GPG Mail hidden settings

If the GPGMail default behavior does not fit your needs the following commands can be used in to adjust the settings.

Make sure to restart after applying any command. Should the changes not work, restart your mac and double check the command was entered correctly.

Get an overview of your current defaults

defaults read org.gpgtools.gpgmail

Define default security method

You like S/MIME better than OpenPGP and don't want to change the setting everytime?
We've got you covered.

The default security method is only selected if you a key/certificate for the sender mail address.
By default OpenPGP is used, but you can change that with the following defaults command

Set OpenPGP as default security method

defaults write org.gpgtools.gpgmail DefaultSecurityMethod -int 1

Set S/MIME as default security method

defaults write org.gpgtools.gpgmail DefaultSecurityMethod -int 2

Add a mapping for a missing UID to a public key

Visit the following KB-article: How to add an e-mail address to an existing public key

Enable debug logging

Important: Make sure to disable debug logging right after finishing your debug session. This is important since otherwise decrypted messages may be logged and the log files would stay on your hard drive. To delete the logs, delete the /private/var/log/system.log* files.

Enable Debugging

defaults write org.gpgtools.common DebugLog 1

Disable Debugging

defaults write org.gpgtools.common DebugLog 0

Disable option to store password in macOS keychain

GPG Suite defaults to store OpenPGP passwords in macOS keychain. If you prefer to never store your OpenPGP passwords in macOS keychain, use the following setting. The option to store your password will be removed from the pinentry dialog and the setting in System Preferences > GPG Suite > Settings > Password will be disabled.

To disable storing OpenPGP passwords in macOS keychain

defaults write org.gpgtools.common DisableKeychain -bool yes

To re-enable storing OpenPGP passwords in macOS keychain

defaults delete org.gpgtools.common DisableKeychain

Disable handling of OpenPGP encrypted and signed messages

If for any reason you might not want GPGMail to handle your OpenPGP messages,
you can run the following command

To deactivate OpenPGP handling

defaults write org.gpgtools.gpgmail DisableOpenPGPForReading -bool YES

To re-activate OpenPGP handling

defaults write org.gpgtools.gpgmail DisableOpenPGPForReading -bool NO

Disable encryption to self

Per default all encrypted messages you send to your friends will additionally be encrypted using your own pub key. That is the default setting being used, because otherwise you wouldn't be able to read any of your encrypted messages in your sent folder.

However, there may be edge cases in which you might want to disable this option.

So if you really want to disable this setting please use the following command

defaults write org.gpgtools.gpgmail DoNotEncryptToSelf -bool YES

To enable it again

defaults write org.gpgtools.gpgmail DoNotEncryptToSelf -bool NO

Allow encrypted messages without signing key being available

By default GPGMail only allows to encrypt messages to recipients when a signing key for encrypt-to-self is available.

To allow encryption without having a signing key

defaults write org.gpgtools.gpgmail AllowEncryptEvenIfNoSigningKeyIsAvailable -bool YES

To disable and switch back to the default

defaults write org.gpgtools.gpgmail AllowEncryptEvenIfNoSigningKeyIsAvailable -bool NO

Legacy: Enable PGP/Inline

Important: PGP/Inline only works on macOS 10.9-10.11 and is not (yet) supported on 10.12 - 10.14. PGP/Inline for 10.9 - 10.11 is experimental and can be used with plain text only, attachments are not supported.

PGP/MIME is the official standard way to send OpenPGP encrypted and signed messages.
GPGMail sticks to this standard to send your emails.

So if you really, really run into problems with GPGMail, you can try to enable PGP/Inline support.

defaults write org.gpgtools.gpgmail UseOpenPGPInlineToSend -bool YES

Switch back to the documented OpenPGP/MIME standard

defaults write org.gpgtools.gpgmail UseOpenPGPInlineToSend -bool NO

To learn more about the deficits of Inline/PGP we recommend this note of Daniel Kahn Gillmore: Inline PGP signatures considered harmful. This is the GnuPG FAQ entry covering the issue.