GPG Mail hidden settings
If the GPGMail default behavior does not fit your needs the following commands can be used in Terminal.app to adjust the settings.
Make sure to restart mail.app after applying any command. Should the changes not work, restart your mac and double check the command was entered correctly.
- Define default security method
- Add a mapping for a missing UID to a public key
- Enable debug logging
- Disable option to store password in macOS keychain
- Disable handling of OpenPGP encrypted and signed messages
- Disable encryption to self
- Allow encrypted messages without signing key being available
- Legacy: Enable PGP/Inline
Get an overview of your current defaults
defaults read org.gpgtools.gpgmail
Define default security method
You like S/MIME better than OpenPGP and don't want to change the setting everytime?
We've got you covered.
The default security method is only selected if you a key/certificate for the sender mail address.
By default OpenPGP is used, but you can change that with the following defaults command
Set OpenPGP as default security method
defaults write org.gpgtools.gpgmail DefaultSecurityMethod -int 1
Set S/MIME as default security method
defaults write org.gpgtools.gpgmail DefaultSecurityMethod -int 2
Add a mapping for a missing UID to a public key
Visit the following KB-article: How to add an e-mail address to an existing public key
Enable debug logging
Important: Make sure to disable debug logging right after finishing your debug session. This is important since otherwise decrypted messages may be logged and the log files would stay on your hard drive. To delete the logs, delete the /private/var/log/system.log* files.
Enable Debugging
defaults write org.gpgtools.common DebugLog 1
Disable Debugging
defaults write org.gpgtools.common DebugLog 0
Disable option to store password in macOS keychain
GPG Suite defaults to store OpenPGP passwords in macOS keychain. If you prefer to never store your OpenPGP passwords in macOS keychain, use the following setting. The option to store your password will be removed from the pinentry dialog and the setting in System Preferences > GPG Suite > Settings > Password will be disabled.
To disable storing OpenPGP passwords in macOS keychain
defaults write org.gpgtools.common DisableKeychain -bool yes
To re-enable storing OpenPGP passwords in macOS keychain
defaults delete org.gpgtools.common DisableKeychain
Disable handling of OpenPGP encrypted and signed messages
If for any reason you might not want GPGMail to handle your OpenPGP messages,
you can run the following command
To deactivate OpenPGP handling
defaults write org.gpgtools.gpgmail DisableOpenPGPForReading -bool YES
To re-activate OpenPGP handling
defaults write org.gpgtools.gpgmail DisableOpenPGPForReading -bool NO
Disable encryption to self
Per default all encrypted messages you send to your friends will additionally be encrypted using your own pub key. That is the default setting being used, because otherwise you wouldn't be able to read any of your encrypted messages in your sent folder.
However, there may be edge cases in which you might want to disable this option.
So if you really want to disable this setting please use the following command
defaults write org.gpgtools.gpgmail DoNotEncryptToSelf -bool YES
To enable it again
defaults write org.gpgtools.gpgmail DoNotEncryptToSelf -bool NO
Allow encrypted messages without signing key being available
By default GPGMail only allows to encrypt messages to recipients when a signing key for encrypt-to-self is available.
To allow encryption without having a signing key
defaults write org.gpgtools.gpgmail AllowEncryptEvenIfNoSigningKeyIsAvailable -bool YES
To disable and switch back to the default
defaults write org.gpgtools.gpgmail AllowEncryptEvenIfNoSigningKeyIsAvailable -bool NO
Legacy: Enable PGP/Inline
Important: PGP/Inline only works on macOS 10.9-10.11 and is not (yet) supported on 10.12 - 10.14. PGP/Inline for 10.9 - 10.11 is experimental and can be used with plain text only, attachments are not supported.
PGP/MIME is the official standard way to send OpenPGP encrypted and signed messages.
GPGMail sticks to this standard to send your emails.
So if you really, really run into problems with GPGMail, you can try to enable PGP/Inline support.
defaults write org.gpgtools.gpgmail UseOpenPGPInlineToSend -bool YES
Switch back to the documented OpenPGP/MIME standard
defaults write org.gpgtools.gpgmail UseOpenPGPInlineToSend -bool NO
To learn more about the deficits of Inline/PGP we recommend this note of Daniel Kahn Gillmore: Inline PGP signatures considered harmful. This is the GnuPG FAQ entry covering the issue.