On-line (and up-to-date) version of this document can be found at http://www.sente.ch/software/GPGMail/FAQ.html

Sen:te

GPGMail
Powered by Objective C

GPGMail Frequently Asked Questions

  • Q: After having installed GNU Privacy Guard, I have the following error when invoking it on the command-line: > gpg gpg: /Users/joe/.gnupg/secring.gpg: can't create keyring: Permission denied gpg: keyblock resource `/Users/joe/.gnupg/secring.gpg': file open error gpg: /Users/joe/.gnupg/pubring.gpg: can't create keyring: Permission denied gpg: keyblock resource `/Users/joe/.gnupg/pubring.gpg': file open error gpg: Go ahead and type your message ...
    A: You probably copied your keyrings from MacOS 9, and didn't take care of file permissions. Open the Terminal and type the following: > sudo chown -R $LOGNAME $HOME/.gnupg > chmod 600 $HOME/.gnupg/*
  • Q: After having exported my MacOS 9 keyrings (in ASCII), gpg is unable to import them.
    A: End-of-line characters are different on MacOS 9 and MacOS X. Execute the following command in the Terminal to correct the problem: > tr -d '\r' < myMacOS9ExportedKeyring > myMacOSXImportableKeyring
  • Q: I can't open any new compose windows, or reply to any message. Mail doesn't do anything or crashes each time.
    A: There is a problem with toolbar items added by GPGMail, on some occasions. To correct the problem, quit Mail, launch Terminal and type: > defaults delete com.apple.mail "NSToolbar Configuration ComposeWindow_NewMessage" > defaults delete com.apple.mail "NSToolbar Configuration ComposeWindow_ReplyOrForward" > defaults delete com.apple.mail "NSToolbar Configuration MainWindow" > defaults delete com.apple.mail "NSToolbar Configuration SingleMessageViewer"
  • Q: I can't send an encrypted message to my friend, despite I have her public key, with the corresponding email address.
    A: Check that the public key has been signed by your key. You can sign a key locally like this: > gpg --lsign-key myFriendKeyID Read GnuPG documentation to know more about signing keys. Note that by default GPGMail forces gpg to trusts any unsigned keys - see GPGMail preferences.
  • Q: I work in an environment where my home folder is on a network, so the folder ~/.gnupg is implicitly insecure. It would be great if there were an easy way to specify --homedir /Volumes/LocalSecureDisk/GPGStuff for instance in a preference field.
    A: There are three ways to do this currently: the first solution would be to write a shell script which would invoke gpg with the --homedir argument, and tell GPGMail to use this script instead of gpg. The second solution is to create a soft link ~/.gnupg pointing to the real GnuPG home directory. Third solution is to set the environment variable GNUPGHOME: create or modify the file $HOME/.MacOSX/environment.plist with /Developer/Applications/PropertyListEditor and add a new key-value entry named GNUPGHOME; you need to log out and log in again for this change to apply. Note that you can also use GPGPreferences for this.
  • Q: I guess I installed GPGMail correctly, but the buttons don't appear in the toolbar. What's wrong?
    A: GPGMail buttons don't appear (yet) magically in Mail toolbars; you need to customize the different toolbars to add the buttons Encrypt and Sign, or Decrypt and Authenticate. There are in fact four different toolbars, and each one must be customized independantly. Note that buttons are now quite useless, since GPGMail 1.0.
  • Q: I installed GPGMail correctly, but the buttons don't appear in the toolbar, and there is no menu, however I executed the command > defaults write com.apple.mail EnableBundles -bool true What's wrong?
    A: You probably executed the command as user root, didn't you?! Each user wanting to use GPGMail must execute the command with her own account, not root's. BTW, you should never work as user root!
  • Q: I am trying to use the GPGMail plugin, but I keep getting this cryptic error. skipped `myname@mac.com': duplicated What does this mean and how do I fix it?
    A: GPGMail automatically includes your own public key (i.e. the one define in GPGMail preferences) when encrypting. You asked explicitely GPGMail to use that key again by putting your email address in the To: or CC: fields. Just remove it.
  • Q: How can I uninstall GPGMail?
    A: To uninstall GPGMail, you only need to delete the file GPGMail.mailbundle located in $HOME/Library/Mail/Bundles.
  • Q: How can I tell GPGMail to automatically retrieve public keys needed when encrypting or verifying a message?
    A: You can configure gpg to automatically retrieve keys when verifying messages. Modify file $HOME/.gnupg/gpg.conf (or use GPGPreferences) with TextEdit and add the following lines: keyserver x-hkp://wwwkeys.us.pgp.net keyserver-options auto-key-retrieve include-disabled include-revoked
  • Q: How can I participate to your beta testing program?
    A: Subscribe to GPGMail's mailing list: go to https://lists.sourceforge.net/lists/listinfo/gpgmail-users. This is a low traffic mailing list that I use to give information about the development of GPGMail, and people use to get solutions to problems. Read documentation for more information.
