the new install completed. GKA no longer runs for me.

  9. Support Staff 7 Posted by Luke Le on 02 Aug, 2013 12:44 PM

    Luke Le's Avatar

    Would you mind coming over to our live chat at http://www.hipchat.com/gi8zHW4K3

    It'd be great to learn a little bit more about your system setup, in order to avoid such troubles.
    We'll also send you a new version of GPG Keychain Access which will run.

  10. 8 Posted by kiniry on 05 Aug, 2013 08:49 AM

    kiniry's Avatar

    During the chat we diagnosed that the problem had to do with the manner in which the installer was writing files.

    Rather than a full replacement of the package contents, only an over-write was happening, thus my GPG Keychain Access.app contained surprising files that Apple's security framework rejected.

    The current work-around is to delete GKA.app entirely before upgrading to 1.1.1.

    I suggest that this discussion be closed.

  11. Support Staff 9 Posted by Steve on 05 Aug, 2013 09:09 AM

    Steve's Avatar

    We've a ticket for this problem:


    Closing this discussino, but it will be re-opened as soon as the ticket is closed so you'll receive a notification. Feel free to open a new discussions should you run into further problems or need assistance.

  12. Steve closed this discussion on 05 Aug, 2013 09:09 AM.

  13. Support Staff 10 Posted by Steve on 07 Feb, 2014 05:01 PM

    Steve's Avatar

    Fixed in latest nightly. When now importing a revocation certificate, the user will see a message informing about the consequences and will have to confirm the import first before any damage can be done.

  14. Steve closed this discussion on 07 Feb, 2014 05:01 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac