I can't click the lock button - so I can't encrypt mails?

An unclickable lock button in a light grey color can have various reasons.

No secret key for email account used in Mail.app

Have you already created your secret key? If so, please make sure, the email-address in the key perfectly matches the email-address used in Mail.app > Settings > Accounts. Otherwise if you don't have a secret key, you won't be able to encrypt emails. See also: Generate a key.

Your sec/pub key may have expired

In case your own key / subkey has expired, you can update the expiration date.

No public key or expired public key for recipients email-address

Please check

  • if you have a key matching the recipients email address (in GPG Keychain)
  • if the key isn't disabled or has expired (also do check the subkey tab of the public key in question)
  • search the key servers (in GPG Keychain) if there is a public key for the recipients email-address
  • update any existing public key for the recipient via right-click to check if there is a newer version of the public key on the key servers

If you have a public key from your friend but the email address they are using now is not included in that key, you can add an email address to an existing public key.