  • Q: I'm exchanging encrypted emails with a friend who uses Ximian Evolution, and his mailer doesn't recognize the mails I send. My friend needs to copy-paste the contents of the email to the Terminal to be able to decrypt it. Why?
    A: Ximian Evolution recognizes only the new MIME format for PGP emails, whereas GPGMail recognizes both old (inline) and new (MIME) formats. By defaults, GPGMail uses the old format if your mail is plain text only (no rich text attributes, no attachment). If you want GPGMail to always use the new format, go to GPGMail preferences and select the option By default, use OpenPGP-MIME in the Composing tab. You can change that option on a per message basis by selecting menu Message/PGP/Force Use of PGP-MIME.
  • Q: I cannot install GPGMail, because when I type in the Terminal the following command I get an error: > default write com.apple.mail EnableBundles YES default: Too many arguments.
    A: You need to have the BSD subsystem package installed. It is provided by MacOS X installation CD. You'd better use GPGMail installer provided with GPGMail distribution. BTW you typed default instead of defaults, which is a different Unix command.
  • Q: Can I install both GPGMail and PGP8/9?
    A: No. Both plug-ins try to do the same job in the same way (PGPmail is based on GPGMail - have a look at PGP8/9 credits to verify this) and this will create conflicts; sometimes Mail will crash, or GPGMail will simply not work. If you plan to use one of the plug-ins, remove the other one. GPGMail is installed in the folder Library/Mail/Bundles of your home folder, whereas PGPmail is installed in /Library/Mail/Bundles. Since GPGMail 1.0, an alert panel will be displayed if GPGMail sees that PGPmail has been loaded too.
  • Q: I have installed GPGMail and all its functions, buttons, etc. show up in Mail, but no matter what - whenever I send a message - it is sent unencrypted and/or unsigned. I have tried the toolbar buttons, the menu selections, etc. and still no encrypted output. Am I doing something obviously wrong?
    A: You previously installed PGPmail.mailbundle and need to remove it. Both PGPmail and GPGMail plug-ins try to do the same job in the same way (PGPmail is based on GPGMail - have a look at PGP8/9 credits to verify this) and this will create conflicts; sometimes Mail will crash, or GPGMail will simply not work. If you plan to use one of the plug-ins, remove the other one. GPGMail is installed in the folder Library/Mail/Bundles of your home folder, whereas PGPmail is installed in /Library/Mail/Bundles. Since GPGMail 1.0, an alert panel will be displayed if GPGMail sees that PGPmail has been loaded too.
  • Q: I've just changed my passphrase in gnupg with french accentuated text (é, à, ...) and now I can't sign my messages. Is there any way to enable accentuated text? Maybe by editing the sourcecode?
    A: You probably used the wrong string encoding in Terminal when changing your passphrase. GPGMail uses UTF-8 string encoding when passing passphrase to gpg.
    You should go back to Terminal, change your passphrase to contain no accent, THEN set the Terminal to use UTF-8 string encoding (use GPGPreferences, it's easier), and then you can set back your passphrase with accents.
    Note that it's generally not a good idea to use accents in passphrases, for that reason.
  • Q: I don't understand your FAQ! You're talking about $HOME or ~. What does this mean??
    A: They both have the same meaning, in Unix terminology. They represent your home folder. You can use either $HOME or ~ in shell scripts to tell the shell that you want the path to your home folder.
  • Q: I think I found a bug in GPGMail. Whom should I contact?
    A: First verify that it's not a known bug by looking at the list of known bugs. If it's not, create a bug report on the bug report site. I need the following information:
    • Which version of GPGMail do you use (see GPGMail's Finder info)?
    • Which MacOS X version do you use?
    • Which other Mail plug-ins are installed, if any (name + version)?
    • Do you have a crash report to submit (look if you have files named Mail.crash.log in $HOME/Library/Logs/CrashReporter/)?
    • Are there any lines in the System console (see /Applications/Utilities/Console) concerning Mail or GPGMail?
  • Q: I installed GPGMail, and everything's working correctly (encrypting, decrypting, signing, verifying), except that I can't access GPGMail preferences: in Mail preferences panel there is no PGP section. What can I do?
    A: For some unknown reason Mail's preferences toolbar configuration is hardcoded in your preferences, and refuses to open PGP preferences; this happened very rarely. You need to quit Mail, launch Terminal and type: > defaults delete com.apple.mail "NSToolbar Configuration NSPreferences"
  • Q: Can I use GPGMail if the person I am mailing to is on a PC using Outlook or some such mail app not an Apple?
    A: Yes, as long as your friend's mailer recognizes PGP signed/encrypted messages. There are plug-ins for Outlook on PC, as well as for other mailers, that do the same job as GPGMail for Mail.
