This has been a long beta phase – we know. But we are very happy to announce 10.10 support is now ready for a stable release and hope you'll enjoy GPGMail 2.5 as much as we do.
Encrypt drafts by default
All drafts will be encrypted with your public key by default, giving you better security and preventing bad situations from the get go. This concerns all your accounts in mail.app, even if you do not have an OpenPGP key for all of them. Encrypt drafts can still be disabled in GPGMail preferences (which we do not recommend). [#648]
Show warning before sending an unencrypted reply to an encrypted message
Your security is important and sending an unencrypted reply to an encrypted message can pose a serious security threat since information might be leaked.
We now display an informative warning message which explains the situation and gives you the chance to revise the draft you are about to send.
Intuitive security indicator for encrypted mails
Until now we showed an open lock to indicate that the mail has been decrypted. But actually there are only two states: successful decryption (which now shows a closed lock) or no decryption at all due to an error (which results in an error message). We think the new behavior is much more intuitive. The open lock for decrypted messages was irritating and did worry quite a few users who believed the messages weren't encrypted at all. [#777]
Auto-Updates
We think it's a good idea to keep our users up to date with the latest fixes and improvements. So now, the automatic check for updates is enabled by default. While working on this, we discovered a bug in the way auto-updates were implemented, so that is now fixed and updates for GPGMail should be much smoother in the future. [#774, #785, #822]
Warning about drafts stored on server
This warning serves a very specific case, but it is very important to understand the consequences, so we are happy to now provide the user with an informative message. If drafts are stored on server and the GPGMail option to "Encrypt drafts" is being disabled, you'll see a message warning you that your drafts will be stored on those server as plain text, once you start typing a new message. [#819]
Bugfixes:
GPGMail on 10.10 no longer crashes when new message creation is invoked via AppleScript. We heard you - this is a much used feature and we're glad this bug is fixed! [#768, #799, #804]
Mail.app crash on 10.7: Crash on creation of a new message. [#783]
Drafts: Sign and encrypt status for drafts were not always saved. [#761]
Drafts: Signed drafts were displayed as empty messages on Mavericks. [#695]
Drafts: A nasty bug was squashed which prevented drafts from being stored on OS X 10.8 and 10.7. [#776]
Drafts: In some occasions, encrypted drafts or sent messages had missing header parts, which resulted in incorrectly rendered mails.[#782]
GPGMail believed that for certain addresses S/MIME encryption was not available while it actually was. [#673]
Updates: the installer no longer stays open when Mail.app was quit during the update. [#742]
Displaying revoked UIDs when two keys for the same email address exist and one is revoked is a bad idea. We no longer do that. [#656]
Coexist peacefully: No more duplicate headers when using GPGMail and MailTags plugins together. [#747]
A broken signature was falsely shown as "Signed". [#714]
Remove trailing white-spaces so that signatures no longer get invalidated. [#686]
On 10.10 GPGMail failed to properly load messages with winmail.dat attachments. [#771]
Correctly detect inline PGP in text/html messages. [#787]
10.10: ensure selecting a specific key in the "From:" menu when composing a new message is possible when more than one secret key is available for the same email address. [#809]
GPGMail no longer clutters Console.app with "error CFBundle RegexKit.framework Data couldn't be read" messages. [#796]
Attachments of weird inline PGP encrypted messages from Windows are now properly displayed. [#677]
When selecting an email from the sent folder and using "Send again" from the menubar, the resent mail did not respect your default setting to encrypt / sign mails. [#813]
Minor typo in an error messages about signature that cannot be verified fixed. [#816]
There was an infinite loop (scnr) error when spell check on send was enabled and the user clicked "Send anyway". [#829]
GPG Keychain 1.2
Create revocation certificate for every new key
Before when you lost a secret key or forgot the passphrase for it, you had to make sure to have a revocation certificate, to at least inform others that this key is no longer to be used. From our experience however we know, that not many people are creating a revocation certificate in time. And you shouldn't have to. That's why we now create a revocation certificate for you whenever you create a new key in GPG Keychain! [#244]
Send public key by mail
This is one of the more popular feature requests we had in the pipe: You can now send your public key by mail by selecting "Key > Mail pub key" from the menu bar (⇧⌘M). This is possible for your own public keys or also for other public keys in your keychain. A new mail in Mail.app will open and we've added a nice template text to explain what a public key acutally is and how to get started using OpenPGP if your friends are not familiar with it. [#86]
Sanity check for new key servers
When entering a new key server in the key server preferences, we now run a check to see if the key server is properly working, so users don't end up with a broken key server. [#150]
Warning message before revoking a key
Revocation certificates should never be imported without informing the user about the consequences. So before you can revoke your key we now show a message that explains any implications. [#165]
Removed option to create 1024bit keys
1024bit keys are no longer considered secure, so we removed that option. [#264]
Bugfixes:
Selecting many keys for cleaning operation could result in crash. [#193]
Canceling the progress indicator caused a crash. [#191]
Potential crash on key import from key server. [#227]
10.7: Crash on opening GPG Keychain. [#279]
Potential crash when adding a User ID. [#274]
Endless loop when revoking a key. [#273]
Crash on key creation. [#240]
Crash when changing ownertrust. [#212]
Crash on several occasions in NSKeyValueCoding. [#340]
Key on smartcard wasn't detected by GPG Keychain. [#216]
Instead of crashing an error message is displayed when SSH keys are imported (which are not supported). [#210, #255]
Allow creation of subkeys with specific capabilities and honor RSA sign only key. [#148]
Show keyIDs of own keys when signing. [#192]
Malloc error when entering ldap key server URL. [#228]
Double entry for GPG Keychain under System Preferences > Security > Privacy > Contacts due to change in identifier. [#196]
Export of pub key does not show suffix although option to hide suffix is inactive. [#225]
Search for german umlaute was broken. [#217]
Creating sign-only keys didn't work. [#152]
Display details when showing an unknown error. [#341]
Key servers entered by users where not stored in the key server list. [#292]
Entering an invalid keyserver value with newlines caused a crash. [#299]
When trying to delete all keys, only secret keys were deleted but public keys remained. [#283]
Revoking a signature was broken. [#285]
If you are a gamer and had high APM, toggeling the filters fast enough would not change sorting but open the selected key. [#294]
No longer gets stuck after a users removes all algorithms except "none". [321]
Better error message when opening encrypted files with GPG Keychain instead of GPGServices. [#224]
Better default naming for exported keys: If more than one key is exported, GPG Keychain now uses "YEAR-MM-DD" and shows the number of exported keys. [#300]
Keep primary UserID after adding new UserID. [#172]
Better info message in Key > Sign dialog. [#207]
Display warning before deleting last self-signature. [#102]
When creating a new key, we auto-fill the fields with data from your address book entry. [#70]
Key inspector window should not stay visible when GPG Keychain is in the background. [#215]
Allow drag and dropping a .jpg into the Key Inspector > Photo tab... [#182]
Show spinner if loading photos takes more than 2 seconds. [#181]
Allow searching for fingerprints using human readable format (i.e. with spaces). [#204]
Add a toolbar button for key search/retrieval. [#221]
Keep position of key list after deleting a key and don't jump back to the top. [#177]
Removed Undo / Redo from Edit Menu until this feature is properly implemented. [#309]
Show validity column in default view for main window. Many users where wondering why keys where unusable. This will help indicating what is going on. [#122]
Column sorting using the validity column now follows validity status instead of the alphabet of the validity state. [#241]
Fingerprint was displayed with too many spaces. [#208]
Key Inspector User ID tab: the signature column and created date were too narrow. [#97, #201]
Show warning if pinentry crashes during key creating instead of just sitting idle. [#200]
New warning: when the only subkey of a key is about to be deleted, we now display an informative warning. [#103]
No longer display the comment column in the key list. [#271]
Limit long error messages so they don't go offscreen. [#170, #252]
Button too narrow for german translation in new key dialog. [#253]
Key inspector for UI improvements for german translation. [#114]
Resize text-fields to fit content. Really long names where not properly shortened. [#220]
Better error message if damaged gpg.conf is detected. [#149]
Don't show revoked keys in search results from key servers. If you want to see revoked keys for your key search you can enable that option under Preferences > Key server. [#262]
Improve naming of key search options to clarify where the search is done (local search vs search on key servers). [#265]
When updating keys, progress sheet listed User IDs without line breaks. [#226]
Incorrect progress sheet message when changing expiration date of a key. [#214]
When main window is maximized, instead of expanding the key inspector (key details) to the side, they now show in a separate window on top. [#236]
Hide "Algorithm Preferences" by default. They still exists but are now an expert setting. [#311]
Improved naming and reordered a few menu bar items.
New keys did not appear in key list when one tried to signed another key. [#303]
Proper sorting ignoring capitalization: why did we differentiate between capitalization and small letters in the first place? [#302]
When changing the primary UserID the key list no longer loses focus of the selected key. [#304]
Properly display important dialog windows on small screens, which might have previously been hidden by the key details window. [#307]
Properly display UTF-8 characters when looking at UserIDs. [#320]
Minor fix in german translation for Key ID. [#275]
GPGServices 1.10
Clearly indicate which keys are selected
Below the key list you'll now find an indicator showing if any keys are selected. Keys which are already selected will always be shown on top of the key list, so you will not accidentally encrypt to the wrong recpipient. If you want to unselect all keys we now provide a simple checkbox for that. [#183]
Bugfixes:
Crash when using columns to sort keys. [#178]
Signing files broken. GPGServices main window not showing up, only a progress indicator. [#176]
Progress indicator not closed when GPGServices main window closed. [#166]
Be more tolerant towards deformed encrypted messages. Missing linebreaks at the end of an encrypted message no longer cause a "Decryption failed" error. [#197]
Be even more tolerant: Encrypted messages sent via facebook couldn't be decrypted. [#196]
Decryption of encrypted empty text file failed. [#172]
Processing of large files (>4GB) lead to errors. [#217]
OK button became inactive when encrypting to public keys without encrypting to own key. [#214]
Key count of selected keys is now always correct. There were glitches in some rare occasions. [#216]
10.6: Leaking NSString objects when GPGServices was launched. [#212]
Filename wasn't correctly saved in the encrypted file, so that renamed encrypted files produced wrongly named decrypted files. [#161]
Show verification results when decrypting text. [#179]
Files with spaces in the filename that were encrypted and later decrypted, contained "%20" instead of spaces in the output filename. [#202]
Verify results now also show the Key ID in addition to Name and mail address. [#177]
Minor improvements in "Sign / Add to recipients" section in main window. [#188]
GPGPreferences 1.5
Update management for all tools
Add "Check Now" buttons for all the tools: it's never been easier to stay up-to-date with all components of GPG Suite. We now offer stable, pre-release and nightly channels for every single component of GPG Suite. [#58]
Key server sanity check
GPGPreferences now checks if a key server is valid and working, when a new one is entered. [#71]
Copy version info into the clipboard
By clicking on any version info in the Updates tab, all version info is copied into the clipboard. This makes it easier than ever to provide the complete version information along with your support requests. [#53]
Bugfixes:
Respect the "display no version info" setting. When exporting a key, "MacGPG v2" was still added. This is no longer the case. [#66]
Crash on 10.6 caused by "Check Now" button. [#54]
Nightly channel didn't stick. The channel setting was not stored. [#59]
Crash due to invalid value on "remember the passphrase for" setting. [#69]
OS X 10.6: "delete stored passphrases" option didn't work properly. [#72]
Display "Select a key..." instead of an empty combo box when no default key is selected. [#70]
OS X 10.10: Text of component names in Updates tab cut off. [#65]
Visually distinguish installed and not installed tools in update listing. [#52]
MacGPG 2 2.0.27
Support for hkps key servers and new key server default
The default gpg.conf uses the hkps.pool.sks-keyservers.net key server by default. [#119]
Tries to migrate old default configurations to connect to key servers via hkps.
hkps sks key server pool is now new default.
No version info to protect your security
The new default will not show any version info in the comment field. For existing installations, you can disable showing version info using GPGPreferences. That way it's no longer possible to determine for an attacker which gnupg someone is using and can't abuse that information. [#131]
Integrate gpg 2.0.27
Includes a fix for a DoS based on bogus and overlong key packets.
Adds better error reporting for keyserver problems.
Includes other bug fixes related to bogus keyrings.
Bugfixes:
Passphrase in pinentry wasn't display properly when 'Show typing' enabled. [#145]
Import filter rejected some keys on auto-import. [#134]
gpg-agent timout when signing Mails. [#128]
OS X 10.6: pinentry program entry not added to gpg-agent.conf in some rare occasions. [#125]
scdaemon was misbehaving badly on OS X 10.10 leading to big problems for smartcard users. Happy to announce this is fixed. [#140]
gpgkeys errors included in output destroying attachments. [#150]
When installing GPG Suite or MacGPG2 the gpg.conf is no longer cluttered with superfulous entries of key server addresses. [#152]
Creation of keys bigger than 4096bit was broken. After discussion on the gnupg mailing list we came to a mutual agreement and decided to remove this option.