GPG Mail hidden settings
Sometimes the defaults in GPG Mail don't fit your specific needs. The following commands can be used in Terminal app to find the setup you need.
Make sure to restart Mail app after applying any command. Should the changes not work, restart your mac and double check the command was entered correctly.
- Define default security method
- Add a mapping for a missing UID to a public key
- Enable debug logging
- Disable option to store password in macOS keychain
- Disable handling of OpenPGP encrypted and signed messages
- Disable encryption to self
- Allow encrypted messages without signing key being available
- Deprecated: PGP/Inline
Get an overview of your current defaults
defaults read org.gpgtools.gpgmail
Define default security method
You prefer S/MIME over OpenPGP and don't want to constantly switch the security method in every new draft? We've got you covered.
The default security method is only selected if a key or certificate for the sender email address and the recipient exists.
OpenPGP is the default but you can switch to S/MIME by applying the following command
Set OpenPGP as default security method
defaults write org.gpgtools.gpgmail DefaultSecurityMethod -int 1
Set S/MIME as default security method
defaults write org.gpgtools.gpgmail DefaultSecurityMethod -int 2
Add a mapping for a missing UID to a public key
Visit the following KB-article: How to add an e-mail address to an existing public key
Enable debug logging
Important: Make sure to disable debug logging right after finishing your debug session. This is important since otherwise decrypted messages may be logged and the log files would stay on your hard drive. To delete the logs, delete the /private/var/log/system.log* files.
Enable Debugging
defaults write org.gpgtools.common DebugLog 1
Disable Debugging
defaults write org.gpgtools.common DebugLog 0
Disable option to store password in macOS keychain
GPG Suite defaults to store OpenPGP passwords in macOS keychain. If you prefer to never store your OpenPGP passwords in macOS keychain, use the following setting. The option to store your password will be removed from the pinentry dialog and the setting in System Preferences > GPG Suite > Settings > Password will be disabled.
To disable storing OpenPGP passwords in macOS keychain
defaults write org.gpgtools.common DisableKeychain -bool yes
To re-enable storing OpenPGP passwords in macOS keychain
defaults delete org.gpgtools.common DisableKeychain
Disable handling of OpenPGP encrypted and signed messages
If for any reason you might not want GPG Mail to handle your OpenPGP messages,
you can run the following command
To deactivate OpenPGP handling
defaults write org.gpgtools.gpgmail DisableOpenPGPForReading -bool YES
To re-activate OpenPGP handling
defaults write org.gpgtools.gpgmail DisableOpenPGPForReading -bool NO
Disable encryption to self
Per default all encrypted messages you send to your friends will additionally be encrypted using your own pub key. That is the default setting being used, because otherwise you wouldn't be able to read any of your encrypted messages in your sent folder.
However, there may be edge cases in which you might want to disable this option.
So if you really want to disable this setting please use the following command
defaults write org.gpgtools.gpgmail DoNotEncryptToSelf -bool YES
To enable it again
defaults write org.gpgtools.gpgmail DoNotEncryptToSelf -bool NO
Allow encrypted messages without signing key being available
By default GPG Mail only allows to encrypt messages to recipients when a signing key for encrypt-to-self is available.
To allow encryption without having a signing key
defaults write org.gpgtools.gpgmail AllowEncryptEvenIfNoSigningKeyIsAvailable -bool YES
To disable and switch back to the default
defaults write org.gpgtools.gpgmail AllowEncryptEvenIfNoSigningKeyIsAvailable -bool NO
Deprecated: PGP/Inline
PGP/Inline worked on macOS 10.9 - 10.11 and has been deprecated on macOS 10.12 and newer. PGP/MIME is the official and only documented way of sending OpenPGP encrypted and signed messages. GPG Mail sticks to this standard.
To learn more about the deficits of Inline/PGP we recommend this note of Daniel Kahn Gillmore: Inline PGP signatures considered harmful and the GnuPG FAQ entry covering the topic.