    The problem you might encounter is that some plug-ins don't support the 2 message formats used for PGP: they usually only support the old format, where you see the PGP armor (e.g. ----- PGP SIGNED MESSAGE -----) in the body of the message, and the new format which uses MIME encapsulation and attachments, and which is far more robust than the old one (both formats are equally safe, when talking about encryption/electronic signature, but the content in the former format sometimes is modified by mailers/mail relays and is broken at arrival).
    GPGMail partly supports the ASCII-armored format: it uses that format by default, as long as your message doesn't contain any attachment or style formatting. As soon as your message is no longer plain text, GPGMail uses the PGP-MIME format, which is not recognized by some mailers. You can force GPGMail to always use the PGP-MIME format, by changing its preferences, but you cannot force it to always use the former format.
    GPGMail has troubles to decrypt/verify HTML messages. That's a limitation.
    You need to exchange your public PGP keys and start writing PGP-signed/encrypted messages, and see how well all formats are supported.
  • Q: I've got multiple uids in my public key, but when I send mail, the only one that gets used is the primary key (the other is greyed out in the signature pull-down. Is there a way to enable GPGMail to use all uids?
    A: You sign with a key, which happens to have multiple uids, but all these uids belong to the same key. You've published your public key, with all its uids, and people verifying your messages will see that it has been signed with your key (not your uid), and that that key has multiple uids.
    Only the main uid is selectable in GPGMail (as well as all other PGP-related apps): it represents the key. Other uids on the key are just displayed for information, but are never selectable.
  • Q: I have multiple PGP keys having the same email address, and one of these keys is expired. GPGMail always tell me that I can't use any PGP key for that email address, though there are valid keys. What can I do?
    A: GPGMail will pick up the first key matching the email address, without searching for additional keys which would be valid. In order to change the order of keys during search, as a workaround, you should export the invalid keys, remove them from your keyring, and reimport them; read gpg documentation for that, or use GPG Keychain Access.
  • Q: Though the messages I receive are traditional inline PGP-signed ones, they are displayed with a MIME attachment. I don't understand why.
    A: Maybe you're one of the few user using procmail rules, and one of the rules rewrites PGP messages, e.g. to ensure recognition by mutt. Check your .procmail file.
  • Q: I tried to print a decrypted message, but I failed to: Mail printed the encrypted version of the message. How can I print the decrypted message?
    A: There are some problems with decrypted messages, sometimes they re-encrypt themselves after some operations (opening in a new window, using key arrows, ...). Anyway, there is a way to print a decrypted message: you need to open the encrypted message in a new window (by double-clicking the encrypted message), then you decrypt it, and you can print the decrypted message.
  • Q: My friend's using mutt as mail agent, but he says mutt can't decrypt the messages I send him, though they seem valid. What's wrong?
    A: mutt recognizes OpenPGP-MIME format, but doesn't recognize old-style (inline) PGP messages; if your friend uses procmail, then he can add the following rule in his .muttrc file: message-hook '!(~g|~G|~b"Comment:\ Debian\ ::\ The\ Universal\ Operating\ System") ~b"^-+BEGIN\ PGP\ (SIGNED\ )?MESSAGE"' "exec check-traditional-pgp" (see http://blue.frogfoot.net/unix/mutt/publish/gpg for more information)
  • Q: I have gpg installed in another location than /usr/local/bin/. How can I make GPGMail work with it?
    A: GPGMail now supports several locations for gpg - please read GPGMail documentation.
  • Q: GPGMail doesn't let me enter my passphrase when decrypting or signing, and always return the error "Bad passphrase". What's happening?
  • Q: GPGMail blocks Mail when verifying messages. Why
    A: When performing message verification, gpg searches for missing PGP keys. Depending on which key server you use, this can take a long time. You can either disable the automatic key retrieval, change the key server, or change the timeout for searching keys. See gpg/gpg2 man page or use GPGPreferences 1.3.

References and further readings

  1. gnupg, GNU Privacy Guard, official web site.
  2. RFC 3156, MIME Security with OpenPGP.
  3. PGP, The International PGP Home Page.
  4. PGP reference book, PGP: Pretty Good Privacy, by Simson Garfinkel.
  5. MacGPG, Mac GNU Privacy Guard, official web site.
  6. Secure email-clients with PGP/MIME.
WelcomeWelcome SearchSearch InformationInformation Ask Sen:teAsk Sen:te
©Copyright 2000-2008, Stéphane Corthésy. All rights reserved.